Sep 21 07:25:29.920962: FIPS Product: YES Sep 21 07:25:29.920990: FIPS Kernel: NO Sep 21 07:25:29.920992: FIPS Mode: NO Sep 21 07:25:29.920994: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:25:29.921135: Initializing NSS Sep 21 07:25:29.921138: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:25:29.961548: NSS initialized Sep 21 07:25:29.961566: NSS crypto library initialized Sep 21 07:25:29.961568: FIPS HMAC integrity support [enabled] Sep 21 07:25:29.961570: FIPS mode disabled for pluto daemon Sep 21 07:25:30.026199: FIPS HMAC integrity verification self-test FAILED Sep 21 07:25:30.026355: libcap-ng support [enabled] Sep 21 07:25:30.026368: Linux audit support [enabled] Sep 21 07:25:30.026400: Linux audit activated Sep 21 07:25:30.026408: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:8617 Sep 21 07:25:30.026410: core dump dir: /tmp Sep 21 07:25:30.026413: secrets file: /etc/ipsec.secrets Sep 21 07:25:30.026415: leak-detective disabled Sep 21 07:25:30.026418: NSS crypto [enabled] Sep 21 07:25:30.026420: XAUTH PAM support [enabled] Sep 21 07:25:30.026496: | libevent is using pluto's memory allocator Sep 21 07:25:30.026502: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:25:30.026517: | libevent_malloc: new ptr-libevent@0x56294cf3e020 size 40 Sep 21 07:25:30.026521: | libevent_malloc: new ptr-libevent@0x56294cf3f2d0 size 40 Sep 21 07:25:30.026524: | libevent_malloc: new ptr-libevent@0x56294cf3f300 size 40 Sep 21 07:25:30.026527: | creating event base Sep 21 07:25:30.026530: | libevent_malloc: new ptr-libevent@0x56294cf3f290 size 56 Sep 21 07:25:30.026533: | libevent_malloc: new ptr-libevent@0x56294cf3f330 size 664 Sep 21 07:25:30.026544: | libevent_malloc: new ptr-libevent@0x56294cf3f5d0 size 24 Sep 21 07:25:30.026549: | libevent_malloc: new ptr-libevent@0x56294cf30d00 size 384 Sep 21 07:25:30.026559: | libevent_malloc: new ptr-libevent@0x56294cf3f5f0 size 16 Sep 21 07:25:30.026562: | libevent_malloc: new ptr-libevent@0x56294cf3f610 size 40 Sep 21 07:25:30.026565: | libevent_malloc: new ptr-libevent@0x56294cf3f640 size 48 Sep 21 07:25:30.026573: | libevent_realloc: new ptr-libevent@0x56294cec1370 size 256 Sep 21 07:25:30.026576: | libevent_malloc: new ptr-libevent@0x56294cf3f680 size 16 Sep 21 07:25:30.026581: | libevent_free: release ptr-libevent@0x56294cf3f290 Sep 21 07:25:30.026585: | libevent initialized Sep 21 07:25:30.026589: | libevent_realloc: new ptr-libevent@0x56294cf3f6a0 size 64 Sep 21 07:25:30.026592: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:25:30.026612: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:25:30.026615: NAT-Traversal support [enabled] Sep 21 07:25:30.026618: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:25:30.027006: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:25:30.027011: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:25:30.027047: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:25:30.027051: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:25:30.027055: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:25:30.027108: Encryption algorithms: Sep 21 07:25:30.027118: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:25:30.027122: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:25:30.027126: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:25:30.027130: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:25:30.027134: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:25:30.027143: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:25:30.027148: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:25:30.027152: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:25:30.027156: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:25:30.027159: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:25:30.027163: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:25:30.027168: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:25:30.027172: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:25:30.027176: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:25:30.027180: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:25:30.027183: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:25:30.027186: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:25:30.027194: Hash algorithms: Sep 21 07:25:30.027197: MD5 IKEv1: IKE IKEv2: Sep 21 07:25:30.027201: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:25:30.027204: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:25:30.027207: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:25:30.027211: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:25:30.027225: PRF algorithms: Sep 21 07:25:30.027228: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:25:30.027232: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:25:30.027236: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:25:30.027239: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:25:30.027243: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:25:30.027246: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:25:30.027272: Integrity algorithms: Sep 21 07:25:30.027276: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:25:30.027280: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:25:30.027285: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:25:30.027289: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:25:30.027293: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:25:30.027296: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:25:30.027300: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:25:30.027304: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:25:30.027307: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:25:30.027320: DH algorithms: Sep 21 07:25:30.027323: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:25:30.027327: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:25:30.027330: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:25:30.027335: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:25:30.027339: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:25:30.027342: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:25:30.027345: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:25:30.027349: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:25:30.027352: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:25:30.027355: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:25:30.027359: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:25:30.027361: testing CAMELLIA_CBC: Sep 21 07:25:30.027364: Camellia: 16 bytes with 128-bit key Sep 21 07:25:30.027486: Camellia: 16 bytes with 128-bit key Sep 21 07:25:30.027516: Camellia: 16 bytes with 256-bit key Sep 21 07:25:30.027546: Camellia: 16 bytes with 256-bit key Sep 21 07:25:30.027575: testing AES_GCM_16: Sep 21 07:25:30.027578: empty string Sep 21 07:25:30.027607: one block Sep 21 07:25:30.027633: two blocks Sep 21 07:25:30.027660: two blocks with associated data Sep 21 07:25:30.027687: testing AES_CTR: Sep 21 07:25:30.027690: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:25:30.027717: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:25:30.027745: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:25:30.027773: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:25:30.027805: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:25:30.027835: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:25:30.027864: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:25:30.027890: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:25:30.027919: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:25:30.027948: testing AES_CBC: Sep 21 07:25:30.027951: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:25:30.027978: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:25:30.028008: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:25:30.028038: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:25:30.028074: testing AES_XCBC: Sep 21 07:25:30.028077: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:25:30.028201: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:25:30.028336: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:25:30.028465: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:25:30.028590: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:25:30.028713: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:25:30.028871: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:25:30.029156: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:25:30.029279: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:25:30.029411: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:25:30.029640: testing HMAC_MD5: Sep 21 07:25:30.029644: RFC 2104: MD5_HMAC test 1 Sep 21 07:25:30.029819: RFC 2104: MD5_HMAC test 2 Sep 21 07:25:30.029970: RFC 2104: MD5_HMAC test 3 Sep 21 07:25:30.030148: 8 CPU cores online Sep 21 07:25:30.030152: starting up 7 crypto helpers Sep 21 07:25:30.030189: started thread for crypto helper 0 Sep 21 07:25:30.030197: | starting up helper thread 0 Sep 21 07:25:30.030211: started thread for crypto helper 1 Sep 21 07:25:30.030231: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:25:30.030236: | crypto helper 0 waiting (nothing to do) Sep 21 07:25:30.030256: started thread for crypto helper 2 Sep 21 07:25:30.030275: started thread for crypto helper 3 Sep 21 07:25:30.030278: | starting up helper thread 3 Sep 21 07:25:30.030324: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:25:30.030329: | crypto helper 3 waiting (nothing to do) Sep 21 07:25:30.030343: started thread for crypto helper 4 Sep 21 07:25:30.030364: started thread for crypto helper 5 Sep 21 07:25:30.030382: started thread for crypto helper 6 Sep 21 07:25:30.030386: | checking IKEv1 state table Sep 21 07:25:30.030387: | starting up helper thread 6 Sep 21 07:25:30.030397: | starting up helper thread 5 Sep 21 07:25:30.030393: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:30.030412: | starting up helper thread 2 Sep 21 07:25:30.030416: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:25:30.030409: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:25:30.030423: | crypto helper 5 waiting (nothing to do) Sep 21 07:25:30.030424: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:30.030434: | starting up helper thread 1 Sep 21 07:25:30.030440: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:25:30.030446: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:25:30.030418: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:25:30.030436: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:25:30.030463: | starting up helper thread 4 Sep 21 07:25:30.030463: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:25:30.030477: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:25:30.030484: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:30.030487: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:30.030489: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:25:30.030491: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:25:30.030493: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:30.030495: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:30.030498: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:25:30.030500: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:30.030502: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:30.030504: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:25:30.030506: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:25:30.030508: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:30.030511: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:30.030513: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:25:30.030515: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:25:30.030517: | -> UNDEFINED EVENT_NULL Sep 21 07:25:30.030519: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:25:30.030520: | -> UNDEFINED EVENT_NULL Sep 21 07:25:30.030522: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:30.030523: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:25:30.030525: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:30.030526: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:25:30.030528: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:25:30.030529: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:25:30.030531: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:25:30.030532: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:25:30.030534: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:25:30.030535: | -> UNDEFINED EVENT_NULL Sep 21 07:25:30.030537: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:25:30.030538: | -> UNDEFINED EVENT_NULL Sep 21 07:25:30.030540: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:25:30.030541: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:25:30.030543: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:25:30.030544: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:25:30.030546: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:25:30.030547: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:25:30.030549: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:25:30.030553: | -> UNDEFINED EVENT_NULL Sep 21 07:25:30.030555: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:25:30.030556: | -> UNDEFINED EVENT_NULL Sep 21 07:25:30.030558: | INFO: category: informational flags: 0: Sep 21 07:25:30.030559: | -> UNDEFINED EVENT_NULL Sep 21 07:25:30.030561: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:25:30.030562: | -> UNDEFINED EVENT_NULL Sep 21 07:25:30.030564: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:25:30.030566: | -> XAUTH_R1 EVENT_NULL Sep 21 07:25:30.030567: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:25:30.030569: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:30.030570: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:25:30.030572: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:25:30.030573: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:25:30.030575: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:25:30.030576: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:25:30.030578: | -> UNDEFINED EVENT_NULL Sep 21 07:25:30.030579: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:25:30.030581: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:30.030582: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:25:30.030584: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:25:30.030585: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:25:30.030587: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:25:30.030592: | checking IKEv2 state table Sep 21 07:25:30.030597: | PARENT_I0: category: ignore flags: 0: Sep 21 07:25:30.030599: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:25:30.030601: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:30.030603: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:25:30.030605: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:25:30.030606: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:25:30.030608: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:25:30.030610: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:25:30.030611: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:25:30.030613: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:25:30.030615: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:25:30.030616: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:25:30.030618: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:25:30.030619: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:25:30.030621: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:25:30.030623: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:25:30.030624: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:30.030626: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:25:30.030627: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:25:30.030629: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:25:30.030631: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:25:30.030632: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:25:30.030634: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:25:30.030636: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:25:30.030637: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:25:30.030639: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:25:30.030642: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:25:30.030643: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:25:30.030645: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:25:30.030647: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:25:30.030648: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:25:30.030650: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:25:30.030652: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:25:30.030654: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:25:30.030657: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:25:30.030660: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:25:30.030663: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:25:30.030665: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:25:30.030470: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:25:30.030451: | crypto helper 6 waiting (nothing to do) Sep 21 07:25:30.030668: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:25:30.030687: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:25:30.030687: | crypto helper 2 waiting (nothing to do) Sep 21 07:25:30.030692: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:25:30.030700: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:25:30.030702: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:25:30.030704: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:25:30.030704: | crypto helper 1 waiting (nothing to do) Sep 21 07:25:30.030706: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:25:30.030714: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:25:30.030714: | crypto helper 4 waiting (nothing to do) Sep 21 07:25:30.030719: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:25:30.030792: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:25:30.030849: | Hard-wiring algorithms Sep 21 07:25:30.030852: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:25:30.030856: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:25:30.030858: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:25:30.030860: | adding 3DES_CBC to kernel algorithm db Sep 21 07:25:30.030862: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:25:30.030864: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:25:30.030866: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:25:30.030869: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:25:30.030871: | adding AES_CTR to kernel algorithm db Sep 21 07:25:30.030873: | adding AES_CBC to kernel algorithm db Sep 21 07:25:30.030875: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:25:30.030878: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:25:30.030880: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:25:30.030882: | adding NULL to kernel algorithm db Sep 21 07:25:30.030885: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:25:30.030887: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:25:30.030889: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:25:30.030891: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:25:30.030893: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:25:30.030896: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:25:30.030898: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:25:30.030901: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:25:30.030903: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:25:30.030906: | adding NONE to kernel algorithm db Sep 21 07:25:30.030935: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:25:30.030940: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:25:30.030943: | setup kernel fd callback Sep 21 07:25:30.030945: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x56294cf44cb0 Sep 21 07:25:30.030949: | libevent_malloc: new ptr-libevent@0x56294cf50dd0 size 128 Sep 21 07:25:30.030952: | libevent_malloc: new ptr-libevent@0x56294cf43f90 size 16 Sep 21 07:25:30.030957: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x56294cf44c70 Sep 21 07:25:30.030960: | libevent_malloc: new ptr-libevent@0x56294cf50e60 size 128 Sep 21 07:25:30.030962: | libevent_malloc: new ptr-libevent@0x56294cf43fb0 size 16 Sep 21 07:25:30.031109: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:25:30.031116: selinux support is enabled. Sep 21 07:25:30.031180: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:25:30.031307: | unbound context created - setting debug level to 5 Sep 21 07:25:30.031328: | /etc/hosts lookups activated Sep 21 07:25:30.031340: | /etc/resolv.conf usage activated Sep 21 07:25:30.031373: | outgoing-port-avoid set 0-65535 Sep 21 07:25:30.031393: | outgoing-port-permit set 32768-60999 Sep 21 07:25:30.031396: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:25:30.031399: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:25:30.031402: | Setting up events, loop start Sep 21 07:25:30.031404: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x56294cf3f290 Sep 21 07:25:30.031408: | libevent_malloc: new ptr-libevent@0x56294cf5b350 size 128 Sep 21 07:25:30.031411: | libevent_malloc: new ptr-libevent@0x56294cf5b3e0 size 16 Sep 21 07:25:30.031417: | libevent_realloc: new ptr-libevent@0x56294cebf6c0 size 256 Sep 21 07:25:30.031420: | libevent_malloc: new ptr-libevent@0x56294cf5b400 size 8 Sep 21 07:25:30.031423: | libevent_realloc: new ptr-libevent@0x56294cf501d0 size 144 Sep 21 07:25:30.031425: | libevent_malloc: new ptr-libevent@0x56294cf5b420 size 152 Sep 21 07:25:30.031427: | libevent_malloc: new ptr-libevent@0x56294cf5b4c0 size 16 Sep 21 07:25:30.031430: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:25:30.031432: | libevent_malloc: new ptr-libevent@0x56294cf5b4e0 size 8 Sep 21 07:25:30.031433: | libevent_malloc: new ptr-libevent@0x56294cf5b500 size 152 Sep 21 07:25:30.031435: | signal event handler PLUTO_SIGTERM installed Sep 21 07:25:30.031437: | libevent_malloc: new ptr-libevent@0x56294cf5b5a0 size 8 Sep 21 07:25:30.031439: | libevent_malloc: new ptr-libevent@0x56294cf5b5c0 size 152 Sep 21 07:25:30.031440: | signal event handler PLUTO_SIGHUP installed Sep 21 07:25:30.031442: | libevent_malloc: new ptr-libevent@0x56294cf5b660 size 8 Sep 21 07:25:30.031444: | libevent_realloc: release ptr-libevent@0x56294cf501d0 Sep 21 07:25:30.031445: | libevent_realloc: new ptr-libevent@0x56294cf5b680 size 256 Sep 21 07:25:30.031447: | libevent_malloc: new ptr-libevent@0x56294cf501d0 size 152 Sep 21 07:25:30.031449: | signal event handler PLUTO_SIGSYS installed Sep 21 07:25:30.031689: | created addconn helper (pid:8702) using fork+execve Sep 21 07:25:30.031699: | forked child 8702 Sep 21 07:25:30.031728: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:30.031741: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:25:30.031747: listening for IKE messages Sep 21 07:25:30.031780: | Inspecting interface lo Sep 21 07:25:30.031792: | found lo with address 127.0.0.1 Sep 21 07:25:30.031797: | Inspecting interface eth0 Sep 21 07:25:30.031801: | found eth0 with address 192.0.1.254 Sep 21 07:25:30.031804: | Inspecting interface eth1 Sep 21 07:25:30.031808: | found eth1 with address 192.1.2.45 Sep 21 07:25:30.031849: Kernel supports NIC esp-hw-offload Sep 21 07:25:30.031861: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 Sep 21 07:25:30.031883: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:30.031889: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:30.031892: adding interface eth1/eth1 192.1.2.45:4500 Sep 21 07:25:30.031918: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 Sep 21 07:25:30.031949: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:30.031954: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:30.031958: adding interface eth0/eth0 192.0.1.254:4500 Sep 21 07:25:30.031988: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:25:30.032021: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:30.032030: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:30.032035: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:25:30.032132: | no interfaces to sort Sep 21 07:25:30.032137: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:25:30.032145: | add_fd_read_event_handler: new ethX-pe@0x56294cf5b9f0 Sep 21 07:25:30.032148: | libevent_malloc: new ptr-libevent@0x56294cf5ba30 size 128 Sep 21 07:25:30.032152: | libevent_malloc: new ptr-libevent@0x56294cf5bac0 size 16 Sep 21 07:25:30.032162: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:25:30.032166: | add_fd_read_event_handler: new ethX-pe@0x56294cf5bae0 Sep 21 07:25:30.032170: | libevent_malloc: new ptr-libevent@0x56294cf5bb20 size 128 Sep 21 07:25:30.032173: | libevent_malloc: new ptr-libevent@0x56294cf5bbb0 size 16 Sep 21 07:25:30.032181: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:25:30.032186: | add_fd_read_event_handler: new ethX-pe@0x56294cf5bbd0 Sep 21 07:25:30.032189: | libevent_malloc: new ptr-libevent@0x56294cf5bc10 size 128 Sep 21 07:25:30.032192: | libevent_malloc: new ptr-libevent@0x56294cf5bca0 size 16 Sep 21 07:25:30.032198: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Sep 21 07:25:30.032201: | add_fd_read_event_handler: new ethX-pe@0x56294cf5bcc0 Sep 21 07:25:30.032204: | libevent_malloc: new ptr-libevent@0x56294cf5bd00 size 128 Sep 21 07:25:30.032207: | libevent_malloc: new ptr-libevent@0x56294cf5bd90 size 16 Sep 21 07:25:30.032211: | setup callback for interface eth0 192.0.1.254:500 fd 19 Sep 21 07:25:30.032214: | add_fd_read_event_handler: new ethX-pe@0x56294cf5bdb0 Sep 21 07:25:30.032217: | libevent_malloc: new ptr-libevent@0x56294cf5bdf0 size 128 Sep 21 07:25:30.032220: | libevent_malloc: new ptr-libevent@0x56294cf5be80 size 16 Sep 21 07:25:30.032225: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Sep 21 07:25:30.032227: | add_fd_read_event_handler: new ethX-pe@0x56294cf5bea0 Sep 21 07:25:30.032230: | libevent_malloc: new ptr-libevent@0x56294cf5bee0 size 128 Sep 21 07:25:30.032233: | libevent_malloc: new ptr-libevent@0x56294cf5bf70 size 16 Sep 21 07:25:30.032238: | setup callback for interface eth1 192.1.2.45:500 fd 17 Sep 21 07:25:30.032243: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:30.032246: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:30.032270: loading secrets from "/etc/ipsec.secrets" Sep 21 07:25:30.032284: | saving Modulus Sep 21 07:25:30.032288: | saving PublicExponent Sep 21 07:25:30.032290: | ignoring PrivateExponent Sep 21 07:25:30.032292: | ignoring Prime1 Sep 21 07:25:30.032294: | ignoring Prime2 Sep 21 07:25:30.032296: | ignoring Exponent1 Sep 21 07:25:30.032298: | ignoring Exponent2 Sep 21 07:25:30.032299: | ignoring Coefficient Sep 21 07:25:30.032301: | ignoring CKAIDNSS Sep 21 07:25:30.032326: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:25:30.032328: | computed rsa CKAID 7f 0f 03 50 Sep 21 07:25:30.032331: loaded private key for keyid: PKK_RSA:AQOm9dY/4 Sep 21 07:25:30.032334: | certs and keys locked by 'process_secret' Sep 21 07:25:30.032337: | certs and keys unlocked by 'process_secret' Sep 21 07:25:30.032341: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:25:30.032346: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:30.032355: | spent 0.628 milliseconds in whack Sep 21 07:25:30.076266: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:30.076283: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:25:30.076287: listening for IKE messages Sep 21 07:25:30.076318: | Inspecting interface lo Sep 21 07:25:30.076323: | found lo with address 127.0.0.1 Sep 21 07:25:30.076325: | Inspecting interface eth0 Sep 21 07:25:30.076328: | found eth0 with address 192.0.1.254 Sep 21 07:25:30.076329: | Inspecting interface eth1 Sep 21 07:25:30.076332: | found eth1 with address 192.1.2.45 Sep 21 07:25:30.076401: | no interfaces to sort Sep 21 07:25:30.076408: | libevent_free: release ptr-libevent@0x56294cf5ba30 Sep 21 07:25:30.076410: | free_event_entry: release EVENT_NULL-pe@0x56294cf5b9f0 Sep 21 07:25:30.076412: | add_fd_read_event_handler: new ethX-pe@0x56294cf5b9f0 Sep 21 07:25:30.076414: | libevent_malloc: new ptr-libevent@0x56294cf5ba30 size 128 Sep 21 07:25:30.076419: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:25:30.076422: | libevent_free: release ptr-libevent@0x56294cf5bb20 Sep 21 07:25:30.076423: | free_event_entry: release EVENT_NULL-pe@0x56294cf5bae0 Sep 21 07:25:30.076425: | add_fd_read_event_handler: new ethX-pe@0x56294cf5bae0 Sep 21 07:25:30.076427: | libevent_malloc: new ptr-libevent@0x56294cf5bb20 size 128 Sep 21 07:25:30.076430: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:25:30.076432: | libevent_free: release ptr-libevent@0x56294cf5bc10 Sep 21 07:25:30.076433: | free_event_entry: release EVENT_NULL-pe@0x56294cf5bbd0 Sep 21 07:25:30.076435: | add_fd_read_event_handler: new ethX-pe@0x56294cf5bbd0 Sep 21 07:25:30.076437: | libevent_malloc: new ptr-libevent@0x56294cf5bc10 size 128 Sep 21 07:25:30.076440: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Sep 21 07:25:30.076442: | libevent_free: release ptr-libevent@0x56294cf5bd00 Sep 21 07:25:30.076443: | free_event_entry: release EVENT_NULL-pe@0x56294cf5bcc0 Sep 21 07:25:30.076445: | add_fd_read_event_handler: new ethX-pe@0x56294cf5bcc0 Sep 21 07:25:30.076446: | libevent_malloc: new ptr-libevent@0x56294cf5bd00 size 128 Sep 21 07:25:30.076449: | setup callback for interface eth0 192.0.1.254:500 fd 19 Sep 21 07:25:30.076451: | libevent_free: release ptr-libevent@0x56294cf5bdf0 Sep 21 07:25:30.076453: | free_event_entry: release EVENT_NULL-pe@0x56294cf5bdb0 Sep 21 07:25:30.076455: | add_fd_read_event_handler: new ethX-pe@0x56294cf5bdb0 Sep 21 07:25:30.076456: | libevent_malloc: new ptr-libevent@0x56294cf5bdf0 size 128 Sep 21 07:25:30.076459: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Sep 21 07:25:30.076462: | libevent_free: release ptr-libevent@0x56294cf5bee0 Sep 21 07:25:30.076463: | free_event_entry: release EVENT_NULL-pe@0x56294cf5bea0 Sep 21 07:25:30.076465: | add_fd_read_event_handler: new ethX-pe@0x56294cf5bea0 Sep 21 07:25:30.076466: | libevent_malloc: new ptr-libevent@0x56294cf5bee0 size 128 Sep 21 07:25:30.076469: | setup callback for interface eth1 192.1.2.45:500 fd 17 Sep 21 07:25:30.076471: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:30.076472: forgetting secrets Sep 21 07:25:30.076481: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:30.076495: loading secrets from "/etc/ipsec.secrets" Sep 21 07:25:30.076507: | saving Modulus Sep 21 07:25:30.076510: | saving PublicExponent Sep 21 07:25:30.076512: | ignoring PrivateExponent Sep 21 07:25:30.076514: | ignoring Prime1 Sep 21 07:25:30.076516: | ignoring Prime2 Sep 21 07:25:30.076518: | ignoring Exponent1 Sep 21 07:25:30.076520: | ignoring Exponent2 Sep 21 07:25:30.076521: | ignoring Coefficient Sep 21 07:25:30.076523: | ignoring CKAIDNSS Sep 21 07:25:30.076543: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:25:30.076545: | computed rsa CKAID 7f 0f 03 50 Sep 21 07:25:30.076547: loaded private key for keyid: PKK_RSA:AQOm9dY/4 Sep 21 07:25:30.076552: | certs and keys locked by 'process_secret' Sep 21 07:25:30.076559: | certs and keys unlocked by 'process_secret' Sep 21 07:25:30.076563: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:25:30.076569: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:30.076576: | spent 0.315 milliseconds in whack Sep 21 07:25:30.076977: | processing signal PLUTO_SIGCHLD Sep 21 07:25:30.076989: | waitpid returned pid 8702 (exited with status 0) Sep 21 07:25:30.076992: | reaped addconn helper child (status 0) Sep 21 07:25:30.076995: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:30.076999: | spent 0.0133 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:30.151811: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:30.152023: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:30.152040: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:25:30.152050: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:30.152058: | spent 0.257 milliseconds in whack Sep 21 07:25:30.453770: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:30.453797: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:30.453802: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:30.453805: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:30.453807: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:30.453810: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:30.453817: | Added new connection westnet-eastnet-ikev2 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:30.453820: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:25:30.453874: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:25:30.453877: | from whack: got --esp= Sep 21 07:25:30.453915: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:25:30.453921: | counting wild cards for @west is 0 Sep 21 07:25:30.453924: | counting wild cards for @east is 0 Sep 21 07:25:30.453934: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:25:30.453939: | new hp@0x56294cf28500 Sep 21 07:25:30.453943: added connection description "westnet-eastnet-ikev2" Sep 21 07:25:30.453954: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:30.453966: | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Sep 21 07:25:30.453975: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:30.453982: | spent 0.212 milliseconds in whack Sep 21 07:25:30.454015: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:30.454025: add keyid @west Sep 21 07:25:30.454029: | add pubkey 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 Sep 21 07:25:30.454031: | add pubkey 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e Sep 21 07:25:30.454034: | add pubkey b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 Sep 21 07:25:30.454036: | add pubkey 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 Sep 21 07:25:30.454038: | add pubkey 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 Sep 21 07:25:30.454041: | add pubkey f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c Sep 21 07:25:30.454043: | add pubkey ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a Sep 21 07:25:30.454050: | add pubkey 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 Sep 21 07:25:30.454053: | add pubkey b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 Sep 21 07:25:30.454055: | add pubkey 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a Sep 21 07:25:30.454057: | add pubkey 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 Sep 21 07:25:30.454059: | add pubkey ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc Sep 21 07:25:30.454062: | add pubkey 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e Sep 21 07:25:30.454064: | add pubkey d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 Sep 21 07:25:30.454066: | add pubkey 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d Sep 21 07:25:30.454068: | add pubkey 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f Sep 21 07:25:30.454071: | add pubkey c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 Sep 21 07:25:30.454073: | add pubkey 15 04 37 f9 Sep 21 07:25:30.454096: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:25:30.454098: | computed rsa CKAID 7f 0f 03 50 Sep 21 07:25:30.454105: | keyid: *AQOm9dY/4 Sep 21 07:25:30.454108: | n a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 8b 49 Sep 21 07:25:30.454110: | n 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e b3 96 Sep 21 07:25:30.454112: | n 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 09 f0 Sep 21 07:25:30.454115: | n c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 8f 95 Sep 21 07:25:30.454117: | n 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 f5 99 Sep 21 07:25:30.454119: | n f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c ac 34 Sep 21 07:25:30.454121: | n ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a 94 d3 Sep 21 07:25:30.454124: | n d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 b2 2b Sep 21 07:25:30.454126: | n 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 7d 7a Sep 21 07:25:30.454128: | n 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a 8f 52 Sep 21 07:25:30.454131: | n a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 ca 80 Sep 21 07:25:30.454133: | n db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc 2a b3 Sep 21 07:25:30.454135: | n 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e d3 3a Sep 21 07:25:30.454137: | n 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 87 33 Sep 21 07:25:30.454140: | n 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d 6e e8 Sep 21 07:25:30.454142: | n 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f c9 20 Sep 21 07:25:30.454144: | n 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 15 04 Sep 21 07:25:30.454146: | n 37 f9 Sep 21 07:25:30.454149: | e 03 Sep 21 07:25:30.454151: | CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:25:30.454153: | CKAID 7f 0f 03 50 Sep 21 07:25:30.454161: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:30.454166: | spent 0.155 milliseconds in whack Sep 21 07:25:30.454196: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:30.454205: add keyid @east Sep 21 07:25:30.454209: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Sep 21 07:25:30.454212: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Sep 21 07:25:30.454214: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Sep 21 07:25:30.454216: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Sep 21 07:25:30.454219: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Sep 21 07:25:30.454221: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Sep 21 07:25:30.454223: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Sep 21 07:25:30.454225: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Sep 21 07:25:30.454228: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Sep 21 07:25:30.454230: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Sep 21 07:25:30.454232: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Sep 21 07:25:30.454237: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Sep 21 07:25:30.454240: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Sep 21 07:25:30.454242: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Sep 21 07:25:30.454244: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Sep 21 07:25:30.454247: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Sep 21 07:25:30.454249: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Sep 21 07:25:30.454251: | add pubkey 51 51 48 ef Sep 21 07:25:30.454260: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:30.454263: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:25:30.454266: | keyid: *AQO9bJbr3 Sep 21 07:25:30.454269: | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Sep 21 07:25:30.454271: | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Sep 21 07:25:30.454273: | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Sep 21 07:25:30.454276: | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Sep 21 07:25:30.454278: | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Sep 21 07:25:30.454280: | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Sep 21 07:25:30.454282: | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Sep 21 07:25:30.454284: | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Sep 21 07:25:30.454286: | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Sep 21 07:25:30.454288: | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Sep 21 07:25:30.454290: | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Sep 21 07:25:30.454293: | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Sep 21 07:25:30.454295: | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Sep 21 07:25:30.454297: | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Sep 21 07:25:30.454299: | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Sep 21 07:25:30.454301: | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Sep 21 07:25:30.454304: | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Sep 21 07:25:30.454306: | n 48 ef Sep 21 07:25:30.454308: | e 03 Sep 21 07:25:30.454310: | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:30.454313: | CKAID 8a 82 25 f1 Sep 21 07:25:30.454320: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:30.454325: | spent 0.132 milliseconds in whack Sep 21 07:25:30.518882: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:30.518919: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Sep 21 07:25:30.518922: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:30.518928: | start processing: connection "westnet-eastnet-ikev2" (in initiate_a_connection() at initiate.c:186) Sep 21 07:25:30.518931: | connection 'westnet-eastnet-ikev2' +POLICY_UP Sep 21 07:25:30.518935: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Sep 21 07:25:30.518937: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:30.518986: | creating state object #1 at 0x56294cf5daa0 Sep 21 07:25:30.518990: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:25:30.518998: | pstats #1 ikev2.ike started Sep 21 07:25:30.519002: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:25:30.519005: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:25:30.519011: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:30.519018: | suspend processing: connection "westnet-eastnet-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:25:30.519024: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:25:30.519027: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:25:30.519037: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-ikev2" IKE SA #1 "westnet-eastnet-ikev2" Sep 21 07:25:30.519041: "westnet-eastnet-ikev2" #1: initiating v2 parent SA Sep 21 07:25:30.519053: | constructing local IKE proposals for westnet-eastnet-ikev2 (IKE SA initiator selecting KE) Sep 21 07:25:30.519061: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:30.519069: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:30.519073: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:30.519078: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:30.519082: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:30.519087: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:30.519091: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:30.519096: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:30.519107: "westnet-eastnet-ikev2": constructed local IKE proposals for westnet-eastnet-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:30.519117: | adding ikev2_outI1 KE work-order 1 for state #1 Sep 21 07:25:30.519121: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56294cf60150 Sep 21 07:25:30.519125: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:25:30.519128: | libevent_malloc: new ptr-libevent@0x56294cf60190 size 128 Sep 21 07:25:30.519141: | #1 spent 0.211 milliseconds in ikev2_parent_outI1() Sep 21 07:25:30.519144: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:30.519149: | RESET processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:30.519152: | RESET processing: connection "westnet-eastnet-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:30.519155: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:25:30.519159: | close_any(fd@23) (in initiate_connection() at initiate.c:372) Sep 21 07:25:30.519162: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:30.519166: | spent 0.308 milliseconds in whack Sep 21 07:25:30.519178: | crypto helper 0 resuming Sep 21 07:25:30.519184: | crypto helper 0 starting work-order 1 for state #1 Sep 21 07:25:30.519188: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Sep 21 07:25:30.520188: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000999 seconds Sep 21 07:25:30.520205: | (#1) spent 1 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Sep 21 07:25:30.520209: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Sep 21 07:25:30.520212: | scheduling resume sending helper answer for #1 Sep 21 07:25:30.520215: | libevent_malloc: new ptr-libevent@0x7fc734006900 size 128 Sep 21 07:25:30.520223: | crypto helper 0 waiting (nothing to do) Sep 21 07:25:30.520232: | processing resume sending helper answer for #1 Sep 21 07:25:30.520245: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:30.520250: | crypto helper 0 replies to request ID 1 Sep 21 07:25:30.520253: | calling continuation function 0x56294b097630 Sep 21 07:25:30.520256: | ikev2_parent_outI1_continue for #1 Sep 21 07:25:30.520286: | **emit ISAKMP Message: Sep 21 07:25:30.520289: | initiator cookie: Sep 21 07:25:30.520292: | 55 ce b8 0f a4 9b 52 7d Sep 21 07:25:30.520295: | responder cookie: Sep 21 07:25:30.520297: | 00 00 00 00 00 00 00 00 Sep 21 07:25:30.520300: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:30.520304: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:30.520307: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:30.520310: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:30.520313: | Message ID: 0 (0x0) Sep 21 07:25:30.520316: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:30.520341: | using existing local IKE proposals for connection westnet-eastnet-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:30.520345: | Emitting ikev2_proposals ... Sep 21 07:25:30.520348: | ***emit IKEv2 Security Association Payload: Sep 21 07:25:30.520351: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.520354: | flags: none (0x0) Sep 21 07:25:30.520358: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:30.520362: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.520365: | discarding INTEG=NONE Sep 21 07:25:30.520368: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.520371: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.520373: | prop #: 1 (0x1) Sep 21 07:25:30.520376: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:30.520379: | spi size: 0 (0x0) Sep 21 07:25:30.520382: | # transforms: 11 (0xb) Sep 21 07:25:30.520385: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:30.520389: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.520392: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520395: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.520398: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:30.520401: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.520405: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.520408: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.520411: | length/value: 256 (0x100) Sep 21 07:25:30.520414: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:30.520421: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.520424: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520427: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:30.520430: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:30.520434: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520438: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.520441: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.520444: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.520446: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520449: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:30.520452: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:30.520456: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520460: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.520463: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.520465: | discarding INTEG=NONE Sep 21 07:25:30.520468: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.520471: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520474: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.520477: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:30.520481: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520484: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.520487: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.520490: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.520493: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520496: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.520499: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:30.520503: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520507: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.520510: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.520512: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.520515: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520518: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.520521: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:30.520525: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520529: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.520532: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.520535: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.520537: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520540: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.520543: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:30.520547: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520552: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.520556: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.520558: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.520561: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520564: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.520567: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:30.520571: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520575: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.520578: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.520581: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.520583: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520586: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.520589: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:30.520593: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520597: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.520600: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.520603: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.520606: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520608: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.520611: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:30.520615: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520619: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.520622: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.520625: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.520627: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.520630: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.520633: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:30.520637: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520641: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.520644: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.520647: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:25:30.520651: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:30.520653: | discarding INTEG=NONE Sep 21 07:25:30.520656: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.520659: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.520662: | prop #: 2 (0x2) Sep 21 07:25:30.520665: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:30.520667: | spi size: 0 (0x0) Sep 21 07:25:30.520670: | # transforms: 11 (0xb) Sep 21 07:25:30.520674: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.520678: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:30.520685: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.520689: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520692: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.520694: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:30.520698: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.520701: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.520704: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.520707: | length/value: 128 (0x80) Sep 21 07:25:30.520710: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:30.520713: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.520716: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520719: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:30.520721: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:30.520726: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520729: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.520732: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.520735: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.520738: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520741: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:30.520744: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:30.520748: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520752: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.520755: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.520757: | discarding INTEG=NONE Sep 21 07:25:30.520760: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.520763: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520766: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.520769: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:30.520773: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520776: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.520779: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.520788: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.520795: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520798: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.520801: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:30.520805: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520809: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.520812: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.520815: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.520818: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520821: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.520823: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:30.520827: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520833: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.520836: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.520839: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.520842: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520844: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.520847: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:30.520851: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520855: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.520858: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.520861: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.520864: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520867: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.520870: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:30.520874: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520877: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.520881: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.520883: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.520886: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520889: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.520892: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:30.520896: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520900: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.520903: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.520906: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.520908: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520911: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.520914: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:30.520918: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520922: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.520925: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.520928: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.520931: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.520933: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.520936: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:30.520940: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520944: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.520947: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.520950: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:25:30.520954: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:30.520957: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.520961: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.520964: | prop #: 3 (0x3) Sep 21 07:25:30.520967: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:30.520969: | spi size: 0 (0x0) Sep 21 07:25:30.520972: | # transforms: 13 (0xd) Sep 21 07:25:30.520976: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.520980: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:30.520983: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.520986: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.520989: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.520991: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:30.520995: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.520998: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.521001: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.521004: | length/value: 256 (0x100) Sep 21 07:25:30.521007: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:30.521010: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.521012: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521015: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:30.521018: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:30.521022: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521026: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.521029: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.521032: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.521034: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521037: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:30.521040: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:30.521044: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521048: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.521051: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.521054: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.521056: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521059: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:30.521062: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:30.521066: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521070: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.521073: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.521076: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.521079: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521081: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:30.521085: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:30.521089: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521092: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.521097: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.521100: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.521102: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521105: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.521108: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:30.521112: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521116: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.521119: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.521122: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.521124: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521127: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.521130: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:30.521134: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521138: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.521141: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.521144: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.521147: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521149: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.521152: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:30.521156: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521160: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.521163: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.521166: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.521169: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521171: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.521174: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:30.521178: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521182: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.521185: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.521188: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.521191: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521194: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.521196: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:30.521200: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521204: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.521207: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.521210: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.521213: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521215: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.521218: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:30.521222: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521227: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.521231: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.521233: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.521236: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521239: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.521242: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:30.521246: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521249: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.521253: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.521255: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.521258: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.521261: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.521264: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:30.521268: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521272: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.521275: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.521278: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:25:30.521282: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:30.521285: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.521288: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:30.521290: | prop #: 4 (0x4) Sep 21 07:25:30.521293: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:30.521296: | spi size: 0 (0x0) Sep 21 07:25:30.521298: | # transforms: 13 (0xd) Sep 21 07:25:30.521302: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.521306: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:30.521309: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.521312: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521315: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.521318: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:30.521321: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.521324: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.521327: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.521330: | length/value: 128 (0x80) Sep 21 07:25:30.521333: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:30.521336: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.521339: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521341: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:30.521344: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:30.521348: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521352: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.521355: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.521361: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.521364: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521367: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:30.521370: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:30.521374: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521377: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.521380: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.521383: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.521386: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521389: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:30.521392: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:30.521396: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521400: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.521403: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.521405: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.521408: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521411: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:30.521414: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:30.521418: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521422: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.521425: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.521427: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.521430: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521433: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.521436: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:30.521440: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521444: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.521447: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.521450: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.521453: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521456: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.521458: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:30.521462: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521466: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.521469: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.521472: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.521475: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521478: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.521481: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:30.521485: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521488: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.521493: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.521495: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.521498: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521501: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.521504: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:30.521508: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521512: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.521515: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.521518: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.521521: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521523: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.521526: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:30.521530: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521534: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.521537: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.521540: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.521543: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521546: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.521549: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:30.521553: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521557: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.521560: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.521563: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.521566: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521569: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.521571: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:30.521575: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521579: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.521582: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.521585: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.521588: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.521591: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.521594: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:30.521598: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.521601: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.521604: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.521607: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:25:30.521611: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:30.521614: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:25:30.521618: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:30.521622: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:25:30.521625: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.521628: | flags: none (0x0) Sep 21 07:25:30.521630: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:30.521635: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:25:30.521638: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.521642: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:25:30.521645: | ikev2 g^x 02 00 89 5e 21 05 9c 50 9e f6 9d d0 90 44 77 4d Sep 21 07:25:30.521648: | ikev2 g^x 6c bd fa fe 53 af b9 bc da 7b 29 d4 31 5e 29 86 Sep 21 07:25:30.521651: | ikev2 g^x 5c 4e 90 e1 1d b6 85 fb 7e 76 a7 ed 88 7f 16 dc Sep 21 07:25:30.521654: | ikev2 g^x b5 58 96 49 be 0d 27 ae a2 4d 8a 2a 52 1f a3 b6 Sep 21 07:25:30.521657: | ikev2 g^x 78 4d 3f f1 19 67 ca 61 92 c7 23 09 4c 1d 73 3d Sep 21 07:25:30.521660: | ikev2 g^x eb 8c a4 59 91 19 3d 32 dd af 2f 5c 28 3b c5 91 Sep 21 07:25:30.521662: | ikev2 g^x 4f 79 2b 70 a9 62 71 bb 81 ee ea c2 13 7f 38 f8 Sep 21 07:25:30.521665: | ikev2 g^x b0 ce 0c 48 95 f2 19 3b 2f 8f 75 18 18 1c 6c a0 Sep 21 07:25:30.521668: | ikev2 g^x 32 0b dd 6c 82 19 2f 5b 87 93 46 7b 56 f0 da 8f Sep 21 07:25:30.521671: | ikev2 g^x fe 52 4d 1a de f9 7c aa 0e 47 97 ee 0e 1f 43 4f Sep 21 07:25:30.521673: | ikev2 g^x bf 19 a1 38 ef 4d 74 65 5d 7b 80 62 b2 e5 3a e5 Sep 21 07:25:30.521676: | ikev2 g^x fd 3f bd a0 f3 8b 4d 7f 85 be 8f ea 83 2d cf 6c Sep 21 07:25:30.521679: | ikev2 g^x b6 2b ba d1 ad fa aa 69 7a 89 47 44 91 4b 85 4c Sep 21 07:25:30.521682: | ikev2 g^x e2 03 78 6e db b8 4a 1e 81 f9 2f e0 c2 2d 22 21 Sep 21 07:25:30.521685: | ikev2 g^x 72 b7 7e 09 92 9e 48 0d 7d a0 30 a9 b3 98 41 4c Sep 21 07:25:30.521687: | ikev2 g^x da 40 a5 11 ba af dd bd cb 29 b9 f9 00 53 18 ec Sep 21 07:25:30.521690: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:25:30.521693: | ***emit IKEv2 Nonce Payload: Sep 21 07:25:30.521696: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:30.521698: | flags: none (0x0) Sep 21 07:25:30.521702: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:25:30.521706: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:25:30.521710: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.521713: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:25:30.521716: | IKEv2 nonce 00 80 0e 63 c2 fc b2 a2 c9 42 44 a1 d5 00 78 67 Sep 21 07:25:30.521719: | IKEv2 nonce 60 b0 f6 5a 2e ea 72 08 3b 96 e4 fd 56 35 c7 91 Sep 21 07:25:30.521721: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:25:30.521724: | Adding a v2N Payload Sep 21 07:25:30.521727: | ***emit IKEv2 Notify Payload: Sep 21 07:25:30.521730: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.521732: | flags: none (0x0) Sep 21 07:25:30.521735: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:30.521738: | SPI size: 0 (0x0) Sep 21 07:25:30.521741: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:30.521745: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:30.521748: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.521751: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:25:30.521755: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:25:30.521758: | natd_hash: rcookie is zero Sep 21 07:25:30.521777: | natd_hash: hasher=0x56294b16d7a0(20) Sep 21 07:25:30.521780: | natd_hash: icookie= 55 ce b8 0f a4 9b 52 7d Sep 21 07:25:30.521788: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:30.521793: | natd_hash: ip= c0 01 02 2d Sep 21 07:25:30.521796: | natd_hash: port= 01 f4 Sep 21 07:25:30.521799: | natd_hash: hash= 1f e1 b1 4b 3b 17 3e 73 bc f9 52 0c a5 0b 74 29 Sep 21 07:25:30.521801: | natd_hash: hash= 0d 39 4d 6a Sep 21 07:25:30.521804: | Adding a v2N Payload Sep 21 07:25:30.521806: | ***emit IKEv2 Notify Payload: Sep 21 07:25:30.521809: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.521812: | flags: none (0x0) Sep 21 07:25:30.521815: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:30.521817: | SPI size: 0 (0x0) Sep 21 07:25:30.521821: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:30.521825: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:30.521829: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.521832: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:30.521835: | Notify data 1f e1 b1 4b 3b 17 3e 73 bc f9 52 0c a5 0b 74 29 Sep 21 07:25:30.521838: | Notify data 0d 39 4d 6a Sep 21 07:25:30.521841: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:30.521843: | natd_hash: rcookie is zero Sep 21 07:25:30.521850: | natd_hash: hasher=0x56294b16d7a0(20) Sep 21 07:25:30.521853: | natd_hash: icookie= 55 ce b8 0f a4 9b 52 7d Sep 21 07:25:30.521856: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:30.521859: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:30.521861: | natd_hash: port= 01 f4 Sep 21 07:25:30.521864: | natd_hash: hash= ed 70 8d 4b c8 96 c5 32 d4 c2 a3 74 bb 0a 60 32 Sep 21 07:25:30.521866: | natd_hash: hash= 99 3c c0 e4 Sep 21 07:25:30.521869: | Adding a v2N Payload Sep 21 07:25:30.521871: | ***emit IKEv2 Notify Payload: Sep 21 07:25:30.521874: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.521877: | flags: none (0x0) Sep 21 07:25:30.521880: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:30.521882: | SPI size: 0 (0x0) Sep 21 07:25:30.521885: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:30.521889: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:30.521892: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.521896: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:30.521899: | Notify data ed 70 8d 4b c8 96 c5 32 d4 c2 a3 74 bb 0a 60 32 Sep 21 07:25:30.521901: | Notify data 99 3c c0 e4 Sep 21 07:25:30.521904: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:30.521907: | emitting length of ISAKMP Message: 828 Sep 21 07:25:30.521916: | stop processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:25:30.521926: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:30.521931: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:25:30.521934: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:25:30.521938: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:25:30.521942: | Message ID: updating counters for #1 to 4294967295 after switching state Sep 21 07:25:30.521945: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:25:30.521951: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:25:30.521956: "westnet-eastnet-ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:25:30.521969: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Sep 21 07:25:30.521980: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:30.521984: | 55 ce b8 0f a4 9b 52 7d 00 00 00 00 00 00 00 00 Sep 21 07:25:30.521986: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:25:30.521989: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:25:30.521992: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:25:30.521995: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:25:30.521997: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:25:30.522000: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:25:30.522003: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:25:30.522006: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:25:30.522008: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:25:30.522011: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:25:30.522014: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:25:30.522017: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:25:30.522019: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:25:30.522022: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:25:30.522025: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:25:30.522028: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:30.522030: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:25:30.522033: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:25:30.522036: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:25:30.522038: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:25:30.522041: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:25:30.522044: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:25:30.522047: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:25:30.522049: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:25:30.522052: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:25:30.522055: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:25:30.522058: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:25:30.522060: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:25:30.522063: | 28 00 01 08 00 0e 00 00 02 00 89 5e 21 05 9c 50 Sep 21 07:25:30.522066: | 9e f6 9d d0 90 44 77 4d 6c bd fa fe 53 af b9 bc Sep 21 07:25:30.522068: | da 7b 29 d4 31 5e 29 86 5c 4e 90 e1 1d b6 85 fb Sep 21 07:25:30.522071: | 7e 76 a7 ed 88 7f 16 dc b5 58 96 49 be 0d 27 ae Sep 21 07:25:30.522074: | a2 4d 8a 2a 52 1f a3 b6 78 4d 3f f1 19 67 ca 61 Sep 21 07:25:30.522077: | 92 c7 23 09 4c 1d 73 3d eb 8c a4 59 91 19 3d 32 Sep 21 07:25:30.522079: | dd af 2f 5c 28 3b c5 91 4f 79 2b 70 a9 62 71 bb Sep 21 07:25:30.522082: | 81 ee ea c2 13 7f 38 f8 b0 ce 0c 48 95 f2 19 3b Sep 21 07:25:30.522085: | 2f 8f 75 18 18 1c 6c a0 32 0b dd 6c 82 19 2f 5b Sep 21 07:25:30.522088: | 87 93 46 7b 56 f0 da 8f fe 52 4d 1a de f9 7c aa Sep 21 07:25:30.522090: | 0e 47 97 ee 0e 1f 43 4f bf 19 a1 38 ef 4d 74 65 Sep 21 07:25:30.522093: | 5d 7b 80 62 b2 e5 3a e5 fd 3f bd a0 f3 8b 4d 7f Sep 21 07:25:30.522096: | 85 be 8f ea 83 2d cf 6c b6 2b ba d1 ad fa aa 69 Sep 21 07:25:30.522099: | 7a 89 47 44 91 4b 85 4c e2 03 78 6e db b8 4a 1e Sep 21 07:25:30.522102: | 81 f9 2f e0 c2 2d 22 21 72 b7 7e 09 92 9e 48 0d Sep 21 07:25:30.522105: | 7d a0 30 a9 b3 98 41 4c da 40 a5 11 ba af dd bd Sep 21 07:25:30.522108: | cb 29 b9 f9 00 53 18 ec 29 00 00 24 00 80 0e 63 Sep 21 07:25:30.522110: | c2 fc b2 a2 c9 42 44 a1 d5 00 78 67 60 b0 f6 5a Sep 21 07:25:30.522113: | 2e ea 72 08 3b 96 e4 fd 56 35 c7 91 29 00 00 08 Sep 21 07:25:30.522116: | 00 00 40 2e 29 00 00 1c 00 00 40 04 1f e1 b1 4b Sep 21 07:25:30.522120: | 3b 17 3e 73 bc f9 52 0c a5 0b 74 29 0d 39 4d 6a Sep 21 07:25:30.522123: | 00 00 00 1c 00 00 40 05 ed 70 8d 4b c8 96 c5 32 Sep 21 07:25:30.522125: | d4 c2 a3 74 bb 0a 60 32 99 3c c0 e4 Sep 21 07:25:30.522168: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:30.522174: | libevent_free: release ptr-libevent@0x56294cf60190 Sep 21 07:25:30.522178: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56294cf60150 Sep 21 07:25:30.522181: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:25:30.522185: | event_schedule: new EVENT_RETRANSMIT-pe@0x56294cf60150 Sep 21 07:25:30.522189: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Sep 21 07:25:30.522193: | libevent_malloc: new ptr-libevent@0x56294cf60190 size 128 Sep 21 07:25:30.522199: | #1 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49376.890449 Sep 21 07:25:30.522204: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Sep 21 07:25:30.522210: | #1 spent 1.93 milliseconds in resume sending helper answer Sep 21 07:25:30.522215: | stop processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:30.522219: | libevent_free: release ptr-libevent@0x7fc734006900 Sep 21 07:25:30.525854: | spent 0.00301 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:30.525877: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:25:30.525880: | 55 ce b8 0f a4 9b 52 7d a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:30.525883: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Sep 21 07:25:30.525885: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:25:30.525887: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:25:30.525889: | 04 00 00 0e 28 00 01 08 00 0e 00 00 40 1d 8f 85 Sep 21 07:25:30.525891: | 45 12 a6 f7 4a 04 f1 5c 71 27 51 30 08 f3 05 8f Sep 21 07:25:30.525893: | 4b 23 f8 22 2d b3 bc c3 13 bb 72 bd 71 a2 8d 91 Sep 21 07:25:30.525896: | 7c 5b 22 17 70 fe 64 96 4c 39 a2 16 f7 0a 3b 21 Sep 21 07:25:30.525898: | 07 74 9a ff 0a 87 19 e8 de b1 bf d6 fd 93 46 92 Sep 21 07:25:30.525900: | 16 2d 23 76 8b e6 72 fb 44 f5 8e ca 58 f1 8b f9 Sep 21 07:25:30.525902: | eb b2 55 ec e3 05 52 89 29 61 20 b1 08 ad f3 56 Sep 21 07:25:30.525904: | a7 da 37 a6 82 3e 7d 20 c3 71 ae a3 53 e0 0b 66 Sep 21 07:25:30.525906: | 7d 38 d8 b7 66 3d f4 7e 7a c4 1a 4a f0 86 73 41 Sep 21 07:25:30.525908: | a9 d1 c0 2a 42 14 e0 0f 6f 3c 9b 7b 7c 7f 11 e1 Sep 21 07:25:30.525911: | 86 43 c9 8d 7b 6a 4e 8d b6 a1 ac 4f 08 db fc 50 Sep 21 07:25:30.525913: | 41 a9 c5 ef 7b 33 c0 c4 d1 a2 b3 f3 b3 41 7c da Sep 21 07:25:30.525915: | 8d 7e 9a e5 a1 ed 60 a2 ba 45 81 f1 e0 40 30 28 Sep 21 07:25:30.525917: | 95 66 9d 42 36 3a 86 70 0d 10 38 c2 34 05 a9 cd Sep 21 07:25:30.525918: | b4 5d 78 33 9b 3a 9f 9d c2 a8 b0 e5 e9 26 fc 61 Sep 21 07:25:30.525921: | 4f ba 1a 45 66 06 9c 66 27 7e 49 c9 13 cf 70 de Sep 21 07:25:30.525922: | 82 5e 62 c8 06 6d fb 2f 76 a7 d9 fa 29 00 00 24 Sep 21 07:25:30.525924: | 92 dc 86 4e ed bd ea 6c ed e9 f1 88 a3 f7 89 66 Sep 21 07:25:30.525926: | ad ad ef 5b fe 4f a6 dd 45 23 33 5c 68 90 bb 8d Sep 21 07:25:30.525928: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:25:30.525930: | 0a fb 48 b7 8a 42 4f 74 d0 72 a8 7d 67 94 02 64 Sep 21 07:25:30.525932: | d0 22 28 71 00 00 00 1c 00 00 40 05 61 55 74 b8 Sep 21 07:25:30.525934: | 4c 01 22 9a d5 fd 41 2d f7 66 df 9f 38 10 d0 1e Sep 21 07:25:30.525938: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:30.525941: | **parse ISAKMP Message: Sep 21 07:25:30.525943: | initiator cookie: Sep 21 07:25:30.525945: | 55 ce b8 0f a4 9b 52 7d Sep 21 07:25:30.525947: | responder cookie: Sep 21 07:25:30.525949: | a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:30.525953: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:30.525956: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:30.525958: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:30.525960: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:30.525962: | Message ID: 0 (0x0) Sep 21 07:25:30.525964: | length: 432 (0x1b0) Sep 21 07:25:30.525967: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:25:30.525970: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Sep 21 07:25:30.525974: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Sep 21 07:25:30.525979: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:30.525984: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:30.525987: | #1 is idle Sep 21 07:25:30.525989: | #1 idle Sep 21 07:25:30.525991: | unpacking clear payload Sep 21 07:25:30.525994: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:30.525997: | ***parse IKEv2 Security Association Payload: Sep 21 07:25:30.525998: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:25:30.526000: | flags: none (0x0) Sep 21 07:25:30.526001: | length: 40 (0x28) Sep 21 07:25:30.526003: | processing payload: ISAKMP_NEXT_v2SA (len=36) Sep 21 07:25:30.526005: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:25:30.526007: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:25:30.526008: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:25:30.526010: | flags: none (0x0) Sep 21 07:25:30.526011: | length: 264 (0x108) Sep 21 07:25:30.526013: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:30.526014: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:25:30.526016: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:25:30.526017: | ***parse IKEv2 Nonce Payload: Sep 21 07:25:30.526019: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:30.526020: | flags: none (0x0) Sep 21 07:25:30.526022: | length: 36 (0x24) Sep 21 07:25:30.526023: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:25:30.526025: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:30.526026: | ***parse IKEv2 Notify Payload: Sep 21 07:25:30.526028: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:30.526029: | flags: none (0x0) Sep 21 07:25:30.526031: | length: 8 (0x8) Sep 21 07:25:30.526032: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:30.526034: | SPI size: 0 (0x0) Sep 21 07:25:30.526036: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:30.526037: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:25:30.526039: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:30.526040: | ***parse IKEv2 Notify Payload: Sep 21 07:25:30.526042: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:30.526043: | flags: none (0x0) Sep 21 07:25:30.526045: | length: 28 (0x1c) Sep 21 07:25:30.526046: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:30.526048: | SPI size: 0 (0x0) Sep 21 07:25:30.526049: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:30.526051: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:25:30.526053: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:30.526054: | ***parse IKEv2 Notify Payload: Sep 21 07:25:30.526056: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.526057: | flags: none (0x0) Sep 21 07:25:30.526058: | length: 28 (0x1c) Sep 21 07:25:30.526060: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:30.526061: | SPI size: 0 (0x0) Sep 21 07:25:30.526063: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:30.526064: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:25:30.526066: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Sep 21 07:25:30.526070: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:25:30.526072: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:25:30.526074: | Now let's proceed with state specific processing Sep 21 07:25:30.526076: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:25:30.526078: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Sep 21 07:25:30.526089: | using existing local IKE proposals for connection westnet-eastnet-ikev2 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:30.526092: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Sep 21 07:25:30.526094: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:30.526096: | local proposal 1 type PRF has 2 transforms Sep 21 07:25:30.526097: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:30.526099: | local proposal 1 type DH has 8 transforms Sep 21 07:25:30.526101: | local proposal 1 type ESN has 0 transforms Sep 21 07:25:30.526103: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:25:30.526105: | local proposal 2 type ENCR has 1 transforms Sep 21 07:25:30.526106: | local proposal 2 type PRF has 2 transforms Sep 21 07:25:30.526108: | local proposal 2 type INTEG has 1 transforms Sep 21 07:25:30.526109: | local proposal 2 type DH has 8 transforms Sep 21 07:25:30.526111: | local proposal 2 type ESN has 0 transforms Sep 21 07:25:30.526113: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:25:30.526114: | local proposal 3 type ENCR has 1 transforms Sep 21 07:25:30.526116: | local proposal 3 type PRF has 2 transforms Sep 21 07:25:30.526117: | local proposal 3 type INTEG has 2 transforms Sep 21 07:25:30.526119: | local proposal 3 type DH has 8 transforms Sep 21 07:25:30.526120: | local proposal 3 type ESN has 0 transforms Sep 21 07:25:30.526122: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:25:30.526124: | local proposal 4 type ENCR has 1 transforms Sep 21 07:25:30.526125: | local proposal 4 type PRF has 2 transforms Sep 21 07:25:30.526127: | local proposal 4 type INTEG has 2 transforms Sep 21 07:25:30.526128: | local proposal 4 type DH has 8 transforms Sep 21 07:25:30.526130: | local proposal 4 type ESN has 0 transforms Sep 21 07:25:30.526132: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:25:30.526133: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.526135: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:30.526136: | length: 36 (0x24) Sep 21 07:25:30.526138: | prop #: 1 (0x1) Sep 21 07:25:30.526139: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:30.526141: | spi size: 0 (0x0) Sep 21 07:25:30.526142: | # transforms: 3 (0x3) Sep 21 07:25:30.526145: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:25:30.526148: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.526150: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.526152: | length: 12 (0xc) Sep 21 07:25:30.526155: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.526157: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:30.526160: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.526164: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.526166: | length/value: 256 (0x100) Sep 21 07:25:30.526169: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:30.526172: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.526174: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.526176: | length: 8 (0x8) Sep 21 07:25:30.526178: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:30.526180: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:30.526183: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:25:30.526185: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.526187: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.526188: | length: 8 (0x8) Sep 21 07:25:30.526190: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.526192: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:30.526195: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:25:30.526198: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:25:30.526201: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:25:30.526203: | remote proposal 1 matches local proposal 1 Sep 21 07:25:30.526205: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Sep 21 07:25:30.526208: | converting proposal to internal trans attrs Sep 21 07:25:30.526222: | natd_hash: hasher=0x56294b16d7a0(20) Sep 21 07:25:30.526224: | natd_hash: icookie= 55 ce b8 0f a4 9b 52 7d Sep 21 07:25:30.526226: | natd_hash: rcookie= a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:30.526228: | natd_hash: ip= c0 01 02 2d Sep 21 07:25:30.526230: | natd_hash: port= 01 f4 Sep 21 07:25:30.526232: | natd_hash: hash= 61 55 74 b8 4c 01 22 9a d5 fd 41 2d f7 66 df 9f Sep 21 07:25:30.526234: | natd_hash: hash= 38 10 d0 1e Sep 21 07:25:30.526239: | natd_hash: hasher=0x56294b16d7a0(20) Sep 21 07:25:30.526241: | natd_hash: icookie= 55 ce b8 0f a4 9b 52 7d Sep 21 07:25:30.526243: | natd_hash: rcookie= a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:30.526244: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:30.526246: | natd_hash: port= 01 f4 Sep 21 07:25:30.526248: | natd_hash: hash= 0a fb 48 b7 8a 42 4f 74 d0 72 a8 7d 67 94 02 64 Sep 21 07:25:30.526250: | natd_hash: hash= d0 22 28 71 Sep 21 07:25:30.526252: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:25:30.526254: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:25:30.526256: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:25:30.526258: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:25:30.526264: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:25:30.526268: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Sep 21 07:25:30.526271: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:25:30.526273: | #1 STATE_PARENT_I1: retransmits: cleared Sep 21 07:25:30.526275: | libevent_free: release ptr-libevent@0x56294cf60190 Sep 21 07:25:30.526277: | free_event_entry: release EVENT_RETRANSMIT-pe@0x56294cf60150 Sep 21 07:25:30.526279: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56294cf60150 Sep 21 07:25:30.526281: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:25:30.526283: | libevent_malloc: new ptr-libevent@0x56294cf60190 size 128 Sep 21 07:25:30.526297: | #1 spent 0.214 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Sep 21 07:25:30.526305: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:30.526309: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Sep 21 07:25:30.526314: | suspending state #1 and saving MD Sep 21 07:25:30.526317: | #1 is busy; has a suspended MD Sep 21 07:25:30.526325: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:30.526328: | crypto helper 3 resuming Sep 21 07:25:30.526330: | "westnet-eastnet-ikev2" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:30.526338: | crypto helper 3 starting work-order 2 for state #1 Sep 21 07:25:30.526344: | stop processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:30.526347: | crypto helper 3 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Sep 21 07:25:30.526350: | #1 spent 0.481 milliseconds in ikev2_process_packet() Sep 21 07:25:30.526353: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:30.526356: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:30.526359: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:30.526362: | spent 0.494 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:30.526894: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:25:30.527373: | crypto helper 3 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001026 seconds Sep 21 07:25:30.527382: | (#1) spent 1.03 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Sep 21 07:25:30.527385: | crypto helper 3 sending results from work-order 2 for state #1 to event queue Sep 21 07:25:30.527389: | scheduling resume sending helper answer for #1 Sep 21 07:25:30.527392: | libevent_malloc: new ptr-libevent@0x7fc72c006b90 size 128 Sep 21 07:25:30.527402: | crypto helper 3 waiting (nothing to do) Sep 21 07:25:30.527412: | processing resume sending helper answer for #1 Sep 21 07:25:30.527424: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:30.527429: | crypto helper 3 replies to request ID 2 Sep 21 07:25:30.527432: | calling continuation function 0x56294b097630 Sep 21 07:25:30.527435: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Sep 21 07:25:30.527444: | creating state object #2 at 0x56294cf629f0 Sep 21 07:25:30.527448: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:25:30.527453: | pstats #2 ikev2.child started Sep 21 07:25:30.527457: | duplicating state object #1 "westnet-eastnet-ikev2" as #2 for IPSEC SA Sep 21 07:25:30.527463: | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:25:30.527470: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:30.527476: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Sep 21 07:25:30.527483: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Sep 21 07:25:30.527486: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:30.527490: | libevent_free: release ptr-libevent@0x56294cf60190 Sep 21 07:25:30.527493: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56294cf60150 Sep 21 07:25:30.527497: | event_schedule: new EVENT_SA_REPLACE-pe@0x56294cf60150 Sep 21 07:25:30.527501: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Sep 21 07:25:30.527504: | libevent_malloc: new ptr-libevent@0x56294cf60190 size 128 Sep 21 07:25:30.527509: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Sep 21 07:25:30.527516: | **emit ISAKMP Message: Sep 21 07:25:30.527519: | initiator cookie: Sep 21 07:25:30.527521: | 55 ce b8 0f a4 9b 52 7d Sep 21 07:25:30.527527: | responder cookie: Sep 21 07:25:30.527530: | a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:30.527533: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:30.527536: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:30.527539: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:30.527542: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:30.527545: | Message ID: 1 (0x1) Sep 21 07:25:30.527549: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:30.527552: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:30.527555: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.527558: | flags: none (0x0) Sep 21 07:25:30.527562: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:30.527566: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.527570: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:30.527579: | IKEv2 CERT: send a certificate? Sep 21 07:25:30.527582: | IKEv2 CERT: no certificate to send Sep 21 07:25:30.527585: | IDr payload will be sent Sep 21 07:25:30.527600: | ****emit IKEv2 Identification - Initiator - Payload: Sep 21 07:25:30.527604: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.527607: | flags: none (0x0) Sep 21 07:25:30.527610: | ID type: ID_FQDN (0x2) Sep 21 07:25:30.527614: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Sep 21 07:25:30.527618: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.527622: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Sep 21 07:25:30.527625: | my identity 77 65 73 74 Sep 21 07:25:30.527628: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Sep 21 07:25:30.527637: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:25:30.527641: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:25:30.527643: | flags: none (0x0) Sep 21 07:25:30.527646: | ID type: ID_FQDN (0x2) Sep 21 07:25:30.527650: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Sep 21 07:25:30.527655: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:25:30.527659: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.527662: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Sep 21 07:25:30.527665: | IDr 65 61 73 74 Sep 21 07:25:30.527668: | emitting length of IKEv2 Identification - Responder - Payload: 12 Sep 21 07:25:30.527671: | not sending INITIAL_CONTACT Sep 21 07:25:30.527674: | ****emit IKEv2 Authentication Payload: Sep 21 07:25:30.527677: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.527680: | flags: none (0x0) Sep 21 07:25:30.527683: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:25:30.527687: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:25:30.527691: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.527697: | started looking for secret for @west->@east of kind PKK_RSA Sep 21 07:25:30.527701: | actually looking for secret for @west->@east of kind PKK_RSA Sep 21 07:25:30.527705: | line 1: key type PKK_RSA(@west) to type PKK_RSA Sep 21 07:25:30.527709: | 1: compared key (none) to @west / @east -> 002 Sep 21 07:25:30.527713: | 2: compared key (none) to @west / @east -> 002 Sep 21 07:25:30.527717: | line 1: match=002 Sep 21 07:25:30.527721: | match 002 beats previous best_match 000 match=0x56294cf50f90 (line=1) Sep 21 07:25:30.527724: | concluding with best_match=002 best=0x56294cf50f90 (lineno=1) Sep 21 07:25:30.532882: | #1 spent 5.06 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Sep 21 07:25:30.532895: | emitting 274 raw bytes of rsa signature into IKEv2 Authentication Payload Sep 21 07:25:30.532899: | rsa signature 7a 22 e8 de 97 06 a6 dd a1 70 9a 7f c4 3c 6d 3b Sep 21 07:25:30.532902: | rsa signature 51 8f d1 da 9d 31 7b af 4a f3 5b 13 0d 18 3a c4 Sep 21 07:25:30.532905: | rsa signature 5d 4b 1a c6 b6 f5 a0 41 80 13 69 f1 9a af 51 4e Sep 21 07:25:30.532908: | rsa signature 73 a3 05 dc 22 43 49 cb ee 03 4e f5 f5 34 af f1 Sep 21 07:25:30.532911: | rsa signature 59 bb c0 87 e8 aa fa 44 08 2f f2 b4 14 7b 0d eb Sep 21 07:25:30.532914: | rsa signature 76 75 44 85 ef 3e 43 ce 2b b5 34 d8 ba fe d6 b9 Sep 21 07:25:30.532917: | rsa signature 49 c9 27 dc 8e f3 7d 7b b7 b8 82 59 bc ae 79 88 Sep 21 07:25:30.532920: | rsa signature 90 8f fb 03 26 64 b2 24 81 44 61 dc 20 40 be 1c Sep 21 07:25:30.532923: | rsa signature 79 b0 42 dd 84 6b 09 8c db 5a 13 3b 5e 33 f9 eb Sep 21 07:25:30.532926: | rsa signature 93 de 91 a6 b6 f9 5b ea a2 57 df 5c 3c 94 36 8e Sep 21 07:25:30.532929: | rsa signature dc 25 b8 b4 99 21 56 68 40 c1 ac 4c 1a 07 04 17 Sep 21 07:25:30.532932: | rsa signature af ac a1 f5 8c 92 d6 58 b5 80 32 e2 a8 4d 22 84 Sep 21 07:25:30.532935: | rsa signature 78 bf e3 f2 35 68 51 af e1 5c b8 0d 68 2c ee d9 Sep 21 07:25:30.532938: | rsa signature 5e 2f d0 35 2d 04 3f 6b 17 66 17 60 ce 9b c4 19 Sep 21 07:25:30.532941: | rsa signature 9a c9 15 51 44 5d e9 02 3e 58 9e f9 6d 01 41 97 Sep 21 07:25:30.532944: | rsa signature 93 81 1c bb a8 40 1f 54 f2 c4 cb 0d b6 4d 88 1c Sep 21 07:25:30.532947: | rsa signature 82 a3 84 fd 7b 78 fc 79 b3 be bc 23 2f 46 14 5f Sep 21 07:25:30.532950: | rsa signature 48 bc Sep 21 07:25:30.532955: | #1 spent 5.18 milliseconds in ikev2_calculate_rsa_hash() Sep 21 07:25:30.532959: | emitting length of IKEv2 Authentication Payload: 282 Sep 21 07:25:30.532962: | getting first pending from state #1 Sep 21 07:25:30.532981: | netlink_get_spi: allocated 0xbd5ac3d8 for esp.0@192.1.2.45 Sep 21 07:25:30.532986: | constructing ESP/AH proposals with all DH removed for westnet-eastnet-ikev2 (IKE SA initiator emitting ESP/AH proposals) Sep 21 07:25:30.532992: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:25:30.532999: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:25:30.533002: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:25:30.533008: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:25:30.533012: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:30.533017: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:30.533021: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:30.533027: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:30.533037: "westnet-eastnet-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ikev2 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:30.533048: | Emitting ikev2_proposals ... Sep 21 07:25:30.533052: | ****emit IKEv2 Security Association Payload: Sep 21 07:25:30.533056: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.533059: | flags: none (0x0) Sep 21 07:25:30.533263: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:30.533269: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.533273: | discarding INTEG=NONE Sep 21 07:25:30.533275: | discarding DH=NONE Sep 21 07:25:30.533278: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.533282: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.533284: | prop #: 1 (0x1) Sep 21 07:25:30.533287: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:30.533290: | spi size: 4 (0x4) Sep 21 07:25:30.533293: | # transforms: 2 (0x2) Sep 21 07:25:30.533297: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:30.533301: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:30.533304: | our spi bd 5a c3 d8 Sep 21 07:25:30.533307: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.533310: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.533313: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.533317: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:30.533321: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.533324: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.533328: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.533331: | length/value: 256 (0x100) Sep 21 07:25:30.533334: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:30.533337: | discarding INTEG=NONE Sep 21 07:25:30.533339: | discarding DH=NONE Sep 21 07:25:30.533342: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.533345: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.533348: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:30.533351: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:30.533355: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.533359: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.533363: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.533366: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:25:30.533370: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:30.533372: | discarding INTEG=NONE Sep 21 07:25:30.533375: | discarding DH=NONE Sep 21 07:25:30.533378: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.533381: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.533384: | prop #: 2 (0x2) Sep 21 07:25:30.533387: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:30.533389: | spi size: 4 (0x4) Sep 21 07:25:30.533392: | # transforms: 2 (0x2) Sep 21 07:25:30.533396: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.533400: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:30.533869: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:30.533872: | our spi bd 5a c3 d8 Sep 21 07:25:30.533876: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.533879: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.533883: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.533886: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:30.533890: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.533895: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.533898: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.533901: | length/value: 128 (0x80) Sep 21 07:25:30.533905: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:30.533907: | discarding INTEG=NONE Sep 21 07:25:30.533910: | discarding DH=NONE Sep 21 07:25:30.533913: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.533916: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.533919: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:30.533922: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:30.533926: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.533930: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.533933: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.533936: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:25:30.533940: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:30.533943: | discarding DH=NONE Sep 21 07:25:30.533946: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.533949: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.533952: | prop #: 3 (0x3) Sep 21 07:25:30.533955: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:30.533957: | spi size: 4 (0x4) Sep 21 07:25:30.533960: | # transforms: 4 (0x4) Sep 21 07:25:30.533964: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.533968: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:30.533972: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:30.533974: | our spi bd 5a c3 d8 Sep 21 07:25:30.533977: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.533980: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.533983: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.533986: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:30.533990: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.533993: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.533996: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.533999: | length/value: 256 (0x100) Sep 21 07:25:30.534002: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:30.534006: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.534009: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.534012: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:30.534015: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:30.534019: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.534023: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.534026: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.534029: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.534032: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.534035: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:30.534038: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:30.534042: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.534052: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.534055: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.534058: | discarding DH=NONE Sep 21 07:25:30.534060: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.534063: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.534066: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:30.534070: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:30.534074: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.534078: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.534081: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.534084: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:25:30.534088: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:30.534091: | discarding DH=NONE Sep 21 07:25:30.534093: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.534096: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:30.534099: | prop #: 4 (0x4) Sep 21 07:25:30.534102: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:30.534105: | spi size: 4 (0x4) Sep 21 07:25:30.534107: | # transforms: 4 (0x4) Sep 21 07:25:30.534112: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.534115: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:30.534119: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:30.534122: | our spi bd 5a c3 d8 Sep 21 07:25:30.534125: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.534128: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.534131: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.534133: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:30.534138: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.534141: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.534144: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.534147: | length/value: 128 (0x80) Sep 21 07:25:30.534150: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:30.534153: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.534156: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.534159: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:30.534162: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:30.534166: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.534170: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.534173: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.534176: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.534179: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.534182: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:30.534185: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:30.534189: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.534194: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.534197: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.534200: | discarding DH=NONE Sep 21 07:25:30.534203: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.534206: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.534209: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:30.534212: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:30.534216: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.534220: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.534223: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.534226: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:25:30.534230: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:30.534233: | emitting length of IKEv2 Security Association Payload: 164 Sep 21 07:25:30.534237: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:30.534242: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:30.534245: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.534248: | flags: none (0x0) Sep 21 07:25:30.534251: | number of TS: 1 (0x1) Sep 21 07:25:30.534255: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:25:30.534259: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.534262: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:30.534266: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:30.534269: | IP Protocol ID: 0 (0x0) Sep 21 07:25:30.534271: | start port: 0 (0x0) Sep 21 07:25:30.534274: | end port: 65535 (0xffff) Sep 21 07:25:30.534278: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:30.534281: | IP start c0 00 01 00 Sep 21 07:25:30.534284: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:30.534287: | IP end c0 00 01 ff Sep 21 07:25:30.534290: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:30.534293: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:25:30.534296: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:30.534299: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.534302: | flags: none (0x0) Sep 21 07:25:30.534305: | number of TS: 1 (0x1) Sep 21 07:25:30.534310: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:25:30.534313: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.534316: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:30.534319: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:30.534322: | IP Protocol ID: 0 (0x0) Sep 21 07:25:30.534325: | start port: 0 (0x0) Sep 21 07:25:30.534328: | end port: 65535 (0xffff) Sep 21 07:25:30.534331: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:30.534334: | IP start c0 00 02 00 Sep 21 07:25:30.534337: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:30.534340: | IP end c0 00 02 ff Sep 21 07:25:30.534343: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:30.534346: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:25:30.534350: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:25:30.534354: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:25:30.534357: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:30.534361: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:30.534365: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:30.534368: | emitting length of IKEv2 Encryption Payload: 547 Sep 21 07:25:30.534371: | emitting length of ISAKMP Message: 575 Sep 21 07:25:30.534376: | **parse ISAKMP Message: Sep 21 07:25:30.534379: | initiator cookie: Sep 21 07:25:30.534382: | 55 ce b8 0f a4 9b 52 7d Sep 21 07:25:30.534385: | responder cookie: Sep 21 07:25:30.534387: | a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:30.534390: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:30.534394: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:30.534397: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:30.534400: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:30.534403: | Message ID: 1 (0x1) Sep 21 07:25:30.534406: | length: 575 (0x23f) Sep 21 07:25:30.534409: | **parse IKEv2 Encryption Payload: Sep 21 07:25:30.534412: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:25:30.534414: | flags: none (0x0) Sep 21 07:25:30.534417: | length: 547 (0x223) Sep 21 07:25:30.534420: | **emit ISAKMP Message: Sep 21 07:25:30.534422: | initiator cookie: Sep 21 07:25:30.534425: | 55 ce b8 0f a4 9b 52 7d Sep 21 07:25:30.534428: | responder cookie: Sep 21 07:25:30.534430: | a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:30.534433: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:30.534436: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:30.534439: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:30.534442: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:30.534445: | Message ID: 1 (0x1) Sep 21 07:25:30.534449: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:30.534452: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:25:30.534455: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:25:30.534458: | flags: none (0x0) Sep 21 07:25:30.534461: | fragment number: 1 (0x1) Sep 21 07:25:30.534464: | total fragments: 2 (0x2) Sep 21 07:25:30.534467: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi Sep 21 07:25:30.534472: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:25:30.534475: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:25:30.534479: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:25:30.534488: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:25:30.534491: | cleartext fragment 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c Sep 21 07:25:30.534494: | cleartext fragment 02 00 00 00 65 61 73 74 21 00 01 1a 01 00 00 00 Sep 21 07:25:30.534497: | cleartext fragment 7a 22 e8 de 97 06 a6 dd a1 70 9a 7f c4 3c 6d 3b Sep 21 07:25:30.534500: | cleartext fragment 51 8f d1 da 9d 31 7b af 4a f3 5b 13 0d 18 3a c4 Sep 21 07:25:30.534503: | cleartext fragment 5d 4b 1a c6 b6 f5 a0 41 80 13 69 f1 9a af 51 4e Sep 21 07:25:30.534506: | cleartext fragment 73 a3 05 dc 22 43 49 cb ee 03 4e f5 f5 34 af f1 Sep 21 07:25:30.534509: | cleartext fragment 59 bb c0 87 e8 aa fa 44 08 2f f2 b4 14 7b 0d eb Sep 21 07:25:30.534512: | cleartext fragment 76 75 44 85 ef 3e 43 ce 2b b5 34 d8 ba fe d6 b9 Sep 21 07:25:30.534515: | cleartext fragment 49 c9 27 dc 8e f3 7d 7b b7 b8 82 59 bc ae 79 88 Sep 21 07:25:30.534519: | cleartext fragment 90 8f fb 03 26 64 b2 24 81 44 61 dc 20 40 be 1c Sep 21 07:25:30.534523: | cleartext fragment 79 b0 42 dd 84 6b 09 8c db 5a 13 3b 5e 33 f9 eb Sep 21 07:25:30.534526: | cleartext fragment 93 de 91 a6 b6 f9 5b ea a2 57 df 5c 3c 94 36 8e Sep 21 07:25:30.534529: | cleartext fragment dc 25 b8 b4 99 21 56 68 40 c1 ac 4c 1a 07 04 17 Sep 21 07:25:30.534532: | cleartext fragment af ac a1 f5 8c 92 d6 58 b5 80 32 e2 a8 4d 22 84 Sep 21 07:25:30.534535: | cleartext fragment 78 bf e3 f2 35 68 51 af e1 5c b8 0d 68 2c ee d9 Sep 21 07:25:30.534538: | cleartext fragment 5e 2f d0 35 2d 04 3f 6b 17 66 17 60 ce 9b c4 19 Sep 21 07:25:30.534541: | cleartext fragment 9a c9 15 51 44 5d e9 02 3e 58 9e f9 6d 01 41 97 Sep 21 07:25:30.534544: | cleartext fragment 93 81 1c bb a8 40 1f 54 f2 c4 cb 0d b6 4d 88 1c Sep 21 07:25:30.534547: | cleartext fragment 82 a3 84 fd 7b 78 fc 79 b3 be bc 23 2f 46 14 5f Sep 21 07:25:30.534550: | cleartext fragment 48 bc 2c 00 00 a4 02 00 00 20 01 03 04 02 bd 5a Sep 21 07:25:30.534554: | cleartext fragment c3 d8 03 00 00 0c 01 00 00 14 80 0e 01 00 00 00 Sep 21 07:25:30.534557: | cleartext fragment 00 08 05 00 00 00 02 00 00 20 02 03 04 02 bd 5a Sep 21 07:25:30.534560: | cleartext fragment c3 d8 03 00 00 0c 01 00 00 14 80 0e 00 80 00 00 Sep 21 07:25:30.534563: | cleartext fragment 00 08 05 00 00 00 02 00 00 30 03 03 04 04 bd 5a Sep 21 07:25:30.534566: | cleartext fragment c3 d8 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 Sep 21 07:25:30.534569: | cleartext fragment 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00 00 Sep 21 07:25:30.534572: | cleartext fragment 00 08 05 00 00 00 00 00 00 30 04 03 04 04 bd 5a Sep 21 07:25:30.534575: | cleartext fragment c3 d8 03 00 00 0c 01 00 00 0c 80 0e 00 80 03 00 Sep 21 07:25:30.534578: | cleartext fragment 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00 00 Sep 21 07:25:30.534581: | cleartext fragment 00 08 05 00 00 00 2d 00 00 18 01 00 00 00 Sep 21 07:25:30.534584: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:30.534588: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:25:30.534592: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:25:30.534595: | emitting length of IKEv2 Encrypted Fragment: 511 Sep 21 07:25:30.534597: | emitting length of ISAKMP Message: 539 Sep 21 07:25:30.534612: | **emit ISAKMP Message: Sep 21 07:25:30.534615: | initiator cookie: Sep 21 07:25:30.534618: | 55 ce b8 0f a4 9b 52 7d Sep 21 07:25:30.534627: | responder cookie: Sep 21 07:25:30.534629: | a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:30.534632: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:30.534636: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:30.534639: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:30.534642: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:30.534644: | Message ID: 1 (0x1) Sep 21 07:25:30.534648: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:30.534651: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:25:30.534654: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.534657: | flags: none (0x0) Sep 21 07:25:30.534660: | fragment number: 2 (0x2) Sep 21 07:25:30.534663: | total fragments: 2 (0x2) Sep 21 07:25:30.534667: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Sep 21 07:25:30.534671: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:25:30.534674: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:25:30.534678: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:25:30.534686: | emitting 40 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:25:30.534690: | cleartext fragment 07 00 00 10 00 00 ff ff c0 00 01 00 c0 00 01 ff Sep 21 07:25:30.534694: | cleartext fragment 00 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff Sep 21 07:25:30.534697: | cleartext fragment c0 00 02 00 c0 00 02 ff Sep 21 07:25:30.534700: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:30.534704: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:25:30.534707: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:25:30.534710: | emitting length of IKEv2 Encrypted Fragment: 73 Sep 21 07:25:30.534713: | emitting length of ISAKMP Message: 101 Sep 21 07:25:30.534725: | suspend processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:30.534732: | start processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:30.534737: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Sep 21 07:25:30.534741: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Sep 21 07:25:30.534745: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Sep 21 07:25:30.534749: | Message ID: updating counters for #2 to 0 after switching state Sep 21 07:25:30.534756: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Sep 21 07:25:30.534762: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Sep 21 07:25:30.534767: "westnet-eastnet-ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:25:30.534780: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Sep 21 07:25:30.534786: | sending fragments ... Sep 21 07:25:30.534795: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:30.534798: | 55 ce b8 0f a4 9b 52 7d a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:30.534801: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Sep 21 07:25:30.534804: | 00 01 00 02 21 84 15 81 a1 43 70 f1 be 75 09 f3 Sep 21 07:25:30.534807: | 6b c0 ed 0e 7c 75 d2 64 6a fc 74 14 7f b5 49 4b Sep 21 07:25:30.534810: | b9 a3 10 d7 3c 88 bf e6 2d 44 35 4b a0 8a c9 bb Sep 21 07:25:30.534813: | 5b 3c 5f 63 9f 82 28 bf 24 0b 11 8b d4 d0 0f 10 Sep 21 07:25:30.534815: | 8b 12 e5 15 13 a9 e4 54 a7 66 00 6a e1 9e 85 13 Sep 21 07:25:30.534818: | 70 b9 16 28 5e d6 86 26 4a 63 e4 a5 62 ba 9e 2c Sep 21 07:25:30.534821: | e6 fa 5e dc 4f f2 ea 5a 54 7a cd 4f 01 63 e9 1e Sep 21 07:25:30.534824: | 0f d0 9f ed 2a 51 54 bb 8c 0d 4a f1 64 b2 90 3b Sep 21 07:25:30.534827: | 3d d4 1b cb 4e 98 f4 79 aa 21 9c 26 f1 a7 f9 1b Sep 21 07:25:30.534830: | 71 f7 9f 6c 18 36 83 ec 58 6e 1f f4 92 97 e7 b0 Sep 21 07:25:30.534832: | 8b 27 be 64 c3 79 82 6d c5 81 7b 73 85 a7 74 25 Sep 21 07:25:30.534836: | 07 5e fd 2f dc 6b ca e7 92 d1 4b a1 c3 10 66 ed Sep 21 07:25:30.534838: | f0 8e 06 1c 85 35 6a ee 09 8b 39 03 7c ef f1 47 Sep 21 07:25:30.534841: | 79 33 f7 6f 64 67 3e 2f 40 fa 52 84 56 a4 32 11 Sep 21 07:25:30.534844: | 62 d0 88 cf eb d6 f0 50 da e4 12 ca 4e 19 a5 41 Sep 21 07:25:30.534847: | a1 27 6f 29 a7 03 25 62 47 93 09 35 4d 11 7e 3d Sep 21 07:25:30.534850: | 4c 82 e1 aa 97 b4 3b c1 55 1d 81 be e7 a1 b0 48 Sep 21 07:25:30.534853: | 05 bf 0e f4 5a 3a aa 5d 99 5b db b4 89 ed 62 db Sep 21 07:25:30.534856: | 66 08 bb 0a da 82 9b 61 75 6f 6a 77 b8 aa ac 65 Sep 21 07:25:30.534858: | a8 e7 b5 f6 a1 72 1b d4 5a 7b ec f5 8f 48 97 ec Sep 21 07:25:30.534861: | c3 83 7a 87 34 ac cc e5 a4 4c bb 57 f6 28 98 80 Sep 21 07:25:30.534864: | 69 da 92 e1 cb 13 e9 e5 0d fa e0 26 d8 ee 19 5a Sep 21 07:25:30.534867: | 88 8f 1c 02 2d f6 f2 55 7c 5f f5 d1 57 5f 00 b1 Sep 21 07:25:30.534871: | c1 65 1b d8 58 8f a6 b9 0f 12 71 2b 1b 0f c3 f4 Sep 21 07:25:30.534874: | 90 1c cb a1 56 47 6f 7e c4 1c 9b b0 4f bd f8 be Sep 21 07:25:30.534877: | bf 27 98 76 87 e2 e8 f7 60 f4 ef 15 79 93 b1 6a Sep 21 07:25:30.534880: | 2b a2 2d 26 ca be a5 e3 a4 0f 7a 66 3c 91 13 22 Sep 21 07:25:30.534883: | 9b 52 32 a1 a0 17 58 73 6d 3d 27 3d 96 87 29 e5 Sep 21 07:25:30.534886: | c5 8f 02 57 de 5b 97 b3 96 f8 d5 2d 4c 77 99 d6 Sep 21 07:25:30.534889: | dd 29 8d fa 0e 9d 6f 85 6b 69 f1 86 7d f7 90 24 Sep 21 07:25:30.534891: | 9a bd 61 7b 0f e6 aa 8c 69 cc 40 5b fa 0a 4a 2c Sep 21 07:25:30.534894: | 54 40 52 12 58 a6 77 72 6b df 65 Sep 21 07:25:30.534937: | sending 101 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:30.534941: | 55 ce b8 0f a4 9b 52 7d a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:30.534944: | 35 20 23 08 00 00 00 01 00 00 00 65 00 00 00 49 Sep 21 07:25:30.534947: | 00 02 00 02 2f 3b e2 17 1b af 09 9c 8d d9 e7 c9 Sep 21 07:25:30.534950: | 14 d3 75 69 69 eb e2 db cc 4c fb 4f 81 ab 71 9e Sep 21 07:25:30.534953: | 2d 5a ba 77 07 fa c9 57 01 b7 2f a1 c8 a5 8d a5 Sep 21 07:25:30.534955: | 2f 6e cf b8 a8 1d 03 97 1c 2b 43 51 3a 17 c2 94 Sep 21 07:25:30.534958: | 87 0d 7f 9f 98 Sep 21 07:25:30.534970: | sent 2 fragments Sep 21 07:25:30.534974: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:25:30.534978: | event_schedule: new EVENT_RETRANSMIT-pe@0x56294cf658f0 Sep 21 07:25:30.534983: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Sep 21 07:25:30.534987: | libevent_malloc: new ptr-libevent@0x7fc734006900 size 128 Sep 21 07:25:30.534994: | #2 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49376.903242 Sep 21 07:25:30.534999: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:25:30.535005: | #1 spent 1.37 milliseconds Sep 21 07:25:30.535009: | #1 spent 6.82 milliseconds in resume sending helper answer Sep 21 07:25:30.535015: | stop processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:30.535019: | libevent_free: release ptr-libevent@0x7fc72c006b90 Sep 21 07:25:30.583898: | spent 0.00288 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:30.583919: | *received 435 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:25:30.583922: | 55 ce b8 0f a4 9b 52 7d a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:30.583925: | 2e 20 23 20 00 00 00 01 00 00 01 b3 24 00 01 97 Sep 21 07:25:30.583927: | 82 64 7a a0 a0 c8 a7 56 89 4a bc 4b 30 0b 38 38 Sep 21 07:25:30.583929: | 07 ed 68 ed e7 f7 53 02 f4 ea b0 49 f9 38 79 c5 Sep 21 07:25:30.583931: | 93 3a e3 d2 df 77 eb c3 d5 dd 3c 9f 07 0e 54 7b Sep 21 07:25:30.583933: | f1 b0 8a cb 1e cb 95 7a 99 0a 23 e2 97 76 cd 10 Sep 21 07:25:30.583935: | 57 0e 88 8a 9d 10 28 c8 f7 82 c6 31 71 ac e3 00 Sep 21 07:25:30.583937: | 68 70 ad f0 1d bc dc be a7 32 a1 f0 b1 eb 7b 18 Sep 21 07:25:30.583940: | d2 71 29 11 60 e9 90 92 e1 3b f5 6f 13 68 0c 73 Sep 21 07:25:30.583942: | 5e b7 5d e3 20 aa 7a 05 1d 31 5e ff 32 d1 29 c8 Sep 21 07:25:30.583944: | c0 92 d3 7b ec 6a 20 cd 27 c6 56 65 a3 be 42 f7 Sep 21 07:25:30.583947: | 29 dc 5f ad e7 3d a8 20 f9 21 9f 92 af 46 ca ae Sep 21 07:25:30.583949: | 80 53 cf c3 d4 64 00 0e 46 72 4c 11 0d 40 29 78 Sep 21 07:25:30.583951: | 4d 33 87 71 c3 88 62 62 e7 80 d1 8e 09 c8 76 f4 Sep 21 07:25:30.583954: | 7d 6f 27 8f fe 0d 0b 02 59 95 8b 87 59 34 22 f5 Sep 21 07:25:30.583956: | b6 1a c5 91 8e 69 a5 f7 64 2e 96 e2 4f 58 7a 11 Sep 21 07:25:30.583959: | 7d 34 c0 8d 45 f7 28 5d 4e 87 ef c8 84 76 c0 47 Sep 21 07:25:30.583961: | 9b f4 0f 08 1f bf 15 71 69 59 17 5f 47 84 2e f7 Sep 21 07:25:30.583964: | 34 13 9f a7 42 cb 13 ea b7 a1 4e 01 cd 9c da 02 Sep 21 07:25:30.583969: | c1 c6 d3 da 4f 38 16 c6 73 89 d7 aa e1 7f c8 42 Sep 21 07:25:30.583971: | 85 62 9b d6 9c 9a ff 68 2a 1a 93 ad 18 cb 15 62 Sep 21 07:25:30.583973: | 35 95 cf b0 28 b0 22 f0 92 3a ed 7f 27 53 b4 ce Sep 21 07:25:30.583975: | 04 0f f1 5a cb e9 a6 42 94 42 d1 bf 27 68 98 d5 Sep 21 07:25:30.583977: | c2 9e 38 b5 b1 90 98 63 6f c8 b7 9f 5d d2 63 e6 Sep 21 07:25:30.583979: | 8e 16 cb 2c d7 09 0d 84 ce f9 bb 99 36 91 7b 9e Sep 21 07:25:30.583981: | 19 d3 1b 3a b4 a6 7e ed 61 50 16 1b 73 74 55 2d Sep 21 07:25:30.583983: | 59 a8 c7 7d df 10 59 17 5f ad cd fb 53 65 1b b7 Sep 21 07:25:30.583985: | ea 85 b7 Sep 21 07:25:30.583990: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:30.583995: | **parse ISAKMP Message: Sep 21 07:25:30.583997: | initiator cookie: Sep 21 07:25:30.583999: | 55 ce b8 0f a4 9b 52 7d Sep 21 07:25:30.584001: | responder cookie: Sep 21 07:25:30.584003: | a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:30.584006: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:30.584009: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:30.584011: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:30.584014: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:30.584017: | Message ID: 1 (0x1) Sep 21 07:25:30.584019: | length: 435 (0x1b3) Sep 21 07:25:30.584023: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:25:30.584026: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:25:30.584030: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:25:30.584037: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:30.584040: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:25:30.584044: | suspend processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:30.584049: | start processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:30.584052: | #2 is idle Sep 21 07:25:30.584054: | #2 idle Sep 21 07:25:30.584056: | unpacking clear payload Sep 21 07:25:30.584059: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:30.584062: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:30.584064: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:25:30.584067: | flags: none (0x0) Sep 21 07:25:30.584069: | length: 407 (0x197) Sep 21 07:25:30.584072: | processing payload: ISAKMP_NEXT_v2SK (len=403) Sep 21 07:25:30.584075: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:25:30.584091: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:25:30.584094: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:25:30.584097: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:25:30.584099: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:25:30.584101: | flags: none (0x0) Sep 21 07:25:30.584104: | length: 12 (0xc) Sep 21 07:25:30.584106: | ID type: ID_FQDN (0x2) Sep 21 07:25:30.584108: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Sep 21 07:25:30.584110: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:25:30.584113: | **parse IKEv2 Authentication Payload: Sep 21 07:25:30.584114: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:30.584116: | flags: none (0x0) Sep 21 07:25:30.584118: | length: 282 (0x11a) Sep 21 07:25:30.584121: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:25:30.584123: | processing payload: ISAKMP_NEXT_v2AUTH (len=274) Sep 21 07:25:30.584126: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:30.584129: | **parse IKEv2 Security Association Payload: Sep 21 07:25:30.584132: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:25:30.584135: | flags: none (0x0) Sep 21 07:25:30.584137: | length: 36 (0x24) Sep 21 07:25:30.584143: | processing payload: ISAKMP_NEXT_v2SA (len=32) Sep 21 07:25:30.584145: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:25:30.584148: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:30.584151: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:25:30.584154: | flags: none (0x0) Sep 21 07:25:30.584156: | length: 24 (0x18) Sep 21 07:25:30.584159: | number of TS: 1 (0x1) Sep 21 07:25:30.584162: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:25:30.584165: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:25:30.584167: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:30.584170: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.584173: | flags: none (0x0) Sep 21 07:25:30.584175: | length: 24 (0x18) Sep 21 07:25:30.584178: | number of TS: 1 (0x1) Sep 21 07:25:30.584180: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:25:30.584183: | selected state microcode Initiator: process IKE_AUTH response Sep 21 07:25:30.584185: | Now let's proceed with state specific processing Sep 21 07:25:30.584188: | calling processor Initiator: process IKE_AUTH response Sep 21 07:25:30.584193: | offered CA: '%none' Sep 21 07:25:30.584197: "westnet-eastnet-ikev2" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Sep 21 07:25:30.584234: | verifying AUTH payload Sep 21 07:25:30.584250: | required RSA CA is '%any' Sep 21 07:25:30.584255: | checking RSA keyid '@east' for match with '@east' Sep 21 07:25:30.584258: | RSA key issuer CA is '%any' Sep 21 07:25:30.584324: | an RSA Sig check passed with *AQO9bJbr3 [preloaded keys] Sep 21 07:25:30.584333: | #1 spent 0.0697 milliseconds in try_all_keys() trying a pubkey Sep 21 07:25:30.584337: "westnet-eastnet-ikev2" #2: Authenticated using RSA Sep 21 07:25:30.584349: | #1 spent 0.108 milliseconds in ikev2_verify_rsa_hash() Sep 21 07:25:30.584354: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Sep 21 07:25:30.584360: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Sep 21 07:25:30.584362: | state #1 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:25:30.584366: | libevent_free: release ptr-libevent@0x56294cf60190 Sep 21 07:25:30.584369: | free_event_entry: release EVENT_SA_REPLACE-pe@0x56294cf60150 Sep 21 07:25:30.584371: | event_schedule: new EVENT_SA_REKEY-pe@0x56294cf60150 Sep 21 07:25:30.584375: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Sep 21 07:25:30.584377: | libevent_malloc: new ptr-libevent@0x56294cf60190 size 128 Sep 21 07:25:30.584632: | pstats #1 ikev2.ike established Sep 21 07:25:30.584639: | TSi: parsing 1 traffic selectors Sep 21 07:25:30.584643: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:30.584646: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:30.584650: | IP Protocol ID: 0 (0x0) Sep 21 07:25:30.584653: | length: 16 (0x10) Sep 21 07:25:30.584655: | start port: 0 (0x0) Sep 21 07:25:30.584658: | end port: 65535 (0xffff) Sep 21 07:25:30.584662: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:30.584665: | TS low c0 00 01 00 Sep 21 07:25:30.584668: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:30.584671: | TS high c0 00 01 ff Sep 21 07:25:30.584674: | TSi: parsed 1 traffic selectors Sep 21 07:25:30.584677: | TSr: parsing 1 traffic selectors Sep 21 07:25:30.584680: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:30.584683: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:30.584686: | IP Protocol ID: 0 (0x0) Sep 21 07:25:30.584688: | length: 16 (0x10) Sep 21 07:25:30.584691: | start port: 0 (0x0) Sep 21 07:25:30.584694: | end port: 65535 (0xffff) Sep 21 07:25:30.584696: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:30.584698: | TS low c0 00 02 00 Sep 21 07:25:30.584701: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:30.584703: | TS high c0 00 02 ff Sep 21 07:25:30.584705: | TSr: parsed 1 traffic selectors Sep 21 07:25:30.584714: | evaluating our conn="westnet-eastnet-ikev2" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:25:30.584719: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:30.584727: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Sep 21 07:25:30.584730: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:30.584732: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:30.584735: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:30.584738: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:30.584744: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:30.584753: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:25:30.584757: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:25:30.584761: | TSr[0] port match: YES fitness 65536 Sep 21 07:25:30.584764: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:25:30.584768: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:30.584771: | best fit so far: TSi[0] TSr[0] Sep 21 07:25:30.584773: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:25:30.584776: | printing contents struct traffic_selector Sep 21 07:25:30.584779: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:25:30.584782: | ipprotoid: 0 Sep 21 07:25:30.584801: | port range: 0-65535 Sep 21 07:25:30.584805: | ip range: 192.0.1.0-192.0.1.255 Sep 21 07:25:30.584810: | printing contents struct traffic_selector Sep 21 07:25:30.584819: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:25:30.584828: | ipprotoid: 0 Sep 21 07:25:30.584833: | port range: 0-65535 Sep 21 07:25:30.584837: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:25:30.584852: | using existing local ESP/AH proposals for westnet-eastnet-ikev2 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:30.584857: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Sep 21 07:25:30.584862: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:30.584865: | local proposal 1 type PRF has 0 transforms Sep 21 07:25:30.584868: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:30.584871: | local proposal 1 type DH has 1 transforms Sep 21 07:25:30.584874: | local proposal 1 type ESN has 1 transforms Sep 21 07:25:30.584878: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:25:30.584881: | local proposal 2 type ENCR has 1 transforms Sep 21 07:25:30.584884: | local proposal 2 type PRF has 0 transforms Sep 21 07:25:30.584887: | local proposal 2 type INTEG has 1 transforms Sep 21 07:25:30.584890: | local proposal 2 type DH has 1 transforms Sep 21 07:25:30.584893: | local proposal 2 type ESN has 1 transforms Sep 21 07:25:30.584896: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:25:30.584898: | local proposal 3 type ENCR has 1 transforms Sep 21 07:25:30.584901: | local proposal 3 type PRF has 0 transforms Sep 21 07:25:30.584903: | local proposal 3 type INTEG has 2 transforms Sep 21 07:25:30.584906: | local proposal 3 type DH has 1 transforms Sep 21 07:25:30.584908: | local proposal 3 type ESN has 1 transforms Sep 21 07:25:30.584911: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:25:30.584914: | local proposal 4 type ENCR has 1 transforms Sep 21 07:25:30.584916: | local proposal 4 type PRF has 0 transforms Sep 21 07:25:30.584919: | local proposal 4 type INTEG has 2 transforms Sep 21 07:25:30.584921: | local proposal 4 type DH has 1 transforms Sep 21 07:25:30.584926: | local proposal 4 type ESN has 1 transforms Sep 21 07:25:30.584930: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:25:30.584934: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.584937: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:30.584940: | length: 32 (0x20) Sep 21 07:25:30.584943: | prop #: 1 (0x1) Sep 21 07:25:30.584946: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:30.584949: | spi size: 4 (0x4) Sep 21 07:25:30.584951: | # transforms: 2 (0x2) Sep 21 07:25:30.584955: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:30.584958: | remote SPI 41 c2 23 57 Sep 21 07:25:30.584962: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:25:30.584965: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.584968: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.584971: | length: 12 (0xc) Sep 21 07:25:30.584973: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.584976: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:30.584979: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.584981: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.584984: | length/value: 256 (0x100) Sep 21 07:25:30.584988: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:30.585086: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.585091: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.585095: | length: 8 (0x8) Sep 21 07:25:30.585098: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:30.585101: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:30.585106: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:25:30.585110: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Sep 21 07:25:30.585115: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Sep 21 07:25:30.585119: | remote proposal 1 matches local proposal 1 Sep 21 07:25:30.585122: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Sep 21 07:25:30.585128: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=41c22357;ENCR=AES_GCM_C_256;ESN=DISABLED Sep 21 07:25:30.585130: | converting proposal to internal trans attrs Sep 21 07:25:30.585136: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:25:30.585316: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:25:30.585323: | could_route called for westnet-eastnet-ikev2 (kind=CK_PERMANENT) Sep 21 07:25:30.585327: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:30.585331: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:30.585334: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 Sep 21 07:25:30.585342: | route owner of "westnet-eastnet-ikev2" unrouted: NULL; eroute owner: NULL Sep 21 07:25:30.585347: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:25:30.585351: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:25:30.585355: | AES_GCM_16 requires 4 salt bytes Sep 21 07:25:30.585358: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:25:30.585363: | setting IPsec SA replay-window to 32 Sep 21 07:25:30.585366: | NIC esp-hw-offload not for connection 'westnet-eastnet-ikev2' not available on interface eth1 Sep 21 07:25:30.585369: | netlink: enabling tunnel mode Sep 21 07:25:30.585372: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:30.585375: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:30.585565: | netlink response for Add SA esp.41c22357@192.1.2.23 included non-error error Sep 21 07:25:30.585573: | set up outgoing SA, ref=0/0 Sep 21 07:25:30.585581: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:25:30.585585: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:25:30.585588: | AES_GCM_16 requires 4 salt bytes Sep 21 07:25:30.585591: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:25:30.585596: | setting IPsec SA replay-window to 32 Sep 21 07:25:30.585600: | NIC esp-hw-offload not for connection 'westnet-eastnet-ikev2' not available on interface eth1 Sep 21 07:25:30.585603: | netlink: enabling tunnel mode Sep 21 07:25:30.585606: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:30.585609: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:30.585814: | netlink response for Add SA esp.bd5ac3d8@192.1.2.45 included non-error error Sep 21 07:25:30.585822: | priority calculation of connection "westnet-eastnet-ikev2" is 0xfe7e7 Sep 21 07:25:30.585831: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) Sep 21 07:25:30.585835: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:30.585895: | raw_eroute result=success Sep 21 07:25:30.585899: | set up incoming SA, ref=0/0 Sep 21 07:25:30.585901: | sr for #2: unrouted Sep 21 07:25:30.585904: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:25:30.585907: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:30.585911: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:30.585914: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 Sep 21 07:25:30.585918: | route owner of "westnet-eastnet-ikev2" unrouted: NULL; eroute owner: NULL Sep 21 07:25:30.585923: | route_and_eroute with c: westnet-eastnet-ikev2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:25:30.585927: | priority calculation of connection "westnet-eastnet-ikev2" is 0xfe7e7 Sep 21 07:25:30.585936: | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:25:30.585940: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:30.585968: | raw_eroute result=success Sep 21 07:25:30.585972: | running updown command "ipsec _updown" for verb up Sep 21 07:25:30.585974: | command executing up-client Sep 21 07:25:30.585998: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0 Sep 21 07:25:30.586001: | popen cmd is 1043 chars long Sep 21 07:25:30.586003: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ike: Sep 21 07:25:30.586005: | cmd( 80):v2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLU: Sep 21 07:25:30.586007: | cmd( 160):TO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' : Sep 21 07:25:30.586008: | cmd( 240):PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLU: Sep 21 07:25:30.586010: | cmd( 320):TO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@: Sep 21 07:25:30.586011: | cmd( 400):east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_P: Sep 21 07:25:30.586015: | cmd( 480):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Sep 21 07:25:30.586017: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+EN: Sep 21 07:25:30.586019: | cmd( 640):CRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KI: Sep 21 07:25:30.586020: | cmd( 720):ND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISC: Sep 21 07:25:30.586022: | cmd( 800):O='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUT: Sep 21 07:25:30.586023: | cmd( 880):O_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_R: Sep 21 07:25:30.586025: | cmd( 960):OUTING='no' VTI_SHARED='no' SPI_IN=0x41c22357 SPI_OUT=0xbd5ac3d8 ipsec _updown 2: Sep 21 07:25:30.586026: | cmd(1040):>&1: Sep 21 07:25:30.593122: | route_and_eroute: firewall_notified: true Sep 21 07:25:30.593137: | running updown command "ipsec _updown" for verb prepare Sep 21 07:25:30.593140: | command executing prepare-client Sep 21 07:25:30.593160: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no Sep 21 07:25:30.593163: | popen cmd is 1048 chars long Sep 21 07:25:30.593165: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Sep 21 07:25:30.593167: | cmd( 80):t-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45: Sep 21 07:25:30.593168: | cmd( 160):' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.: Sep 21 07:25:30.593170: | cmd( 240):1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Sep 21 07:25:30.593172: | cmd( 320):' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_: Sep 21 07:25:30.593173: | cmd( 400):ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PL: Sep 21 07:25:30.593175: | cmd( 480):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Sep 21 07:25:30.593176: | cmd( 560): PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSAS: Sep 21 07:25:30.593178: | cmd( 640):IG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CO: Sep 21 07:25:30.593179: | cmd( 720):NN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER: Sep 21 07:25:30.593181: | cmd( 800):_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='': Sep 21 07:25:30.593183: | cmd( 880): PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' : Sep 21 07:25:30.593184: | cmd( 960):VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x41c22357 SPI_OUT=0xbd5ac3d8 ipsec _upd: Sep 21 07:25:30.593186: | cmd(1040):own 2>&1: Sep 21 07:25:30.599701: | running updown command "ipsec _updown" for verb route Sep 21 07:25:30.599718: | command executing route-client Sep 21 07:25:30.599756: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP Sep 21 07:25:30.599765: | popen cmd is 1046 chars long Sep 21 07:25:30.599769: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Sep 21 07:25:30.599773: | cmd( 80):ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' : Sep 21 07:25:30.599776: | cmd( 160):PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.: Sep 21 07:25:30.599779: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : Sep 21 07:25:30.599786: | cmd( 320):PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: Sep 21 07:25:30.599791: | cmd( 400):='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUT: Sep 21 07:25:30.599794: | cmd( 480):O_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' P: Sep 21 07:25:30.599798: | cmd( 560):LUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG: Sep 21 07:25:30.599801: | cmd( 640):+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN: Sep 21 07:25:30.599804: | cmd( 720):_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_C: Sep 21 07:25:30.599808: | cmd( 800):ISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' P: Sep 21 07:25:30.599811: | cmd( 880):LUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VT: Sep 21 07:25:30.599814: | cmd( 960):I_ROUTING='no' VTI_SHARED='no' SPI_IN=0x41c22357 SPI_OUT=0xbd5ac3d8 ipsec _updow: Sep 21 07:25:30.599817: | cmd(1040):n 2>&1: Sep 21 07:25:30.617099: | route_and_eroute: instance "westnet-eastnet-ikev2", setting eroute_owner {spd=0x56294cf5c8c0,sr=0x56294cf5c8c0} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:25:30.617197: | #1 spent 0.992 milliseconds in install_ipsec_sa() Sep 21 07:25:30.617204: | inR2: instance westnet-eastnet-ikev2[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:25:30.617208: | state #2 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:25:30.617212: | #2 STATE_PARENT_I2: retransmits: cleared Sep 21 07:25:30.617218: | libevent_free: release ptr-libevent@0x7fc734006900 Sep 21 07:25:30.617221: | free_event_entry: release EVENT_RETRANSMIT-pe@0x56294cf658f0 Sep 21 07:25:30.617227: | #2 spent 1.89 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Sep 21 07:25:30.617234: | [RE]START processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:30.617239: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Sep 21 07:25:30.617243: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Sep 21 07:25:30.617247: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:25:30.617250: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:25:30.617256: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Sep 21 07:25:30.617269: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:30.617273: | pstats #2 ikev2.child established Sep 21 07:25:30.617282: "westnet-eastnet-ikev2" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Sep 21 07:25:30.617294: | NAT-T: encaps is 'auto' Sep 21 07:25:30.617300: "westnet-eastnet-ikev2" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x41c22357 <0xbd5ac3d8 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Sep 21 07:25:30.617305: | releasing whack for #2 (sock=fd@25) Sep 21 07:25:30.617308: | close_any(fd@25) (in release_whack() at state.c:654) Sep 21 07:25:30.617311: | releasing whack and unpending for parent #1 Sep 21 07:25:30.617314: | unpending state #1 connection "westnet-eastnet-ikev2" Sep 21 07:25:30.617319: | delete from pending Child SA with 192.1.2.23 "westnet-eastnet-ikev2" Sep 21 07:25:30.617322: | removing pending policy for no connection {0x56294cf2f700} Sep 21 07:25:30.617330: | close_any(fd@24) (in release_whack() at state.c:654) Sep 21 07:25:30.617334: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Sep 21 07:25:30.617337: | event_schedule: new EVENT_SA_REKEY-pe@0x56294cf658f0 Sep 21 07:25:30.617341: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Sep 21 07:25:30.617344: | libevent_malloc: new ptr-libevent@0x7fc734006900 size 128 Sep 21 07:25:30.617350: | stop processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:30.617355: | #1 spent 2.3 milliseconds in ikev2_process_packet() Sep 21 07:25:30.617359: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:30.617362: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:30.617365: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:30.617369: | spent 2.32 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:30.617382: | processing signal PLUTO_SIGCHLD Sep 21 07:25:30.617387: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:30.617392: | spent 0.00532 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:30.617394: | processing signal PLUTO_SIGCHLD Sep 21 07:25:30.617397: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:30.617400: | spent 0.00304 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:30.617403: | processing signal PLUTO_SIGCHLD Sep 21 07:25:30.617406: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:30.617409: | spent 0.00337 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:33.786965: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:33.786983: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:25:33.786986: | FOR_EACH_STATE_... in sort_states Sep 21 07:25:33.786992: | get_sa_info esp.bd5ac3d8@192.1.2.45 Sep 21 07:25:33.787004: | get_sa_info esp.41c22357@192.1.2.23 Sep 21 07:25:33.787019: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:33.787025: | spent 0.0663 milliseconds in whack Sep 21 07:25:34.814971: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:34.815203: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:34.815207: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:34.815271: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:25:34.815274: | FOR_EACH_STATE_... in sort_states Sep 21 07:25:34.815286: | get_sa_info esp.bd5ac3d8@192.1.2.45 Sep 21 07:25:34.815752: | get_sa_info esp.41c22357@192.1.2.23 Sep 21 07:25:34.815778: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:34.815792: | spent 0.822 milliseconds in whack Sep 21 07:25:35.231190: | spent 0.00268 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:35.231211: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:25:35.231215: | 55 ce b8 0f a4 9b 52 7d a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:35.231218: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:25:35.231220: | c0 3f 4a 51 f1 38 a7 93 0d a2 d8 64 96 c2 20 b6 Sep 21 07:25:35.231223: | 4f 84 73 58 1b 4f 05 01 cf 35 47 b0 31 3a 1d 95 Sep 21 07:25:35.231225: | 78 f8 15 22 2d Sep 21 07:25:35.231229: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:35.231232: | **parse ISAKMP Message: Sep 21 07:25:35.231235: | initiator cookie: Sep 21 07:25:35.231237: | 55 ce b8 0f a4 9b 52 7d Sep 21 07:25:35.231239: | responder cookie: Sep 21 07:25:35.231241: | a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:35.231244: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:35.231246: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:35.231249: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:35.231251: | flags: none (0x0) Sep 21 07:25:35.231254: | Message ID: 0 (0x0) Sep 21 07:25:35.231256: | length: 69 (0x45) Sep 21 07:25:35.231259: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:25:35.231263: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:25:35.231267: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:25:35.231273: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:35.231276: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:35.231281: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:35.231284: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:25:35.231288: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 Sep 21 07:25:35.231291: | unpacking clear payload Sep 21 07:25:35.231293: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:35.231296: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:35.231298: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:25:35.231301: | flags: none (0x0) Sep 21 07:25:35.231303: | length: 41 (0x29) Sep 21 07:25:35.231305: | processing payload: ISAKMP_NEXT_v2SK (len=37) Sep 21 07:25:35.231310: | Message ID: start-responder #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:25:35.231313: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:25:35.231328: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:25:35.231330: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:25:35.231334: | **parse IKEv2 Delete Payload: Sep 21 07:25:35.231336: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:35.231339: | flags: none (0x0) Sep 21 07:25:35.231341: | length: 12 (0xc) Sep 21 07:25:35.231344: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:35.231346: | SPI size: 4 (0x4) Sep 21 07:25:35.231348: | number of SPIs: 1 (0x1) Sep 21 07:25:35.231351: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:25:35.231353: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:25:35.231355: | Now let's proceed with state specific processing Sep 21 07:25:35.231358: | calling processor I3: INFORMATIONAL Request Sep 21 07:25:35.231361: | an informational request should send a response Sep 21 07:25:35.231366: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:25:35.231369: | **emit ISAKMP Message: Sep 21 07:25:35.231372: | initiator cookie: Sep 21 07:25:35.231374: | 55 ce b8 0f a4 9b 52 7d Sep 21 07:25:35.231376: | responder cookie: Sep 21 07:25:35.231378: | a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:35.231383: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:35.231386: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:35.231388: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:35.231391: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:25:35.231394: | Message ID: 0 (0x0) Sep 21 07:25:35.231397: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:35.231400: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:35.231403: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:35.231405: | flags: none (0x0) Sep 21 07:25:35.231408: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:35.231411: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:35.231414: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:35.231421: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:25:35.231423: | SPI 41 c2 23 57 Sep 21 07:25:35.231426: | delete PROTO_v2_ESP SA(0x41c22357) Sep 21 07:25:35.231429: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Sep 21 07:25:35.231432: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Sep 21 07:25:35.231435: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x41c22357) Sep 21 07:25:35.231438: "westnet-eastnet-ikev2" #1: received Delete SA payload: replace IPsec State #2 now Sep 21 07:25:35.231441: | state #2 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:35.231445: | libevent_free: release ptr-libevent@0x7fc734006900 Sep 21 07:25:35.231448: | free_event_entry: release EVENT_SA_REKEY-pe@0x56294cf658f0 Sep 21 07:25:35.231451: | event_schedule: new EVENT_SA_REPLACE-pe@0x56294cf658f0 Sep 21 07:25:35.231455: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Sep 21 07:25:35.231459: | libevent_malloc: new ptr-libevent@0x7fc734006900 size 128 Sep 21 07:25:35.231462: | ****emit IKEv2 Delete Payload: Sep 21 07:25:35.231465: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:35.231467: | flags: none (0x0) Sep 21 07:25:35.231469: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:35.231472: | SPI size: 4 (0x4) Sep 21 07:25:35.231474: | number of SPIs: 1 (0x1) Sep 21 07:25:35.231477: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:25:35.231480: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:35.231483: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:25:35.231485: | local SPIs bd 5a c3 d8 Sep 21 07:25:35.231488: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:25:35.231490: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:35.231493: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:35.231496: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:35.231498: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:25:35.231501: | emitting length of ISAKMP Message: 69 Sep 21 07:25:35.231513: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:35.231516: | 55 ce b8 0f a4 9b 52 7d a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:35.231518: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:25:35.231520: | d7 83 60 b6 55 e8 da 79 c3 1e c0 d9 01 fc aa 98 Sep 21 07:25:35.231522: | b7 64 f6 99 aa c6 d4 6a 62 d3 1b 60 4c bf 3f 39 Sep 21 07:25:35.231523: | 23 cd 27 6e 0c Sep 21 07:25:35.231548: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:25:35.231555: | Message ID: sent #1 response 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:25:35.231561: | #1 spent 0.189 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:25:35.231566: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:35.231570: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:25:35.231574: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:25:35.231578: | Message ID: recv #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:25:35.231583: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:35.231586: "westnet-eastnet-ikev2" #1: STATE_PARENT_I3: PARENT SA established Sep 21 07:25:35.231591: | stop processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:35.231596: | #1 spent 0.384 milliseconds in ikev2_process_packet() Sep 21 07:25:35.231600: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:35.231603: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:35.231606: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:35.231610: | spent 0.399 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:35.231619: | timer_event_cb: processing event@0x56294cf658f0 Sep 21 07:25:35.231622: | handling event EVENT_SA_REPLACE for child state #2 Sep 21 07:25:35.231627: | start processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:35.231631: | picked newest_ipsec_sa #2 for #2 Sep 21 07:25:35.231634: | replacing stale CHILD SA Sep 21 07:25:35.231638: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:25:35.231641: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:35.231644: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:25:35.231649: | creating state object #3 at 0x56294cf61e40 Sep 21 07:25:35.231652: | State DB: adding IKEv2 state #3 in UNDEFINED Sep 21 07:25:35.231658: | pstats #3 ikev2.child started Sep 21 07:25:35.231661: | duplicating state object #1 "westnet-eastnet-ikev2" as #3 for IPSEC SA Sep 21 07:25:35.231666: | #3 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:25:35.231671: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:35.231676: | suspend processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:25:35.231680: | start processing: state #3 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:25:35.231682: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Sep 21 07:25:35.231685: | create child proposal's DH changed from no-PFS to MODP2048, flushing Sep 21 07:25:35.231687: | constructing ESP/AH proposals with default DH MODP2048 for westnet-eastnet-ikev2 (ESP/AH initiator emitting proposals) Sep 21 07:25:35.231691: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:25:35.231696: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:25:35.231698: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:25:35.231700: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:25:35.231704: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:35.231706: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:25:35.231708: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:35.231711: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:25:35.231715: "westnet-eastnet-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ikev2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:25:35.231719: | #3 schedule rekey initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Sep 21 07:25:35.231721: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x56294cf674b0 Sep 21 07:25:35.231724: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Sep 21 07:25:35.231725: | libevent_malloc: new ptr-libevent@0x56294cf65240 size 128 Sep 21 07:25:35.231729: | RESET processing: state #3 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:25:35.231731: | event_schedule: new EVENT_SA_EXPIRE-pe@0x56294cf65a20 Sep 21 07:25:35.231733: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Sep 21 07:25:35.231734: | libevent_malloc: new ptr-libevent@0x56294cf652d0 size 128 Sep 21 07:25:35.231736: | libevent_free: release ptr-libevent@0x7fc734006900 Sep 21 07:25:35.231738: | free_event_entry: release EVENT_SA_REPLACE-pe@0x56294cf658f0 Sep 21 07:25:35.231741: | #2 spent 0.123 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:25:35.231743: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:25:35.231747: | timer_event_cb: processing event@0x56294cf674b0 Sep 21 07:25:35.231748: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Sep 21 07:25:35.231751: | start processing: state #3 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:35.231756: | adding Child Rekey Initiator KE and nonce ni work-order 3 for state #3 Sep 21 07:25:35.231758: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56294cf658f0 Sep 21 07:25:35.231760: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:25:35.231761: | libevent_malloc: new ptr-libevent@0x7fc734006900 size 128 Sep 21 07:25:35.231767: | libevent_free: release ptr-libevent@0x56294cf65240 Sep 21 07:25:35.231769: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x56294cf674b0 Sep 21 07:25:35.231771: | #3 spent 0.0243 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:25:35.231774: | stop processing: state #3 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:25:35.231776: | timer_event_cb: processing event@0x56294cf65a20 Sep 21 07:25:35.231778: | handling event EVENT_SA_EXPIRE for child state #2 Sep 21 07:25:35.231777: | crypto helper 5 resuming Sep 21 07:25:35.231781: | start processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:35.231832: | crypto helper 5 starting work-order 3 for state #3 Sep 21 07:25:35.231845: | picked newest_ipsec_sa #2 for #2 Sep 21 07:25:35.231849: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:25:35.231849: | crypto helper 5 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 Sep 21 07:25:35.231852: | pstats #2 ikev2.child re-failed exchange-timeout Sep 21 07:25:35.231856: | pstats #2 ikev2.child deleted completed Sep 21 07:25:35.231859: | #2 spent 2.01 milliseconds in total Sep 21 07:25:35.231866: | [RE]START processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:35.231869: "westnet-eastnet-ikev2" #2: deleting state (STATE_V2_IPSEC_I) aged 4.704s and NOT sending notification Sep 21 07:25:35.231872: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Sep 21 07:25:35.231876: | get_sa_info esp.41c22357@192.1.2.23 Sep 21 07:25:35.231889: | get_sa_info esp.bd5ac3d8@192.1.2.45 Sep 21 07:25:35.231897: "westnet-eastnet-ikev2" #2: ESP traffic information: in=2KB out=2KB Sep 21 07:25:35.231900: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:25:35.231972: | running updown command "ipsec _updown" for verb down Sep 21 07:25:35.231977: | command executing down-client Sep 21 07:25:35.232004: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050730' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED= Sep 21 07:25:35.232008: | popen cmd is 1054 chars long Sep 21 07:25:35.232012: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-i: Sep 21 07:25:35.232015: | cmd( 80):kev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' P: Sep 21 07:25:35.232017: | cmd( 160):LUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0: Sep 21 07:25:35.232019: | cmd( 240):' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' P: Sep 21 07:25:35.232022: | cmd( 320):LUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=: Sep 21 07:25:35.232025: | cmd( 400):'@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO: Sep 21 07:25:35.232027: | cmd( 480):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Sep 21 07:25:35.232030: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050730' PLUTO_CONN_POLICY: Sep 21 07:25:35.232032: | cmd( 640):='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PL: Sep 21 07:25:35.232035: | cmd( 720):UTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_I: Sep 21 07:25:35.232038: | cmd( 800):S_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BAN: Sep 21 07:25:35.232041: | cmd( 880):NER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFA: Sep 21 07:25:35.232043: | cmd( 960):CE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x41c22357 SPI_OUT=0xbd5ac3d8 ipse: Sep 21 07:25:35.232046: | cmd(1040):c _updown 2>&1: Sep 21 07:25:35.233009: | crypto helper 5 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 time elapsed 0.001159 seconds Sep 21 07:25:35.233021: | (#3) spent 1.01 milliseconds in crypto helper computing work-order 3: Child Rekey Initiator KE and nonce ni (pcr) Sep 21 07:25:35.233024: | crypto helper 5 sending results from work-order 3 for state #3 to event queue Sep 21 07:25:35.233027: | scheduling resume sending helper answer for #3 Sep 21 07:25:35.233030: | libevent_malloc: new ptr-libevent@0x7fc730006900 size 128 Sep 21 07:25:35.233036: | crypto helper 5 waiting (nothing to do) Sep 21 07:25:35.254326: | shunt_eroute() called for connection 'westnet-eastnet-ikev2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:25:35.254345: | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:25:35.254350: | priority calculation of connection "westnet-eastnet-ikev2" is 0xfe7e7 Sep 21 07:25:35.254353: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:35.254403: | delete esp.41c22357@192.1.2.23 Sep 21 07:25:35.254433: | netlink response for Del SA esp.41c22357@192.1.2.23 included non-error error Sep 21 07:25:35.254437: | priority calculation of connection "westnet-eastnet-ikev2" is 0xfe7e7 Sep 21 07:25:35.254444: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Sep 21 07:25:35.254485: | raw_eroute result=success Sep 21 07:25:35.254489: | delete esp.bd5ac3d8@192.1.2.45 Sep 21 07:25:35.254509: | netlink response for Del SA esp.bd5ac3d8@192.1.2.45 included non-error error Sep 21 07:25:35.254515: | in connection_discard for connection westnet-eastnet-ikev2 Sep 21 07:25:35.254518: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Sep 21 07:25:35.254523: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:25:35.254529: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:35.254537: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Sep 21 07:25:35.254539: | can't expire unused IKE SA #1; it has the child #3 Sep 21 07:25:35.254544: | libevent_free: release ptr-libevent@0x56294cf652d0 Sep 21 07:25:35.254547: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x56294cf65a20 Sep 21 07:25:35.254550: | in statetime_stop() and could not find #2 Sep 21 07:25:35.254553: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:25:35.254572: | spent 0.00247 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:35.254584: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:25:35.254587: | 55 ce b8 0f a4 9b 52 7d a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:35.254590: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Sep 21 07:25:35.254592: | e1 b3 a7 d6 a0 b0 36 4c 8a 91 a9 f2 74 51 1a d3 Sep 21 07:25:35.254594: | 50 58 ba 27 06 76 d3 7e 25 23 86 37 e7 54 bb c8 Sep 21 07:25:35.254597: | 6e Sep 21 07:25:35.254601: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:35.254605: | **parse ISAKMP Message: Sep 21 07:25:35.254607: | initiator cookie: Sep 21 07:25:35.254610: | 55 ce b8 0f a4 9b 52 7d Sep 21 07:25:35.254612: | responder cookie: Sep 21 07:25:35.254614: | a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:35.254617: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:35.254620: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:35.254623: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:35.254626: | flags: none (0x0) Sep 21 07:25:35.254628: | Message ID: 1 (0x1) Sep 21 07:25:35.254631: | length: 65 (0x41) Sep 21 07:25:35.254634: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:25:35.254637: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:25:35.254641: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:25:35.254647: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:35.254650: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:35.254655: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:35.254658: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:25:35.254662: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 Sep 21 07:25:35.254668: | unpacking clear payload Sep 21 07:25:35.254670: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:35.254673: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:35.254676: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:25:35.254678: | flags: none (0x0) Sep 21 07:25:35.254680: | length: 37 (0x25) Sep 21 07:25:35.254683: | processing payload: ISAKMP_NEXT_v2SK (len=33) Sep 21 07:25:35.254688: | Message ID: start-responder #1 request 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:25:35.254691: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:25:35.254709: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:25:35.254711: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:25:35.254714: | **parse IKEv2 Delete Payload: Sep 21 07:25:35.254717: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:35.254719: | flags: none (0x0) Sep 21 07:25:35.254722: | length: 8 (0x8) Sep 21 07:25:35.254724: | protocol ID: PROTO_v2_IKE (0x1) Sep 21 07:25:35.254727: | SPI size: 0 (0x0) Sep 21 07:25:35.254729: | number of SPIs: 0 (0x0) Sep 21 07:25:35.254732: | processing payload: ISAKMP_NEXT_v2D (len=0) Sep 21 07:25:35.254734: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:25:35.254737: | Now let's proceed with state specific processing Sep 21 07:25:35.254740: | calling processor I3: INFORMATIONAL Request Sep 21 07:25:35.254743: | an informational request should send a response Sep 21 07:25:35.254748: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:25:35.254751: | **emit ISAKMP Message: Sep 21 07:25:35.254754: | initiator cookie: Sep 21 07:25:35.254756: | 55 ce b8 0f a4 9b 52 7d Sep 21 07:25:35.254759: | responder cookie: Sep 21 07:25:35.254761: | a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:35.254763: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:35.254766: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:35.254768: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:35.254771: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:25:35.254774: | Message ID: 1 (0x1) Sep 21 07:25:35.254777: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:35.254780: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:35.254791: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:35.254796: | flags: none (0x0) Sep 21 07:25:35.254800: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:35.254803: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:35.254806: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:35.254816: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:35.254819: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:35.254822: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:35.254825: | emitting length of IKEv2 Encryption Payload: 29 Sep 21 07:25:35.254827: | emitting length of ISAKMP Message: 57 Sep 21 07:25:35.254840: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:35.254843: | 55 ce b8 0f a4 9b 52 7d a0 98 e2 cb 8e a6 da f0 Sep 21 07:25:35.254845: | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d Sep 21 07:25:35.254848: | b9 21 21 09 9e 10 d9 e4 c1 66 54 65 3f 5c 3c 0b Sep 21 07:25:35.254850: | fe 2e ba f9 0c 82 0a a6 99 Sep 21 07:25:35.254882: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:25:35.254889: | Message ID: sent #1 response 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:25:35.254893: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Sep 21 07:25:35.254896: | pstats #3 ikev2.child deleted other Sep 21 07:25:35.254900: | #3 spent 0.0243 milliseconds in total Sep 21 07:25:35.254905: | suspend processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:35.254910: | start processing: state #3 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:35.254915: "westnet-eastnet-ikev2" #3: deleting other state #3 (STATE_CHILDSA_DEL) aged 0.023s and NOT sending notification Sep 21 07:25:35.254918: | child state #3: CHILDSA_DEL(informational) => delete Sep 21 07:25:35.254921: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:35.254924: | libevent_free: release ptr-libevent@0x7fc734006900 Sep 21 07:25:35.254927: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56294cf658f0 Sep 21 07:25:35.254931: | priority calculation of connection "westnet-eastnet-ikev2" is 0xfe7e7 Sep 21 07:25:35.254938: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Sep 21 07:25:35.254949: | raw_eroute result=success Sep 21 07:25:35.254952: | in connection_discard for connection westnet-eastnet-ikev2 Sep 21 07:25:35.254955: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Sep 21 07:25:35.254958: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:25:35.254963: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:35.254968: | resume processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:35.254972: | State DB: IKEv2 state not found (delete_my_family) Sep 21 07:25:35.254975: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Sep 21 07:25:35.254978: | pstats #1 ikev2.ike deleted completed Sep 21 07:25:35.254982: | #1 spent 14.2 milliseconds in total Sep 21 07:25:35.254986: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:35.254990: "westnet-eastnet-ikev2" #1: deleting state (STATE_IKESA_DEL) aged 4.736s and NOT sending notification Sep 21 07:25:35.254992: | parent state #1: IKESA_DEL(established IKE SA) => delete Sep 21 07:25:35.255431: | state #1 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:35.255438: | libevent_free: release ptr-libevent@0x56294cf60190 Sep 21 07:25:35.255441: | free_event_entry: release EVENT_SA_REKEY-pe@0x56294cf60150 Sep 21 07:25:35.255444: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:25:35.255447: | picked newest_isakmp_sa #0 for #1 Sep 21 07:25:35.255450: "westnet-eastnet-ikev2" #1: deleting IKE SA for connection 'westnet-eastnet-ikev2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:25:35.255454: | add revival: connection 'westnet-eastnet-ikev2' added to the list and scheduled for 0 seconds Sep 21 07:25:35.255457: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Sep 21 07:25:35.255461: | in connection_discard for connection westnet-eastnet-ikev2 Sep 21 07:25:35.255498: | State DB: deleting IKEv2 state #1 in IKESA_DEL Sep 21 07:25:35.255504: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Sep 21 07:25:35.255508: | unreference key: 0x56294cee40a0 @east cnt 2-- Sep 21 07:25:35.255551: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:35.255569: | in statetime_stop() and could not find #1 Sep 21 07:25:35.255572: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:35.255580: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Sep 21 07:25:35.255582: | STF_OK but no state object remains Sep 21 07:25:35.255585: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:35.255588: | in statetime_stop() and could not find #1 Sep 21 07:25:35.255593: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:35.255596: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:35.255599: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:35.255604: | spent 0.575 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:35.255613: | processing resume sending helper answer for #3 Sep 21 07:25:35.255616: | crypto helper 5 replies to request ID 3 Sep 21 07:25:35.255619: | calling continuation function 0x56294b097630 Sep 21 07:25:35.255621: | work-order 3 state #3 crypto result suppressed Sep 21 07:25:35.255631: | (#3) spent 0.0141 milliseconds in resume sending helper answer Sep 21 07:25:35.255634: | libevent_free: release ptr-libevent@0x7fc730006900 Sep 21 07:25:35.255637: | processing signal PLUTO_SIGCHLD Sep 21 07:25:35.255642: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:35.255645: | spent 0.00479 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:35.255652: | processing global timer EVENT_REVIVE_CONNS Sep 21 07:25:35.255655: Initiating connection westnet-eastnet-ikev2 which received a Delete/Notify but must remain up per local policy Sep 21 07:25:35.255658: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:35.255662: | start processing: connection "westnet-eastnet-ikev2" (in initiate_a_connection() at initiate.c:186) Sep 21 07:25:35.255665: | connection 'westnet-eastnet-ikev2' +POLICY_UP Sep 21 07:25:35.255668: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Sep 21 07:25:35.255671: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:35.255677: | creating state object #4 at 0x56294cf5daa0 Sep 21 07:25:35.255680: | State DB: adding IKEv2 state #4 in UNDEFINED Sep 21 07:25:35.255687: | pstats #4 ikev2.ike started Sep 21 07:25:35.255690: | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:25:35.255693: | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:25:35.255699: | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:35.255704: | suspend processing: connection "westnet-eastnet-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:25:35.255709: | start processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:25:35.255712: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:25:35.255717: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-ikev2" IKE SA #4 "westnet-eastnet-ikev2" Sep 21 07:25:35.255720: "westnet-eastnet-ikev2" #4: initiating v2 parent SA Sep 21 07:25:35.255737: | using existing local IKE proposals for connection westnet-eastnet-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:35.255741: | adding ikev2_outI1 KE work-order 4 for state #4 Sep 21 07:25:35.255744: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56294cf68060 Sep 21 07:25:35.255750: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Sep 21 07:25:35.255753: | libevent_malloc: new ptr-libevent@0x7fc730006900 size 128 Sep 21 07:25:35.255762: | #4 spent 0.1 milliseconds in ikev2_parent_outI1() Sep 21 07:25:35.255767: | RESET processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:35.255770: | RESET processing: connection "westnet-eastnet-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:35.255773: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:25:35.255778: | spent 0.122 milliseconds in global timer EVENT_REVIVE_CONNS Sep 21 07:25:35.256612: | crypto helper 6 resuming Sep 21 07:25:35.256624: | crypto helper 6 starting work-order 4 for state #4 Sep 21 07:25:35.256629: | crypto helper 6 doing build KE and nonce (ikev2_outI1 KE); request ID 4 Sep 21 07:25:35.257888: | crypto helper 6 finished build KE and nonce (ikev2_outI1 KE); request ID 4 time elapsed 0.001258 seconds Sep 21 07:25:35.257899: | (#4) spent 1 milliseconds in crypto helper computing work-order 4: ikev2_outI1 KE (pcr) Sep 21 07:25:35.257903: | crypto helper 6 sending results from work-order 4 for state #4 to event queue Sep 21 07:25:35.257906: | scheduling resume sending helper answer for #4 Sep 21 07:25:35.257909: | libevent_malloc: new ptr-libevent@0x7fc724006900 size 128 Sep 21 07:25:35.257917: | crypto helper 6 waiting (nothing to do) Sep 21 07:25:35.257925: | processing resume sending helper answer for #4 Sep 21 07:25:35.257935: | start processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:35.257939: | crypto helper 6 replies to request ID 4 Sep 21 07:25:35.257942: | calling continuation function 0x56294b097630 Sep 21 07:25:35.257945: | ikev2_parent_outI1_continue for #4 Sep 21 07:25:35.257950: | **emit ISAKMP Message: Sep 21 07:25:35.257953: | initiator cookie: Sep 21 07:25:35.257955: | 24 24 e9 57 fa 3a 7e a6 Sep 21 07:25:35.257958: | responder cookie: Sep 21 07:25:35.257960: | 00 00 00 00 00 00 00 00 Sep 21 07:25:35.257963: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:35.257966: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:35.257969: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:35.257972: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:35.257974: | Message ID: 0 (0x0) Sep 21 07:25:35.257977: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:35.257995: | using existing local IKE proposals for connection westnet-eastnet-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:35.257998: | Emitting ikev2_proposals ... Sep 21 07:25:35.258001: | ***emit IKEv2 Security Association Payload: Sep 21 07:25:35.258004: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:35.258006: | flags: none (0x0) Sep 21 07:25:35.258009: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:35.258012: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:35.258015: | discarding INTEG=NONE Sep 21 07:25:35.258018: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:35.258024: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:35.258027: | prop #: 1 (0x1) Sep 21 07:25:35.258029: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:35.258031: | spi size: 0 (0x0) Sep 21 07:25:35.258034: | # transforms: 11 (0xb) Sep 21 07:25:35.258037: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:35.258040: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258042: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258045: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:35.258048: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:35.258051: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258054: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:35.258056: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:35.258059: | length/value: 256 (0x100) Sep 21 07:25:35.258062: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:35.258064: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258067: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258069: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:35.258072: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:35.258075: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258078: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258081: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258083: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258086: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258088: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:35.258091: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:35.258094: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258097: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258099: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258102: | discarding INTEG=NONE Sep 21 07:25:35.258104: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258107: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258109: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.258112: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:35.258115: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258118: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258120: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258123: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258125: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258128: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.258130: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:35.258133: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258136: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258139: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258142: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258146: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258148: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.258151: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:35.258154: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258156: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258159: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258162: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258164: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258167: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.258169: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:35.258172: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258175: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258177: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258180: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258183: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258185: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.258188: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:35.258191: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258193: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258196: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258199: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258201: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258204: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.258206: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:35.258209: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258212: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258215: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258217: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258219: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258222: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.258224: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:35.258227: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258230: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258233: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258235: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258238: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:35.258240: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.258243: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:35.258246: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258249: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258253: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258255: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:25:35.258258: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:35.258261: | discarding INTEG=NONE Sep 21 07:25:35.258263: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:35.258266: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:35.258268: | prop #: 2 (0x2) Sep 21 07:25:35.258270: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:35.258273: | spi size: 0 (0x0) Sep 21 07:25:35.258275: | # transforms: 11 (0xb) Sep 21 07:25:35.258278: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:35.258281: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:35.258284: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258286: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258295: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:35.258297: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:35.258302: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258304: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:35.258307: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:35.258310: | length/value: 128 (0x80) Sep 21 07:25:35.258312: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:35.258315: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258317: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258320: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:35.258322: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:35.258325: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258328: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258331: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258333: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258336: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258338: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:35.258341: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:35.258344: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258347: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258349: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258352: | discarding INTEG=NONE Sep 21 07:25:35.258354: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258356: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258359: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.258361: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:35.258364: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258367: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258370: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258372: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258376: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258379: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.258381: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:35.258384: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258387: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258390: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258392: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258394: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258397: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.258399: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:35.258402: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258405: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258408: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258410: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258413: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258415: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.258418: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:35.258421: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258423: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258426: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258428: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258431: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258433: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.258436: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:35.258440: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258442: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258445: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258448: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258450: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258452: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.258455: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:35.258458: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258461: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258463: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258466: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258468: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258471: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.258473: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:35.258476: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258479: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258483: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258485: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258488: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:35.258490: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.258493: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:35.258496: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258499: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258501: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258504: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:25:35.258507: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:35.258509: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:35.258512: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:35.258514: | prop #: 3 (0x3) Sep 21 07:25:35.258517: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:35.258519: | spi size: 0 (0x0) Sep 21 07:25:35.258522: | # transforms: 13 (0xd) Sep 21 07:25:35.258525: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:35.258527: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:35.258530: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258532: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258535: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:35.258537: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:35.258540: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258543: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:35.258546: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:35.258548: | length/value: 256 (0x100) Sep 21 07:25:35.258551: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:35.258553: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258556: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258558: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:35.258561: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:35.258564: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258567: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258569: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258572: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258574: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258577: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:35.258579: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:35.258582: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258585: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258588: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258590: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258593: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258595: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:35.258600: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:35.258603: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258606: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258609: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258611: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258614: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258616: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:35.258619: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:35.258622: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258624: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258627: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258630: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258632: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258635: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.258637: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:35.258640: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258643: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258646: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258648: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258651: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258653: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.258656: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:35.258659: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258661: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258664: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258667: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258669: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258671: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.258674: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:35.258677: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258680: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258682: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258685: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258687: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258690: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.258692: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:35.258695: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258698: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258701: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258705: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258708: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258710: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.258713: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:35.258716: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258718: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258721: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258723: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258726: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258728: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.258731: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:35.258733: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258736: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258739: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258741: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258744: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258746: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.258749: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:35.258752: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258755: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258757: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258760: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258762: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:35.258765: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.258767: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:35.258770: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258773: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258776: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258778: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:25:35.258781: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:35.258799: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:35.258801: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:35.258804: | prop #: 4 (0x4) Sep 21 07:25:35.258806: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:35.258809: | spi size: 0 (0x0) Sep 21 07:25:35.258811: | # transforms: 13 (0xd) Sep 21 07:25:35.258814: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:35.258817: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:35.258820: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258822: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258825: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:35.258827: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:35.258830: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258834: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:35.258837: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:35.258839: | length/value: 128 (0x80) Sep 21 07:25:35.258842: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:35.258845: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258847: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258850: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:35.258852: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:35.258855: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258858: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258861: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258863: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258866: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258868: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:35.258871: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:35.258874: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258876: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258879: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258881: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258884: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258886: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:35.258889: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:35.258892: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258895: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258897: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258900: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258902: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258905: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:35.258907: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:35.258910: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258913: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258916: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258918: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.258921: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258923: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.258983: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:35.258990: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.258993: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.258996: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.258999: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.259002: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.259007: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.259010: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:35.259013: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.259016: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.259018: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.259021: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.259023: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.259026: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.259028: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:35.259031: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.259034: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.259037: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.259039: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.259042: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.259044: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.259047: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:35.259050: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.259052: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.259055: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.259057: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.259060: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.259062: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.259065: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:35.259068: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.259071: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.259073: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.259076: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.259078: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.259081: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.259083: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:35.259086: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.259089: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.259092: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.259094: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.259097: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.259099: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.259102: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:35.259105: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.259107: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.259111: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.259114: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:35.259116: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:35.259119: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:35.259121: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:35.259124: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:35.259127: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:35.259130: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:35.259132: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:25:35.259135: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:35.259138: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:25:35.259141: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:35.259143: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:25:35.259146: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:35.259148: | flags: none (0x0) Sep 21 07:25:35.259151: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:35.259154: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:25:35.259157: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:25:35.259160: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:25:35.259163: | ikev2 g^x 07 50 f2 7f 14 3f 44 03 21 eb 5a 8a 61 f8 9c 3a Sep 21 07:25:35.259165: | ikev2 g^x e7 17 ba 67 10 7e 8a 52 56 cf c6 27 e1 82 fd 48 Sep 21 07:25:35.259168: | ikev2 g^x ff 9a 74 98 65 11 74 b9 c6 75 f8 22 4e fd 90 eb Sep 21 07:25:35.259170: | ikev2 g^x c7 56 83 c9 1b 8d 24 0a 28 d6 0f 7e 42 c6 c9 76 Sep 21 07:25:35.259173: | ikev2 g^x 91 9f fd ab bc 61 e6 3e f2 08 4b 87 55 a8 71 f2 Sep 21 07:25:35.259175: | ikev2 g^x 6a 46 8d e5 d5 c0 9a 38 3b dd 1a 71 3a a0 4a e1 Sep 21 07:25:35.259177: | ikev2 g^x 82 9b 7b 54 84 d8 ba 2b 05 56 e3 95 11 3b fd 89 Sep 21 07:25:35.259180: | ikev2 g^x cf c3 d2 67 91 d7 75 0e 54 b3 48 72 22 df 13 aa Sep 21 07:25:35.259182: | ikev2 g^x da ec f3 d5 62 58 7b d6 69 bb c8 bc 02 fe 8c e1 Sep 21 07:25:35.259185: | ikev2 g^x 0f 0a 24 17 63 45 49 aa 47 18 31 76 65 fa 01 be Sep 21 07:25:35.259187: | ikev2 g^x 11 a3 aa df 3a 78 fd 3b f8 00 4d 94 cf 86 4e 3e Sep 21 07:25:35.259189: | ikev2 g^x 57 da 01 f9 35 8d 09 b8 1c 8c b8 fe 38 99 4f 54 Sep 21 07:25:35.259192: | ikev2 g^x 94 27 5f cd 2d cc e8 18 b9 a7 ec e4 36 96 30 b8 Sep 21 07:25:35.259194: | ikev2 g^x 8f 86 9a ec 52 0f 60 42 07 c0 63 0b 97 2d 66 b3 Sep 21 07:25:35.259196: | ikev2 g^x 34 a3 a6 0a 95 cb ff a6 92 5f be 92 0e 43 61 a3 Sep 21 07:25:35.259199: | ikev2 g^x 7f e2 92 c4 3b 4c c0 35 6a 88 c1 9f e0 13 2f 56 Sep 21 07:25:35.259202: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:25:35.259204: | ***emit IKEv2 Nonce Payload: Sep 21 07:25:35.259207: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:35.259209: | flags: none (0x0) Sep 21 07:25:35.259212: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:25:35.259215: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:25:35.259218: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:25:35.259221: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:25:35.259223: | IKEv2 nonce a6 34 b4 89 24 82 d7 a8 68 26 4f 5d 40 85 3e f4 Sep 21 07:25:35.259227: | IKEv2 nonce 22 ae ca 0d b7 c8 e8 94 9e f5 4e 47 a6 ac 89 f3 Sep 21 07:25:35.259230: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:25:35.259232: | Adding a v2N Payload Sep 21 07:25:35.259235: | ***emit IKEv2 Notify Payload: Sep 21 07:25:35.259237: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:35.259240: | flags: none (0x0) Sep 21 07:25:35.259242: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:35.259245: | SPI size: 0 (0x0) Sep 21 07:25:35.259248: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:35.259251: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:35.259254: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:35.259256: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:25:35.259259: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:25:35.259262: | natd_hash: rcookie is zero Sep 21 07:25:35.259274: | natd_hash: hasher=0x56294b16d7a0(20) Sep 21 07:25:35.259277: | natd_hash: icookie= 24 24 e9 57 fa 3a 7e a6 Sep 21 07:25:35.259279: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:35.259281: | natd_hash: ip= c0 01 02 2d Sep 21 07:25:35.259283: | natd_hash: port= 01 f4 Sep 21 07:25:35.259286: | natd_hash: hash= 81 11 cb d1 a3 f9 5d bc aa 68 12 a7 d1 11 d2 a4 Sep 21 07:25:35.259288: | natd_hash: hash= a1 15 6f d8 Sep 21 07:25:35.259290: | Adding a v2N Payload Sep 21 07:25:35.259293: | ***emit IKEv2 Notify Payload: Sep 21 07:25:35.259295: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:35.259298: | flags: none (0x0) Sep 21 07:25:35.259300: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:35.259302: | SPI size: 0 (0x0) Sep 21 07:25:35.259305: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:35.259308: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:35.259311: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:35.259314: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:35.259316: | Notify data 81 11 cb d1 a3 f9 5d bc aa 68 12 a7 d1 11 d2 a4 Sep 21 07:25:35.259318: | Notify data a1 15 6f d8 Sep 21 07:25:35.259321: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:35.259323: | natd_hash: rcookie is zero Sep 21 07:25:35.259329: | natd_hash: hasher=0x56294b16d7a0(20) Sep 21 07:25:35.259332: | natd_hash: icookie= 24 24 e9 57 fa 3a 7e a6 Sep 21 07:25:35.259334: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:35.259336: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:35.259338: | natd_hash: port= 01 f4 Sep 21 07:25:35.259341: | natd_hash: hash= 73 68 6f 2f 24 89 a1 f9 66 03 6e 0d 80 2f 55 f1 Sep 21 07:25:35.259343: | natd_hash: hash= e5 e2 f6 cd Sep 21 07:25:35.259345: | Adding a v2N Payload Sep 21 07:25:35.259347: | ***emit IKEv2 Notify Payload: Sep 21 07:25:35.259350: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:35.259352: | flags: none (0x0) Sep 21 07:25:35.259355: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:35.259357: | SPI size: 0 (0x0) Sep 21 07:25:35.259359: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:35.259362: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:35.259365: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:35.259368: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:35.259370: | Notify data 73 68 6f 2f 24 89 a1 f9 66 03 6e 0d 80 2f 55 f1 Sep 21 07:25:35.259372: | Notify data e5 e2 f6 cd Sep 21 07:25:35.259375: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:35.259379: | emitting length of ISAKMP Message: 828 Sep 21 07:25:35.259385: | stop processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:25:35.259392: | start processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:35.259395: | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:25:35.259398: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:25:35.259401: | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:25:35.259404: | Message ID: updating counters for #4 to 4294967295 after switching state Sep 21 07:25:35.259407: | Message ID: IKE #4 skipping update_recv as MD is fake Sep 21 07:25:35.259412: | Message ID: sent #4 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:25:35.259415: "westnet-eastnet-ikev2" #4: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:25:35.259420: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Sep 21 07:25:35.259426: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #4) Sep 21 07:25:35.259428: | 24 24 e9 57 fa 3a 7e a6 00 00 00 00 00 00 00 00 Sep 21 07:25:35.259430: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:25:35.259433: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:25:35.259435: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:25:35.259437: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:25:35.259440: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:25:35.259442: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:25:35.259444: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:25:35.259446: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:25:35.259449: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:25:35.259451: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:25:35.259453: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:25:35.259456: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:25:35.259458: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:25:35.259460: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:25:35.259462: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:25:35.259465: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:35.259467: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:25:35.259469: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:25:35.259471: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:25:35.259474: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:25:35.259476: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:25:35.259478: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:25:35.259480: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:25:35.259483: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:25:35.259485: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:25:35.259487: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:25:35.259490: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:25:35.259492: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:25:35.259494: | 28 00 01 08 00 0e 00 00 07 50 f2 7f 14 3f 44 03 Sep 21 07:25:35.259496: | 21 eb 5a 8a 61 f8 9c 3a e7 17 ba 67 10 7e 8a 52 Sep 21 07:25:35.259499: | 56 cf c6 27 e1 82 fd 48 ff 9a 74 98 65 11 74 b9 Sep 21 07:25:35.259501: | c6 75 f8 22 4e fd 90 eb c7 56 83 c9 1b 8d 24 0a Sep 21 07:25:35.259503: | 28 d6 0f 7e 42 c6 c9 76 91 9f fd ab bc 61 e6 3e Sep 21 07:25:35.259505: | f2 08 4b 87 55 a8 71 f2 6a 46 8d e5 d5 c0 9a 38 Sep 21 07:25:35.259511: | 3b dd 1a 71 3a a0 4a e1 82 9b 7b 54 84 d8 ba 2b Sep 21 07:25:35.259513: | 05 56 e3 95 11 3b fd 89 cf c3 d2 67 91 d7 75 0e Sep 21 07:25:35.259515: | 54 b3 48 72 22 df 13 aa da ec f3 d5 62 58 7b d6 Sep 21 07:25:35.259518: | 69 bb c8 bc 02 fe 8c e1 0f 0a 24 17 63 45 49 aa Sep 21 07:25:35.259520: | 47 18 31 76 65 fa 01 be 11 a3 aa df 3a 78 fd 3b Sep 21 07:25:35.259523: | f8 00 4d 94 cf 86 4e 3e 57 da 01 f9 35 8d 09 b8 Sep 21 07:25:35.259525: | 1c 8c b8 fe 38 99 4f 54 94 27 5f cd 2d cc e8 18 Sep 21 07:25:35.259527: | b9 a7 ec e4 36 96 30 b8 8f 86 9a ec 52 0f 60 42 Sep 21 07:25:35.259530: | 07 c0 63 0b 97 2d 66 b3 34 a3 a6 0a 95 cb ff a6 Sep 21 07:25:35.259532: | 92 5f be 92 0e 43 61 a3 7f e2 92 c4 3b 4c c0 35 Sep 21 07:25:35.259534: | 6a 88 c1 9f e0 13 2f 56 29 00 00 24 a6 34 b4 89 Sep 21 07:25:35.259536: | 24 82 d7 a8 68 26 4f 5d 40 85 3e f4 22 ae ca 0d Sep 21 07:25:35.259539: | b7 c8 e8 94 9e f5 4e 47 a6 ac 89 f3 29 00 00 08 Sep 21 07:25:35.259541: | 00 00 40 2e 29 00 00 1c 00 00 40 04 81 11 cb d1 Sep 21 07:25:35.259543: | a3 f9 5d bc aa 68 12 a7 d1 11 d2 a4 a1 15 6f d8 Sep 21 07:25:35.259545: | 00 00 00 1c 00 00 40 05 73 68 6f 2f 24 89 a1 f9 Sep 21 07:25:35.259548: | 66 03 6e 0d 80 2f 55 f1 e5 e2 f6 cd Sep 21 07:25:35.259578: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:35.259583: | libevent_free: release ptr-libevent@0x7fc730006900 Sep 21 07:25:35.259585: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56294cf68060 Sep 21 07:25:35.259588: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:25:35.259592: | event_schedule: new EVENT_RETRANSMIT-pe@0x56294cf68060 Sep 21 07:25:35.259595: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 Sep 21 07:25:35.259598: | libevent_malloc: new ptr-libevent@0x7fc730006900 size 128 Sep 21 07:25:35.259603: | #4 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49381.627856 Sep 21 07:25:35.259607: | resume sending helper answer for #4 suppresed complete_v2_state_transition() and stole MD Sep 21 07:25:35.259612: | #4 spent 1.59 milliseconds in resume sending helper answer Sep 21 07:25:35.259617: | stop processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:35.259619: | libevent_free: release ptr-libevent@0x7fc724006900 Sep 21 07:25:35.392889: | kernel_process_msg_cb process netlink message Sep 21 07:25:35.392906: | netlink_get: XFRM_MSG_ACQUIRE message Sep 21 07:25:35.392910: | xfrm netlink msg len 376 Sep 21 07:25:35.392913: | xfrm acquire rtattribute type 5 Sep 21 07:25:35.392915: | xfrm acquire rtattribute type 16 Sep 21 07:25:35.392929: | add bare shunt 0x56294cf654c0 192.0.1.254/32:8 --1--> 192.0.2.254/32:0 => %hold 0 %acquire-netlink Sep 21 07:25:35.392935: initiate on demand from 192.0.1.254:8 to 192.0.2.254:0 proto=1 because: acquire Sep 21 07:25:35.392941: | find_connection: looking for policy for connection: 192.0.1.254:1/8 -> 192.0.2.254:1/0 Sep 21 07:25:35.392944: | FOR_EACH_CONNECTION_... in find_connection_for_clients Sep 21 07:25:35.392949: | find_connection: conn "westnet-eastnet-ikev2" has compatible peers: 192.0.1.0/24:0 -> 192.0.2.0/24:0 [pri: 25214986] Sep 21 07:25:35.392953: | find_connection: first OK "westnet-eastnet-ikev2" [pri:25214986]{0x56294cf5c770} (child none) Sep 21 07:25:35.392956: | find_connection: concluding with "westnet-eastnet-ikev2" [pri:25214986]{0x56294cf5c770} kind=CK_PERMANENT Sep 21 07:25:35.392959: | assign hold, routing was prospective erouted, needs to be erouted HOLD Sep 21 07:25:35.392961: | assign_holdpass() need broad(er) shunt Sep 21 07:25:35.392964: | priority calculation of connection "westnet-eastnet-ikev2" is 0xfe7e7 Sep 21 07:25:35.392971: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => %hold>%hold (raw_eroute) Sep 21 07:25:35.392978: | netlink_raw_eroute: SPI_HOLD implemented as no-op Sep 21 07:25:35.392981: | raw_eroute result=success Sep 21 07:25:35.392983: | assign_holdpass() eroute_connection() done Sep 21 07:25:35.392985: | fiddle_bare_shunt called Sep 21 07:25:35.392988: | fiddle_bare_shunt with transport_proto 1 Sep 21 07:25:35.392990: | removing specific host-to-host bare shunt Sep 21 07:25:35.392995: | delete narrow %hold eroute 192.0.1.254/32:8 --1-> 192.0.2.254/32:0 => %hold (raw_eroute) Sep 21 07:25:35.392998: | netlink_raw_eroute: SPI_PASS Sep 21 07:25:35.393012: | raw_eroute result=success Sep 21 07:25:35.393015: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Sep 21 07:25:35.393021: | delete bare shunt 0x56294cf654c0 192.0.1.254/32:8 --1--> 192.0.2.254/32:0 => %hold 0 %acquire-netlink Sep 21 07:25:35.393024: assign_holdpass() delete_bare_shunt() failed Sep 21 07:25:35.393026: initiate_ondemand_body() failed to install negotiation_shunt, Sep 21 07:25:35.393029: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:35.393035: | Ignored already queued up pending IPsec SA negotiation with 192.1.2.23 "westnet-eastnet-ikev2" Sep 21 07:25:35.393039: | initiate on demand using RSASIG from 192.0.1.254 to 192.0.2.254 Sep 21 07:25:35.393047: | spent 0.142 milliseconds in kernel message Sep 21 07:25:35.759438: | timer_event_cb: processing event@0x56294cf68060 Sep 21 07:25:35.759458: | handling event EVENT_RETRANSMIT for parent state #4 Sep 21 07:25:35.759466: | start processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:35.759470: | IKEv2 retransmit event Sep 21 07:25:35.759474: | [RE]START processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:144) Sep 21 07:25:35.759479: | handling event EVENT_RETRANSMIT for 192.1.2.23 "westnet-eastnet-ikev2" #4 attempt 2 of 0 Sep 21 07:25:35.759483: | and parent for 192.1.2.23 "westnet-eastnet-ikev2" #4 keying attempt 1 of 0; retransmit 1 Sep 21 07:25:35.759490: | retransmits: current time 49382.127751; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.499895 exceeds limit? NO Sep 21 07:25:35.759493: | event_schedule: new EVENT_RETRANSMIT-pe@0x7fc724002b20 Sep 21 07:25:35.759497: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 Sep 21 07:25:35.759501: | libevent_malloc: new ptr-libevent@0x7fc724006900 size 128 Sep 21 07:25:35.759506: "westnet-eastnet-ikev2" #4: STATE_PARENT_I1: retransmission; will wait 0.5 seconds for response Sep 21 07:25:35.759513: | sending 828 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #4) Sep 21 07:25:35.759517: | 24 24 e9 57 fa 3a 7e a6 00 00 00 00 00 00 00 00 Sep 21 07:25:35.759519: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:25:35.759522: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:25:35.759524: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:25:35.759526: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:25:35.759528: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:25:35.759530: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:25:35.759533: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:25:35.759535: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:25:35.759537: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:25:35.759540: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:25:35.759542: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:25:35.759544: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:25:35.759546: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:25:35.759549: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:25:35.759551: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:25:35.759554: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:35.759561: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:25:35.759563: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:25:35.759566: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:25:35.759569: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:25:35.759571: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:25:35.759573: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:25:35.759576: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:25:35.759578: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:25:35.759580: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:25:35.759583: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:25:35.759585: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:25:35.759587: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:25:35.759589: | 28 00 01 08 00 0e 00 00 07 50 f2 7f 14 3f 44 03 Sep 21 07:25:35.759592: | 21 eb 5a 8a 61 f8 9c 3a e7 17 ba 67 10 7e 8a 52 Sep 21 07:25:35.759594: | 56 cf c6 27 e1 82 fd 48 ff 9a 74 98 65 11 74 b9 Sep 21 07:25:35.759597: | c6 75 f8 22 4e fd 90 eb c7 56 83 c9 1b 8d 24 0a Sep 21 07:25:35.759599: | 28 d6 0f 7e 42 c6 c9 76 91 9f fd ab bc 61 e6 3e Sep 21 07:25:35.759601: | f2 08 4b 87 55 a8 71 f2 6a 46 8d e5 d5 c0 9a 38 Sep 21 07:25:35.759603: | 3b dd 1a 71 3a a0 4a e1 82 9b 7b 54 84 d8 ba 2b Sep 21 07:25:35.759606: | 05 56 e3 95 11 3b fd 89 cf c3 d2 67 91 d7 75 0e Sep 21 07:25:35.759608: | 54 b3 48 72 22 df 13 aa da ec f3 d5 62 58 7b d6 Sep 21 07:25:35.759611: | 69 bb c8 bc 02 fe 8c e1 0f 0a 24 17 63 45 49 aa Sep 21 07:25:35.759613: | 47 18 31 76 65 fa 01 be 11 a3 aa df 3a 78 fd 3b Sep 21 07:25:35.759616: | f8 00 4d 94 cf 86 4e 3e 57 da 01 f9 35 8d 09 b8 Sep 21 07:25:35.759618: | 1c 8c b8 fe 38 99 4f 54 94 27 5f cd 2d cc e8 18 Sep 21 07:25:35.759620: | b9 a7 ec e4 36 96 30 b8 8f 86 9a ec 52 0f 60 42 Sep 21 07:25:35.759622: | 07 c0 63 0b 97 2d 66 b3 34 a3 a6 0a 95 cb ff a6 Sep 21 07:25:35.759625: | 92 5f be 92 0e 43 61 a3 7f e2 92 c4 3b 4c c0 35 Sep 21 07:25:35.759627: | 6a 88 c1 9f e0 13 2f 56 29 00 00 24 a6 34 b4 89 Sep 21 07:25:35.759629: | 24 82 d7 a8 68 26 4f 5d 40 85 3e f4 22 ae ca 0d Sep 21 07:25:35.759632: | b7 c8 e8 94 9e f5 4e 47 a6 ac 89 f3 29 00 00 08 Sep 21 07:25:35.759634: | 00 00 40 2e 29 00 00 1c 00 00 40 04 81 11 cb d1 Sep 21 07:25:35.759637: | a3 f9 5d bc aa 68 12 a7 d1 11 d2 a4 a1 15 6f d8 Sep 21 07:25:35.759639: | 00 00 00 1c 00 00 40 05 73 68 6f 2f 24 89 a1 f9 Sep 21 07:25:35.759642: | 66 03 6e 0d 80 2f 55 f1 e5 e2 f6 cd Sep 21 07:25:35.759662: | libevent_free: release ptr-libevent@0x7fc730006900 Sep 21 07:25:35.759667: | free_event_entry: release EVENT_RETRANSMIT-pe@0x56294cf68060 Sep 21 07:25:35.759675: | #4 spent 0.235 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:25:35.759680: | stop processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:25:36.259825: | timer_event_cb: processing event@0x7fc724002b20 Sep 21 07:25:36.259844: | handling event EVENT_RETRANSMIT for parent state #4 Sep 21 07:25:36.259853: | start processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:36.259857: | IKEv2 retransmit event Sep 21 07:25:36.259862: | [RE]START processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:144) Sep 21 07:25:36.259867: | handling event EVENT_RETRANSMIT for 192.1.2.23 "westnet-eastnet-ikev2" #4 attempt 2 of 0 Sep 21 07:25:36.259871: | and parent for 192.1.2.23 "westnet-eastnet-ikev2" #4 keying attempt 1 of 0; retransmit 2 Sep 21 07:25:36.259877: | retransmits: current time 49382.628139; retransmit count 1 exceeds limit? NO; deltatime 1 exceeds limit? NO; monotime 1.000283 exceeds limit? NO Sep 21 07:25:36.259881: | event_schedule: new EVENT_RETRANSMIT-pe@0x56294cf68060 Sep 21 07:25:36.259891: | inserting event EVENT_RETRANSMIT, timeout in 1 seconds for #4 Sep 21 07:25:36.259895: | libevent_malloc: new ptr-libevent@0x7fc730006900 size 128 Sep 21 07:25:36.259900: "westnet-eastnet-ikev2" #4: STATE_PARENT_I1: retransmission; will wait 1 seconds for response Sep 21 07:25:36.259906: | sending 828 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #4) Sep 21 07:25:36.259909: | 24 24 e9 57 fa 3a 7e a6 00 00 00 00 00 00 00 00 Sep 21 07:25:36.259911: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:25:36.259913: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:25:36.259916: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:25:36.259918: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:25:36.259920: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:25:36.259923: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:25:36.259925: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:25:36.259927: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:25:36.259929: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:25:36.259932: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:25:36.259934: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:25:36.259936: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:25:36.259939: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:25:36.259941: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:25:36.259943: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:25:36.259945: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:36.259948: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:25:36.259950: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:25:36.259952: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:25:36.259955: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:25:36.259957: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:25:36.259959: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:25:36.259961: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:25:36.259964: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:25:36.259966: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:25:36.259968: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:25:36.259971: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:25:36.259973: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:25:36.259975: | 28 00 01 08 00 0e 00 00 07 50 f2 7f 14 3f 44 03 Sep 21 07:25:36.259977: | 21 eb 5a 8a 61 f8 9c 3a e7 17 ba 67 10 7e 8a 52 Sep 21 07:25:36.259980: | 56 cf c6 27 e1 82 fd 48 ff 9a 74 98 65 11 74 b9 Sep 21 07:25:36.259982: | c6 75 f8 22 4e fd 90 eb c7 56 83 c9 1b 8d 24 0a Sep 21 07:25:36.259984: | 28 d6 0f 7e 42 c6 c9 76 91 9f fd ab bc 61 e6 3e Sep 21 07:25:36.259987: | f2 08 4b 87 55 a8 71 f2 6a 46 8d e5 d5 c0 9a 38 Sep 21 07:25:36.259989: | 3b dd 1a 71 3a a0 4a e1 82 9b 7b 54 84 d8 ba 2b Sep 21 07:25:36.259991: | 05 56 e3 95 11 3b fd 89 cf c3 d2 67 91 d7 75 0e Sep 21 07:25:36.259994: | 54 b3 48 72 22 df 13 aa da ec f3 d5 62 58 7b d6 Sep 21 07:25:36.259996: | 69 bb c8 bc 02 fe 8c e1 0f 0a 24 17 63 45 49 aa Sep 21 07:25:36.259998: | 47 18 31 76 65 fa 01 be 11 a3 aa df 3a 78 fd 3b Sep 21 07:25:36.260000: | f8 00 4d 94 cf 86 4e 3e 57 da 01 f9 35 8d 09 b8 Sep 21 07:25:36.260003: | 1c 8c b8 fe 38 99 4f 54 94 27 5f cd 2d cc e8 18 Sep 21 07:25:36.260005: | b9 a7 ec e4 36 96 30 b8 8f 86 9a ec 52 0f 60 42 Sep 21 07:25:36.260007: | 07 c0 63 0b 97 2d 66 b3 34 a3 a6 0a 95 cb ff a6 Sep 21 07:25:36.260009: | 92 5f be 92 0e 43 61 a3 7f e2 92 c4 3b 4c c0 35 Sep 21 07:25:36.260012: | 6a 88 c1 9f e0 13 2f 56 29 00 00 24 a6 34 b4 89 Sep 21 07:25:36.260016: | 24 82 d7 a8 68 26 4f 5d 40 85 3e f4 22 ae ca 0d Sep 21 07:25:36.260018: | b7 c8 e8 94 9e f5 4e 47 a6 ac 89 f3 29 00 00 08 Sep 21 07:25:36.260020: | 00 00 40 2e 29 00 00 1c 00 00 40 04 81 11 cb d1 Sep 21 07:25:36.260022: | a3 f9 5d bc aa 68 12 a7 d1 11 d2 a4 a1 15 6f d8 Sep 21 07:25:36.260025: | 00 00 00 1c 00 00 40 05 73 68 6f 2f 24 89 a1 f9 Sep 21 07:25:36.260027: | 66 03 6e 0d 80 2f 55 f1 e5 e2 f6 cd Sep 21 07:25:36.260045: | libevent_free: release ptr-libevent@0x7fc724006900 Sep 21 07:25:36.260048: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fc724002b20 Sep 21 07:25:36.260055: | #4 spent 0.229 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:25:36.260061: | stop processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:25:36.588528: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:36.588549: shutting down Sep 21 07:25:36.588556: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:25:36.588560: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:25:36.588566: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:36.588568: forgetting secrets Sep 21 07:25:36.588574: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:36.588578: | unreference key: 0x56294cee40a0 @east cnt 1-- Sep 21 07:25:36.588581: | unreference key: 0x56294cee6ec0 @west cnt 1-- Sep 21 07:25:36.588586: | start processing: connection "westnet-eastnet-ikev2" (in delete_connection() at connections.c:189) Sep 21 07:25:36.588589: | removing pending policy for no connection {0x56294cf600a0} Sep 21 07:25:36.588592: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:25:36.588594: | pass 0 Sep 21 07:25:36.588597: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:36.588599: | state #4 Sep 21 07:25:36.588603: | suspend processing: connection "westnet-eastnet-ikev2" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:25:36.588608: | start processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:25:36.588611: | pstats #4 ikev2.ike deleted other Sep 21 07:25:36.588614: | #4 spent 3.15 milliseconds in total Sep 21 07:25:36.588619: | [RE]START processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:36.588623: "westnet-eastnet-ikev2" #4: deleting state (STATE_PARENT_I1) aged 1.332s and NOT sending notification Sep 21 07:25:36.588626: | parent state #4: PARENT_I1(half-open IKE SA) => delete Sep 21 07:25:36.588629: | state #4 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:25:36.588632: | #4 STATE_PARENT_I1: retransmits: cleared Sep 21 07:25:36.588635: | libevent_free: release ptr-libevent@0x7fc730006900 Sep 21 07:25:36.588638: | free_event_entry: release EVENT_RETRANSMIT-pe@0x56294cf68060 Sep 21 07:25:36.588641: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:25:36.588644: | picked newest_isakmp_sa #0 for #4 Sep 21 07:25:36.588647: "westnet-eastnet-ikev2" #4: deleting IKE SA for connection 'westnet-eastnet-ikev2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:25:36.588650: | add revival: connection 'westnet-eastnet-ikev2' added to the list and scheduled for 5 seconds Sep 21 07:25:36.588653: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Sep 21 07:25:36.588659: | stop processing: connection "westnet-eastnet-ikev2" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:25:36.588662: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:25:36.588664: | in connection_discard for connection westnet-eastnet-ikev2 Sep 21 07:25:36.588667: | State DB: deleting IKEv2 state #4 in PARENT_I1 Sep 21 07:25:36.588673: | parent state #4: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Sep 21 07:25:36.588692: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:36.588696: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:25:36.588699: | pass 1 Sep 21 07:25:36.588701: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:36.588708: | shunt_eroute() called for connection 'westnet-eastnet-ikev2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:25:36.588714: | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:25:36.588717: | priority calculation of connection "westnet-eastnet-ikev2" is 0xfe7e7 Sep 21 07:25:36.588763: | priority calculation of connection "westnet-eastnet-ikev2" is 0xfe7e7 Sep 21 07:25:36.588774: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:36.588777: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:36.588780: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 Sep 21 07:25:36.588787: | route owner of "westnet-eastnet-ikev2" unrouted: NULL Sep 21 07:25:36.588792: | running updown command "ipsec _updown" for verb unroute Sep 21 07:25:36.588795: | command executing unroute-client Sep 21 07:25:36.588822: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='n Sep 21 07:25:36.588825: | popen cmd is 1035 chars long Sep 21 07:25:36.588828: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Sep 21 07:25:36.588831: | cmd( 80):t-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45: Sep 21 07:25:36.588833: | cmd( 160):' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.: Sep 21 07:25:36.588836: | cmd( 240):1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Sep 21 07:25:36.588839: | cmd( 320):' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER: Sep 21 07:25:36.588841: | cmd( 400):_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' P: Sep 21 07:25:36.588844: | cmd( 480):LUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0: Sep 21 07:25:36.588846: | cmd( 560):' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSA: Sep 21 07:25:36.588849: | cmd( 640):SIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_C: Sep 21 07:25:36.588851: | cmd( 720):ONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEE: Sep 21 07:25:36.588854: | cmd( 800):R_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=': Sep 21 07:25:36.588856: | cmd( 880):' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='': Sep 21 07:25:36.588859: | cmd( 960): VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:25:36.667335: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.667353: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.667358: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.667368: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.667382: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.667394: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.667408: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.667421: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.667432: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.667445: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.667457: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.667471: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.667485: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.667497: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.667511: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.667523: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.667537: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.668482: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.668495: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.668510: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.668523: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.668538: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.668551: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.668564: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.668576: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.668588: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.668603: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.668615: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.668627: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.668640: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.668652: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.668667: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.668680: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.668692: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.668705: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.668722: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.668737: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.668749: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.668761: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.668773: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674323: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674344: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674357: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674370: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674383: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674396: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674410: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674422: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674435: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674450: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674463: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674476: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674489: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674502: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674516: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674528: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674543: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674556: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674568: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674581: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674593: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674608: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674621: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674633: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674646: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674659: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674674: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674686: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674698: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674711: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674723: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674737: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674750: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674763: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674775: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674815: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674820: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674823: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674826: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674841: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674854: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674869: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674881: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674894: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674907: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674920: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674934: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674947: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674959: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674971: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674984: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.674998: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.675010: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.675022: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.675037: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.675050: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.675064: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:36.757813: | free hp@0x56294cf28500 Sep 21 07:25:36.757832: | flush revival: connection 'westnet-eastnet-ikev2' revival flushed Sep 21 07:25:36.757836: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:25:36.757844: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:25:36.757847: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:25:36.757862: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:25:36.757866: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:25:36.757870: shutting down interface eth0/eth0 192.0.1.254:4500 Sep 21 07:25:36.757873: shutting down interface eth0/eth0 192.0.1.254:500 Sep 21 07:25:36.757876: shutting down interface eth1/eth1 192.1.2.45:4500 Sep 21 07:25:36.757879: shutting down interface eth1/eth1 192.1.2.45:500 Sep 21 07:25:36.757883: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:25:36.757892: | libevent_free: release ptr-libevent@0x56294cf5ba30 Sep 21 07:25:36.757896: | free_event_entry: release EVENT_NULL-pe@0x56294cf5b9f0 Sep 21 07:25:36.757907: | libevent_free: release ptr-libevent@0x56294cf5bb20 Sep 21 07:25:36.757910: | free_event_entry: release EVENT_NULL-pe@0x56294cf5bae0 Sep 21 07:25:36.757917: | libevent_free: release ptr-libevent@0x56294cf5bc10 Sep 21 07:25:36.757920: | free_event_entry: release EVENT_NULL-pe@0x56294cf5bbd0 Sep 21 07:25:36.757926: | libevent_free: release ptr-libevent@0x56294cf5bd00 Sep 21 07:25:36.757929: | free_event_entry: release EVENT_NULL-pe@0x56294cf5bcc0 Sep 21 07:25:36.757936: | libevent_free: release ptr-libevent@0x56294cf5bdf0 Sep 21 07:25:36.757939: | free_event_entry: release EVENT_NULL-pe@0x56294cf5bdb0 Sep 21 07:25:36.757945: | libevent_free: release ptr-libevent@0x56294cf5bee0 Sep 21 07:25:36.757948: | free_event_entry: release EVENT_NULL-pe@0x56294cf5bea0 Sep 21 07:25:36.757953: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:25:36.758489: | libevent_free: release ptr-libevent@0x56294cf5b350 Sep 21 07:25:36.758496: | free_event_entry: release EVENT_NULL-pe@0x56294cf3f290 Sep 21 07:25:36.758501: | libevent_free: release ptr-libevent@0x56294cf50e60 Sep 21 07:25:36.758504: | free_event_entry: release EVENT_NULL-pe@0x56294cf44c70 Sep 21 07:25:36.758508: | libevent_free: release ptr-libevent@0x56294cf50dd0 Sep 21 07:25:36.758510: | free_event_entry: release EVENT_NULL-pe@0x56294cf44cb0 Sep 21 07:25:36.758514: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:25:36.758516: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:25:36.758518: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:25:36.758521: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:25:36.758523: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:25:36.758526: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:25:36.758528: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:25:36.758531: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:25:36.758533: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:25:36.758538: | libevent_free: release ptr-libevent@0x56294cf5b420 Sep 21 07:25:36.758541: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:25:36.758545: | libevent_free: release ptr-libevent@0x56294cf5b500 Sep 21 07:25:36.758547: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:25:36.758550: | libevent_free: release ptr-libevent@0x56294cf5b5c0 Sep 21 07:25:36.758552: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:25:36.758556: | libevent_free: release ptr-libevent@0x56294cf501d0 Sep 21 07:25:36.758558: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:25:36.758560: | releasing event base Sep 21 07:25:36.758574: | libevent_free: release ptr-libevent@0x56294cf5b680 Sep 21 07:25:36.758577: | libevent_free: release ptr-libevent@0x56294cf30d00 Sep 21 07:25:36.758581: | libevent_free: release ptr-libevent@0x56294cf3f5d0 Sep 21 07:25:36.758588: | libevent_free: release ptr-libevent@0x56294cf3f6a0 Sep 21 07:25:36.758591: | libevent_free: release ptr-libevent@0x56294cf3f5f0 Sep 21 07:25:36.758594: | libevent_free: release ptr-libevent@0x56294cf5b3e0 Sep 21 07:25:36.758596: | libevent_free: release ptr-libevent@0x56294cf5b4c0 Sep 21 07:25:36.758599: | libevent_free: release ptr-libevent@0x56294cf3f680 Sep 21 07:25:36.758601: | libevent_free: release ptr-libevent@0x56294cf43f90 Sep 21 07:25:36.758603: | libevent_free: release ptr-libevent@0x56294cf43fb0 Sep 21 07:25:36.758606: | libevent_free: release ptr-libevent@0x56294cf5bf70 Sep 21 07:25:36.758608: | libevent_free: release ptr-libevent@0x56294cf5be80 Sep 21 07:25:36.758610: | libevent_free: release ptr-libevent@0x56294cf5bd90 Sep 21 07:25:36.758613: | libevent_free: release ptr-libevent@0x56294cf5bca0 Sep 21 07:25:36.758615: | libevent_free: release ptr-libevent@0x56294cf5bbb0 Sep 21 07:25:36.758617: | libevent_free: release ptr-libevent@0x56294cf5bac0 Sep 21 07:25:36.758620: | libevent_free: release ptr-libevent@0x56294cec1370 Sep 21 07:25:36.758622: | libevent_free: release ptr-libevent@0x56294cf5b5a0 Sep 21 07:25:36.758625: | libevent_free: release ptr-libevent@0x56294cf5b4e0 Sep 21 07:25:36.758627: | libevent_free: release ptr-libevent@0x56294cf5b400 Sep 21 07:25:36.758630: | libevent_free: release ptr-libevent@0x56294cf5b660 Sep 21 07:25:36.758632: | libevent_free: release ptr-libevent@0x56294cebf6c0 Sep 21 07:25:36.758635: | libevent_free: release ptr-libevent@0x56294cf3f610 Sep 21 07:25:36.758637: | libevent_free: release ptr-libevent@0x56294cf3f640 Sep 21 07:25:36.758640: | libevent_free: release ptr-libevent@0x56294cf3f330 Sep 21 07:25:36.758642: | releasing global libevent data Sep 21 07:25:36.758645: | libevent_free: release ptr-libevent@0x56294cf3e020 Sep 21 07:25:36.758648: | libevent_free: release ptr-libevent@0x56294cf3f2d0 Sep 21 07:25:36.758651: | libevent_free: release ptr-libevent@0x56294cf3f300