Sep 21 07:25:27.791847: FIPS Product: YES Sep 21 07:25:27.791882: FIPS Kernel: NO Sep 21 07:25:27.791884: FIPS Mode: NO Sep 21 07:25:27.791886: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:25:27.792029: Initializing NSS Sep 21 07:25:27.792032: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:25:27.824662: NSS initialized Sep 21 07:25:27.824683: NSS crypto library initialized Sep 21 07:25:27.824687: FIPS HMAC integrity support [enabled] Sep 21 07:25:27.824690: FIPS mode disabled for pluto daemon Sep 21 07:25:27.895132: FIPS HMAC integrity verification self-test FAILED Sep 21 07:25:27.895242: libcap-ng support [enabled] Sep 21 07:25:27.895252: Linux audit support [enabled] Sep 21 07:25:27.895275: Linux audit activated Sep 21 07:25:27.895286: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:6890 Sep 21 07:25:27.895289: core dump dir: /tmp Sep 21 07:25:27.895291: secrets file: /etc/ipsec.secrets Sep 21 07:25:27.895293: leak-detective disabled Sep 21 07:25:27.895296: NSS crypto [enabled] Sep 21 07:25:27.895298: XAUTH PAM support [enabled] Sep 21 07:25:27.895369: | libevent is using pluto's memory allocator Sep 21 07:25:27.895375: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:25:27.895389: | libevent_malloc: new ptr-libevent@0x55ffaad80f30 size 40 Sep 21 07:25:27.895395: | libevent_malloc: new ptr-libevent@0x55ffaad821e0 size 40 Sep 21 07:25:27.895401: | libevent_malloc: new ptr-libevent@0x55ffaad82210 size 40 Sep 21 07:25:27.895403: | creating event base Sep 21 07:25:27.895407: | libevent_malloc: new ptr-libevent@0x55ffaad821a0 size 56 Sep 21 07:25:27.895411: | libevent_malloc: new ptr-libevent@0x55ffaad82240 size 664 Sep 21 07:25:27.895422: | libevent_malloc: new ptr-libevent@0x55ffaad824e0 size 24 Sep 21 07:25:27.895427: | libevent_malloc: new ptr-libevent@0x55ffaad73ca0 size 384 Sep 21 07:25:27.895437: | libevent_malloc: new ptr-libevent@0x55ffaad82500 size 16 Sep 21 07:25:27.895440: | libevent_malloc: new ptr-libevent@0x55ffaad82520 size 40 Sep 21 07:25:27.895443: | libevent_malloc: new ptr-libevent@0x55ffaad82550 size 48 Sep 21 07:25:27.895450: | libevent_realloc: new ptr-libevent@0x55ffaad04370 size 256 Sep 21 07:25:27.895453: | libevent_malloc: new ptr-libevent@0x55ffaad82590 size 16 Sep 21 07:25:27.895459: | libevent_free: release ptr-libevent@0x55ffaad821a0 Sep 21 07:25:27.895464: | libevent initialized Sep 21 07:25:27.895468: | libevent_realloc: new ptr-libevent@0x55ffaad825b0 size 64 Sep 21 07:25:27.895475: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:25:27.895491: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:25:27.895494: NAT-Traversal support [enabled] Sep 21 07:25:27.895497: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:25:27.895503: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:25:27.895507: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:25:27.895545: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:25:27.895549: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:25:27.895553: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:25:27.895615: Encryption algorithms: Sep 21 07:25:27.895625: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:25:27.895630: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:25:27.895634: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:25:27.895638: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:25:27.895642: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:25:27.895653: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:25:27.895658: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:25:27.895663: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:25:27.895667: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:25:27.895671: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:25:27.895675: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:25:27.895680: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:25:27.895684: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:25:27.895688: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:25:27.895693: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:25:27.895696: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:25:27.895700: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:25:27.895709: Hash algorithms: Sep 21 07:25:27.895712: MD5 IKEv1: IKE IKEv2: Sep 21 07:25:27.895716: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:25:27.895719: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:25:27.895723: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:25:27.895726: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:25:27.895744: PRF algorithms: Sep 21 07:25:27.895748: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:25:27.895751: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:25:27.895755: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:25:27.895759: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:25:27.895763: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:25:27.895767: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:25:27.895811: Integrity algorithms: Sep 21 07:25:27.895819: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:25:27.895823: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:25:27.895828: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:25:27.895833: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:25:27.895838: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:25:27.895841: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:25:27.895846: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:25:27.895849: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:25:27.895853: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:25:27.895869: DH algorithms: Sep 21 07:25:27.895873: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:25:27.895877: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:25:27.895880: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:25:27.895886: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:25:27.895889: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:25:27.895893: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:25:27.895896: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:25:27.895900: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:25:27.895903: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:25:27.895907: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:25:27.895911: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:25:27.895913: testing CAMELLIA_CBC: Sep 21 07:25:27.895916: Camellia: 16 bytes with 128-bit key Sep 21 07:25:27.896042: Camellia: 16 bytes with 128-bit key Sep 21 07:25:27.896073: Camellia: 16 bytes with 256-bit key Sep 21 07:25:27.896105: Camellia: 16 bytes with 256-bit key Sep 21 07:25:27.896135: testing AES_GCM_16: Sep 21 07:25:27.896139: empty string Sep 21 07:25:27.896168: one block Sep 21 07:25:27.896195: two blocks Sep 21 07:25:27.896223: two blocks with associated data Sep 21 07:25:27.896251: testing AES_CTR: Sep 21 07:25:27.896254: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:25:27.896283: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:25:27.896314: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:25:27.896345: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:25:27.896373: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:25:27.896404: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:25:27.896435: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:25:27.896464: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:25:27.896494: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:25:27.896528: testing AES_CBC: Sep 21 07:25:27.896531: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:25:27.896559: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:25:27.896592: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:25:27.896626: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:25:27.896667: testing AES_XCBC: Sep 21 07:25:27.896669: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:25:27.896800: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:25:27.896939: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:25:27.897063: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:25:27.897188: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:25:27.897309: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:25:27.897434: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:25:27.897706: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:25:27.897834: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:25:27.897966: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:25:27.898190: testing HMAC_MD5: Sep 21 07:25:27.898194: RFC 2104: MD5_HMAC test 1 Sep 21 07:25:27.898362: RFC 2104: MD5_HMAC test 2 Sep 21 07:25:27.898508: RFC 2104: MD5_HMAC test 3 Sep 21 07:25:27.898679: 8 CPU cores online Sep 21 07:25:27.898683: starting up 7 crypto helpers Sep 21 07:25:27.898714: started thread for crypto helper 0 Sep 21 07:25:27.898722: | starting up helper thread 0 Sep 21 07:25:27.898735: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:25:27.898744: | crypto helper 0 waiting (nothing to do) Sep 21 07:25:27.898735: started thread for crypto helper 1 Sep 21 07:25:27.898778: started thread for crypto helper 2 Sep 21 07:25:27.898803: started thread for crypto helper 3 Sep 21 07:25:27.898824: started thread for crypto helper 4 Sep 21 07:25:27.898827: | starting up helper thread 4 Sep 21 07:25:27.898840: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:25:27.898842: | crypto helper 4 waiting (nothing to do) Sep 21 07:25:27.898844: started thread for crypto helper 5 Sep 21 07:25:27.898864: started thread for crypto helper 6 Sep 21 07:25:27.898866: | starting up helper thread 6 Sep 21 07:25:27.898872: | checking IKEv1 state table Sep 21 07:25:27.898873: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:25:27.898880: | crypto helper 6 waiting (nothing to do) Sep 21 07:25:27.898882: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:27.898885: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:25:27.898888: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:27.898891: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:25:27.898894: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:25:27.898897: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:25:27.898899: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:27.898902: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:27.898905: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:25:27.898907: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:25:27.898910: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:27.898913: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:27.898916: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:25:27.898918: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:27.898921: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:27.898924: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:25:27.898927: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:25:27.898929: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:27.898932: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:27.898934: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:25:27.898937: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:25:27.898940: | -> UNDEFINED EVENT_NULL Sep 21 07:25:27.898943: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:25:27.898945: | -> UNDEFINED EVENT_NULL Sep 21 07:25:27.898949: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:27.898951: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:25:27.898954: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:27.898957: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:25:27.898959: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:25:27.898962: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:25:27.898965: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:25:27.898967: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:25:27.898971: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:25:27.898973: | -> UNDEFINED EVENT_NULL Sep 21 07:25:27.898976: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:25:27.898979: | -> UNDEFINED EVENT_NULL Sep 21 07:25:27.898982: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:25:27.898985: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:25:27.898988: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:25:27.898990: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:25:27.898994: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:25:27.898997: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:25:27.899000: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:25:27.899002: | -> UNDEFINED EVENT_NULL Sep 21 07:25:27.899006: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:25:27.899008: | -> UNDEFINED EVENT_NULL Sep 21 07:25:27.899011: | INFO: category: informational flags: 0: Sep 21 07:25:27.899014: | -> UNDEFINED EVENT_NULL Sep 21 07:25:27.899017: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:25:27.899020: | -> UNDEFINED EVENT_NULL Sep 21 07:25:27.899023: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:25:27.899028: | -> XAUTH_R1 EVENT_NULL Sep 21 07:25:27.899031: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:25:27.899034: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:27.899037: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:25:27.899039: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:25:27.899043: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:25:27.899045: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:25:27.899048: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:25:27.899051: | -> UNDEFINED EVENT_NULL Sep 21 07:25:27.899054: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:25:27.899057: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:27.899060: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:25:27.899063: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:25:27.899066: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:25:27.899068: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:25:27.899074: | checking IKEv2 state table Sep 21 07:25:27.899081: | PARENT_I0: category: ignore flags: 0: Sep 21 07:25:27.899084: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:25:27.899087: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:27.899091: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:25:27.899094: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:25:27.899098: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:25:27.899101: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:25:27.899104: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:25:27.899108: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:25:27.899111: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:25:27.899114: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:25:27.899117: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:25:27.899120: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:25:27.899123: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:25:27.899126: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:25:27.899129: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:25:27.899132: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:27.899135: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:25:27.899139: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:25:27.899142: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:25:27.899145: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:25:27.899149: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:25:27.899152: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:25:27.899155: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:25:27.899158: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:25:27.899161: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:25:27.899164: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:25:27.899167: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:25:27.899170: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:25:27.899174: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:25:27.899177: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:25:27.899181: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:25:27.899186: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:25:27.899189: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:25:27.899192: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:25:27.899196: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:25:27.899199: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:25:27.899202: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:25:27.899206: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:25:27.899209: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:25:27.899212: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:25:27.899216: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:25:27.899219: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:25:27.899223: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:25:27.899226: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:25:27.899229: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:25:27.899232: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:25:27.899299: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:25:27.899359: | Hard-wiring algorithms Sep 21 07:25:27.899363: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:25:27.899367: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:25:27.899370: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:25:27.899373: | adding 3DES_CBC to kernel algorithm db Sep 21 07:25:27.899376: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:25:27.899379: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:25:27.899381: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:25:27.899384: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:25:27.899387: | adding AES_CTR to kernel algorithm db Sep 21 07:25:27.899389: | adding AES_CBC to kernel algorithm db Sep 21 07:25:27.899392: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:25:27.899395: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:25:27.899398: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:25:27.899401: | adding NULL to kernel algorithm db Sep 21 07:25:27.899404: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:25:27.899407: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:25:27.899409: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:25:27.899412: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:25:27.899415: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:25:27.899418: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:25:27.899421: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:25:27.899423: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:25:27.899426: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:25:27.899429: | adding NONE to kernel algorithm db Sep 21 07:25:27.899448: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:25:27.899455: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:25:27.899458: | setup kernel fd callback Sep 21 07:25:27.899461: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55ffaad87c50 Sep 21 07:25:27.899465: | libevent_malloc: new ptr-libevent@0x55ffaad93d70 size 128 Sep 21 07:25:27.899469: | libevent_malloc: new ptr-libevent@0x55ffaad86f30 size 16 Sep 21 07:25:27.899475: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55ffaad87c10 Sep 21 07:25:27.899479: | libevent_malloc: new ptr-libevent@0x55ffaad93e00 size 128 Sep 21 07:25:27.899482: | libevent_malloc: new ptr-libevent@0x55ffaad86f50 size 16 Sep 21 07:25:27.899709: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:25:27.899716: selinux support is enabled. Sep 21 07:25:27.899796: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:25:27.899976: | unbound context created - setting debug level to 5 Sep 21 07:25:27.900002: | /etc/hosts lookups activated Sep 21 07:25:27.900017: | /etc/resolv.conf usage activated Sep 21 07:25:27.900079: | outgoing-port-avoid set 0-65535 Sep 21 07:25:27.900108: | outgoing-port-permit set 32768-60999 Sep 21 07:25:27.900112: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:25:27.900115: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:25:27.900118: | Setting up events, loop start Sep 21 07:25:27.900122: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55ffaad821a0 Sep 21 07:25:27.900125: | libevent_malloc: new ptr-libevent@0x55ffaad9e2f0 size 128 Sep 21 07:25:27.900129: | libevent_malloc: new ptr-libevent@0x55ffaad9e380 size 16 Sep 21 07:25:27.900135: | libevent_realloc: new ptr-libevent@0x55ffaad026c0 size 256 Sep 21 07:25:27.900138: | libevent_malloc: new ptr-libevent@0x55ffaad9e3a0 size 8 Sep 21 07:25:27.900142: | libevent_realloc: new ptr-libevent@0x55ffaad93170 size 144 Sep 21 07:25:27.900145: | libevent_malloc: new ptr-libevent@0x55ffaad9e3c0 size 152 Sep 21 07:25:27.900149: | libevent_malloc: new ptr-libevent@0x55ffaad9e460 size 16 Sep 21 07:25:27.900153: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:25:27.900156: | libevent_malloc: new ptr-libevent@0x55ffaad9e480 size 8 Sep 21 07:25:27.900160: | libevent_malloc: new ptr-libevent@0x55ffaad9e4a0 size 152 Sep 21 07:25:27.900163: | signal event handler PLUTO_SIGTERM installed Sep 21 07:25:27.900166: | libevent_malloc: new ptr-libevent@0x55ffaad9e540 size 8 Sep 21 07:25:27.900169: | libevent_malloc: new ptr-libevent@0x55ffaad9e560 size 152 Sep 21 07:25:27.900172: | signal event handler PLUTO_SIGHUP installed Sep 21 07:25:27.900175: | libevent_malloc: new ptr-libevent@0x55ffaad9e600 size 8 Sep 21 07:25:27.900178: | libevent_realloc: release ptr-libevent@0x55ffaad93170 Sep 21 07:25:27.900182: | libevent_realloc: new ptr-libevent@0x55ffaad9e620 size 256 Sep 21 07:25:27.900185: | libevent_malloc: new ptr-libevent@0x55ffaad93170 size 152 Sep 21 07:25:27.900188: | signal event handler PLUTO_SIGSYS installed Sep 21 07:25:27.900544: | created addconn helper (pid:6974) using fork+execve Sep 21 07:25:27.900558: | starting up helper thread 1 Sep 21 07:25:27.900583: | starting up helper thread 5 Sep 21 07:25:27.900571: | forked child 6974 Sep 21 07:25:27.900584: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:25:27.900607: | crypto helper 1 waiting (nothing to do) Sep 21 07:25:27.900545: | starting up helper thread 2 Sep 21 07:25:27.900620: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:25:27.900624: | crypto helper 2 waiting (nothing to do) Sep 21 07:25:27.900641: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:27.900657: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:25:27.900664: listening for IKE messages Sep 21 07:25:27.901150: | Inspecting interface lo Sep 21 07:25:27.901161: | found lo with address 127.0.0.1 Sep 21 07:25:27.901164: | Inspecting interface eth0 Sep 21 07:25:27.901168: | found eth0 with address 192.0.2.254 Sep 21 07:25:27.901171: | Inspecting interface eth0 Sep 21 07:25:27.901175: | found eth0 with address 192.0.2.250 Sep 21 07:25:27.901178: | Inspecting interface eth0 Sep 21 07:25:27.901182: | found eth0 with address 192.0.2.251 Sep 21 07:25:27.901185: | Inspecting interface eth1 Sep 21 07:25:27.901190: | found eth1 with address 192.1.2.23 Sep 21 07:25:27.901196: | starting up helper thread 3 Sep 21 07:25:27.901211: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:25:27.901216: | crypto helper 3 waiting (nothing to do) Sep 21 07:25:27.901236: Kernel supports NIC esp-hw-offload Sep 21 07:25:27.901248: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Sep 21 07:25:27.901299: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:27.901305: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:27.901309: adding interface eth1/eth1 192.1.2.23:4500 Sep 21 07:25:27.901335: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.251:500 Sep 21 07:25:27.901357: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:27.901362: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:27.901366: adding interface eth0/eth0 192.0.2.251:4500 Sep 21 07:25:27.901389: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.250:500 Sep 21 07:25:27.901410: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:27.901414: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:27.901417: adding interface eth0/eth0 192.0.2.250:4500 Sep 21 07:25:27.901440: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Sep 21 07:25:27.901461: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:27.901465: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:27.901469: adding interface eth0/eth0 192.0.2.254:4500 Sep 21 07:25:27.901494: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:25:27.901515: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:27.901519: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:27.901523: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:25:27.901603: | no interfaces to sort Sep 21 07:25:27.901608: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:25:27.901620: | add_fd_read_event_handler: new ethX-pe@0x55ffaad9ec10 Sep 21 07:25:27.901624: | libevent_malloc: new ptr-libevent@0x55ffaad9ec50 size 128 Sep 21 07:25:27.901628: | libevent_malloc: new ptr-libevent@0x55ffaad9ece0 size 16 Sep 21 07:25:27.901638: | setup callback for interface lo 127.0.0.1:4500 fd 26 Sep 21 07:25:27.901641: | add_fd_read_event_handler: new ethX-pe@0x55ffaad9ed00 Sep 21 07:25:27.901644: | libevent_malloc: new ptr-libevent@0x55ffaad9ed40 size 128 Sep 21 07:25:27.901648: | libevent_malloc: new ptr-libevent@0x55ffaad9edd0 size 16 Sep 21 07:25:27.901653: | setup callback for interface lo 127.0.0.1:500 fd 25 Sep 21 07:25:27.901656: | add_fd_read_event_handler: new ethX-pe@0x55ffaad9edf0 Sep 21 07:25:27.901659: | libevent_malloc: new ptr-libevent@0x55ffaad9ee30 size 128 Sep 21 07:25:27.901662: | libevent_malloc: new ptr-libevent@0x55ffaad9eec0 size 16 Sep 21 07:25:27.901667: | setup callback for interface eth0 192.0.2.254:4500 fd 24 Sep 21 07:25:27.901670: | add_fd_read_event_handler: new ethX-pe@0x55ffaad9eee0 Sep 21 07:25:27.901673: | libevent_malloc: new ptr-libevent@0x55ffaad9ef20 size 128 Sep 21 07:25:27.901676: | libevent_malloc: new ptr-libevent@0x55ffaad9efb0 size 16 Sep 21 07:25:27.901681: | setup callback for interface eth0 192.0.2.254:500 fd 23 Sep 21 07:25:27.901685: | add_fd_read_event_handler: new ethX-pe@0x55ffaad9efd0 Sep 21 07:25:27.901688: | libevent_malloc: new ptr-libevent@0x55ffaad9f010 size 128 Sep 21 07:25:27.901691: | libevent_malloc: new ptr-libevent@0x55ffaad9f0a0 size 16 Sep 21 07:25:27.901696: | setup callback for interface eth0 192.0.2.250:4500 fd 22 Sep 21 07:25:27.901699: | add_fd_read_event_handler: new ethX-pe@0x55ffaad9f0c0 Sep 21 07:25:27.901702: | libevent_malloc: new ptr-libevent@0x55ffaad9f760 size 128 Sep 21 07:25:27.901705: | libevent_malloc: new ptr-libevent@0x55ffaad9f100 size 16 Sep 21 07:25:27.901710: | setup callback for interface eth0 192.0.2.250:500 fd 21 Sep 21 07:25:27.901713: | add_fd_read_event_handler: new ethX-pe@0x55ffaad9f7f0 Sep 21 07:25:27.901716: | libevent_malloc: new ptr-libevent@0x55ffaad9f830 size 128 Sep 21 07:25:27.901720: | libevent_malloc: new ptr-libevent@0x55ffaad9f120 size 16 Sep 21 07:25:27.901721: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:25:27.901725: | setup callback for interface eth0 192.0.2.251:4500 fd 20 Sep 21 07:25:27.901734: | crypto helper 5 waiting (nothing to do) Sep 21 07:25:27.901744: | add_fd_read_event_handler: new ethX-pe@0x55ffaad9f8c0 Sep 21 07:25:27.901754: | libevent_malloc: new ptr-libevent@0x55ffaad9f900 size 128 Sep 21 07:25:27.901757: | libevent_malloc: new ptr-libevent@0x55ffaad9f990 size 16 Sep 21 07:25:27.901762: | setup callback for interface eth0 192.0.2.251:500 fd 19 Sep 21 07:25:27.901765: | add_fd_read_event_handler: new ethX-pe@0x55ffaad9f9b0 Sep 21 07:25:27.901768: | libevent_malloc: new ptr-libevent@0x55ffaad9f9f0 size 128 Sep 21 07:25:27.901772: | libevent_malloc: new ptr-libevent@0x55ffaad9fa80 size 16 Sep 21 07:25:27.901777: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:25:27.901780: | add_fd_read_event_handler: new ethX-pe@0x55ffaad9faa0 Sep 21 07:25:27.901846: | libevent_malloc: new ptr-libevent@0x55ffaad9fae0 size 128 Sep 21 07:25:27.901853: | libevent_malloc: new ptr-libevent@0x55ffaad9fb70 size 16 Sep 21 07:25:27.901859: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:25:27.901865: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:27.901868: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:27.901890: loading secrets from "/etc/ipsec.secrets" Sep 21 07:25:27.901924: | saving Modulus Sep 21 07:25:27.901931: | saving PublicExponent Sep 21 07:25:27.901936: | ignoring PrivateExponent Sep 21 07:25:27.901940: | ignoring Prime1 Sep 21 07:25:27.901943: | ignoring Prime2 Sep 21 07:25:27.901947: | ignoring Exponent1 Sep 21 07:25:27.901951: | ignoring Exponent2 Sep 21 07:25:27.901955: | ignoring Coefficient Sep 21 07:25:27.901959: | ignoring CKAIDNSS Sep 21 07:25:27.902005: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:27.902008: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:25:27.902012: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Sep 21 07:25:27.902025: | certs and keys locked by 'process_secret' Sep 21 07:25:27.902028: | certs and keys unlocked by 'process_secret' Sep 21 07:25:27.902033: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:25:27.902121: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:27.902133: | spent 1.37 milliseconds in whack Sep 21 07:25:27.943516: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:27.943540: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:27.943545: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:27.943548: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:27.943550: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:27.943554: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:27.943561: | Added new connection westnet-eastnet-ikev2 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:27.943565: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:25:27.943620: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:25:27.943624: | from whack: got --esp= Sep 21 07:25:27.943662: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:25:27.943668: | counting wild cards for @west is 0 Sep 21 07:25:27.943672: | counting wild cards for @east is 0 Sep 21 07:25:27.943683: | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none Sep 21 07:25:27.943687: | new hp@0x55ffaad6b410 Sep 21 07:25:27.943691: added connection description "westnet-eastnet-ikev2" Sep 21 07:25:27.943707: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:27.943717: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24 Sep 21 07:25:27.943725: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:27.943731: | spent 0.224 milliseconds in whack Sep 21 07:25:27.943794: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:27.943806: add keyid @west Sep 21 07:25:27.943811: | add pubkey 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 Sep 21 07:25:27.943813: | add pubkey 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e Sep 21 07:25:27.943816: | add pubkey b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 Sep 21 07:25:27.943818: | add pubkey 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 Sep 21 07:25:27.943820: | add pubkey 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 Sep 21 07:25:27.943823: | add pubkey f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c Sep 21 07:25:27.943825: | add pubkey ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a Sep 21 07:25:27.943828: | add pubkey 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 Sep 21 07:25:27.943830: | add pubkey b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 Sep 21 07:25:27.943833: | add pubkey 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a Sep 21 07:25:27.943835: | add pubkey 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 Sep 21 07:25:27.943838: | add pubkey ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc Sep 21 07:25:27.943840: | add pubkey 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e Sep 21 07:25:27.943843: | add pubkey d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 Sep 21 07:25:27.943845: | add pubkey 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d Sep 21 07:25:27.943847: | add pubkey 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f Sep 21 07:25:27.943849: | add pubkey c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 Sep 21 07:25:27.943852: | add pubkey 15 04 37 f9 Sep 21 07:25:27.943878: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:25:27.943881: | computed rsa CKAID 7f 0f 03 50 Sep 21 07:25:27.943889: | keyid: *AQOm9dY/4 Sep 21 07:25:27.943891: | n a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 8b 49 Sep 21 07:25:27.943894: | n 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e b3 96 Sep 21 07:25:27.943896: | n 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 09 f0 Sep 21 07:25:27.943898: | n c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 8f 95 Sep 21 07:25:27.943901: | n 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 f5 99 Sep 21 07:25:27.943903: | n f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c ac 34 Sep 21 07:25:27.943905: | n ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a 94 d3 Sep 21 07:25:27.943908: | n d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 b2 2b Sep 21 07:25:27.943910: | n 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 7d 7a Sep 21 07:25:27.943912: | n 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a 8f 52 Sep 21 07:25:27.943915: | n a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 ca 80 Sep 21 07:25:27.943917: | n db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc 2a b3 Sep 21 07:25:27.943919: | n 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e d3 3a Sep 21 07:25:27.943921: | n 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 87 33 Sep 21 07:25:27.943924: | n 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d 6e e8 Sep 21 07:25:27.943926: | n 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f c9 20 Sep 21 07:25:27.943928: | n 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 15 04 Sep 21 07:25:27.943931: | n 37 f9 Sep 21 07:25:27.943933: | e 03 Sep 21 07:25:27.943935: | CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:25:27.943936: | CKAID 7f 0f 03 50 Sep 21 07:25:27.943943: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:27.943951: | spent 0.161 milliseconds in whack Sep 21 07:25:27.944002: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:27.944015: add keyid @east Sep 21 07:25:27.944019: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Sep 21 07:25:27.944021: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Sep 21 07:25:27.944024: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Sep 21 07:25:27.944026: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Sep 21 07:25:27.944028: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Sep 21 07:25:27.944031: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Sep 21 07:25:27.944033: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Sep 21 07:25:27.944035: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Sep 21 07:25:27.944038: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Sep 21 07:25:27.944040: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Sep 21 07:25:27.944042: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Sep 21 07:25:27.944045: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Sep 21 07:25:27.944047: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Sep 21 07:25:27.944049: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Sep 21 07:25:27.944052: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Sep 21 07:25:27.944054: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Sep 21 07:25:27.944056: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Sep 21 07:25:27.944058: | add pubkey 51 51 48 ef Sep 21 07:25:27.944073: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:27.944076: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:25:27.944080: | keyid: *AQO9bJbr3 Sep 21 07:25:27.944083: | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Sep 21 07:25:27.944085: | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Sep 21 07:25:27.944087: | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Sep 21 07:25:27.944089: | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Sep 21 07:25:27.944092: | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Sep 21 07:25:27.944094: | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Sep 21 07:25:27.944096: | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Sep 21 07:25:27.944098: | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Sep 21 07:25:27.944101: | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Sep 21 07:25:27.944103: | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Sep 21 07:25:27.944105: | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Sep 21 07:25:27.944107: | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Sep 21 07:25:27.944110: | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Sep 21 07:25:27.944112: | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Sep 21 07:25:27.944114: | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Sep 21 07:25:27.944116: | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Sep 21 07:25:27.944119: | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Sep 21 07:25:27.944121: | n 48 ef Sep 21 07:25:27.944123: | e 03 Sep 21 07:25:27.944126: | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:27.944128: | CKAID 8a 82 25 f1 Sep 21 07:25:27.944136: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:27.944141: | spent 0.144 milliseconds in whack Sep 21 07:25:27.944172: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:27.944182: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:25:27.944186: listening for IKE messages Sep 21 07:25:27.944218: | Inspecting interface lo Sep 21 07:25:27.944224: | found lo with address 127.0.0.1 Sep 21 07:25:27.944231: | Inspecting interface eth0 Sep 21 07:25:27.944235: | found eth0 with address 192.0.2.254 Sep 21 07:25:27.944237: | Inspecting interface eth0 Sep 21 07:25:27.944241: | found eth0 with address 192.0.2.250 Sep 21 07:25:27.944243: | Inspecting interface eth0 Sep 21 07:25:27.944247: | found eth0 with address 192.0.2.251 Sep 21 07:25:27.944249: | Inspecting interface eth1 Sep 21 07:25:27.944253: | found eth1 with address 192.1.2.23 Sep 21 07:25:27.944338: | no interfaces to sort Sep 21 07:25:27.944346: | libevent_free: release ptr-libevent@0x55ffaad9ec50 Sep 21 07:25:27.944349: | free_event_entry: release EVENT_NULL-pe@0x55ffaad9ec10 Sep 21 07:25:27.944352: | add_fd_read_event_handler: new ethX-pe@0x55ffaad9ec10 Sep 21 07:25:27.944355: | libevent_malloc: new ptr-libevent@0x55ffaad9ec50 size 128 Sep 21 07:25:27.944363: | setup callback for interface lo 127.0.0.1:4500 fd 26 Sep 21 07:25:27.944367: | libevent_free: release ptr-libevent@0x55ffaad9ed40 Sep 21 07:25:27.944369: | free_event_entry: release EVENT_NULL-pe@0x55ffaad9ed00 Sep 21 07:25:27.944372: | add_fd_read_event_handler: new ethX-pe@0x55ffaad9ed00 Sep 21 07:25:27.944374: | libevent_malloc: new ptr-libevent@0x55ffaad9ed40 size 128 Sep 21 07:25:27.944379: | setup callback for interface lo 127.0.0.1:500 fd 25 Sep 21 07:25:27.944382: | libevent_free: release ptr-libevent@0x55ffaad9ee30 Sep 21 07:25:27.944385: | free_event_entry: release EVENT_NULL-pe@0x55ffaad9edf0 Sep 21 07:25:27.944387: | add_fd_read_event_handler: new ethX-pe@0x55ffaad9edf0 Sep 21 07:25:27.944390: | libevent_malloc: new ptr-libevent@0x55ffaad9ee30 size 128 Sep 21 07:25:27.944394: | setup callback for interface eth0 192.0.2.254:4500 fd 24 Sep 21 07:25:27.944398: | libevent_free: release ptr-libevent@0x55ffaad9ef20 Sep 21 07:25:27.944400: | free_event_entry: release EVENT_NULL-pe@0x55ffaad9eee0 Sep 21 07:25:27.944403: | add_fd_read_event_handler: new ethX-pe@0x55ffaad9eee0 Sep 21 07:25:27.944405: | libevent_malloc: new ptr-libevent@0x55ffaad9ef20 size 128 Sep 21 07:25:27.944410: | setup callback for interface eth0 192.0.2.254:500 fd 23 Sep 21 07:25:27.944413: | libevent_free: release ptr-libevent@0x55ffaad9f010 Sep 21 07:25:27.944416: | free_event_entry: release EVENT_NULL-pe@0x55ffaad9efd0 Sep 21 07:25:27.944418: | add_fd_read_event_handler: new ethX-pe@0x55ffaad9efd0 Sep 21 07:25:27.944421: | libevent_malloc: new ptr-libevent@0x55ffaad9f010 size 128 Sep 21 07:25:27.944425: | setup callback for interface eth0 192.0.2.250:4500 fd 22 Sep 21 07:25:27.944429: | libevent_free: release ptr-libevent@0x55ffaad9f760 Sep 21 07:25:27.944432: | free_event_entry: release EVENT_NULL-pe@0x55ffaad9f0c0 Sep 21 07:25:27.944434: | add_fd_read_event_handler: new ethX-pe@0x55ffaad9f0c0 Sep 21 07:25:27.944437: | libevent_malloc: new ptr-libevent@0x55ffaad9f760 size 128 Sep 21 07:25:27.944441: | setup callback for interface eth0 192.0.2.250:500 fd 21 Sep 21 07:25:27.944445: | libevent_free: release ptr-libevent@0x55ffaad9f830 Sep 21 07:25:27.944447: | free_event_entry: release EVENT_NULL-pe@0x55ffaad9f7f0 Sep 21 07:25:27.944449: | add_fd_read_event_handler: new ethX-pe@0x55ffaad9f7f0 Sep 21 07:25:27.944452: | libevent_malloc: new ptr-libevent@0x55ffaad9f830 size 128 Sep 21 07:25:27.944457: | setup callback for interface eth0 192.0.2.251:4500 fd 20 Sep 21 07:25:27.944460: | libevent_free: release ptr-libevent@0x55ffaad9f900 Sep 21 07:25:27.944462: | free_event_entry: release EVENT_NULL-pe@0x55ffaad9f8c0 Sep 21 07:25:27.944465: | add_fd_read_event_handler: new ethX-pe@0x55ffaad9f8c0 Sep 21 07:25:27.944467: | libevent_malloc: new ptr-libevent@0x55ffaad9f900 size 128 Sep 21 07:25:27.944472: | setup callback for interface eth0 192.0.2.251:500 fd 19 Sep 21 07:25:27.944475: | libevent_free: release ptr-libevent@0x55ffaad9f9f0 Sep 21 07:25:27.944478: | free_event_entry: release EVENT_NULL-pe@0x55ffaad9f9b0 Sep 21 07:25:27.944480: | add_fd_read_event_handler: new ethX-pe@0x55ffaad9f9b0 Sep 21 07:25:27.944483: | libevent_malloc: new ptr-libevent@0x55ffaad9f9f0 size 128 Sep 21 07:25:27.944488: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:25:27.944494: | libevent_free: release ptr-libevent@0x55ffaad9fae0 Sep 21 07:25:27.944497: | free_event_entry: release EVENT_NULL-pe@0x55ffaad9faa0 Sep 21 07:25:27.944499: | add_fd_read_event_handler: new ethX-pe@0x55ffaad9faa0 Sep 21 07:25:27.944502: | libevent_malloc: new ptr-libevent@0x55ffaad9fae0 size 128 Sep 21 07:25:27.944506: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:25:27.944509: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:27.944511: forgetting secrets Sep 21 07:25:27.944518: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:27.944532: loading secrets from "/etc/ipsec.secrets" Sep 21 07:25:27.944546: | saving Modulus Sep 21 07:25:27.944549: | saving PublicExponent Sep 21 07:25:27.944553: | ignoring PrivateExponent Sep 21 07:25:27.944556: | ignoring Prime1 Sep 21 07:25:27.944559: | ignoring Prime2 Sep 21 07:25:27.944562: | ignoring Exponent1 Sep 21 07:25:27.944565: | ignoring Exponent2 Sep 21 07:25:27.944568: | ignoring Coefficient Sep 21 07:25:27.944571: | ignoring CKAIDNSS Sep 21 07:25:27.944584: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:27.944586: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:25:27.944589: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Sep 21 07:25:27.944594: | certs and keys locked by 'process_secret' Sep 21 07:25:27.944596: | certs and keys unlocked by 'process_secret' Sep 21 07:25:27.944601: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:25:27.944606: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:27.944611: | spent 0.442 milliseconds in whack Sep 21 07:25:27.944665: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:27.944680: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:27.944687: | start processing: connection "westnet-eastnet-ikev2" (in initiate_a_connection() at initiate.c:186) Sep 21 07:25:27.944691: | connection 'westnet-eastnet-ikev2' +POLICY_UP Sep 21 07:25:27.944695: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Sep 21 07:25:27.944698: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:27.944710: | creating state object #1 at 0x55ffaada1150 Sep 21 07:25:27.944714: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:25:27.944722: | pstats #1 ikev2.ike started Sep 21 07:25:27.944727: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:25:27.944731: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:25:27.944738: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:27.944747: | suspend processing: connection "westnet-eastnet-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:25:27.944753: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:25:27.944757: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:25:27.944763: | Queuing pending IPsec SA negotiating with 192.1.2.45 "westnet-eastnet-ikev2" IKE SA #1 "westnet-eastnet-ikev2" Sep 21 07:25:27.944767: "westnet-eastnet-ikev2" #1: initiating v2 parent SA Sep 21 07:25:27.944792: | constructing local IKE proposals for westnet-eastnet-ikev2 (IKE SA initiator selecting KE) Sep 21 07:25:27.944806: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:27.944817: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:27.944823: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:27.944844: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:27.944853: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:27.944860: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:27.944865: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:27.944873: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:27.944888: "westnet-eastnet-ikev2": constructed local IKE proposals for westnet-eastnet-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:27.944898: | adding ikev2_outI1 KE work-order 1 for state #1 Sep 21 07:25:27.944917: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55ffaada1090 Sep 21 07:25:27.944922: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:25:27.944926: | libevent_malloc: new ptr-libevent@0x55ffaada1c10 size 128 Sep 21 07:25:27.944938: | #1 spent 0.244 milliseconds in ikev2_parent_outI1() Sep 21 07:25:27.944943: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:27.944962: | RESET processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:27.944966: | RESET processing: connection "westnet-eastnet-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:27.944984: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:25:27.944993: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:27.944993: | crypto helper 0 resuming Sep 21 07:25:27.945002: | spent 0.336 milliseconds in whack Sep 21 07:25:27.945011: | crypto helper 0 starting work-order 1 for state #1 Sep 21 07:25:27.945024: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Sep 21 07:25:27.945522: | processing signal PLUTO_SIGCHLD Sep 21 07:25:27.945534: | waitpid returned pid 6974 (exited with status 0) Sep 21 07:25:27.945538: | reaped addconn helper child (status 0) Sep 21 07:25:27.945542: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:27.945547: | spent 0.017 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:27.945794: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000769 seconds Sep 21 07:25:27.945806: | (#1) spent 0.778 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Sep 21 07:25:27.945808: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Sep 21 07:25:27.945810: | scheduling resume sending helper answer for #1 Sep 21 07:25:27.945812: | libevent_malloc: new ptr-libevent@0x7f152c006900 size 128 Sep 21 07:25:27.945818: | crypto helper 0 waiting (nothing to do) Sep 21 07:25:27.945825: | processing resume sending helper answer for #1 Sep 21 07:25:27.945834: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:797) Sep 21 07:25:27.945855: | crypto helper 0 replies to request ID 1 Sep 21 07:25:27.945858: | calling continuation function 0x55ffa8f44630 Sep 21 07:25:27.945861: | ikev2_parent_outI1_continue for #1 Sep 21 07:25:27.945891: | **emit ISAKMP Message: Sep 21 07:25:27.945894: | initiator cookie: Sep 21 07:25:27.945897: | 2c ef 54 54 bb ce cd e6 Sep 21 07:25:27.945900: | responder cookie: Sep 21 07:25:27.945902: | 00 00 00 00 00 00 00 00 Sep 21 07:25:27.945906: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:27.945909: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:27.945912: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:27.945916: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:27.945919: | Message ID: 0 (0x0) Sep 21 07:25:27.945922: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:27.945947: | using existing local IKE proposals for connection westnet-eastnet-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:27.945950: | Emitting ikev2_proposals ... Sep 21 07:25:27.945954: | ***emit IKEv2 Security Association Payload: Sep 21 07:25:27.945957: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:27.945960: | flags: none (0x0) Sep 21 07:25:27.945964: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:27.945968: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:27.945971: | discarding INTEG=NONE Sep 21 07:25:27.945974: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:27.945977: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:27.945980: | prop #: 1 (0x1) Sep 21 07:25:27.945983: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:27.945985: | spi size: 0 (0x0) Sep 21 07:25:27.945988: | # transforms: 11 (0xb) Sep 21 07:25:27.945992: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:27.945995: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.945998: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946001: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:27.946004: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:27.946008: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946011: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:27.946014: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:27.946017: | length/value: 256 (0x100) Sep 21 07:25:27.946021: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:27.946024: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946026: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946029: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:27.946032: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:27.946037: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946041: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946046: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946049: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946052: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946055: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:27.946058: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:27.946062: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946066: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946069: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946071: | discarding INTEG=NONE Sep 21 07:25:27.946074: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946077: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946080: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.946083: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:27.946087: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946091: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946094: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946097: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946100: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946103: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.946106: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:27.946110: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946114: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946117: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946120: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946123: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946126: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.946129: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:27.946133: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946137: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946140: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946143: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946146: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946148: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.946151: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:27.946156: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946159: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946163: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946166: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946168: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946171: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.946174: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:27.946178: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946185: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946189: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946192: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946195: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946197: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.946200: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:27.946204: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946208: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946212: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946214: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946217: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946220: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.946223: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:27.946227: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946231: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946234: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946237: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946240: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:27.946243: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.946246: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:27.946250: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946254: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946257: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946260: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:25:27.946264: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:27.946267: | discarding INTEG=NONE Sep 21 07:25:27.946270: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:27.946272: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:27.946275: | prop #: 2 (0x2) Sep 21 07:25:27.946278: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:27.946281: | spi size: 0 (0x0) Sep 21 07:25:27.946283: | # transforms: 11 (0xb) Sep 21 07:25:27.946300: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:27.946304: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:27.946308: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946311: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946314: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:27.946316: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:27.946320: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946324: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:27.946327: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:27.946329: | length/value: 128 (0x80) Sep 21 07:25:27.946334: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:27.946337: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946340: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946343: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:27.946346: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:27.946350: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946354: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946357: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946360: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946363: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946366: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:27.946369: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:27.946386: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946390: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946393: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946395: | discarding INTEG=NONE Sep 21 07:25:27.946398: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946401: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946404: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.946407: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:27.946411: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946415: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946418: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946421: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946424: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946426: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.946429: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:27.946434: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946437: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946441: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946444: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946446: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946449: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.946452: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:27.946456: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946460: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946463: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946466: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946469: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946472: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.946475: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:27.946479: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946484: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946488: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946490: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946493: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946496: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.946499: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:27.946503: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946507: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946510: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946513: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946516: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946519: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.946522: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:27.946526: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946530: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946533: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946536: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946539: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946542: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.946544: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:27.946548: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946552: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946555: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946558: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946561: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:27.946564: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.946567: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:27.946571: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946575: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946578: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946581: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:25:27.946585: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:27.946588: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:27.946590: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:27.946593: | prop #: 3 (0x3) Sep 21 07:25:27.946596: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:27.946599: | spi size: 0 (0x0) Sep 21 07:25:27.946601: | # transforms: 13 (0xd) Sep 21 07:25:27.946605: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:27.946609: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:27.946614: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946617: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946620: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:27.946623: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:27.946626: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946630: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:27.946633: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:27.946635: | length/value: 256 (0x100) Sep 21 07:25:27.946639: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:27.946641: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946644: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946647: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:27.946650: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:27.946654: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946658: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946661: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946664: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946667: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946670: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:27.946673: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:27.946677: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946681: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946684: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946687: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946690: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946693: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:27.946696: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:27.946700: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946704: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946707: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946710: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946713: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946716: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:27.946719: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:27.946723: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946727: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946730: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946733: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946736: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946738: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.946741: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:27.946746: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946749: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946754: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946757: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946760: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946762: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.946765: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:27.946770: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946773: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946777: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946779: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946786: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946807: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.946810: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:27.946814: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946818: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946821: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946824: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946827: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946830: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.946846: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:27.946850: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946854: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946858: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946860: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946863: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946866: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.946869: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:27.946873: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946877: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946880: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946883: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946886: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946889: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.946892: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:27.946896: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946900: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946903: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946906: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946909: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946912: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.946915: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:27.946920: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946924: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946927: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946930: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946933: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:27.946936: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.946939: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:27.946943: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946947: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.946950: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.946953: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:25:27.946957: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:27.946960: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:27.946963: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:27.946966: | prop #: 4 (0x4) Sep 21 07:25:27.946968: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:27.946971: | spi size: 0 (0x0) Sep 21 07:25:27.946974: | # transforms: 13 (0xd) Sep 21 07:25:27.946978: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:27.946982: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:27.946985: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.946988: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.946991: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:27.946993: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:27.946997: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.947000: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:27.947003: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:27.947006: | length/value: 128 (0x80) Sep 21 07:25:27.947009: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:27.947012: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.947015: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.947018: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:27.947021: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:27.947025: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.947029: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.947032: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.947035: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.947038: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.947041: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:27.947044: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:27.947048: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.947052: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.947056: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.947059: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.947062: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.947065: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:27.947068: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:27.947072: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.947076: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.947079: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.947082: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.947085: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.947088: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:27.947091: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:27.947095: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.947099: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.947102: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.947105: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.947108: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.947110: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.947113: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:27.947118: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.947122: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.947125: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.947128: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.947130: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.947133: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.947136: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:27.947140: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.947144: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.947148: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.947150: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.947153: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.947156: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.947159: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:27.947163: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.947167: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.947170: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.947173: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.947176: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.947179: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.947182: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:27.947186: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.947191: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.947194: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.947197: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.947200: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.947203: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.947206: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:27.947210: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.947214: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.947217: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.947220: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.947223: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.947226: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.947229: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:27.947233: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.947237: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.947240: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.947243: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.947246: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.947249: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.947252: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:27.947256: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.947260: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.947263: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.947266: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:27.947269: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:27.947272: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:27.947274: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:27.947279: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:27.947282: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:27.947286: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:27.947289: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:25:27.947292: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:27.947296: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:25:27.947299: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:27.947302: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:25:27.947305: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:27.947308: | flags: none (0x0) Sep 21 07:25:27.947311: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:27.947315: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:25:27.947319: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:25:27.947324: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:25:27.947327: | ikev2 g^x 85 f6 9a 38 70 04 62 01 d0 b1 d7 a2 2c f2 0d 71 Sep 21 07:25:27.947330: | ikev2 g^x b0 4f 60 38 c7 92 0a b1 fa 06 da 3a f4 1e c7 fd Sep 21 07:25:27.947333: | ikev2 g^x 87 d1 01 dc 55 8e b2 22 27 d1 b8 84 4d 68 48 04 Sep 21 07:25:27.947336: | ikev2 g^x 32 ef 21 97 52 20 3a 96 5b 3a f6 a2 00 13 8a 8a Sep 21 07:25:27.947339: | ikev2 g^x c0 a9 6a ab 20 e1 d3 a0 61 14 0e 4f f1 2f 68 2b Sep 21 07:25:27.947342: | ikev2 g^x b4 b4 d6 c5 c1 75 0b 3d 93 6c 46 2a db 8a c4 7b Sep 21 07:25:27.947345: | ikev2 g^x c8 49 f8 e9 6c 77 bb ca cb 4b e0 42 3e 23 0f 0c Sep 21 07:25:27.947348: | ikev2 g^x 70 e3 db 11 b1 fa eb 11 7f 64 02 3c ad 52 ee 42 Sep 21 07:25:27.947351: | ikev2 g^x f3 a0 e9 2e 95 ee 8f a7 6d 83 30 3b d0 39 55 68 Sep 21 07:25:27.947354: | ikev2 g^x 3b d7 08 8b 92 45 ce 6a 63 18 21 7b a4 41 56 12 Sep 21 07:25:27.947356: | ikev2 g^x 7f f7 a5 7e 81 bf 65 d8 04 06 be 8d 24 9a e4 28 Sep 21 07:25:27.947359: | ikev2 g^x d2 22 a3 58 ee db 72 8e 83 3a 54 7f e0 11 67 35 Sep 21 07:25:27.947362: | ikev2 g^x ab 60 bd ce 64 83 ee 01 69 f7 ed a7 40 49 05 0a Sep 21 07:25:27.947365: | ikev2 g^x 04 90 73 60 a9 a6 50 0e 98 18 bd a2 3e fd 1f 64 Sep 21 07:25:27.947368: | ikev2 g^x 9b 32 15 f0 31 ea e4 c5 22 69 a8 03 f5 45 b5 b1 Sep 21 07:25:27.947371: | ikev2 g^x f0 68 c9 da 88 bb c0 cc 10 86 00 f9 95 4c ec 45 Sep 21 07:25:27.947374: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:25:27.947377: | ***emit IKEv2 Nonce Payload: Sep 21 07:25:27.947380: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:27.947382: | flags: none (0x0) Sep 21 07:25:27.947386: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:25:27.947390: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:25:27.947394: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:25:27.947397: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:25:27.947400: | IKEv2 nonce 73 39 2c ed 1d c8 2f 3a 0a 65 2b 58 c9 cf bb 9b Sep 21 07:25:27.947403: | IKEv2 nonce b5 37 be b9 80 c9 27 d9 d9 e8 f5 97 dd ca 9f 4d Sep 21 07:25:27.947406: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:25:27.947409: | Adding a v2N Payload Sep 21 07:25:27.947412: | ***emit IKEv2 Notify Payload: Sep 21 07:25:27.947415: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:27.947417: | flags: none (0x0) Sep 21 07:25:27.947420: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:27.947423: | SPI size: 0 (0x0) Sep 21 07:25:27.947426: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:27.947431: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:27.947434: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:27.947437: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:25:27.947441: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:25:27.947443: | natd_hash: rcookie is zero Sep 21 07:25:27.947455: | natd_hash: hasher=0x55ffa901a7a0(20) Sep 21 07:25:27.947458: | natd_hash: icookie= 2c ef 54 54 bb ce cd e6 Sep 21 07:25:27.947461: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:27.947463: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:27.947466: | natd_hash: port= 01 f4 Sep 21 07:25:27.947469: | natd_hash: hash= a1 c2 3a 33 4f d6 d2 3b be e4 d2 d4 8e 0b f6 30 Sep 21 07:25:27.947472: | natd_hash: hash= 22 e1 7d 33 Sep 21 07:25:27.947474: | Adding a v2N Payload Sep 21 07:25:27.947477: | ***emit IKEv2 Notify Payload: Sep 21 07:25:27.947480: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:27.947485: | flags: none (0x0) Sep 21 07:25:27.947488: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:27.947491: | SPI size: 0 (0x0) Sep 21 07:25:27.947494: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:27.947498: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:27.947502: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:27.947505: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:27.947508: | Notify data a1 c2 3a 33 4f d6 d2 3b be e4 d2 d4 8e 0b f6 30 Sep 21 07:25:27.947511: | Notify data 22 e1 7d 33 Sep 21 07:25:27.947514: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:27.947517: | natd_hash: rcookie is zero Sep 21 07:25:27.947523: | natd_hash: hasher=0x55ffa901a7a0(20) Sep 21 07:25:27.947526: | natd_hash: icookie= 2c ef 54 54 bb ce cd e6 Sep 21 07:25:27.947529: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:27.947531: | natd_hash: ip= c0 01 02 2d Sep 21 07:25:27.947534: | natd_hash: port= 01 f4 Sep 21 07:25:27.947537: | natd_hash: hash= 4a 99 4d a9 0e 42 e1 bc 0b c4 40 41 8f 40 63 56 Sep 21 07:25:27.947539: | natd_hash: hash= c4 74 90 f0 Sep 21 07:25:27.947542: | Adding a v2N Payload Sep 21 07:25:27.947545: | ***emit IKEv2 Notify Payload: Sep 21 07:25:27.947547: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:27.947550: | flags: none (0x0) Sep 21 07:25:27.947553: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:27.947556: | SPI size: 0 (0x0) Sep 21 07:25:27.947559: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:27.947563: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:27.947566: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:27.947570: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:27.947573: | Notify data 4a 99 4d a9 0e 42 e1 bc 0b c4 40 41 8f 40 63 56 Sep 21 07:25:27.947575: | Notify data c4 74 90 f0 Sep 21 07:25:27.947578: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:27.947581: | emitting length of ISAKMP Message: 828 Sep 21 07:25:27.947591: | stop processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:25:27.947602: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:27.947606: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:25:27.947610: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:25:27.947613: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:25:27.947617: | Message ID: updating counters for #1 to 4294967295 after switching state Sep 21 07:25:27.947620: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:25:27.947627: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:25:27.947630: "westnet-eastnet-ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:25:27.947635: | sending V2 reply packet to 192.1.2.45:500 (from 192.1.2.23:500) Sep 21 07:25:27.947646: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) Sep 21 07:25:27.947649: | 2c ef 54 54 bb ce cd e6 00 00 00 00 00 00 00 00 Sep 21 07:25:27.947652: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:25:27.947655: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:25:27.947658: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:25:27.947661: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:25:27.947665: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:25:27.947668: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:25:27.947671: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:25:27.947673: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:25:27.947676: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:25:27.947679: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:25:27.947682: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:25:27.947685: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:25:27.947687: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:25:27.947690: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:25:27.947693: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:25:27.947696: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:27.947698: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:25:27.947701: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:25:27.947704: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:25:27.947707: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:25:27.947710: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:25:27.947712: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:25:27.947715: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:25:27.947718: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:25:27.947721: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:25:27.947724: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:25:27.947726: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:25:27.947729: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:25:27.947732: | 28 00 01 08 00 0e 00 00 85 f6 9a 38 70 04 62 01 Sep 21 07:25:27.947735: | d0 b1 d7 a2 2c f2 0d 71 b0 4f 60 38 c7 92 0a b1 Sep 21 07:25:27.947738: | fa 06 da 3a f4 1e c7 fd 87 d1 01 dc 55 8e b2 22 Sep 21 07:25:27.947740: | 27 d1 b8 84 4d 68 48 04 32 ef 21 97 52 20 3a 96 Sep 21 07:25:27.947743: | 5b 3a f6 a2 00 13 8a 8a c0 a9 6a ab 20 e1 d3 a0 Sep 21 07:25:27.947746: | 61 14 0e 4f f1 2f 68 2b b4 b4 d6 c5 c1 75 0b 3d Sep 21 07:25:27.947749: | 93 6c 46 2a db 8a c4 7b c8 49 f8 e9 6c 77 bb ca Sep 21 07:25:27.947752: | cb 4b e0 42 3e 23 0f 0c 70 e3 db 11 b1 fa eb 11 Sep 21 07:25:27.947754: | 7f 64 02 3c ad 52 ee 42 f3 a0 e9 2e 95 ee 8f a7 Sep 21 07:25:27.947757: | 6d 83 30 3b d0 39 55 68 3b d7 08 8b 92 45 ce 6a Sep 21 07:25:27.947760: | 63 18 21 7b a4 41 56 12 7f f7 a5 7e 81 bf 65 d8 Sep 21 07:25:27.947763: | 04 06 be 8d 24 9a e4 28 d2 22 a3 58 ee db 72 8e Sep 21 07:25:27.947766: | 83 3a 54 7f e0 11 67 35 ab 60 bd ce 64 83 ee 01 Sep 21 07:25:27.947768: | 69 f7 ed a7 40 49 05 0a 04 90 73 60 a9 a6 50 0e Sep 21 07:25:27.947771: | 98 18 bd a2 3e fd 1f 64 9b 32 15 f0 31 ea e4 c5 Sep 21 07:25:27.947774: | 22 69 a8 03 f5 45 b5 b1 f0 68 c9 da 88 bb c0 cc Sep 21 07:25:27.947777: | 10 86 00 f9 95 4c ec 45 29 00 00 24 73 39 2c ed Sep 21 07:25:27.947780: | 1d c8 2f 3a 0a 65 2b 58 c9 cf bb 9b b5 37 be b9 Sep 21 07:25:27.947786: | 80 c9 27 d9 d9 e8 f5 97 dd ca 9f 4d 29 00 00 08 Sep 21 07:25:27.947806: | 00 00 40 2e 29 00 00 1c 00 00 40 04 a1 c2 3a 33 Sep 21 07:25:27.947809: | 4f d6 d2 3b be e4 d2 d4 8e 0b f6 30 22 e1 7d 33 Sep 21 07:25:27.947812: | 00 00 00 1c 00 00 40 05 4a 99 4d a9 0e 42 e1 bc Sep 21 07:25:27.947814: | 0b c4 40 41 8f 40 63 56 c4 74 90 f0 Sep 21 07:25:27.947881: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:27.947886: | libevent_free: release ptr-libevent@0x55ffaada1c10 Sep 21 07:25:27.947890: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55ffaada1090 Sep 21 07:25:27.947893: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:25:27.947897: | event_schedule: new EVENT_RETRANSMIT-pe@0x55ffaada1090 Sep 21 07:25:27.947903: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Sep 21 07:25:27.947907: | libevent_malloc: new ptr-libevent@0x55ffaada1c10 size 128 Sep 21 07:25:27.947913: | #1 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49374.316161 Sep 21 07:25:27.947917: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Sep 21 07:25:27.947923: | #1 spent 2.03 milliseconds in resume sending helper answer Sep 21 07:25:27.947929: | stop processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:833) Sep 21 07:25:27.947932: | libevent_free: release ptr-libevent@0x7f152c006900 Sep 21 07:25:27.947942: recvmsg: received truncated IKE packet (MSG_TRUNC) Sep 21 07:25:27.947946: | **parse ISAKMP Message (raw): Sep 21 07:25:27.947949: | initiator cookie: Sep 21 07:25:27.947951: | 2c ef 54 54 bb ce cd e6 Sep 21 07:25:27.947954: | responder cookie: Sep 21 07:25:27.947957: | 00 00 00 00 00 00 00 00 Sep 21 07:25:27.947960: | next payload type: 33 (0x21) Sep 21 07:25:27.947962: | ISAKMP version: 32 (0x20) Sep 21 07:25:27.947965: | exchange type: 34 (0x22) Sep 21 07:25:27.947968: | flags: 8 (0x8) Sep 21 07:25:27.947970: | Message ID: 0 (0x0) Sep 21 07:25:27.947973: | length: 828 (0x33c) Sep 21 07:25:27.947977: | State DB: found IKEv2 state #1 in PARENT_I1 (find_likely_sender) Sep 21 07:25:27.947980: | MSG_ERRQUEUE packet matches IKEv2 SA #1 Sep 21 07:25:27.947982: | rejected packet: Sep 21 07:25:27.947985: | 2c ef 54 54 bb ce cd e6 00 00 00 00 00 00 00 00 Sep 21 07:25:27.947988: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:25:27.947991: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:25:27.947994: | 80 0e 01 00 03 00 00 08 Sep 21 07:25:27.947996: | control: Sep 21 07:25:27.947999: | 1c 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 Sep 21 07:25:27.948002: | 5e 13 00 00 00 00 00 00 c0 01 02 17 00 00 00 00 Sep 21 07:25:27.948005: | 30 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 Sep 21 07:25:27.948007: | 6f 00 00 00 02 03 03 00 00 00 00 00 00 00 00 00 Sep 21 07:25:27.948010: | 02 00 00 00 c0 01 02 2d 00 00 00 00 00 00 00 00 Sep 21 07:25:27.948012: | name: Sep 21 07:25:27.948015: | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 Sep 21 07:25:27.948023: "westnet-eastnet-ikev2" #1: ERROR: asynchronous network error report on eth1 (192.1.2.23:500) for message to 192.1.2.45 port 500, complainant 192.1.2.45: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] Sep 21 07:25:27.948029: | spent 0.0893 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:28.036374: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:28.036404: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:28.036411: | start processing: connection "westnet-eastnet-ikev2" (in terminate_a_connection() at terminate.c:69) Sep 21 07:25:28.036414: "westnet-eastnet-ikev2": terminating SAs using this connection Sep 21 07:25:28.036421: | connection 'westnet-eastnet-ikev2' -POLICY_UP Sep 21 07:25:28.036425: | removing pending policy for no connection {0x55ffaad725f0} Sep 21 07:25:28.036428: | connection not shared - terminating IKE and IPsec SA Sep 21 07:25:28.036431: | Deleting states for connection - not including other IPsec SA's Sep 21 07:25:28.036433: | pass 0 Sep 21 07:25:28.036436: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:28.036438: | state #1 Sep 21 07:25:28.036442: | suspend processing: connection "westnet-eastnet-ikev2" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:25:28.036448: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:25:28.036451: | pstats #1 ikev2.ike deleted other Sep 21 07:25:28.036460: | #1 spent 3.05 milliseconds in total Sep 21 07:25:28.036466: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in delete_state() at state.c:879) Sep 21 07:25:28.036470: "westnet-eastnet-ikev2" #1: deleting state (STATE_PARENT_I1) aged 0.091s and NOT sending notification Sep 21 07:25:28.036475: | parent state #1: PARENT_I1(half-open IKE SA) => delete Sep 21 07:25:28.036478: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:25:28.036481: | #1 STATE_PARENT_I1: retransmits: cleared Sep 21 07:25:28.036485: | libevent_free: release ptr-libevent@0x55ffaada1c10 Sep 21 07:25:28.036488: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55ffaada1090 Sep 21 07:25:28.036491: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:25:28.036497: | stop processing: connection "westnet-eastnet-ikev2" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:25:28.036500: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:25:28.036503: | in connection_discard for connection westnet-eastnet-ikev2 Sep 21 07:25:28.036505: | State DB: deleting IKEv2 state #1 in PARENT_I1 Sep 21 07:25:28.036510: | parent state #1: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Sep 21 07:25:28.036534: | stop processing: state #1 from 192.1.2.45:500 (in delete_state() at state.c:1143) Sep 21 07:25:28.036539: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:25:28.036542: | pass 1 Sep 21 07:25:28.036545: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:28.036548: | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) Sep 21 07:25:28.036551: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:28.036555: | start processing: connection "westnet-eastnet-ikev2" (in delete_connection() at connections.c:189) Sep 21 07:25:28.036557: | Deleting states for connection - not including other IPsec SA's Sep 21 07:25:28.036560: | pass 0 Sep 21 07:25:28.036562: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:28.036564: | pass 1 Sep 21 07:25:28.036566: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:28.036570: | free hp@0x55ffaad6b410 Sep 21 07:25:28.036573: | flush revival: connection 'westnet-eastnet-ikev2' wasn't on the list Sep 21 07:25:28.036577: | stop processing: connection "westnet-eastnet-ikev2" (in discard_connection() at connections.c:249) Sep 21 07:25:28.036582: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:28.036587: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:28.036594: | Added new connection westnet-eastnet-ikev2 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:28.036598: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:25:28.036657: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:25:28.036661: | from whack: got --esp= Sep 21 07:25:28.036701: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:25:28.036706: | counting wild cards for @west is 0 Sep 21 07:25:28.036710: | counting wild cards for @east is 0 Sep 21 07:25:28.036718: | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none Sep 21 07:25:28.036721: | new hp@0x55ffaada0b20 Sep 21 07:25:28.036723: added connection description "westnet-eastnet-ikev2" Sep 21 07:25:28.036731: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:28.036745: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24 Sep 21 07:25:28.036753: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:28.036759: | spent 0.397 milliseconds in whack Sep 21 07:25:28.036926: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:28.036944: add keyid @west Sep 21 07:25:28.036949: | unreference key: 0x55ffaacfd940 @west cnt 1-- Sep 21 07:25:28.036954: | add pubkey 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 Sep 21 07:25:28.036956: | add pubkey 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e Sep 21 07:25:28.036958: | add pubkey b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 Sep 21 07:25:28.036960: | add pubkey 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 Sep 21 07:25:28.036962: | add pubkey 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 Sep 21 07:25:28.036964: | add pubkey f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c Sep 21 07:25:28.036966: | add pubkey ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a Sep 21 07:25:28.036968: | add pubkey 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 Sep 21 07:25:28.036970: | add pubkey b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 Sep 21 07:25:28.036973: | add pubkey 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a Sep 21 07:25:28.036975: | add pubkey 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 Sep 21 07:25:28.036977: | add pubkey ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc Sep 21 07:25:28.036979: | add pubkey 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e Sep 21 07:25:28.036981: | add pubkey d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 Sep 21 07:25:28.036984: | add pubkey 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d Sep 21 07:25:28.036986: | add pubkey 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f Sep 21 07:25:28.036988: | add pubkey c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 Sep 21 07:25:28.036990: | add pubkey 15 04 37 f9 Sep 21 07:25:28.037007: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:25:28.037010: | computed rsa CKAID 7f 0f 03 50 Sep 21 07:25:28.037014: | keyid: *AQOm9dY/4 Sep 21 07:25:28.037016: | n a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 8b 49 Sep 21 07:25:28.037018: | n 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e b3 96 Sep 21 07:25:28.037020: | n 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 09 f0 Sep 21 07:25:28.037023: | n c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 8f 95 Sep 21 07:25:28.037025: | n 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 f5 99 Sep 21 07:25:28.037027: | n f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c ac 34 Sep 21 07:25:28.037029: | n ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a 94 d3 Sep 21 07:25:28.037031: | n d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 b2 2b Sep 21 07:25:28.037033: | n 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 7d 7a Sep 21 07:25:28.037035: | n 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a 8f 52 Sep 21 07:25:28.037038: | n a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 ca 80 Sep 21 07:25:28.037040: | n db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc 2a b3 Sep 21 07:25:28.037042: | n 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e d3 3a Sep 21 07:25:28.037045: | n 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 87 33 Sep 21 07:25:28.037047: | n 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d 6e e8 Sep 21 07:25:28.037049: | n 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f c9 20 Sep 21 07:25:28.037051: | n 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 15 04 Sep 21 07:25:28.037054: | n 37 f9 Sep 21 07:25:28.037056: | e 03 Sep 21 07:25:28.037058: | CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:25:28.037060: | CKAID 7f 0f 03 50 Sep 21 07:25:28.037067: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:28.037072: | spent 0.147 milliseconds in whack Sep 21 07:25:28.037123: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:28.037144: add keyid @east Sep 21 07:25:28.037149: | unreference key: 0x55ffaada0f10 @east cnt 1-- Sep 21 07:25:28.037153: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Sep 21 07:25:28.037155: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Sep 21 07:25:28.037158: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Sep 21 07:25:28.037161: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Sep 21 07:25:28.037164: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Sep 21 07:25:28.037166: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Sep 21 07:25:28.037169: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Sep 21 07:25:28.037172: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Sep 21 07:25:28.037175: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Sep 21 07:25:28.037177: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Sep 21 07:25:28.037180: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Sep 21 07:25:28.037183: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Sep 21 07:25:28.037186: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Sep 21 07:25:28.037188: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Sep 21 07:25:28.037191: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Sep 21 07:25:28.037193: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Sep 21 07:25:28.037196: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Sep 21 07:25:28.037199: | add pubkey 51 51 48 ef Sep 21 07:25:28.037210: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:28.037213: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:25:28.037217: | keyid: *AQO9bJbr3 Sep 21 07:25:28.037220: | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Sep 21 07:25:28.037223: | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Sep 21 07:25:28.037226: | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Sep 21 07:25:28.037228: | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Sep 21 07:25:28.037231: | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Sep 21 07:25:28.037234: | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Sep 21 07:25:28.037237: | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Sep 21 07:25:28.037239: | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Sep 21 07:25:28.037242: | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Sep 21 07:25:28.037245: | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Sep 21 07:25:28.037247: | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Sep 21 07:25:28.037250: | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Sep 21 07:25:28.037253: | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Sep 21 07:25:28.037256: | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Sep 21 07:25:28.037258: | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Sep 21 07:25:28.037261: | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Sep 21 07:25:28.037263: | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Sep 21 07:25:28.037266: | n 48 ef Sep 21 07:25:28.037268: | e 03 Sep 21 07:25:28.037271: | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:28.037274: | CKAID 8a 82 25 f1 Sep 21 07:25:28.037280: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:28.037286: | spent 0.156 milliseconds in whack Sep 21 07:25:28.106850: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:28.107059: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:28.107065: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:28.107124: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:25:28.107138: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:28.107145: | spent 0.304 milliseconds in whack Sep 21 07:25:30.522185: | spent 0.00248 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:30.522208: | *received 828 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) Sep 21 07:25:30.522212: | 55 ce b8 0f a4 9b 52 7d 00 00 00 00 00 00 00 00 Sep 21 07:25:30.522215: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:25:30.522218: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:25:30.522221: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:25:30.522224: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:25:30.522227: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:25:30.522230: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:25:30.522232: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:25:30.522235: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:25:30.522238: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:25:30.522241: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:25:30.522244: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:25:30.522246: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:25:30.522249: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:25:30.522252: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:25:30.522255: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:25:30.522258: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:30.522261: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:25:30.522267: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:25:30.522270: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:25:30.522273: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:25:30.522275: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:25:30.522278: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:25:30.522281: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:25:30.522327: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:25:30.522332: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:25:30.522335: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:25:30.522338: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:25:30.522341: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:25:30.522344: | 28 00 01 08 00 0e 00 00 02 00 89 5e 21 05 9c 50 Sep 21 07:25:30.522347: | 9e f6 9d d0 90 44 77 4d 6c bd fa fe 53 af b9 bc Sep 21 07:25:30.522349: | da 7b 29 d4 31 5e 29 86 5c 4e 90 e1 1d b6 85 fb Sep 21 07:25:30.522352: | 7e 76 a7 ed 88 7f 16 dc b5 58 96 49 be 0d 27 ae Sep 21 07:25:30.522355: | a2 4d 8a 2a 52 1f a3 b6 78 4d 3f f1 19 67 ca 61 Sep 21 07:25:30.522358: | 92 c7 23 09 4c 1d 73 3d eb 8c a4 59 91 19 3d 32 Sep 21 07:25:30.522361: | dd af 2f 5c 28 3b c5 91 4f 79 2b 70 a9 62 71 bb Sep 21 07:25:30.522364: | 81 ee ea c2 13 7f 38 f8 b0 ce 0c 48 95 f2 19 3b Sep 21 07:25:30.522367: | 2f 8f 75 18 18 1c 6c a0 32 0b dd 6c 82 19 2f 5b Sep 21 07:25:30.522369: | 87 93 46 7b 56 f0 da 8f fe 52 4d 1a de f9 7c aa Sep 21 07:25:30.522372: | 0e 47 97 ee 0e 1f 43 4f bf 19 a1 38 ef 4d 74 65 Sep 21 07:25:30.522375: | 5d 7b 80 62 b2 e5 3a e5 fd 3f bd a0 f3 8b 4d 7f Sep 21 07:25:30.522378: | 85 be 8f ea 83 2d cf 6c b6 2b ba d1 ad fa aa 69 Sep 21 07:25:30.522381: | 7a 89 47 44 91 4b 85 4c e2 03 78 6e db b8 4a 1e Sep 21 07:25:30.522384: | 81 f9 2f e0 c2 2d 22 21 72 b7 7e 09 92 9e 48 0d Sep 21 07:25:30.522386: | 7d a0 30 a9 b3 98 41 4c da 40 a5 11 ba af dd bd Sep 21 07:25:30.522389: | cb 29 b9 f9 00 53 18 ec 29 00 00 24 00 80 0e 63 Sep 21 07:25:30.522392: | c2 fc b2 a2 c9 42 44 a1 d5 00 78 67 60 b0 f6 5a Sep 21 07:25:30.522399: | 2e ea 72 08 3b 96 e4 fd 56 35 c7 91 29 00 00 08 Sep 21 07:25:30.522402: | 00 00 40 2e 29 00 00 1c 00 00 40 04 1f e1 b1 4b Sep 21 07:25:30.522405: | 3b 17 3e 73 bc f9 52 0c a5 0b 74 29 0d 39 4d 6a Sep 21 07:25:30.522408: | 00 00 00 1c 00 00 40 05 ed 70 8d 4b c8 96 c5 32 Sep 21 07:25:30.522411: | d4 c2 a3 74 bb 0a 60 32 99 3c c0 e4 Sep 21 07:25:30.522417: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) Sep 21 07:25:30.522421: | **parse ISAKMP Message: Sep 21 07:25:30.522424: | initiator cookie: Sep 21 07:25:30.522427: | 55 ce b8 0f a4 9b 52 7d Sep 21 07:25:30.522429: | responder cookie: Sep 21 07:25:30.522432: | 00 00 00 00 00 00 00 00 Sep 21 07:25:30.522435: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:30.522439: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:30.522442: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:30.522445: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:30.522448: | Message ID: 0 (0x0) Sep 21 07:25:30.522451: | length: 828 (0x33c) Sep 21 07:25:30.522455: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:25:30.522459: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Sep 21 07:25:30.522463: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Sep 21 07:25:30.522467: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:30.522471: | ***parse IKEv2 Security Association Payload: Sep 21 07:25:30.522474: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:25:30.522477: | flags: none (0x0) Sep 21 07:25:30.522480: | length: 436 (0x1b4) Sep 21 07:25:30.522483: | processing payload: ISAKMP_NEXT_v2SA (len=432) Sep 21 07:25:30.522486: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:25:30.522489: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:25:30.522492: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:25:30.522495: | flags: none (0x0) Sep 21 07:25:30.522498: | length: 264 (0x108) Sep 21 07:25:30.522501: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:30.522504: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:25:30.522507: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:25:30.522510: | ***parse IKEv2 Nonce Payload: Sep 21 07:25:30.522513: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:30.522516: | flags: none (0x0) Sep 21 07:25:30.522518: | length: 36 (0x24) Sep 21 07:25:30.522521: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:25:30.522524: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:30.522528: | ***parse IKEv2 Notify Payload: Sep 21 07:25:30.522531: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:30.522534: | flags: none (0x0) Sep 21 07:25:30.522536: | length: 8 (0x8) Sep 21 07:25:30.522539: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:30.522542: | SPI size: 0 (0x0) Sep 21 07:25:30.522546: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:30.522549: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:25:30.522551: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:30.522554: | ***parse IKEv2 Notify Payload: Sep 21 07:25:30.522557: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:30.522560: | flags: none (0x0) Sep 21 07:25:30.522563: | length: 28 (0x1c) Sep 21 07:25:30.522566: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:30.522569: | SPI size: 0 (0x0) Sep 21 07:25:30.522572: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:30.522575: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:25:30.522578: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:30.522581: | ***parse IKEv2 Notify Payload: Sep 21 07:25:30.522584: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.522586: | flags: none (0x0) Sep 21 07:25:30.522589: | length: 28 (0x1c) Sep 21 07:25:30.522592: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:30.522597: | SPI size: 0 (0x0) Sep 21 07:25:30.522600: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:30.522603: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:25:30.522606: | DDOS disabled and no cookie sent, continuing Sep 21 07:25:30.522614: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Sep 21 07:25:30.522621: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Sep 21 07:25:30.522624: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Sep 21 07:25:30.522629: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ikev2) Sep 21 07:25:30.522632: | find_next_host_connection returns empty Sep 21 07:25:30.522637: | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports Sep 21 07:25:30.522641: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Sep 21 07:25:30.522644: | find_next_host_connection returns empty Sep 21 07:25:30.522649: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW Sep 21 07:25:30.522656: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports Sep 21 07:25:30.522662: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Sep 21 07:25:30.522665: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:25:30.522669: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ikev2) Sep 21 07:25:30.522673: | find_next_host_connection returns westnet-eastnet-ikev2 Sep 21 07:25:30.522676: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:25:30.522679: | find_next_host_connection returns empty Sep 21 07:25:30.522682: | found connection: westnet-eastnet-ikev2 with policy RSASIG+IKEV2_ALLOW Sep 21 07:25:30.522705: | creating state object #2 at 0x55ffaada1150 Sep 21 07:25:30.522709: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:25:30.522716: | pstats #2 ikev2.ike started Sep 21 07:25:30.522720: | Message ID: init #2: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:25:30.522724: | parent state #2: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Sep 21 07:25:30.522731: | Message ID: init_ike #2; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:30.522741: | start processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:30.522744: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:30.522750: | [RE]START processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:30.522754: | #2 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:25:30.522759: | Message ID: #2 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 Sep 21 07:25:30.522765: | Message ID: start-responder #2 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:25:30.522769: | #2 in state PARENT_R0: processing SA_INIT request Sep 21 07:25:30.522772: | selected state microcode Respond to IKE_SA_INIT Sep 21 07:25:30.522775: | Now let's proceed with state specific processing Sep 21 07:25:30.522778: | calling processor Respond to IKE_SA_INIT Sep 21 07:25:30.522789: | #2 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:25:30.522796: | constructing local IKE proposals for westnet-eastnet-ikev2 (IKE SA responder matching remote proposals) Sep 21 07:25:30.522804: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:30.522816: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:30.522821: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:30.522829: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:30.522834: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:30.522842: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:30.522847: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:30.522855: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:30.522870: "westnet-eastnet-ikev2": constructed local IKE proposals for westnet-eastnet-ikev2 (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:30.522874: | Comparing remote proposals against IKE responder 4 local proposals Sep 21 07:25:30.522878: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:30.522881: | local proposal 1 type PRF has 2 transforms Sep 21 07:25:30.522884: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:30.522887: | local proposal 1 type DH has 8 transforms Sep 21 07:25:30.522891: | local proposal 1 type ESN has 0 transforms Sep 21 07:25:30.522895: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:25:30.522898: | local proposal 2 type ENCR has 1 transforms Sep 21 07:25:30.522901: | local proposal 2 type PRF has 2 transforms Sep 21 07:25:30.522904: | local proposal 2 type INTEG has 1 transforms Sep 21 07:25:30.522907: | local proposal 2 type DH has 8 transforms Sep 21 07:25:30.522910: | local proposal 2 type ESN has 0 transforms Sep 21 07:25:30.522914: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:25:30.522917: | local proposal 3 type ENCR has 1 transforms Sep 21 07:25:30.522920: | local proposal 3 type PRF has 2 transforms Sep 21 07:25:30.522923: | local proposal 3 type INTEG has 2 transforms Sep 21 07:25:30.522926: | local proposal 3 type DH has 8 transforms Sep 21 07:25:30.522929: | local proposal 3 type ESN has 0 transforms Sep 21 07:25:30.522933: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:25:30.522936: | local proposal 4 type ENCR has 1 transforms Sep 21 07:25:30.522939: | local proposal 4 type PRF has 2 transforms Sep 21 07:25:30.522942: | local proposal 4 type INTEG has 2 transforms Sep 21 07:25:30.522945: | local proposal 4 type DH has 8 transforms Sep 21 07:25:30.522948: | local proposal 4 type ESN has 0 transforms Sep 21 07:25:30.522952: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:25:30.522955: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.522958: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.522963: | length: 100 (0x64) Sep 21 07:25:30.522966: | prop #: 1 (0x1) Sep 21 07:25:30.522969: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:30.522972: | spi size: 0 (0x0) Sep 21 07:25:30.522975: | # transforms: 11 (0xb) Sep 21 07:25:30.522979: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals Sep 21 07:25:30.522983: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.522986: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.522989: | length: 12 (0xc) Sep 21 07:25:30.522992: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.522995: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:30.522998: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.523001: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.523004: | length/value: 256 (0x100) Sep 21 07:25:30.523009: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:30.523012: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523015: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523018: | length: 8 (0x8) Sep 21 07:25:30.523021: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:30.523024: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:30.523029: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:25:30.523033: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0 Sep 21 07:25:30.523037: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0 Sep 21 07:25:30.523041: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0 Sep 21 07:25:30.523045: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523048: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523050: | length: 8 (0x8) Sep 21 07:25:30.523053: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:30.523056: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:30.523060: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523063: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523065: | length: 8 (0x8) Sep 21 07:25:30.523068: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523071: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:30.523076: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:25:30.523080: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Sep 21 07:25:30.523084: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Sep 21 07:25:30.523088: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Sep 21 07:25:30.523091: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523094: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523097: | length: 8 (0x8) Sep 21 07:25:30.523100: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523103: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:30.523106: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523109: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523112: | length: 8 (0x8) Sep 21 07:25:30.523115: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523118: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:30.523121: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523124: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523127: | length: 8 (0x8) Sep 21 07:25:30.523130: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523133: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:30.523138: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523141: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523144: | length: 8 (0x8) Sep 21 07:25:30.523147: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523150: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:30.523153: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523156: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523159: | length: 8 (0x8) Sep 21 07:25:30.523162: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523165: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:30.523168: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523171: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523174: | length: 8 (0x8) Sep 21 07:25:30.523177: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523180: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:30.523183: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523186: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.523189: | length: 8 (0x8) Sep 21 07:25:30.523192: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523195: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:30.523200: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:25:30.523206: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:25:30.523209: | remote proposal 1 matches local proposal 1 Sep 21 07:25:30.523212: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.523215: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.523218: | length: 100 (0x64) Sep 21 07:25:30.523221: | prop #: 2 (0x2) Sep 21 07:25:30.523224: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:30.523226: | spi size: 0 (0x0) Sep 21 07:25:30.523229: | # transforms: 11 (0xb) Sep 21 07:25:30.523234: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:30.523237: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523240: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523243: | length: 12 (0xc) Sep 21 07:25:30.523246: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.523249: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:30.523252: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.523255: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.523258: | length/value: 128 (0x80) Sep 21 07:25:30.523262: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523265: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523267: | length: 8 (0x8) Sep 21 07:25:30.523270: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:30.523273: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:30.523277: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523280: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523282: | length: 8 (0x8) Sep 21 07:25:30.523285: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:30.523288: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:30.523292: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523295: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523298: | length: 8 (0x8) Sep 21 07:25:30.523301: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523304: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:30.523307: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523310: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523313: | length: 8 (0x8) Sep 21 07:25:30.523316: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523319: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:30.523324: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523327: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523329: | length: 8 (0x8) Sep 21 07:25:30.523332: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523336: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:30.523339: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523342: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523344: | length: 8 (0x8) Sep 21 07:25:30.523347: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523350: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:30.523354: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523357: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523360: | length: 8 (0x8) Sep 21 07:25:30.523363: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523366: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:30.523369: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523372: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523375: | length: 8 (0x8) Sep 21 07:25:30.523378: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523381: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:30.523384: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523387: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523390: | length: 8 (0x8) Sep 21 07:25:30.523393: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523396: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:30.523399: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523402: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.523405: | length: 8 (0x8) Sep 21 07:25:30.523408: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523411: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:30.523415: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH Sep 21 07:25:30.523419: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH Sep 21 07:25:30.523422: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.523425: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.523428: | length: 116 (0x74) Sep 21 07:25:30.523431: | prop #: 3 (0x3) Sep 21 07:25:30.523434: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:30.523437: | spi size: 0 (0x0) Sep 21 07:25:30.523439: | # transforms: 13 (0xd) Sep 21 07:25:30.523443: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:30.523447: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523450: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523452: | length: 12 (0xc) Sep 21 07:25:30.523455: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.523458: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:30.523461: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.523464: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.523467: | length/value: 256 (0x100) Sep 21 07:25:30.523471: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523474: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523477: | length: 8 (0x8) Sep 21 07:25:30.523480: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:30.523483: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:30.523486: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523489: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523492: | length: 8 (0x8) Sep 21 07:25:30.523495: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:30.523498: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:30.523502: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523506: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523509: | length: 8 (0x8) Sep 21 07:25:30.523512: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:30.523515: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:30.523518: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523521: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523524: | length: 8 (0x8) Sep 21 07:25:30.523527: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:30.523530: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:30.523533: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523536: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523539: | length: 8 (0x8) Sep 21 07:25:30.523542: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523545: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:30.523548: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523551: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523554: | length: 8 (0x8) Sep 21 07:25:30.523557: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523560: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:30.523563: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523566: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523569: | length: 8 (0x8) Sep 21 07:25:30.523572: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523575: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:30.523578: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523581: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523584: | length: 8 (0x8) Sep 21 07:25:30.523587: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523590: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:30.523593: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523596: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523599: | length: 8 (0x8) Sep 21 07:25:30.523602: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523605: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:30.523608: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523611: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523614: | length: 8 (0x8) Sep 21 07:25:30.523617: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523620: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:30.523624: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523627: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523629: | length: 8 (0x8) Sep 21 07:25:30.523632: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523635: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:30.523639: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523642: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.523644: | length: 8 (0x8) Sep 21 07:25:30.523647: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523650: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:30.523655: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Sep 21 07:25:30.523659: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Sep 21 07:25:30.523662: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.523665: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:30.523668: | length: 116 (0x74) Sep 21 07:25:30.523671: | prop #: 4 (0x4) Sep 21 07:25:30.523674: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:30.523677: | spi size: 0 (0x0) Sep 21 07:25:30.523679: | # transforms: 13 (0xd) Sep 21 07:25:30.523683: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:30.523689: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523692: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523694: | length: 12 (0xc) Sep 21 07:25:30.523697: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.523700: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:30.523703: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.523706: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.523709: | length/value: 128 (0x80) Sep 21 07:25:30.523713: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523716: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523718: | length: 8 (0x8) Sep 21 07:25:30.523721: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:30.523724: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:30.523727: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523730: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523733: | length: 8 (0x8) Sep 21 07:25:30.523736: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:30.523739: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:30.523742: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523745: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523748: | length: 8 (0x8) Sep 21 07:25:30.523751: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:30.523754: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:30.523758: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523761: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523764: | length: 8 (0x8) Sep 21 07:25:30.523767: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:30.523770: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:30.523773: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523776: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523779: | length: 8 (0x8) Sep 21 07:25:30.523782: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523800: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:30.523803: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523806: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523809: | length: 8 (0x8) Sep 21 07:25:30.523812: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523815: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:30.523818: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523822: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523824: | length: 8 (0x8) Sep 21 07:25:30.523827: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523830: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:30.523834: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523837: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523839: | length: 8 (0x8) Sep 21 07:25:30.523842: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523845: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:30.523849: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523852: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523854: | length: 8 (0x8) Sep 21 07:25:30.523857: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523860: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:30.523864: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523867: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523870: | length: 8 (0x8) Sep 21 07:25:30.523872: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523875: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:30.523879: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523882: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.523886: | length: 8 (0x8) Sep 21 07:25:30.523890: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523893: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:30.523896: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.523899: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.523902: | length: 8 (0x8) Sep 21 07:25:30.523904: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.523907: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:30.523913: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Sep 21 07:25:30.523916: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Sep 21 07:25:30.523922: "westnet-eastnet-ikev2" #2: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 Sep 21 07:25:30.523928: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 Sep 21 07:25:30.523931: | converting proposal to internal trans attrs Sep 21 07:25:30.523936: | natd_hash: rcookie is zero Sep 21 07:25:30.523950: | natd_hash: hasher=0x55ffa901a7a0(20) Sep 21 07:25:30.523954: | natd_hash: icookie= 55 ce b8 0f a4 9b 52 7d Sep 21 07:25:30.523957: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:30.523960: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:30.523962: | natd_hash: port= 01 f4 Sep 21 07:25:30.523965: | natd_hash: hash= ed 70 8d 4b c8 96 c5 32 d4 c2 a3 74 bb 0a 60 32 Sep 21 07:25:30.523968: | natd_hash: hash= 99 3c c0 e4 Sep 21 07:25:30.523971: | natd_hash: rcookie is zero Sep 21 07:25:30.523977: | natd_hash: hasher=0x55ffa901a7a0(20) Sep 21 07:25:30.523980: | natd_hash: icookie= 55 ce b8 0f a4 9b 52 7d Sep 21 07:25:30.523983: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:30.523985: | natd_hash: ip= c0 01 02 2d Sep 21 07:25:30.523988: | natd_hash: port= 01 f4 Sep 21 07:25:30.523991: | natd_hash: hash= 1f e1 b1 4b 3b 17 3e 73 bc f9 52 0c a5 0b 74 29 Sep 21 07:25:30.523994: | natd_hash: hash= 0d 39 4d 6a Sep 21 07:25:30.523997: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:25:30.523999: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:25:30.524002: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:25:30.524006: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 Sep 21 07:25:30.524015: | adding ikev2_inI1outR1 KE work-order 2 for state #2 Sep 21 07:25:30.524019: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55ffaada0770 Sep 21 07:25:30.524024: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 Sep 21 07:25:30.524029: | libevent_malloc: new ptr-libevent@0x55ffaada1c10 size 128 Sep 21 07:25:30.524042: | #2 spent 1.24 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() Sep 21 07:25:30.524049: | [RE]START processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:30.524049: | crypto helper 4 resuming Sep 21 07:25:30.524055: | #2 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Sep 21 07:25:30.524064: | crypto helper 4 starting work-order 2 for state #2 Sep 21 07:25:30.524071: | suspending state #2 and saving MD Sep 21 07:25:30.524079: | crypto helper 4 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 2 Sep 21 07:25:30.524080: | #2 is busy; has a suspended MD Sep 21 07:25:30.524094: | [RE]START processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:30.524099: | "westnet-eastnet-ikev2" #2 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:30.524105: | stop processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:30.524110: | #2 spent 1.85 milliseconds in ikev2_process_packet() Sep 21 07:25:30.524115: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) Sep 21 07:25:30.524118: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:30.524122: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:30.524127: | spent 1.87 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:30.525155: | crypto helper 4 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 2 time elapsed 0.001075 seconds Sep 21 07:25:30.525168: | (#2) spent 1.08 milliseconds in crypto helper computing work-order 2: ikev2_inI1outR1 KE (pcr) Sep 21 07:25:30.525172: | crypto helper 4 sending results from work-order 2 for state #2 to event queue Sep 21 07:25:30.525176: | scheduling resume sending helper answer for #2 Sep 21 07:25:30.525180: | libevent_malloc: new ptr-libevent@0x7f1524006900 size 128 Sep 21 07:25:30.525190: | crypto helper 4 waiting (nothing to do) Sep 21 07:25:30.525202: | processing resume sending helper answer for #2 Sep 21 07:25:30.525214: | start processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:797) Sep 21 07:25:30.525220: | crypto helper 4 replies to request ID 2 Sep 21 07:25:30.525223: | calling continuation function 0x55ffa8f44630 Sep 21 07:25:30.525227: | ikev2_parent_inI1outR1_continue for #2: calculated ke+nonce, sending R1 Sep 21 07:25:30.525234: | **emit ISAKMP Message: Sep 21 07:25:30.525237: | initiator cookie: Sep 21 07:25:30.525240: | 55 ce b8 0f a4 9b 52 7d Sep 21 07:25:30.525242: | responder cookie: Sep 21 07:25:30.525245: | a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:30.525248: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:30.525252: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:30.525255: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:30.525258: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:30.525261: | Message ID: 0 (0x0) Sep 21 07:25:30.525264: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:30.525267: | Emitting ikev2_proposal ... Sep 21 07:25:30.525270: | ***emit IKEv2 Security Association Payload: Sep 21 07:25:30.525273: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.525276: | flags: none (0x0) Sep 21 07:25:30.525279: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:30.525283: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.525286: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.525289: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:30.525292: | prop #: 1 (0x1) Sep 21 07:25:30.525294: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:30.525297: | spi size: 0 (0x0) Sep 21 07:25:30.525300: | # transforms: 3 (0x3) Sep 21 07:25:30.525303: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:30.525306: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.525309: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.525312: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.525315: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:30.525322: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.525326: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.525329: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.525332: | length/value: 256 (0x100) Sep 21 07:25:30.525335: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:30.525338: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.525341: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.525343: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:30.525346: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:30.525350: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.525353: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.525356: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.525359: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.525362: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.525364: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.525367: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:30.525371: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.525374: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.525377: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.525380: | emitting length of IKEv2 Proposal Substructure Payload: 36 Sep 21 07:25:30.525383: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:30.525386: | emitting length of IKEv2 Security Association Payload: 40 Sep 21 07:25:30.525389: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:30.525393: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:25:30.525396: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.525398: | flags: none (0x0) Sep 21 07:25:30.525401: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:30.525405: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:25:30.525408: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.525412: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:25:30.525415: | ikev2 g^x 40 1d 8f 85 45 12 a6 f7 4a 04 f1 5c 71 27 51 30 Sep 21 07:25:30.525417: | ikev2 g^x 08 f3 05 8f 4b 23 f8 22 2d b3 bc c3 13 bb 72 bd Sep 21 07:25:30.525420: | ikev2 g^x 71 a2 8d 91 7c 5b 22 17 70 fe 64 96 4c 39 a2 16 Sep 21 07:25:30.525423: | ikev2 g^x f7 0a 3b 21 07 74 9a ff 0a 87 19 e8 de b1 bf d6 Sep 21 07:25:30.525425: | ikev2 g^x fd 93 46 92 16 2d 23 76 8b e6 72 fb 44 f5 8e ca Sep 21 07:25:30.525428: | ikev2 g^x 58 f1 8b f9 eb b2 55 ec e3 05 52 89 29 61 20 b1 Sep 21 07:25:30.525431: | ikev2 g^x 08 ad f3 56 a7 da 37 a6 82 3e 7d 20 c3 71 ae a3 Sep 21 07:25:30.525433: | ikev2 g^x 53 e0 0b 66 7d 38 d8 b7 66 3d f4 7e 7a c4 1a 4a Sep 21 07:25:30.525436: | ikev2 g^x f0 86 73 41 a9 d1 c0 2a 42 14 e0 0f 6f 3c 9b 7b Sep 21 07:25:30.525439: | ikev2 g^x 7c 7f 11 e1 86 43 c9 8d 7b 6a 4e 8d b6 a1 ac 4f Sep 21 07:25:30.525441: | ikev2 g^x 08 db fc 50 41 a9 c5 ef 7b 33 c0 c4 d1 a2 b3 f3 Sep 21 07:25:30.525444: | ikev2 g^x b3 41 7c da 8d 7e 9a e5 a1 ed 60 a2 ba 45 81 f1 Sep 21 07:25:30.525448: | ikev2 g^x e0 40 30 28 95 66 9d 42 36 3a 86 70 0d 10 38 c2 Sep 21 07:25:30.525451: | ikev2 g^x 34 05 a9 cd b4 5d 78 33 9b 3a 9f 9d c2 a8 b0 e5 Sep 21 07:25:30.525454: | ikev2 g^x e9 26 fc 61 4f ba 1a 45 66 06 9c 66 27 7e 49 c9 Sep 21 07:25:30.525456: | ikev2 g^x 13 cf 70 de 82 5e 62 c8 06 6d fb 2f 76 a7 d9 fa Sep 21 07:25:30.525459: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:25:30.525462: | ***emit IKEv2 Nonce Payload: Sep 21 07:25:30.525465: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:30.525468: | flags: none (0x0) Sep 21 07:25:30.525471: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:25:30.525475: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:25:30.525478: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.525482: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:25:30.525484: | IKEv2 nonce 92 dc 86 4e ed bd ea 6c ed e9 f1 88 a3 f7 89 66 Sep 21 07:25:30.525487: | IKEv2 nonce ad ad ef 5b fe 4f a6 dd 45 23 33 5c 68 90 bb 8d Sep 21 07:25:30.525490: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:25:30.525494: | Adding a v2N Payload Sep 21 07:25:30.525497: | ***emit IKEv2 Notify Payload: Sep 21 07:25:30.525499: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.525502: | flags: none (0x0) Sep 21 07:25:30.525505: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:30.525508: | SPI size: 0 (0x0) Sep 21 07:25:30.525511: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:30.525515: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:30.525517: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.525521: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:25:30.525524: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:25:30.525537: | natd_hash: hasher=0x55ffa901a7a0(20) Sep 21 07:25:30.525540: | natd_hash: icookie= 55 ce b8 0f a4 9b 52 7d Sep 21 07:25:30.525543: | natd_hash: rcookie= a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:30.525546: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:30.525548: | natd_hash: port= 01 f4 Sep 21 07:25:30.525551: | natd_hash: hash= 0a fb 48 b7 8a 42 4f 74 d0 72 a8 7d 67 94 02 64 Sep 21 07:25:30.525553: | natd_hash: hash= d0 22 28 71 Sep 21 07:25:30.525556: | Adding a v2N Payload Sep 21 07:25:30.525559: | ***emit IKEv2 Notify Payload: Sep 21 07:25:30.525561: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.525564: | flags: none (0x0) Sep 21 07:25:30.525567: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:30.525570: | SPI size: 0 (0x0) Sep 21 07:25:30.525572: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:30.525576: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:30.525579: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.525582: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:30.525585: | Notify data 0a fb 48 b7 8a 42 4f 74 d0 72 a8 7d 67 94 02 64 Sep 21 07:25:30.525588: | Notify data d0 22 28 71 Sep 21 07:25:30.525590: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:30.525598: | natd_hash: hasher=0x55ffa901a7a0(20) Sep 21 07:25:30.525600: | natd_hash: icookie= 55 ce b8 0f a4 9b 52 7d Sep 21 07:25:30.525603: | natd_hash: rcookie= a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:30.525605: | natd_hash: ip= c0 01 02 2d Sep 21 07:25:30.525608: | natd_hash: port= 01 f4 Sep 21 07:25:30.525611: | natd_hash: hash= 61 55 74 b8 4c 01 22 9a d5 fd 41 2d f7 66 df 9f Sep 21 07:25:30.525613: | natd_hash: hash= 38 10 d0 1e Sep 21 07:25:30.525618: | Adding a v2N Payload Sep 21 07:25:30.525620: | ***emit IKEv2 Notify Payload: Sep 21 07:25:30.525623: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.525626: | flags: none (0x0) Sep 21 07:25:30.525629: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:30.525631: | SPI size: 0 (0x0) Sep 21 07:25:30.525634: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:30.525638: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:30.525641: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.525644: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:30.525647: | Notify data 61 55 74 b8 4c 01 22 9a d5 fd 41 2d f7 66 df 9f Sep 21 07:25:30.525649: | Notify data 38 10 d0 1e Sep 21 07:25:30.525652: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:30.525655: | emitting length of ISAKMP Message: 432 Sep 21 07:25:30.525663: | [RE]START processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:30.525668: | #2 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Sep 21 07:25:30.525671: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 Sep 21 07:25:30.525675: | parent state #2: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Sep 21 07:25:30.525678: | Message ID: updating counters for #2 to 0 after switching state Sep 21 07:25:30.525684: | Message ID: recv #2 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:25:30.525690: | Message ID: sent #2 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:30.525695: "westnet-eastnet-ikev2" #2: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:25:30.525701: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) Sep 21 07:25:30.525708: | sending 432 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #2) Sep 21 07:25:30.525711: | 55 ce b8 0f a4 9b 52 7d a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:30.525714: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Sep 21 07:25:30.525717: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:25:30.525719: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:25:30.525722: | 04 00 00 0e 28 00 01 08 00 0e 00 00 40 1d 8f 85 Sep 21 07:25:30.525724: | 45 12 a6 f7 4a 04 f1 5c 71 27 51 30 08 f3 05 8f Sep 21 07:25:30.525727: | 4b 23 f8 22 2d b3 bc c3 13 bb 72 bd 71 a2 8d 91 Sep 21 07:25:30.525729: | 7c 5b 22 17 70 fe 64 96 4c 39 a2 16 f7 0a 3b 21 Sep 21 07:25:30.525732: | 07 74 9a ff 0a 87 19 e8 de b1 bf d6 fd 93 46 92 Sep 21 07:25:30.525735: | 16 2d 23 76 8b e6 72 fb 44 f5 8e ca 58 f1 8b f9 Sep 21 07:25:30.525737: | eb b2 55 ec e3 05 52 89 29 61 20 b1 08 ad f3 56 Sep 21 07:25:30.525740: | a7 da 37 a6 82 3e 7d 20 c3 71 ae a3 53 e0 0b 66 Sep 21 07:25:30.525742: | 7d 38 d8 b7 66 3d f4 7e 7a c4 1a 4a f0 86 73 41 Sep 21 07:25:30.525745: | a9 d1 c0 2a 42 14 e0 0f 6f 3c 9b 7b 7c 7f 11 e1 Sep 21 07:25:30.525748: | 86 43 c9 8d 7b 6a 4e 8d b6 a1 ac 4f 08 db fc 50 Sep 21 07:25:30.525750: | 41 a9 c5 ef 7b 33 c0 c4 d1 a2 b3 f3 b3 41 7c da Sep 21 07:25:30.525753: | 8d 7e 9a e5 a1 ed 60 a2 ba 45 81 f1 e0 40 30 28 Sep 21 07:25:30.525755: | 95 66 9d 42 36 3a 86 70 0d 10 38 c2 34 05 a9 cd Sep 21 07:25:30.525758: | b4 5d 78 33 9b 3a 9f 9d c2 a8 b0 e5 e9 26 fc 61 Sep 21 07:25:30.525761: | 4f ba 1a 45 66 06 9c 66 27 7e 49 c9 13 cf 70 de Sep 21 07:25:30.525763: | 82 5e 62 c8 06 6d fb 2f 76 a7 d9 fa 29 00 00 24 Sep 21 07:25:30.525766: | 92 dc 86 4e ed bd ea 6c ed e9 f1 88 a3 f7 89 66 Sep 21 07:25:30.525770: | ad ad ef 5b fe 4f a6 dd 45 23 33 5c 68 90 bb 8d Sep 21 07:25:30.525773: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:25:30.525776: | 0a fb 48 b7 8a 42 4f 74 d0 72 a8 7d 67 94 02 64 Sep 21 07:25:30.525778: | d0 22 28 71 00 00 00 1c 00 00 40 05 61 55 74 b8 Sep 21 07:25:30.525781: | 4c 01 22 9a d5 fd 41 2d f7 66 df 9f 38 10 d0 1e Sep 21 07:25:30.525839: | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:30.525848: | libevent_free: release ptr-libevent@0x55ffaada1c10 Sep 21 07:25:30.525851: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55ffaada0770 Sep 21 07:25:30.525854: | event_schedule: new EVENT_SO_DISCARD-pe@0x55ffaada0770 Sep 21 07:25:30.525859: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #2 Sep 21 07:25:30.525862: | libevent_malloc: new ptr-libevent@0x55ffaada1c10 size 128 Sep 21 07:25:30.525866: | resume sending helper answer for #2 suppresed complete_v2_state_transition() Sep 21 07:25:30.525873: | #2 spent 0.621 milliseconds in resume sending helper answer Sep 21 07:25:30.525879: | stop processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:833) Sep 21 07:25:30.525882: | libevent_free: release ptr-libevent@0x7f1524006900 Sep 21 07:25:30.534954: | spent 0.00284 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:30.534975: | *received 539 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) Sep 21 07:25:30.534979: | 55 ce b8 0f a4 9b 52 7d a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:30.534982: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Sep 21 07:25:30.534985: | 00 01 00 02 21 84 15 81 a1 43 70 f1 be 75 09 f3 Sep 21 07:25:30.534988: | 6b c0 ed 0e 7c 75 d2 64 6a fc 74 14 7f b5 49 4b Sep 21 07:25:30.534991: | b9 a3 10 d7 3c 88 bf e6 2d 44 35 4b a0 8a c9 bb Sep 21 07:25:30.534993: | 5b 3c 5f 63 9f 82 28 bf 24 0b 11 8b d4 d0 0f 10 Sep 21 07:25:30.534996: | 8b 12 e5 15 13 a9 e4 54 a7 66 00 6a e1 9e 85 13 Sep 21 07:25:30.534999: | 70 b9 16 28 5e d6 86 26 4a 63 e4 a5 62 ba 9e 2c Sep 21 07:25:30.535002: | e6 fa 5e dc 4f f2 ea 5a 54 7a cd 4f 01 63 e9 1e Sep 21 07:25:30.535005: | 0f d0 9f ed 2a 51 54 bb 8c 0d 4a f1 64 b2 90 3b Sep 21 07:25:30.535007: | 3d d4 1b cb 4e 98 f4 79 aa 21 9c 26 f1 a7 f9 1b Sep 21 07:25:30.535010: | 71 f7 9f 6c 18 36 83 ec 58 6e 1f f4 92 97 e7 b0 Sep 21 07:25:30.535013: | 8b 27 be 64 c3 79 82 6d c5 81 7b 73 85 a7 74 25 Sep 21 07:25:30.535016: | 07 5e fd 2f dc 6b ca e7 92 d1 4b a1 c3 10 66 ed Sep 21 07:25:30.535019: | f0 8e 06 1c 85 35 6a ee 09 8b 39 03 7c ef f1 47 Sep 21 07:25:30.535022: | 79 33 f7 6f 64 67 3e 2f 40 fa 52 84 56 a4 32 11 Sep 21 07:25:30.535024: | 62 d0 88 cf eb d6 f0 50 da e4 12 ca 4e 19 a5 41 Sep 21 07:25:30.535027: | a1 27 6f 29 a7 03 25 62 47 93 09 35 4d 11 7e 3d Sep 21 07:25:30.535030: | 4c 82 e1 aa 97 b4 3b c1 55 1d 81 be e7 a1 b0 48 Sep 21 07:25:30.535033: | 05 bf 0e f4 5a 3a aa 5d 99 5b db b4 89 ed 62 db Sep 21 07:25:30.535036: | 66 08 bb 0a da 82 9b 61 75 6f 6a 77 b8 aa ac 65 Sep 21 07:25:30.535038: | a8 e7 b5 f6 a1 72 1b d4 5a 7b ec f5 8f 48 97 ec Sep 21 07:25:30.535041: | c3 83 7a 87 34 ac cc e5 a4 4c bb 57 f6 28 98 80 Sep 21 07:25:30.535044: | 69 da 92 e1 cb 13 e9 e5 0d fa e0 26 d8 ee 19 5a Sep 21 07:25:30.535047: | 88 8f 1c 02 2d f6 f2 55 7c 5f f5 d1 57 5f 00 b1 Sep 21 07:25:30.535050: | c1 65 1b d8 58 8f a6 b9 0f 12 71 2b 1b 0f c3 f4 Sep 21 07:25:30.535053: | 90 1c cb a1 56 47 6f 7e c4 1c 9b b0 4f bd f8 be Sep 21 07:25:30.535055: | bf 27 98 76 87 e2 e8 f7 60 f4 ef 15 79 93 b1 6a Sep 21 07:25:30.535058: | 2b a2 2d 26 ca be a5 e3 a4 0f 7a 66 3c 91 13 22 Sep 21 07:25:30.535061: | 9b 52 32 a1 a0 17 58 73 6d 3d 27 3d 96 87 29 e5 Sep 21 07:25:30.535064: | c5 8f 02 57 de 5b 97 b3 96 f8 d5 2d 4c 77 99 d6 Sep 21 07:25:30.535067: | dd 29 8d fa 0e 9d 6f 85 6b 69 f1 86 7d f7 90 24 Sep 21 07:25:30.535072: | 9a bd 61 7b 0f e6 aa 8c 69 cc 40 5b fa 0a 4a 2c Sep 21 07:25:30.535075: | 54 40 52 12 58 a6 77 72 6b df 65 Sep 21 07:25:30.535081: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) Sep 21 07:25:30.535084: | **parse ISAKMP Message: Sep 21 07:25:30.535087: | initiator cookie: Sep 21 07:25:30.535090: | 55 ce b8 0f a4 9b 52 7d Sep 21 07:25:30.535093: | responder cookie: Sep 21 07:25:30.535095: | a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:30.535098: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Sep 21 07:25:30.535102: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:30.535105: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:30.535108: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:30.535111: | Message ID: 1 (0x1) Sep 21 07:25:30.535113: | length: 539 (0x21b) Sep 21 07:25:30.535117: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:25:30.535121: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Sep 21 07:25:30.535125: | State DB: found IKEv2 state #2 in PARENT_R1 (find_v2_ike_sa) Sep 21 07:25:30.535132: | start processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:30.535136: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:30.535142: | [RE]START processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:30.535146: | #2 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:25:30.535151: | Message ID: #2 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 Sep 21 07:25:30.535154: | unpacking clear payload Sep 21 07:25:30.535157: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Sep 21 07:25:30.535160: | ***parse IKEv2 Encrypted Fragment: Sep 21 07:25:30.535163: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:25:30.535166: | flags: none (0x0) Sep 21 07:25:30.535169: | length: 511 (0x1ff) Sep 21 07:25:30.535172: | fragment number: 1 (0x1) Sep 21 07:25:30.535175: | total fragments: 2 (0x2) Sep 21 07:25:30.535178: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Sep 21 07:25:30.535183: | Message ID: start-responder #2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:25:30.535187: | #2 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:25:30.535191: | received IKE encrypted fragment number '1', total number '2', next payload '35' Sep 21 07:25:30.535194: | updated IKE fragment state to respond using fragments without waiting for re-transmits Sep 21 07:25:30.535201: | stop processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:30.535206: | #2 spent 0.239 milliseconds in ikev2_process_packet() Sep 21 07:25:30.535211: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) Sep 21 07:25:30.535215: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:30.535219: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:30.535223: | spent 0.256 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:30.535232: | spent 0.0014 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:30.535241: | *received 101 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) Sep 21 07:25:30.535245: | 55 ce b8 0f a4 9b 52 7d a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:30.535247: | 35 20 23 08 00 00 00 01 00 00 00 65 00 00 00 49 Sep 21 07:25:30.535250: | 00 02 00 02 2f 3b e2 17 1b af 09 9c 8d d9 e7 c9 Sep 21 07:25:30.535253: | 14 d3 75 69 69 eb e2 db cc 4c fb 4f 81 ab 71 9e Sep 21 07:25:30.535256: | 2d 5a ba 77 07 fa c9 57 01 b7 2f a1 c8 a5 8d a5 Sep 21 07:25:30.535259: | 2f 6e cf b8 a8 1d 03 97 1c 2b 43 51 3a 17 c2 94 Sep 21 07:25:30.535262: | 87 0d 7f 9f 98 Sep 21 07:25:30.535268: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) Sep 21 07:25:30.535272: | **parse ISAKMP Message: Sep 21 07:25:30.535275: | initiator cookie: Sep 21 07:25:30.535277: | 55 ce b8 0f a4 9b 52 7d Sep 21 07:25:30.535280: | responder cookie: Sep 21 07:25:30.535283: | a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:30.535286: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Sep 21 07:25:30.535289: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:30.535292: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:30.535295: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:30.535298: | Message ID: 1 (0x1) Sep 21 07:25:30.535300: | length: 101 (0x65) Sep 21 07:25:30.535304: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:25:30.535307: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Sep 21 07:25:30.535311: | State DB: found IKEv2 state #2 in PARENT_R1 (find_v2_ike_sa) Sep 21 07:25:30.535318: | start processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:30.535324: | [RE]START processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:30.535327: | #2 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:25:30.535330: | #2 is idle Sep 21 07:25:30.535333: | #2 idle Sep 21 07:25:30.535339: | Message ID: #2 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:25:30.535341: | unpacking clear payload Sep 21 07:25:30.535344: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Sep 21 07:25:30.535347: | ***parse IKEv2 Encrypted Fragment: Sep 21 07:25:30.535350: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.535353: | flags: none (0x0) Sep 21 07:25:30.535356: | length: 73 (0x49) Sep 21 07:25:30.535359: | fragment number: 2 (0x2) Sep 21 07:25:30.535362: | total fragments: 2 (0x2) Sep 21 07:25:30.535365: | processing payload: ISAKMP_NEXT_v2SKF (len=65) Sep 21 07:25:30.535368: | #2 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:25:30.535372: | received IKE encrypted fragment number '2', total number '2', next payload '0' Sep 21 07:25:30.535375: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Sep 21 07:25:30.535378: | Now let's proceed with state specific processing Sep 21 07:25:30.535381: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Sep 21 07:25:30.535385: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 Sep 21 07:25:30.535389: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:25:30.535394: | adding ikev2_inI2outR2 KE work-order 3 for state #2 Sep 21 07:25:30.535397: | state #2 requesting EVENT_SO_DISCARD to be deleted Sep 21 07:25:30.535401: | libevent_free: release ptr-libevent@0x55ffaada1c10 Sep 21 07:25:30.535404: | free_event_entry: release EVENT_SO_DISCARD-pe@0x55ffaada0770 Sep 21 07:25:30.535408: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55ffaada0770 Sep 21 07:25:30.535412: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 Sep 21 07:25:30.535416: | libevent_malloc: new ptr-libevent@0x55ffaada1c10 size 128 Sep 21 07:25:30.535426: | #2 spent 0.0394 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() Sep 21 07:25:30.535432: | crypto helper 6 resuming Sep 21 07:25:30.535433: | [RE]START processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:30.535445: | crypto helper 6 starting work-order 3 for state #2 Sep 21 07:25:30.535458: | #2 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND Sep 21 07:25:30.535469: | crypto helper 6 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 3 Sep 21 07:25:30.535470: | suspending state #2 and saving MD Sep 21 07:25:30.535483: | #2 is busy; has a suspended MD Sep 21 07:25:30.535489: | [RE]START processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:30.535494: | "westnet-eastnet-ikev2" #2 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:30.535500: | stop processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:30.535504: | #2 spent 0.252 milliseconds in ikev2_process_packet() Sep 21 07:25:30.535509: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380) Sep 21 07:25:30.535512: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:30.535515: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:30.535520: | spent 0.268 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:30.536463: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:25:30.536909: | crypto helper 6 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 3 time elapsed 0.001441 seconds Sep 21 07:25:30.536919: | (#2) spent 1.42 milliseconds in crypto helper computing work-order 3: ikev2_inI2outR2 KE (pcr) Sep 21 07:25:30.536923: | crypto helper 6 sending results from work-order 3 for state #2 to event queue Sep 21 07:25:30.536926: | scheduling resume sending helper answer for #2 Sep 21 07:25:30.536930: | libevent_malloc: new ptr-libevent@0x7f1528006b90 size 128 Sep 21 07:25:30.536939: | crypto helper 6 waiting (nothing to do) Sep 21 07:25:30.536947: | processing resume sending helper answer for #2 Sep 21 07:25:30.536956: | start processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:797) Sep 21 07:25:30.536961: | crypto helper 6 replies to request ID 3 Sep 21 07:25:30.536964: | calling continuation function 0x55ffa8f44630 Sep 21 07:25:30.536968: | ikev2_parent_inI2outR2_continue for #2: calculating g^{xy}, sending R2 Sep 21 07:25:30.536971: | #2 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:25:30.536974: | already have all fragments, skipping fragment collection Sep 21 07:25:30.536977: | already have all fragments, skipping fragment collection Sep 21 07:25:30.536995: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:25:30.536999: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Sep 21 07:25:30.537003: | **parse IKEv2 Identification - Initiator - Payload: Sep 21 07:25:30.537006: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:25:30.537009: | flags: none (0x0) Sep 21 07:25:30.537012: | length: 12 (0xc) Sep 21 07:25:30.537015: | ID type: ID_FQDN (0x2) Sep 21 07:25:30.537018: | processing payload: ISAKMP_NEXT_v2IDi (len=4) Sep 21 07:25:30.537021: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:25:30.537024: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:25:30.537027: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:25:30.537030: | flags: none (0x0) Sep 21 07:25:30.537032: | length: 12 (0xc) Sep 21 07:25:30.537035: | ID type: ID_FQDN (0x2) Sep 21 07:25:30.537038: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Sep 21 07:25:30.537041: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:25:30.537044: | **parse IKEv2 Authentication Payload: Sep 21 07:25:30.537047: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:30.537050: | flags: none (0x0) Sep 21 07:25:30.537052: | length: 282 (0x11a) Sep 21 07:25:30.537055: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:25:30.537058: | processing payload: ISAKMP_NEXT_v2AUTH (len=274) Sep 21 07:25:30.537061: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:30.537064: | **parse IKEv2 Security Association Payload: Sep 21 07:25:30.537067: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:25:30.537070: | flags: none (0x0) Sep 21 07:25:30.537075: | length: 164 (0xa4) Sep 21 07:25:30.537079: | processing payload: ISAKMP_NEXT_v2SA (len=160) Sep 21 07:25:30.537081: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:25:30.537085: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:30.537088: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:25:30.537090: | flags: none (0x0) Sep 21 07:25:30.537093: | length: 24 (0x18) Sep 21 07:25:30.537096: | number of TS: 1 (0x1) Sep 21 07:25:30.537099: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:25:30.537101: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:25:30.537105: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:30.537107: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.537110: | flags: none (0x0) Sep 21 07:25:30.537113: | length: 24 (0x18) Sep 21 07:25:30.537115: | number of TS: 1 (0x1) Sep 21 07:25:30.537118: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:25:30.537121: | selected state microcode Responder: process IKE_AUTH request Sep 21 07:25:30.537124: | Now let's proceed with state specific processing Sep 21 07:25:30.537127: | calling processor Responder: process IKE_AUTH request Sep 21 07:25:30.537133: "westnet-eastnet-ikev2" #2: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} Sep 21 07:25:30.537141: | #2 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:25:30.537146: | received IDr payload - extracting our alleged ID Sep 21 07:25:30.537150: | refine_host_connection for IKEv2: starting with "westnet-eastnet-ikev2" Sep 21 07:25:30.537155: | match_id a=@west Sep 21 07:25:30.537158: | b=@west Sep 21 07:25:30.537161: | results matched Sep 21 07:25:30.537166: | refine_host_connection: checking "westnet-eastnet-ikev2" against "westnet-eastnet-ikev2", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) Sep 21 07:25:30.537169: | Warning: not switching back to template of current instance Sep 21 07:25:30.537172: | Peer expects us to be @east (ID_FQDN) according to its IDr payload Sep 21 07:25:30.537175: | This connection's local id is @east (ID_FQDN) Sep 21 07:25:30.537180: | refine_host_connection: checked westnet-eastnet-ikev2 against westnet-eastnet-ikev2, now for see if best Sep 21 07:25:30.537184: | started looking for secret for @east->@west of kind PKK_RSA Sep 21 07:25:30.537187: | actually looking for secret for @east->@west of kind PKK_RSA Sep 21 07:25:30.537191: | line 1: key type PKK_RSA(@east) to type PKK_RSA Sep 21 07:25:30.537195: | 1: compared key (none) to @east / @west -> 002 Sep 21 07:25:30.537199: | 2: compared key (none) to @east / @west -> 002 Sep 21 07:25:30.537202: | line 1: match=002 Sep 21 07:25:30.537206: | match 002 beats previous best_match 000 match=0x55ffaad93f30 (line=1) Sep 21 07:25:30.537209: | concluding with best_match=002 best=0x55ffaad93f30 (lineno=1) Sep 21 07:25:30.537212: | returning because exact peer id match Sep 21 07:25:30.537215: | offered CA: '%none' Sep 21 07:25:30.537218: "westnet-eastnet-ikev2" #2: IKEv2 mode peer ID is ID_FQDN: '@west' Sep 21 07:25:30.537238: | verifying AUTH payload Sep 21 07:25:30.537253: | required RSA CA is '%any' Sep 21 07:25:30.537257: | checking RSA keyid '@east' for match with '@west' Sep 21 07:25:30.537261: | checking RSA keyid '@west' for match with '@west' Sep 21 07:25:30.537264: | RSA key issuer CA is '%any' Sep 21 07:25:30.537328: | an RSA Sig check passed with *AQOm9dY/4 [preloaded keys] Sep 21 07:25:30.537335: | #2 spent 0.0653 milliseconds in try_all_keys() trying a pubkey Sep 21 07:25:30.537338: "westnet-eastnet-ikev2" #2: Authenticated using RSA Sep 21 07:25:30.537343: | #2 spent 0.0997 milliseconds in ikev2_verify_rsa_hash() Sep 21 07:25:30.537347: | parent state #2: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) Sep 21 07:25:30.537352: | #2 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Sep 21 07:25:30.537357: | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:30.537361: | libevent_free: release ptr-libevent@0x55ffaada1c10 Sep 21 07:25:30.537365: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55ffaada0770 Sep 21 07:25:30.537368: | event_schedule: new EVENT_SA_REKEY-pe@0x55ffaada0770 Sep 21 07:25:30.537372: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #2 Sep 21 07:25:30.537376: | libevent_malloc: new ptr-libevent@0x55ffaada1c10 size 128 Sep 21 07:25:30.537475: | pstats #2 ikev2.ike established Sep 21 07:25:30.537483: | **emit ISAKMP Message: Sep 21 07:25:30.537487: | initiator cookie: Sep 21 07:25:30.537489: | 55 ce b8 0f a4 9b 52 7d Sep 21 07:25:30.537491: | responder cookie: Sep 21 07:25:30.537494: | a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:30.537498: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:30.537501: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:30.537504: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:30.537507: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:30.537509: | Message ID: 1 (0x1) Sep 21 07:25:30.537513: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:30.537516: | IKEv2 CERT: send a certificate? Sep 21 07:25:30.537519: | IKEv2 CERT: no certificate to send Sep 21 07:25:30.537522: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:30.537525: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.537528: | flags: none (0x0) Sep 21 07:25:30.537532: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:30.537536: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.537540: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:30.537549: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:25:30.537563: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:25:30.537567: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.537569: | flags: none (0x0) Sep 21 07:25:30.537572: | ID type: ID_FQDN (0x2) Sep 21 07:25:30.537576: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:25:30.537580: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.537583: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload Sep 21 07:25:30.537586: | my identity 65 61 73 74 Sep 21 07:25:30.537589: | emitting length of IKEv2 Identification - Responder - Payload: 12 Sep 21 07:25:30.537596: | assembled IDr payload Sep 21 07:25:30.537599: | CHILD SA proposals received Sep 21 07:25:30.537604: | going to assemble AUTH payload Sep 21 07:25:30.537609: | ****emit IKEv2 Authentication Payload: Sep 21 07:25:30.537612: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:30.537615: | flags: none (0x0) Sep 21 07:25:30.537618: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:25:30.537622: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Sep 21 07:25:30.537627: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:25:30.537631: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.537637: | started looking for secret for @east->@west of kind PKK_RSA Sep 21 07:25:30.537640: | actually looking for secret for @east->@west of kind PKK_RSA Sep 21 07:25:30.537644: | line 1: key type PKK_RSA(@east) to type PKK_RSA Sep 21 07:25:30.537648: | 1: compared key (none) to @east / @west -> 002 Sep 21 07:25:30.537652: | 2: compared key (none) to @east / @west -> 002 Sep 21 07:25:30.537657: | line 1: match=002 Sep 21 07:25:30.537661: | match 002 beats previous best_match 000 match=0x55ffaad93f30 (line=1) Sep 21 07:25:30.537664: | concluding with best_match=002 best=0x55ffaad93f30 (lineno=1) Sep 21 07:25:30.542780: | #2 spent 5.07 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Sep 21 07:25:30.542796: | emitting 274 raw bytes of rsa signature into IKEv2 Authentication Payload Sep 21 07:25:30.542800: | rsa signature 94 04 9a 4f dc 88 2f 43 1e ce 53 d0 d9 cd 1f bf Sep 21 07:25:30.542803: | rsa signature 15 11 87 4c 51 3c 60 97 c7 47 7a d5 6d dd ed 94 Sep 21 07:25:30.542806: | rsa signature cd 6a 9f 4d 8b 42 bd 49 6d f0 d4 c3 a7 85 96 94 Sep 21 07:25:30.542809: | rsa signature 1b dc 2a 75 4a d0 8f 4d f4 42 be 7d 30 6a 57 b2 Sep 21 07:25:30.542812: | rsa signature 20 47 3c 04 4b 3e 4f 29 dd eb 8b ac d5 2c 57 e2 Sep 21 07:25:30.542815: | rsa signature 0a d9 16 82 18 e4 81 4f 37 44 8a 2e 2c 2c 45 44 Sep 21 07:25:30.542818: | rsa signature 26 34 23 61 d9 23 81 a4 e9 d7 0c 61 8f c2 1f 7d Sep 21 07:25:30.542821: | rsa signature 56 21 1b 3d 99 ca 78 80 a4 e9 40 6c 20 47 a9 78 Sep 21 07:25:30.542824: | rsa signature 57 9a cb f5 2a dc aa dc 07 7b 60 77 e7 29 ec 49 Sep 21 07:25:30.542827: | rsa signature 92 f1 08 2a 73 cb 77 c8 68 07 f5 06 a6 f1 ff ae Sep 21 07:25:30.542830: | rsa signature 40 bd 5a d2 33 ef 39 9c 9a 4b 10 33 d7 bc 7d 34 Sep 21 07:25:30.542833: | rsa signature 75 e5 6e 40 e2 2f 99 b2 d0 f7 a5 36 dc f0 14 85 Sep 21 07:25:30.542836: | rsa signature 61 6f de c7 0d d3 7e 62 9c d5 ff 0c 9a 8a 5c 25 Sep 21 07:25:30.542839: | rsa signature 81 2f 08 5f 89 16 4c 1d a1 3e 0b a4 6d 7a 38 0b Sep 21 07:25:30.542842: | rsa signature 04 00 a8 f5 2c d0 60 68 a6 dd bb 70 a6 46 b7 87 Sep 21 07:25:30.542845: | rsa signature 54 e3 88 4a d9 17 cc b8 1b 54 a4 86 ad cd fd 00 Sep 21 07:25:30.542847: | rsa signature f5 dd 5b 7c c7 87 7e 7d 19 09 f3 50 d7 7a 71 a9 Sep 21 07:25:30.542850: | rsa signature af a5 Sep 21 07:25:30.542855: | #2 spent 5.18 milliseconds in ikev2_calculate_rsa_hash() Sep 21 07:25:30.542858: | emitting length of IKEv2 Authentication Payload: 282 Sep 21 07:25:30.542864: | creating state object #3 at 0x55ffaada8f40 Sep 21 07:25:30.542867: | State DB: adding IKEv2 state #3 in UNDEFINED Sep 21 07:25:30.542874: | pstats #3 ikev2.child started Sep 21 07:25:30.542878: | duplicating state object #2 "westnet-eastnet-ikev2" as #3 for IPSEC SA Sep 21 07:25:30.542885: | #3 setting local endpoint to 192.1.2.23:500 from #2.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:25:30.542893: | Message ID: init_child #2.#3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:30.542899: | Message ID: switch-from #2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 Sep 21 07:25:30.542905: | Message ID: switch-to #2.#3 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 Sep 21 07:25:30.542909: | Child SA TS Request has ike->sa == md->st; so using parent connection Sep 21 07:25:30.542912: | TSi: parsing 1 traffic selectors Sep 21 07:25:30.542915: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:30.542919: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:30.542922: | IP Protocol ID: 0 (0x0) Sep 21 07:25:30.542924: | length: 16 (0x10) Sep 21 07:25:30.542927: | start port: 0 (0x0) Sep 21 07:25:30.542930: | end port: 65535 (0xffff) Sep 21 07:25:30.542933: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:30.542936: | TS low c0 00 01 00 Sep 21 07:25:30.542940: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:30.542942: | TS high c0 00 01 ff Sep 21 07:25:30.542945: | TSi: parsed 1 traffic selectors Sep 21 07:25:30.542948: | TSr: parsing 1 traffic selectors Sep 21 07:25:30.542951: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:30.542957: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:30.542960: | IP Protocol ID: 0 (0x0) Sep 21 07:25:30.542962: | length: 16 (0x10) Sep 21 07:25:30.542965: | start port: 0 (0x0) Sep 21 07:25:30.542968: | end port: 65535 (0xffff) Sep 21 07:25:30.542971: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:30.542973: | TS low c0 00 02 00 Sep 21 07:25:30.542976: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:30.542979: | TS high c0 00 02 ff Sep 21 07:25:30.542982: | TSr: parsed 1 traffic selectors Sep 21 07:25:30.542984: | looking for best SPD in current connection Sep 21 07:25:30.542992: | evaluating our conn="westnet-eastnet-ikev2" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:25:30.542998: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:30.543007: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Sep 21 07:25:30.543010: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:30.543013: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:30.543017: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:30.543020: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:30.543026: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:30.543033: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:25:30.543036: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:25:30.543039: | TSr[0] port match: YES fitness 65536 Sep 21 07:25:30.543042: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:25:30.543046: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:30.543049: | best fit so far: TSi[0] TSr[0] Sep 21 07:25:30.543052: | found better spd route for TSi[0],TSr[0] Sep 21 07:25:30.543054: | looking for better host pair Sep 21 07:25:30.543061: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Sep 21 07:25:30.543067: | checking hostpair 192.0.2.0/24:0 -> 192.0.1.0/24:0 is found Sep 21 07:25:30.543070: | investigating connection "westnet-eastnet-ikev2" as a better match Sep 21 07:25:30.543073: | match_id a=@west Sep 21 07:25:30.543076: | b=@west Sep 21 07:25:30.543079: | results matched Sep 21 07:25:30.543085: | evaluating our conn="westnet-eastnet-ikev2" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:25:30.543091: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:30.543098: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Sep 21 07:25:30.543101: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:30.543104: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:30.543107: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:30.543111: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:30.543116: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:30.543123: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:25:30.543127: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:25:30.543130: | TSr[0] port match: YES fitness 65536 Sep 21 07:25:30.543133: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:25:30.543136: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:30.543139: | best fit so far: TSi[0] TSr[0] Sep 21 07:25:30.543142: | did not find a better connection using host pair Sep 21 07:25:30.543145: | printing contents struct traffic_selector Sep 21 07:25:30.543148: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Sep 21 07:25:30.543150: | ipprotoid: 0 Sep 21 07:25:30.543153: | port range: 0-65535 Sep 21 07:25:30.543159: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:25:30.543161: | printing contents struct traffic_selector Sep 21 07:25:30.543164: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Sep 21 07:25:30.543167: | ipprotoid: 0 Sep 21 07:25:30.543169: | port range: 0-65535 Sep 21 07:25:30.543174: | ip range: 192.0.1.0-192.0.1.255 Sep 21 07:25:30.543179: | constructing ESP/AH proposals with all DH removed for westnet-eastnet-ikev2 (IKE_AUTH responder matching remote ESP/AH proposals) Sep 21 07:25:30.543184: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:25:30.543191: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:25:30.543195: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:25:30.543200: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:25:30.543204: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:30.543210: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:30.543214: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:30.543219: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:30.543229: "westnet-eastnet-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ikev2 (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:30.543234: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals Sep 21 07:25:30.543238: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:30.543241: | local proposal 1 type PRF has 0 transforms Sep 21 07:25:30.543244: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:30.543247: | local proposal 1 type DH has 1 transforms Sep 21 07:25:30.543249: | local proposal 1 type ESN has 1 transforms Sep 21 07:25:30.543254: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:25:30.543257: | local proposal 2 type ENCR has 1 transforms Sep 21 07:25:30.543260: | local proposal 2 type PRF has 0 transforms Sep 21 07:25:30.543263: | local proposal 2 type INTEG has 1 transforms Sep 21 07:25:30.543266: | local proposal 2 type DH has 1 transforms Sep 21 07:25:30.543268: | local proposal 2 type ESN has 1 transforms Sep 21 07:25:30.543272: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:25:30.543275: | local proposal 3 type ENCR has 1 transforms Sep 21 07:25:30.543278: | local proposal 3 type PRF has 0 transforms Sep 21 07:25:30.543281: | local proposal 3 type INTEG has 2 transforms Sep 21 07:25:30.543284: | local proposal 3 type DH has 1 transforms Sep 21 07:25:30.543287: | local proposal 3 type ESN has 1 transforms Sep 21 07:25:30.543290: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:25:30.543293: | local proposal 4 type ENCR has 1 transforms Sep 21 07:25:30.543296: | local proposal 4 type PRF has 0 transforms Sep 21 07:25:30.543299: | local proposal 4 type INTEG has 2 transforms Sep 21 07:25:30.543302: | local proposal 4 type DH has 1 transforms Sep 21 07:25:30.543305: | local proposal 4 type ESN has 1 transforms Sep 21 07:25:30.543309: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:25:30.543312: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.543315: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.543319: | length: 32 (0x20) Sep 21 07:25:30.543321: | prop #: 1 (0x1) Sep 21 07:25:30.543324: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:30.543327: | spi size: 4 (0x4) Sep 21 07:25:30.543330: | # transforms: 2 (0x2) Sep 21 07:25:30.543335: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:30.543338: | remote SPI bd 5a c3 d8 Sep 21 07:25:30.543341: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals Sep 21 07:25:30.543345: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.543348: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.543351: | length: 12 (0xc) Sep 21 07:25:30.543354: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.543357: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:30.543360: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.543363: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.543366: | length/value: 256 (0x100) Sep 21 07:25:30.543371: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:30.543374: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.543377: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.543380: | length: 8 (0x8) Sep 21 07:25:30.543383: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:30.543386: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:30.543390: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:25:30.543394: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Sep 21 07:25:30.543398: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Sep 21 07:25:30.543402: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Sep 21 07:25:30.543407: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Sep 21 07:25:30.543413: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Sep 21 07:25:30.543416: | remote proposal 1 matches local proposal 1 Sep 21 07:25:30.543419: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.543422: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.543425: | length: 32 (0x20) Sep 21 07:25:30.543427: | prop #: 2 (0x2) Sep 21 07:25:30.543430: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:30.543433: | spi size: 4 (0x4) Sep 21 07:25:30.543435: | # transforms: 2 (0x2) Sep 21 07:25:30.543439: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:30.543442: | remote SPI bd 5a c3 d8 Sep 21 07:25:30.543445: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:30.543449: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.543452: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.543454: | length: 12 (0xc) Sep 21 07:25:30.543457: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.543460: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:30.543463: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.543466: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.543469: | length/value: 128 (0x80) Sep 21 07:25:30.543472: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.543475: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.543478: | length: 8 (0x8) Sep 21 07:25:30.543481: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:30.543484: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:30.543488: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN Sep 21 07:25:30.543492: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN Sep 21 07:25:30.543495: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.543497: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.543500: | length: 48 (0x30) Sep 21 07:25:30.543503: | prop #: 3 (0x3) Sep 21 07:25:30.543506: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:30.543509: | spi size: 4 (0x4) Sep 21 07:25:30.543512: | # transforms: 4 (0x4) Sep 21 07:25:30.543516: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:30.543519: | remote SPI bd 5a c3 d8 Sep 21 07:25:30.543522: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:30.543526: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.543528: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.543531: | length: 12 (0xc) Sep 21 07:25:30.543534: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.543537: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:30.543540: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.543543: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.543546: | length/value: 256 (0x100) Sep 21 07:25:30.543549: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.543552: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.543555: | length: 8 (0x8) Sep 21 07:25:30.543558: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:30.543561: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:30.543564: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.543567: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.543570: | length: 8 (0x8) Sep 21 07:25:30.543573: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:30.543576: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:30.543579: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.543582: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.543585: | length: 8 (0x8) Sep 21 07:25:30.543588: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:30.543591: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:30.543595: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Sep 21 07:25:30.543599: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN Sep 21 07:25:30.543602: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.543605: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:30.543607: | length: 48 (0x30) Sep 21 07:25:30.543610: | prop #: 4 (0x4) Sep 21 07:25:30.543613: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:30.543615: | spi size: 4 (0x4) Sep 21 07:25:30.543618: | # transforms: 4 (0x4) Sep 21 07:25:30.543622: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:30.543624: | remote SPI bd 5a c3 d8 Sep 21 07:25:30.543628: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:30.543631: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.543634: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.543637: | length: 12 (0xc) Sep 21 07:25:30.543639: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.543643: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:30.543646: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.543649: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.543651: | length/value: 128 (0x80) Sep 21 07:25:30.543655: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.543658: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.543660: | length: 8 (0x8) Sep 21 07:25:30.543663: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:30.543666: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:30.543670: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.543672: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.543675: | length: 8 (0x8) Sep 21 07:25:30.543678: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:30.543681: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:30.543684: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.543690: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.543693: | length: 8 (0x8) Sep 21 07:25:30.543696: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:30.543699: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:30.543703: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Sep 21 07:25:30.543707: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN Sep 21 07:25:30.543712: "westnet-eastnet-ikev2" #2: proposal 1:ESP:SPI=bd5ac3d8;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Sep 21 07:25:30.543718: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=bd5ac3d8;ENCR=AES_GCM_C_256;ESN=DISABLED Sep 21 07:25:30.543721: | converting proposal to internal trans attrs Sep 21 07:25:30.543742: | netlink_get_spi: allocated 0x41c22357 for esp.0@192.1.2.23 Sep 21 07:25:30.543746: | Emitting ikev2_proposal ... Sep 21 07:25:30.543749: | ****emit IKEv2 Security Association Payload: Sep 21 07:25:30.543752: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.543755: | flags: none (0x0) Sep 21 07:25:30.543759: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:30.543763: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.543767: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.543770: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:30.543773: | prop #: 1 (0x1) Sep 21 07:25:30.543776: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:30.543778: | spi size: 4 (0x4) Sep 21 07:25:30.543781: | # transforms: 2 (0x2) Sep 21 07:25:30.543791: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:30.543797: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:30.543800: | our spi 41 c2 23 57 Sep 21 07:25:30.543803: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.543806: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.543809: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.543812: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:30.543816: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.543819: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.543822: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.543825: | length/value: 256 (0x100) Sep 21 07:25:30.543828: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:30.543831: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.543834: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.543837: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:30.543840: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:30.543845: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.543849: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.543852: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.543855: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:25:30.543859: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:30.543863: | emitting length of IKEv2 Security Association Payload: 36 Sep 21 07:25:30.543867: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:30.543871: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:30.543874: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.543876: | flags: none (0x0) Sep 21 07:25:30.543879: | number of TS: 1 (0x1) Sep 21 07:25:30.543884: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:25:30.543888: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.543891: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:30.543894: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:30.543897: | IP Protocol ID: 0 (0x0) Sep 21 07:25:30.543900: | start port: 0 (0x0) Sep 21 07:25:30.543902: | end port: 65535 (0xffff) Sep 21 07:25:30.543906: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:30.543909: | IP start c0 00 01 00 Sep 21 07:25:30.543912: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:30.543914: | IP end c0 00 01 ff Sep 21 07:25:30.543917: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:30.543920: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:25:30.543924: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:30.543926: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.543929: | flags: none (0x0) Sep 21 07:25:30.543932: | number of TS: 1 (0x1) Sep 21 07:25:30.543936: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:25:30.543940: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.543943: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:30.543946: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:30.543949: | IP Protocol ID: 0 (0x0) Sep 21 07:25:30.543952: | start port: 0 (0x0) Sep 21 07:25:30.543954: | end port: 65535 (0xffff) Sep 21 07:25:30.543958: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:30.543961: | IP start c0 00 02 00 Sep 21 07:25:30.543964: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:30.543966: | IP end c0 00 02 ff Sep 21 07:25:30.543969: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:30.543972: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:25:30.543976: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:25:30.543980: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:25:30.544141: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Sep 21 07:25:30.544148: | #2 spent 1.29 milliseconds Sep 21 07:25:30.544151: | install_ipsec_sa() for #3: inbound and outbound Sep 21 07:25:30.544154: | could_route called for westnet-eastnet-ikev2 (kind=CK_PERMANENT) Sep 21 07:25:30.544157: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:30.544161: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:30.544164: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 Sep 21 07:25:30.544170: | route owner of "westnet-eastnet-ikev2" unrouted: NULL; eroute owner: NULL Sep 21 07:25:30.544174: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:25:30.544178: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:25:30.544181: | AES_GCM_16 requires 4 salt bytes Sep 21 07:25:30.544185: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:25:30.544189: | setting IPsec SA replay-window to 32 Sep 21 07:25:30.544195: | NIC esp-hw-offload not for connection 'westnet-eastnet-ikev2' not available on interface eth1 Sep 21 07:25:30.544199: | netlink: enabling tunnel mode Sep 21 07:25:30.544202: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:30.544205: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:30.544288: | netlink response for Add SA esp.bd5ac3d8@192.1.2.45 included non-error error Sep 21 07:25:30.544296: | set up outgoing SA, ref=0/0 Sep 21 07:25:30.544300: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:25:30.544304: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:25:30.544306: | AES_GCM_16 requires 4 salt bytes Sep 21 07:25:30.544309: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:25:30.544314: | setting IPsec SA replay-window to 32 Sep 21 07:25:30.544317: | NIC esp-hw-offload not for connection 'westnet-eastnet-ikev2' not available on interface eth1 Sep 21 07:25:30.544320: | netlink: enabling tunnel mode Sep 21 07:25:30.544323: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:30.544325: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:30.544378: | netlink response for Add SA esp.41c22357@192.1.2.23 included non-error error Sep 21 07:25:30.544384: | priority calculation of connection "westnet-eastnet-ikev2" is 0xfe7e7 Sep 21 07:25:30.544393: | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Sep 21 07:25:30.544397: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:30.544445: | raw_eroute result=success Sep 21 07:25:30.544450: | set up incoming SA, ref=0/0 Sep 21 07:25:30.544453: | sr for #3: unrouted Sep 21 07:25:30.544457: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:25:30.544460: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:30.544463: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:30.544466: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 Sep 21 07:25:30.544470: | route owner of "westnet-eastnet-ikev2" unrouted: NULL; eroute owner: NULL Sep 21 07:25:30.544475: | route_and_eroute with c: westnet-eastnet-ikev2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #3 Sep 21 07:25:30.544479: | priority calculation of connection "westnet-eastnet-ikev2" is 0xfe7e7 Sep 21 07:25:30.544488: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45 (raw_eroute) Sep 21 07:25:30.544491: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:30.544516: | raw_eroute result=success Sep 21 07:25:30.544521: | running updown command "ipsec _updown" for verb up Sep 21 07:25:30.544524: | command executing up-client Sep 21 07:25:30.544561: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xbd Sep 21 07:25:30.544567: | popen cmd is 1040 chars long Sep 21 07:25:30.544571: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ike: Sep 21 07:25:30.544575: | cmd( 80):v2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLU: Sep 21 07:25:30.544580: | cmd( 160):TO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' : Sep 21 07:25:30.544584: | cmd( 240):PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLU: Sep 21 07:25:30.544587: | cmd( 320):TO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@: Sep 21 07:25:30.544591: | cmd( 400):west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_P: Sep 21 07:25:30.544594: | cmd( 480):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Sep 21 07:25:30.544598: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+EN: Sep 21 07:25:30.544601: | cmd( 640):CRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND=: Sep 21 07:25:30.544605: | cmd( 720):'CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO=': Sep 21 07:25:30.544608: | cmd( 800):0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_C: Sep 21 07:25:30.544611: | cmd( 880):FG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUT: Sep 21 07:25:30.544615: | cmd( 960):ING='no' VTI_SHARED='no' SPI_IN=0xbd5ac3d8 SPI_OUT=0x41c22357 ipsec _updown 2>&1: Sep 21 07:25:30.555055: | route_and_eroute: firewall_notified: true Sep 21 07:25:30.555069: | running updown command "ipsec _updown" for verb prepare Sep 21 07:25:30.555074: | command executing prepare-client Sep 21 07:25:30.555108: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' S Sep 21 07:25:30.555113: | popen cmd is 1045 chars long Sep 21 07:25:30.555117: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Sep 21 07:25:30.555119: | cmd( 80):t-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23: Sep 21 07:25:30.555123: | cmd( 160):' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.: Sep 21 07:25:30.555126: | cmd( 240):2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Sep 21 07:25:30.555129: | cmd( 320):' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_: Sep 21 07:25:30.555131: | cmd( 400):ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PL: Sep 21 07:25:30.555134: | cmd( 480):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Sep 21 07:25:30.555136: | cmd( 560): PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSAS: Sep 21 07:25:30.555139: | cmd( 640):IG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_: Sep 21 07:25:30.555142: | cmd( 720):KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CI: Sep 21 07:25:30.555145: | cmd( 800):SCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PL: Sep 21 07:25:30.555148: | cmd( 880):UTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI: Sep 21 07:25:30.555155: | cmd( 960):_ROUTING='no' VTI_SHARED='no' SPI_IN=0xbd5ac3d8 SPI_OUT=0x41c22357 ipsec _updown: Sep 21 07:25:30.555157: | cmd(1040): 2>&1: Sep 21 07:25:30.566015: | running updown command "ipsec _updown" for verb route Sep 21 07:25:30.566027: | command executing route-client Sep 21 07:25:30.566067: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_I Sep 21 07:25:30.566072: | popen cmd is 1043 chars long Sep 21 07:25:30.566076: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Sep 21 07:25:30.566080: | cmd( 80):ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' : Sep 21 07:25:30.566084: | cmd( 160):PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.: Sep 21 07:25:30.566087: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : Sep 21 07:25:30.566091: | cmd( 320):PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID: Sep 21 07:25:30.566094: | cmd( 400):='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUT: Sep 21 07:25:30.566097: | cmd( 480):O_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' P: Sep 21 07:25:30.566101: | cmd( 560):LUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG: Sep 21 07:25:30.566104: | cmd( 640):+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KI: Sep 21 07:25:30.566107: | cmd( 720):ND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISC: Sep 21 07:25:30.566110: | cmd( 800):O='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUT: Sep 21 07:25:30.566114: | cmd( 880):O_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_R: Sep 21 07:25:30.566118: | cmd( 960):OUTING='no' VTI_SHARED='no' SPI_IN=0xbd5ac3d8 SPI_OUT=0x41c22357 ipsec _updown 2: Sep 21 07:25:30.566120: | cmd(1040):>&1: Sep 21 07:25:30.583554: | route_and_eroute: instance "westnet-eastnet-ikev2", setting eroute_owner {spd=0x55ffaad9fd20,sr=0x55ffaad9fd20} to #3 (was #0) (newest_ipsec_sa=#0) Sep 21 07:25:30.583635: | #2 spent 0.974 milliseconds in install_ipsec_sa() Sep 21 07:25:30.583644: | ISAKMP_v2_IKE_AUTH: instance westnet-eastnet-ikev2[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #2 Sep 21 07:25:30.583648: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:30.583652: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:30.583656: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:30.583660: | emitting length of IKEv2 Encryption Payload: 407 Sep 21 07:25:30.583662: | emitting length of ISAKMP Message: 435 Sep 21 07:25:30.583684: | ikev2_parent_inI2outR2_continue_tail returned STF_OK Sep 21 07:25:30.583691: | #2 spent 8 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() Sep 21 07:25:30.583698: | suspend processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:30.583708: | start processing: state #3 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:30.583713: | #3 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK Sep 21 07:25:30.583716: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R Sep 21 07:25:30.583720: | child state #3: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) Sep 21 07:25:30.583724: | Message ID: updating counters for #3 to 1 after switching state Sep 21 07:25:30.583730: | Message ID: recv #2.#3 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 Sep 21 07:25:30.583736: | Message ID: sent #2.#3 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 Sep 21 07:25:30.583748: | pstats #3 ikev2.child established Sep 21 07:25:30.583756: "westnet-eastnet-ikev2" #3: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] Sep 21 07:25:30.583761: | NAT-T: encaps is 'auto' Sep 21 07:25:30.583766: "westnet-eastnet-ikev2" #3: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xbd5ac3d8 <0x41c22357 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Sep 21 07:25:30.583772: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500) Sep 21 07:25:30.583779: | sending 435 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #2) Sep 21 07:25:30.583789: | 55 ce b8 0f a4 9b 52 7d a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:30.583797: | 2e 20 23 20 00 00 00 01 00 00 01 b3 24 00 01 97 Sep 21 07:25:30.583800: | 82 64 7a a0 a0 c8 a7 56 89 4a bc 4b 30 0b 38 38 Sep 21 07:25:30.583802: | 07 ed 68 ed e7 f7 53 02 f4 ea b0 49 f9 38 79 c5 Sep 21 07:25:30.583804: | 93 3a e3 d2 df 77 eb c3 d5 dd 3c 9f 07 0e 54 7b Sep 21 07:25:30.583806: | f1 b0 8a cb 1e cb 95 7a 99 0a 23 e2 97 76 cd 10 Sep 21 07:25:30.583808: | 57 0e 88 8a 9d 10 28 c8 f7 82 c6 31 71 ac e3 00 Sep 21 07:25:30.583811: | 68 70 ad f0 1d bc dc be a7 32 a1 f0 b1 eb 7b 18 Sep 21 07:25:30.583813: | d2 71 29 11 60 e9 90 92 e1 3b f5 6f 13 68 0c 73 Sep 21 07:25:30.583815: | 5e b7 5d e3 20 aa 7a 05 1d 31 5e ff 32 d1 29 c8 Sep 21 07:25:30.583817: | c0 92 d3 7b ec 6a 20 cd 27 c6 56 65 a3 be 42 f7 Sep 21 07:25:30.583819: | 29 dc 5f ad e7 3d a8 20 f9 21 9f 92 af 46 ca ae Sep 21 07:25:30.583821: | 80 53 cf c3 d4 64 00 0e 46 72 4c 11 0d 40 29 78 Sep 21 07:25:30.583823: | 4d 33 87 71 c3 88 62 62 e7 80 d1 8e 09 c8 76 f4 Sep 21 07:25:30.583825: | 7d 6f 27 8f fe 0d 0b 02 59 95 8b 87 59 34 22 f5 Sep 21 07:25:30.583827: | b6 1a c5 91 8e 69 a5 f7 64 2e 96 e2 4f 58 7a 11 Sep 21 07:25:30.583829: | 7d 34 c0 8d 45 f7 28 5d 4e 87 ef c8 84 76 c0 47 Sep 21 07:25:30.583831: | 9b f4 0f 08 1f bf 15 71 69 59 17 5f 47 84 2e f7 Sep 21 07:25:30.583833: | 34 13 9f a7 42 cb 13 ea b7 a1 4e 01 cd 9c da 02 Sep 21 07:25:30.583834: | c1 c6 d3 da 4f 38 16 c6 73 89 d7 aa e1 7f c8 42 Sep 21 07:25:30.583836: | 85 62 9b d6 9c 9a ff 68 2a 1a 93 ad 18 cb 15 62 Sep 21 07:25:30.583837: | 35 95 cf b0 28 b0 22 f0 92 3a ed 7f 27 53 b4 ce Sep 21 07:25:30.583838: | 04 0f f1 5a cb e9 a6 42 94 42 d1 bf 27 68 98 d5 Sep 21 07:25:30.583840: | c2 9e 38 b5 b1 90 98 63 6f c8 b7 9f 5d d2 63 e6 Sep 21 07:25:30.583841: | 8e 16 cb 2c d7 09 0d 84 ce f9 bb 99 36 91 7b 9e Sep 21 07:25:30.583842: | 19 d3 1b 3a b4 a6 7e ed 61 50 16 1b 73 74 55 2d Sep 21 07:25:30.583844: | 59 a8 c7 7d df 10 59 17 5f ad cd fb 53 65 1b b7 Sep 21 07:25:30.583845: | ea 85 b7 Sep 21 07:25:30.583882: | releasing whack for #3 (sock=fd@-1) Sep 21 07:25:30.583885: | releasing whack and unpending for parent #2 Sep 21 07:25:30.583888: | unpending state #2 connection "westnet-eastnet-ikev2" Sep 21 07:25:30.583895: | #3 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Sep 21 07:25:30.583898: | event_schedule: new EVENT_SA_REKEY-pe@0x55ffaada09c0 Sep 21 07:25:30.583901: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #3 Sep 21 07:25:30.583905: | libevent_malloc: new ptr-libevent@0x55ffaada8490 size 128 Sep 21 07:25:30.583911: | resume sending helper answer for #2 suppresed complete_v2_state_transition() Sep 21 07:25:30.583916: | #2 spent 8.36 milliseconds in resume sending helper answer Sep 21 07:25:30.583922: | stop processing: state #3 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:833) Sep 21 07:25:30.583925: | libevent_free: release ptr-libevent@0x7f1528006b90 Sep 21 07:25:30.583937: | processing signal PLUTO_SIGCHLD Sep 21 07:25:30.583942: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:30.583947: | spent 0.00506 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:30.583949: | processing signal PLUTO_SIGCHLD Sep 21 07:25:30.583953: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:30.583956: | spent 0.00344 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:30.583959: | processing signal PLUTO_SIGCHLD Sep 21 07:25:30.583962: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:30.583965: | spent 0.00338 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:34.174777: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:34.175021: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:34.175026: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:34.175100: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:25:34.175102: | FOR_EACH_STATE_... in sort_states Sep 21 07:25:34.175111: | get_sa_info esp.41c22357@192.1.2.23 Sep 21 07:25:34.175123: | get_sa_info esp.bd5ac3d8@192.1.2.45 Sep 21 07:25:34.175138: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:34.175143: | spent 0.368 milliseconds in whack Sep 21 07:25:35.230882: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:35.230899: shutting down Sep 21 07:25:35.230909: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:25:35.230913: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:25:35.230919: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:35.230921: forgetting secrets Sep 21 07:25:35.230927: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:35.230931: | unreference key: 0x55ffaada0f10 @east cnt 1-- Sep 21 07:25:35.230934: | unreference key: 0x55ffaacfd940 @west cnt 2-- Sep 21 07:25:35.230938: | start processing: connection "westnet-eastnet-ikev2" (in delete_connection() at connections.c:189) Sep 21 07:25:35.230941: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:25:35.230943: | pass 0 Sep 21 07:25:35.230945: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:35.230947: | state #3 Sep 21 07:25:35.230951: | suspend processing: connection "westnet-eastnet-ikev2" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:25:35.230957: | start processing: state #3 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:25:35.230960: | pstats #3 ikev2.child deleted completed Sep 21 07:25:35.230964: | [RE]START processing: state #3 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in delete_state() at state.c:879) Sep 21 07:25:35.230969: "westnet-eastnet-ikev2" #3: deleting state (STATE_V2_IPSEC_R) aged 4.688s and sending notification Sep 21 07:25:35.230972: | child state #3: V2_IPSEC_R(established CHILD SA) => delete Sep 21 07:25:35.230976: | get_sa_info esp.bd5ac3d8@192.1.2.45 Sep 21 07:25:35.230994: | get_sa_info esp.41c22357@192.1.2.23 Sep 21 07:25:35.231007: "westnet-eastnet-ikev2" #3: ESP traffic information: in=2KB out=2KB Sep 21 07:25:35.231011: | #3 send IKEv2 delete notification for STATE_V2_IPSEC_R Sep 21 07:25:35.231014: | Opening output PBS informational exchange delete request Sep 21 07:25:35.231017: | **emit ISAKMP Message: Sep 21 07:25:35.231020: | initiator cookie: Sep 21 07:25:35.231023: | 55 ce b8 0f a4 9b 52 7d Sep 21 07:25:35.231025: | responder cookie: Sep 21 07:25:35.231026: | a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:35.231029: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:35.231032: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:35.231035: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:35.231038: | flags: none (0x0) Sep 21 07:25:35.231040: | Message ID: 0 (0x0) Sep 21 07:25:35.231043: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:35.231046: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:35.231049: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:35.231051: | flags: none (0x0) Sep 21 07:25:35.231054: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:35.231056: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:25:35.231059: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:35.231067: | ****emit IKEv2 Delete Payload: Sep 21 07:25:35.231070: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:35.231071: | flags: none (0x0) Sep 21 07:25:35.231074: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:35.231076: | SPI size: 4 (0x4) Sep 21 07:25:35.231078: | number of SPIs: 1 (0x1) Sep 21 07:25:35.231080: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:25:35.231082: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:25:35.231085: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Sep 21 07:25:35.231087: | local spis 41 c2 23 57 Sep 21 07:25:35.231090: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:25:35.231093: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:35.231096: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:35.231099: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:35.231101: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:25:35.231104: | emitting length of ISAKMP Message: 69 Sep 21 07:25:35.231129: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #3) Sep 21 07:25:35.231133: | 55 ce b8 0f a4 9b 52 7d a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:35.231136: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:25:35.231138: | c0 3f 4a 51 f1 38 a7 93 0d a2 d8 64 96 c2 20 b6 Sep 21 07:25:35.231140: | 4f 84 73 58 1b 4f 05 01 cf 35 47 b0 31 3a 1d 95 Sep 21 07:25:35.231142: | 78 f8 15 22 2d Sep 21 07:25:35.231174: | Message ID: IKE #2 sender #3 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 Sep 21 07:25:35.231178: | Message ID: IKE #2 sender #3 in send_delete hacking around record ' send Sep 21 07:25:35.231183: | Message ID: sent #2 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:25:35.231185: | state #3 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:35.231189: | libevent_free: release ptr-libevent@0x55ffaada8490 Sep 21 07:25:35.231191: | free_event_entry: release EVENT_SA_REKEY-pe@0x55ffaada09c0 Sep 21 07:25:35.231268: | running updown command "ipsec _updown" for verb down Sep 21 07:25:35.231271: | command executing down-client Sep 21 07:25:35.231303: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050730' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no Sep 21 07:25:35.231306: | popen cmd is 1051 chars long Sep 21 07:25:35.231309: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-i: Sep 21 07:25:35.231312: | cmd( 80):kev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' P: Sep 21 07:25:35.231315: | cmd( 160):LUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0: Sep 21 07:25:35.231317: | cmd( 240):' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' P: Sep 21 07:25:35.231319: | cmd( 320):LUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID=: Sep 21 07:25:35.231322: | cmd( 400):'@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO: Sep 21 07:25:35.231324: | cmd( 480):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Sep 21 07:25:35.231327: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050730' PLUTO_CONN_POLICY: Sep 21 07:25:35.231329: | cmd( 640):='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO: Sep 21 07:25:35.231332: | cmd( 720):_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_P: Sep 21 07:25:35.231334: | cmd( 800):EER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER: Sep 21 07:25:35.231337: | cmd( 880):='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=: Sep 21 07:25:35.231340: | cmd( 960):'' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xbd5ac3d8 SPI_OUT=0x41c22357 ipsec _: Sep 21 07:25:35.231342: | cmd(1040):updown 2>&1: Sep 21 07:25:35.241777: | shunt_eroute() called for connection 'westnet-eastnet-ikev2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.1.0/24:0 Sep 21 07:25:35.241797: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.1.0/24:0 Sep 21 07:25:35.241802: | priority calculation of connection "westnet-eastnet-ikev2" is 0xfe7e7 Sep 21 07:25:35.241806: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:35.241852: | delete esp.bd5ac3d8@192.1.2.45 Sep 21 07:25:35.241933: | netlink response for Del SA esp.bd5ac3d8@192.1.2.45 included non-error error Sep 21 07:25:35.241938: | priority calculation of connection "westnet-eastnet-ikev2" is 0xfe7e7 Sep 21 07:25:35.241945: | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Sep 21 07:25:35.241988: | raw_eroute result=success Sep 21 07:25:35.241992: | delete esp.41c22357@192.1.2.23 Sep 21 07:25:35.242018: | netlink response for Del SA esp.41c22357@192.1.2.23 included non-error error Sep 21 07:25:35.242025: | stop processing: connection "westnet-eastnet-ikev2" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:25:35.242029: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:25:35.242032: | in connection_discard for connection westnet-eastnet-ikev2 Sep 21 07:25:35.242038: | State DB: deleting IKEv2 state #3 in V2_IPSEC_R Sep 21 07:25:35.242042: | child state #3: V2_IPSEC_R(established CHILD SA) => UNDEFINED(ignore) Sep 21 07:25:35.242048: | stop processing: state #3 from 192.1.2.45:500 (in delete_state() at state.c:1143) Sep 21 07:25:35.242054: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:25:35.242056: | state #2 Sep 21 07:25:35.242058: | pass 1 Sep 21 07:25:35.242061: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:35.242063: | state #2 Sep 21 07:25:35.242068: | start processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:25:35.242071: | pstats #2 ikev2.ike deleted completed Sep 21 07:25:35.242076: | #2 spent 13.8 milliseconds in total Sep 21 07:25:35.242081: | [RE]START processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in delete_state() at state.c:879) Sep 21 07:25:35.242085: "westnet-eastnet-ikev2" #2: deleting state (STATE_PARENT_R2) aged 4.719s and sending notification Sep 21 07:25:35.242088: | parent state #2: PARENT_R2(established IKE SA) => delete Sep 21 07:25:35.242140: | #2 send IKEv2 delete notification for STATE_PARENT_R2 Sep 21 07:25:35.242145: | Opening output PBS informational exchange delete request Sep 21 07:25:35.242148: | **emit ISAKMP Message: Sep 21 07:25:35.242151: | initiator cookie: Sep 21 07:25:35.242153: | 55 ce b8 0f a4 9b 52 7d Sep 21 07:25:35.242156: | responder cookie: Sep 21 07:25:35.242158: | a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:35.242161: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:35.242163: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:35.242166: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:35.242169: | flags: none (0x0) Sep 21 07:25:35.242171: | Message ID: 1 (0x1) Sep 21 07:25:35.242174: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:35.242177: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:35.242180: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:35.242182: | flags: none (0x0) Sep 21 07:25:35.242185: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:35.242188: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:25:35.242191: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:35.242200: | ****emit IKEv2 Delete Payload: Sep 21 07:25:35.242203: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:35.242205: | flags: none (0x0) Sep 21 07:25:35.242208: | protocol ID: PROTO_v2_IKE (0x1) Sep 21 07:25:35.242210: | SPI size: 0 (0x0) Sep 21 07:25:35.242213: | number of SPIs: 0 (0x0) Sep 21 07:25:35.242216: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:25:35.242218: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:25:35.242221: | emitting length of IKEv2 Delete Payload: 8 Sep 21 07:25:35.242224: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:35.242227: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:35.242230: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:35.242232: | emitting length of IKEv2 Encryption Payload: 37 Sep 21 07:25:35.242235: | emitting length of ISAKMP Message: 65 Sep 21 07:25:35.242255: | sending 65 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #2) Sep 21 07:25:35.242257: | 55 ce b8 0f a4 9b 52 7d a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:35.242260: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Sep 21 07:25:35.242264: | e1 b3 a7 d6 a0 b0 36 4c 8a 91 a9 f2 74 51 1a d3 Sep 21 07:25:35.242266: | 50 58 ba 27 06 76 d3 7e 25 23 86 37 e7 54 bb c8 Sep 21 07:25:35.242269: | 6e Sep 21 07:25:35.242352: | Message ID: IKE #2 sender #2 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 Sep 21 07:25:35.242358: | Message ID: IKE #2 sender #2 in send_delete hacking around record ' send Sep 21 07:25:35.242363: | Message ID: #2 XXX: expecting sender.wip.initiator 0 == -1 - suspect record'n'send out-of-order?); initiator.sent=1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=1 wip.responder=-1 Sep 21 07:25:35.242368: | Message ID: sent #2 request 1; ike: initiator.sent=0->1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=0->1 wip.responder=-1 Sep 21 07:25:35.242371: | state #2 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:35.242375: | libevent_free: release ptr-libevent@0x55ffaada1c10 Sep 21 07:25:35.242378: | free_event_entry: release EVENT_SA_REKEY-pe@0x55ffaada0770 Sep 21 07:25:35.242382: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:25:35.242385: | in connection_discard for connection westnet-eastnet-ikev2 Sep 21 07:25:35.242387: | State DB: deleting IKEv2 state #2 in PARENT_R2 Sep 21 07:25:35.242391: | parent state #2: PARENT_R2(established IKE SA) => UNDEFINED(ignore) Sep 21 07:25:35.242394: | unreference key: 0x55ffaacfd940 @west cnt 1-- Sep 21 07:25:35.242409: | stop processing: state #2 from 192.1.2.45:500 (in delete_state() at state.c:1143) Sep 21 07:25:35.242424: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:25:35.242431: | shunt_eroute() called for connection 'westnet-eastnet-ikev2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.2.0/24:0 --0->- 192.0.1.0/24:0 Sep 21 07:25:35.242436: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.1.0/24:0 Sep 21 07:25:35.242439: | priority calculation of connection "westnet-eastnet-ikev2" is 0xfe7e7 Sep 21 07:25:35.242469: | priority calculation of connection "westnet-eastnet-ikev2" is 0xfe7e7 Sep 21 07:25:35.242479: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:35.242482: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:35.242485: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 Sep 21 07:25:35.242488: | route owner of "westnet-eastnet-ikev2" unrouted: NULL Sep 21 07:25:35.242491: | running updown command "ipsec _updown" for verb unroute Sep 21 07:25:35.242494: | command executing unroute-client Sep 21 07:25:35.242520: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' Sep 21 07:25:35.242523: | popen cmd is 1032 chars long Sep 21 07:25:35.242526: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Sep 21 07:25:35.242529: | cmd( 80):t-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23: Sep 21 07:25:35.242532: | cmd( 160):' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.: Sep 21 07:25:35.242537: | cmd( 240):2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Sep 21 07:25:35.242539: | cmd( 320):' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.45' PLUTO_PEER: Sep 21 07:25:35.242542: | cmd( 400):_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' P: Sep 21 07:25:35.242544: | cmd( 480):LUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0: Sep 21 07:25:35.242547: | cmd( 560):' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSA: Sep 21 07:25:35.242549: | cmd( 640):SIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN: Sep 21 07:25:35.242552: | cmd( 720):_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_C: Sep 21 07:25:35.242554: | cmd( 800):ISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' P: Sep 21 07:25:35.242557: | cmd( 880):LUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VT: Sep 21 07:25:35.242560: | cmd( 960):I_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:25:35.280287: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280301: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280304: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280306: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280309: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280311: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280313: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280315: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280317: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280319: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280321: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280323: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280326: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280328: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280330: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280332: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280334: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280336: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280338: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280341: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280343: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280345: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280347: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280349: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280351: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280353: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280355: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280358: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280360: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280362: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280364: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280366: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280368: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280370: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280376: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280378: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280380: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280382: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280384: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280386: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280389: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280391: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280393: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280395: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280397: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280400: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280402: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280404: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280410: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280412: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280414: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280416: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280418: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280420: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280422: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280425: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280427: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280429: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280431: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280433: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280435: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280437: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280439: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280442: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280444: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280446: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280448: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280450: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280452: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280455: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280457: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280459: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280461: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280463: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280465: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280467: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280470: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280472: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280474: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280476: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280478: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280482: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280484: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280486: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280488: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280490: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280492: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280494: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280497: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280499: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280501: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280503: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280505: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280507: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280509: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280512: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280514: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280516: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280518: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280520: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.280523: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:35.299274: | free hp@0x55ffaada0b20 Sep 21 07:25:35.299291: | flush revival: connection 'westnet-eastnet-ikev2' wasn't on the list Sep 21 07:25:35.299296: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:25:35.299306: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:25:35.299309: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:25:35.299323: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:25:35.299327: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:25:35.299331: shutting down interface eth0/eth0 192.0.2.254:4500 Sep 21 07:25:35.299335: shutting down interface eth0/eth0 192.0.2.254:500 Sep 21 07:25:35.299338: shutting down interface eth0/eth0 192.0.2.250:4500 Sep 21 07:25:35.299342: shutting down interface eth0/eth0 192.0.2.250:500 Sep 21 07:25:35.299346: shutting down interface eth0/eth0 192.0.2.251:4500 Sep 21 07:25:35.299349: shutting down interface eth0/eth0 192.0.2.251:500 Sep 21 07:25:35.299353: shutting down interface eth1/eth1 192.1.2.23:4500 Sep 21 07:25:35.299357: shutting down interface eth1/eth1 192.1.2.23:500 Sep 21 07:25:35.299361: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:25:35.299371: | libevent_free: release ptr-libevent@0x55ffaad9ec50 Sep 21 07:25:35.299375: | free_event_entry: release EVENT_NULL-pe@0x55ffaad9ec10 Sep 21 07:25:35.299385: | libevent_free: release ptr-libevent@0x55ffaad9ed40 Sep 21 07:25:35.299388: | free_event_entry: release EVENT_NULL-pe@0x55ffaad9ed00 Sep 21 07:25:35.299396: | libevent_free: release ptr-libevent@0x55ffaad9ee30 Sep 21 07:25:35.299399: | free_event_entry: release EVENT_NULL-pe@0x55ffaad9edf0 Sep 21 07:25:35.299406: | libevent_free: release ptr-libevent@0x55ffaad9ef20 Sep 21 07:25:35.299409: | free_event_entry: release EVENT_NULL-pe@0x55ffaad9eee0 Sep 21 07:25:35.299416: | libevent_free: release ptr-libevent@0x55ffaad9f010 Sep 21 07:25:35.299419: | free_event_entry: release EVENT_NULL-pe@0x55ffaad9efd0 Sep 21 07:25:35.299426: | libevent_free: release ptr-libevent@0x55ffaad9f760 Sep 21 07:25:35.299429: | free_event_entry: release EVENT_NULL-pe@0x55ffaad9f0c0 Sep 21 07:25:35.299436: | libevent_free: release ptr-libevent@0x55ffaad9f830 Sep 21 07:25:35.299439: | free_event_entry: release EVENT_NULL-pe@0x55ffaad9f7f0 Sep 21 07:25:35.299451: | libevent_free: release ptr-libevent@0x55ffaad9f900 Sep 21 07:25:35.299454: | free_event_entry: release EVENT_NULL-pe@0x55ffaad9f8c0 Sep 21 07:25:35.299462: | libevent_free: release ptr-libevent@0x55ffaad9f9f0 Sep 21 07:25:35.299465: | free_event_entry: release EVENT_NULL-pe@0x55ffaad9f9b0 Sep 21 07:25:35.299472: | libevent_free: release ptr-libevent@0x55ffaad9fae0 Sep 21 07:25:35.299475: | free_event_entry: release EVENT_NULL-pe@0x55ffaad9faa0 Sep 21 07:25:35.299480: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:25:35.299932: | libevent_free: release ptr-libevent@0x55ffaad9e2f0 Sep 21 07:25:35.299940: | free_event_entry: release EVENT_NULL-pe@0x55ffaad821a0 Sep 21 07:25:35.299945: | libevent_free: release ptr-libevent@0x55ffaad93e00 Sep 21 07:25:35.299948: | free_event_entry: release EVENT_NULL-pe@0x55ffaad87c10 Sep 21 07:25:35.299951: | libevent_free: release ptr-libevent@0x55ffaad93d70 Sep 21 07:25:35.299954: | free_event_entry: release EVENT_NULL-pe@0x55ffaad87c50 Sep 21 07:25:35.299957: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:25:35.299960: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:25:35.299963: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:25:35.299965: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:25:35.299967: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:25:35.299970: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:25:35.299972: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:25:35.299975: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:25:35.299977: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:25:35.299982: | libevent_free: release ptr-libevent@0x55ffaad9e3c0 Sep 21 07:25:35.299985: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:25:35.299988: | libevent_free: release ptr-libevent@0x55ffaad9e4a0 Sep 21 07:25:35.299991: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:25:35.299994: | libevent_free: release ptr-libevent@0x55ffaad9e560 Sep 21 07:25:35.299997: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:25:35.300000: | libevent_free: release ptr-libevent@0x55ffaad93170 Sep 21 07:25:35.300002: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:25:35.300004: | releasing event base Sep 21 07:25:35.300018: | libevent_free: release ptr-libevent@0x55ffaad9e620 Sep 21 07:25:35.300021: | libevent_free: release ptr-libevent@0x55ffaad73ca0 Sep 21 07:25:35.300025: | libevent_free: release ptr-libevent@0x55ffaad824e0 Sep 21 07:25:35.300028: | libevent_free: release ptr-libevent@0x55ffaad825b0 Sep 21 07:25:35.300030: | libevent_free: release ptr-libevent@0x55ffaad82500 Sep 21 07:25:35.300034: | libevent_free: release ptr-libevent@0x55ffaad9e380 Sep 21 07:25:35.300036: | libevent_free: release ptr-libevent@0x55ffaad9e460 Sep 21 07:25:35.300039: | libevent_free: release ptr-libevent@0x55ffaad82590 Sep 21 07:25:35.300041: | libevent_free: release ptr-libevent@0x55ffaad86f30 Sep 21 07:25:35.300043: | libevent_free: release ptr-libevent@0x55ffaad86f50 Sep 21 07:25:35.300046: | libevent_free: release ptr-libevent@0x55ffaad9fb70 Sep 21 07:25:35.300049: | libevent_free: release ptr-libevent@0x55ffaad9fa80 Sep 21 07:25:35.300051: | libevent_free: release ptr-libevent@0x55ffaad9f990 Sep 21 07:25:35.300054: | libevent_free: release ptr-libevent@0x55ffaad9f120 Sep 21 07:25:35.300056: | libevent_free: release ptr-libevent@0x55ffaad9f100 Sep 21 07:25:35.300058: | libevent_free: release ptr-libevent@0x55ffaad9f0a0 Sep 21 07:25:35.300061: | libevent_free: release ptr-libevent@0x55ffaad9efb0 Sep 21 07:25:35.300063: | libevent_free: release ptr-libevent@0x55ffaad9eec0 Sep 21 07:25:35.300066: | libevent_free: release ptr-libevent@0x55ffaad9edd0 Sep 21 07:25:35.300068: | libevent_free: release ptr-libevent@0x55ffaad9ece0 Sep 21 07:25:35.300071: | libevent_free: release ptr-libevent@0x55ffaad04370 Sep 21 07:25:35.300073: | libevent_free: release ptr-libevent@0x55ffaad9e540 Sep 21 07:25:35.300076: | libevent_free: release ptr-libevent@0x55ffaad9e480 Sep 21 07:25:35.300081: | libevent_free: release ptr-libevent@0x55ffaad9e3a0 Sep 21 07:25:35.300084: | libevent_free: release ptr-libevent@0x55ffaad9e600 Sep 21 07:25:35.300086: | libevent_free: release ptr-libevent@0x55ffaad026c0 Sep 21 07:25:35.300089: | libevent_free: release ptr-libevent@0x55ffaad82520 Sep 21 07:25:35.300091: | libevent_free: release ptr-libevent@0x55ffaad82550 Sep 21 07:25:35.300094: | libevent_free: release ptr-libevent@0x55ffaad82240 Sep 21 07:25:35.300096: | releasing global libevent data Sep 21 07:25:35.300099: | libevent_free: release ptr-libevent@0x55ffaad80f30 Sep 21 07:25:35.300102: | libevent_free: release ptr-libevent@0x55ffaad821e0 Sep 21 07:25:35.300105: | libevent_free: release ptr-libevent@0x55ffaad82210