Sep 21 07:25:30.863964: FIPS Product: YES Sep 21 07:25:30.864058: FIPS Kernel: NO Sep 21 07:25:30.864060: FIPS Mode: NO Sep 21 07:25:30.864061: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:25:30.864200: Initializing NSS Sep 21 07:25:30.864203: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:25:30.904922: NSS initialized Sep 21 07:25:30.904935: NSS crypto library initialized Sep 21 07:25:30.904937: FIPS HMAC integrity support [enabled] Sep 21 07:25:30.904938: FIPS mode disabled for pluto daemon Sep 21 07:25:30.952687: FIPS HMAC integrity verification self-test FAILED Sep 21 07:25:30.952777: libcap-ng support [enabled] Sep 21 07:25:30.952790: Linux audit support [enabled] Sep 21 07:25:30.952813: Linux audit activated Sep 21 07:25:30.952821: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:9299 Sep 21 07:25:30.952822: core dump dir: /var/tmp Sep 21 07:25:30.952824: secrets file: /etc/ipsec.secrets Sep 21 07:25:30.952825: leak-detective disabled Sep 21 07:25:30.952827: NSS crypto [enabled] Sep 21 07:25:30.952828: XAUTH PAM support [enabled] Sep 21 07:25:30.952884: | libevent is using pluto's memory allocator Sep 21 07:25:30.952889: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:25:30.952902: | libevent_malloc: new ptr-libevent@0x55b383d814b0 size 40 Sep 21 07:25:30.952904: | libevent_malloc: new ptr-libevent@0x55b383d814e0 size 40 Sep 21 07:25:30.952907: | libevent_malloc: new ptr-libevent@0x55b383d831d0 size 40 Sep 21 07:25:30.952909: | creating event base Sep 21 07:25:30.952911: | libevent_malloc: new ptr-libevent@0x55b383d82ab0 size 56 Sep 21 07:25:30.952913: | libevent_malloc: new ptr-libevent@0x55b383d83200 size 664 Sep 21 07:25:30.952921: | libevent_malloc: new ptr-libevent@0x55b383d834a0 size 24 Sep 21 07:25:30.952923: | libevent_malloc: new ptr-libevent@0x55b383d56bd0 size 384 Sep 21 07:25:30.952930: | libevent_malloc: new ptr-libevent@0x55b383d834c0 size 16 Sep 21 07:25:30.952932: | libevent_malloc: new ptr-libevent@0x55b383d834e0 size 40 Sep 21 07:25:30.952934: | libevent_malloc: new ptr-libevent@0x55b383d83510 size 48 Sep 21 07:25:30.952937: | libevent_realloc: new ptr-libevent@0x55b383d83550 size 256 Sep 21 07:25:30.952939: | libevent_malloc: new ptr-libevent@0x55b383d83660 size 16 Sep 21 07:25:30.952943: | libevent_free: release ptr-libevent@0x55b383d82ab0 Sep 21 07:25:30.952946: | libevent initialized Sep 21 07:25:30.952948: | libevent_realloc: new ptr-libevent@0x55b383d83680 size 64 Sep 21 07:25:30.952953: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:25:30.952963: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:25:30.952965: NAT-Traversal support [enabled] Sep 21 07:25:30.952967: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:25:30.952971: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:25:30.952973: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:25:30.953001: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:25:30.953003: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:25:30.953005: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:25:30.953043: Encryption algorithms: Sep 21 07:25:30.953047: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:25:30.953050: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:25:30.953052: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:25:30.953054: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:25:30.953056: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:25:30.953063: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:25:30.953065: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:25:30.953067: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:25:30.953069: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:25:30.953072: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:25:30.953074: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:25:30.953076: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:25:30.953078: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:25:30.953080: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:25:30.953082: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:25:30.953084: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:25:30.953086: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:25:30.953091: Hash algorithms: Sep 21 07:25:30.953093: MD5 IKEv1: IKE IKEv2: Sep 21 07:25:30.953095: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:25:30.953097: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:25:30.953099: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:25:30.953100: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:25:30.953111: PRF algorithms: Sep 21 07:25:30.953113: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:25:30.953115: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:25:30.953117: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:25:30.953119: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:25:30.953121: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:25:30.953123: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:25:30.953138: Integrity algorithms: Sep 21 07:25:30.953140: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:25:30.953142: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:25:30.953145: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:25:30.953147: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:25:30.953149: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:25:30.953151: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:25:30.953153: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:25:30.953155: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:25:30.953157: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:25:30.953165: DH algorithms: Sep 21 07:25:30.953167: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:25:30.953169: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:25:30.953170: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:25:30.953175: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:25:30.953177: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:25:30.953179: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:25:30.953180: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:25:30.953182: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:25:30.953184: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:25:30.953186: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:25:30.953188: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:25:30.953189: testing CAMELLIA_CBC: Sep 21 07:25:30.953191: Camellia: 16 bytes with 128-bit key Sep 21 07:25:30.953278: Camellia: 16 bytes with 128-bit key Sep 21 07:25:30.953296: Camellia: 16 bytes with 256-bit key Sep 21 07:25:30.953313: Camellia: 16 bytes with 256-bit key Sep 21 07:25:30.953330: testing AES_GCM_16: Sep 21 07:25:30.953332: empty string Sep 21 07:25:30.953349: one block Sep 21 07:25:30.953366: two blocks Sep 21 07:25:30.953382: two blocks with associated data Sep 21 07:25:30.953399: testing AES_CTR: Sep 21 07:25:30.953401: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:25:30.953417: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:25:30.953433: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:25:30.953450: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:25:30.953465: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:25:30.953481: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:25:30.953497: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:25:30.953513: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:25:30.953529: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:25:30.953545: testing AES_CBC: Sep 21 07:25:30.953547: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:25:30.953562: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:25:30.953580: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:25:30.953598: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:25:30.953618: testing AES_XCBC: Sep 21 07:25:30.953619: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:25:30.953692: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:25:30.953770: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:25:30.953854: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:25:30.953931: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:25:30.954006: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:25:30.954083: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:25:30.954249: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:25:30.954349: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:25:30.954434: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:25:30.954576: testing HMAC_MD5: Sep 21 07:25:30.954579: RFC 2104: MD5_HMAC test 1 Sep 21 07:25:30.954685: RFC 2104: MD5_HMAC test 2 Sep 21 07:25:30.954777: RFC 2104: MD5_HMAC test 3 Sep 21 07:25:30.954944: 8 CPU cores online Sep 21 07:25:30.954949: starting up 7 crypto helpers Sep 21 07:25:30.954975: started thread for crypto helper 0 Sep 21 07:25:30.955000: started thread for crypto helper 1 Sep 21 07:25:30.955011: | starting up helper thread 0 Sep 21 07:25:30.955022: | starting up helper thread 2 Sep 21 07:25:30.955036: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:25:30.955043: | crypto helper 2 waiting (nothing to do) Sep 21 07:25:30.955015: started thread for crypto helper 2 Sep 21 07:25:30.955096: started thread for crypto helper 3 Sep 21 07:25:30.955101: | starting up helper thread 3 Sep 21 07:25:30.955115: started thread for crypto helper 4 Sep 21 07:25:30.955011: | starting up helper thread 1 Sep 21 07:25:30.955116: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:25:30.955141: started thread for crypto helper 5 Sep 21 07:25:30.955030: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:25:30.955153: | starting up helper thread 5 Sep 21 07:25:30.955165: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:25:30.955181: started thread for crypto helper 6 Sep 21 07:25:30.955189: | checking IKEv1 state table Sep 21 07:25:30.955194: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:30.955196: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:25:30.955197: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:30.955199: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:25:30.955200: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:25:30.955203: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:25:30.955136: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:25:30.955206: | starting up helper thread 6 Sep 21 07:25:30.955219: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:25:30.955149: | starting up helper thread 4 Sep 21 07:25:30.955265: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:25:30.955205: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:30.955143: | crypto helper 3 waiting (nothing to do) Sep 21 07:25:30.955301: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:30.955312: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:25:30.955317: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:25:30.955321: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:30.955324: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:30.955328: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:25:30.955332: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:30.955336: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:30.955339: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:25:30.955312: | crypto helper 0 waiting (nothing to do) Sep 21 07:25:30.955343: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:25:30.955351: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:30.955353: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:30.955355: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:25:30.955357: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:25:30.955359: | -> UNDEFINED EVENT_NULL Sep 21 07:25:30.955361: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:25:30.955363: | -> UNDEFINED EVENT_NULL Sep 21 07:25:30.955365: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:30.955367: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:25:30.955369: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:30.955370: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:25:30.955372: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:25:30.955374: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:25:30.955376: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:25:30.955378: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:25:30.955380: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:25:30.955381: | crypto helper 5 waiting (nothing to do) Sep 21 07:25:30.955382: | -> UNDEFINED EVENT_NULL Sep 21 07:25:30.955392: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:25:30.955393: | crypto helper 1 waiting (nothing to do) Sep 21 07:25:30.955395: | -> UNDEFINED EVENT_NULL Sep 21 07:25:30.955402: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:25:30.955404: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:25:30.955406: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:25:30.955411: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:25:30.955414: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:25:30.955416: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:25:30.955418: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:25:30.955420: | -> UNDEFINED EVENT_NULL Sep 21 07:25:30.955422: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:25:30.955424: | -> UNDEFINED EVENT_NULL Sep 21 07:25:30.955426: | INFO: category: informational flags: 0: Sep 21 07:25:30.955428: | -> UNDEFINED EVENT_NULL Sep 21 07:25:30.955429: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:25:30.955431: | -> UNDEFINED EVENT_NULL Sep 21 07:25:30.955432: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:25:30.955434: | -> XAUTH_R1 EVENT_NULL Sep 21 07:25:30.955435: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:25:30.955437: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:30.955437: | crypto helper 6 waiting (nothing to do) Sep 21 07:25:30.955439: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:25:30.955445: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:25:30.955447: | crypto helper 4 waiting (nothing to do) Sep 21 07:25:30.955447: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:25:30.955456: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:25:30.955457: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:25:30.955459: | -> UNDEFINED EVENT_NULL Sep 21 07:25:30.955460: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:25:30.955462: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:30.955463: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:25:30.955465: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:25:30.955466: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:25:30.955468: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:25:30.955473: | checking IKEv2 state table Sep 21 07:25:30.955477: | PARENT_I0: category: ignore flags: 0: Sep 21 07:25:30.955479: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:25:30.955481: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:30.955483: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:25:30.955485: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:25:30.955487: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:25:30.955488: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:25:30.955490: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:25:30.955492: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:25:30.955494: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:25:30.955495: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:25:30.955497: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:25:30.955499: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:25:30.955500: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:25:30.955502: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:25:30.955503: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:25:30.955505: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:30.955507: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:25:30.955508: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:25:30.955510: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:25:30.955512: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:25:30.955513: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:25:30.955517: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:25:30.955518: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:25:30.955520: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:25:30.955521: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:25:30.955523: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:25:30.955525: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:25:30.955526: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:25:30.955528: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:25:30.955530: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:25:30.955532: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:25:30.955533: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:25:30.955535: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:25:30.955537: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:25:30.955538: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:25:30.955540: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:25:30.955542: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:25:30.955543: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:25:30.955545: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:25:30.955547: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:25:30.955548: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:25:30.955550: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:25:30.955552: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:25:30.955554: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:25:30.955555: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:25:30.955557: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:25:30.955621: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:25:30.955674: | Hard-wiring algorithms Sep 21 07:25:30.955677: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:25:30.955680: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:25:30.955682: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:25:30.955683: | adding 3DES_CBC to kernel algorithm db Sep 21 07:25:30.955685: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:25:30.955686: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:25:30.955688: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:25:30.955689: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:25:30.955691: | adding AES_CTR to kernel algorithm db Sep 21 07:25:30.955692: | adding AES_CBC to kernel algorithm db Sep 21 07:25:30.955694: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:25:30.955695: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:25:30.955697: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:25:30.955698: | adding NULL to kernel algorithm db Sep 21 07:25:30.955700: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:25:30.955702: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:25:30.955703: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:25:30.955705: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:25:30.955706: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:25:30.955708: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:25:30.955709: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:25:30.955711: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:25:30.955712: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:25:30.955714: | adding NONE to kernel algorithm db Sep 21 07:25:30.955731: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:25:30.955735: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:25:30.955736: | setup kernel fd callback Sep 21 07:25:30.955738: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55b383d89130 Sep 21 07:25:30.955741: | libevent_malloc: new ptr-libevent@0x55b383d94e50 size 128 Sep 21 07:25:30.955743: | libevent_malloc: new ptr-libevent@0x55b383d83940 size 16 Sep 21 07:25:30.955747: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55b383d890f0 Sep 21 07:25:30.955748: | libevent_malloc: new ptr-libevent@0x55b383d94ee0 size 128 Sep 21 07:25:30.955750: | libevent_malloc: new ptr-libevent@0x55b383d880b0 size 16 Sep 21 07:25:30.955894: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:25:30.955903: selinux support is enabled. Sep 21 07:25:30.956219: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:25:30.956346: | unbound context created - setting debug level to 5 Sep 21 07:25:30.956367: | /etc/hosts lookups activated Sep 21 07:25:30.956380: | /etc/resolv.conf usage activated Sep 21 07:25:30.956413: | outgoing-port-avoid set 0-65535 Sep 21 07:25:30.956430: | outgoing-port-permit set 32768-60999 Sep 21 07:25:30.956432: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:25:30.956434: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:25:30.956436: | Setting up events, loop start Sep 21 07:25:30.956438: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55b383d82ab0 Sep 21 07:25:30.956440: | libevent_malloc: new ptr-libevent@0x55b383d9f450 size 128 Sep 21 07:25:30.956442: | libevent_malloc: new ptr-libevent@0x55b383d9f4e0 size 16 Sep 21 07:25:30.956446: | libevent_realloc: new ptr-libevent@0x55b383d9f500 size 256 Sep 21 07:25:30.956448: | libevent_malloc: new ptr-libevent@0x55b383d9f610 size 8 Sep 21 07:25:30.956450: | libevent_realloc: new ptr-libevent@0x55b383d94250 size 144 Sep 21 07:25:30.956452: | libevent_malloc: new ptr-libevent@0x55b383d9f630 size 152 Sep 21 07:25:30.956454: | libevent_malloc: new ptr-libevent@0x55b383d9f6d0 size 16 Sep 21 07:25:30.956457: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:25:30.956458: | libevent_malloc: new ptr-libevent@0x55b383d9f6f0 size 8 Sep 21 07:25:30.956460: | libevent_malloc: new ptr-libevent@0x55b383d9f710 size 152 Sep 21 07:25:30.956462: | signal event handler PLUTO_SIGTERM installed Sep 21 07:25:30.956463: | libevent_malloc: new ptr-libevent@0x55b383d9f7b0 size 8 Sep 21 07:25:30.956465: | libevent_malloc: new ptr-libevent@0x55b383d9f7d0 size 152 Sep 21 07:25:30.956467: | signal event handler PLUTO_SIGHUP installed Sep 21 07:25:30.956469: | libevent_malloc: new ptr-libevent@0x55b383d9f870 size 8 Sep 21 07:25:30.956470: | libevent_realloc: release ptr-libevent@0x55b383d94250 Sep 21 07:25:30.956472: | libevent_realloc: new ptr-libevent@0x55b383d9f890 size 256 Sep 21 07:25:30.956474: | libevent_malloc: new ptr-libevent@0x55b383d94250 size 152 Sep 21 07:25:30.956475: | signal event handler PLUTO_SIGSYS installed Sep 21 07:25:30.956717: | created addconn helper (pid:9346) using fork+execve Sep 21 07:25:30.956727: | forked child 9346 Sep 21 07:25:30.956758: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:30.956772: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:25:30.956777: listening for IKE messages Sep 21 07:25:30.956811: | Inspecting interface lo Sep 21 07:25:30.956819: | found lo with address 127.0.0.1 Sep 21 07:25:30.956821: | Inspecting interface eth0 Sep 21 07:25:30.956824: | found eth0 with address 192.1.3.209 Sep 21 07:25:30.956861: Kernel supports NIC esp-hw-offload Sep 21 07:25:30.956870: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.1.3.209:500 Sep 21 07:25:30.956887: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:30.956890: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:30.956895: adding interface eth0/eth0 192.1.3.209:4500 Sep 21 07:25:30.956914: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:25:30.956930: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:30.956933: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:30.956935: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:25:30.957001: | no interfaces to sort Sep 21 07:25:30.957005: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:25:30.957010: | add_fd_read_event_handler: new ethX-pe@0x55b383d88890 Sep 21 07:25:30.957012: | libevent_malloc: new ptr-libevent@0x55b383d9fb90 size 128 Sep 21 07:25:30.957014: | libevent_malloc: new ptr-libevent@0x55b383d9fc20 size 16 Sep 21 07:25:30.957018: | setup callback for interface lo 127.0.0.1:4500 fd 20 Sep 21 07:25:30.957020: | add_fd_read_event_handler: new ethX-pe@0x55b383d9fc40 Sep 21 07:25:30.957021: | libevent_malloc: new ptr-libevent@0x55b383d9fc80 size 128 Sep 21 07:25:30.957023: | libevent_malloc: new ptr-libevent@0x55b383d9fd10 size 16 Sep 21 07:25:30.957026: | setup callback for interface lo 127.0.0.1:500 fd 19 Sep 21 07:25:30.957027: | add_fd_read_event_handler: new ethX-pe@0x55b383d9fd30 Sep 21 07:25:30.957029: | libevent_malloc: new ptr-libevent@0x55b383d9fd70 size 128 Sep 21 07:25:30.957031: | libevent_malloc: new ptr-libevent@0x55b383d9fe00 size 16 Sep 21 07:25:30.957034: | setup callback for interface eth0 192.1.3.209:4500 fd 18 Sep 21 07:25:30.957035: | add_fd_read_event_handler: new ethX-pe@0x55b383d9fe20 Sep 21 07:25:30.957037: | libevent_malloc: new ptr-libevent@0x55b383d9fe60 size 128 Sep 21 07:25:30.957038: | libevent_malloc: new ptr-libevent@0x55b383d9fef0 size 16 Sep 21 07:25:30.957041: | setup callback for interface eth0 192.1.3.209:500 fd 17 Sep 21 07:25:30.957045: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:30.957046: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:30.957061: loading secrets from "/etc/ipsec.secrets" Sep 21 07:25:30.957076: | saving Modulus Sep 21 07:25:30.957080: | saving PublicExponent Sep 21 07:25:30.957102: | computed rsa CKAID 1a 15 cc e8 92 73 43 9c 2b f4 20 2a c1 06 6e f2 Sep 21 07:25:30.957104: | computed rsa CKAID 59 b0 ef 45 Sep 21 07:25:30.957107: loaded private key for keyid: PKK_RSA:AQPHFfpyJ Sep 21 07:25:30.957111: | certs and keys locked by 'process_secret' Sep 21 07:25:30.957114: | certs and keys unlocked by 'process_secret' Sep 21 07:25:30.957117: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:25:30.957123: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:30.957129: | spent 0.373 milliseconds in whack Sep 21 07:25:30.982004: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:30.982026: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:25:30.982030: listening for IKE messages Sep 21 07:25:30.982058: | Inspecting interface lo Sep 21 07:25:30.982063: | found lo with address 127.0.0.1 Sep 21 07:25:30.982065: | Inspecting interface eth0 Sep 21 07:25:30.982068: | found eth0 with address 192.1.3.209 Sep 21 07:25:30.982136: | no interfaces to sort Sep 21 07:25:30.982143: | libevent_free: release ptr-libevent@0x55b383d9fb90 Sep 21 07:25:30.982146: | free_event_entry: release EVENT_NULL-pe@0x55b383d88890 Sep 21 07:25:30.982148: | add_fd_read_event_handler: new ethX-pe@0x55b383d88890 Sep 21 07:25:30.982150: | libevent_malloc: new ptr-libevent@0x55b383d9fb90 size 128 Sep 21 07:25:30.982154: | setup callback for interface lo 127.0.0.1:4500 fd 20 Sep 21 07:25:30.982157: | libevent_free: release ptr-libevent@0x55b383d9fc80 Sep 21 07:25:30.982159: | free_event_entry: release EVENT_NULL-pe@0x55b383d9fc40 Sep 21 07:25:30.982160: | add_fd_read_event_handler: new ethX-pe@0x55b383d9fc40 Sep 21 07:25:30.982162: | libevent_malloc: new ptr-libevent@0x55b383d9fc80 size 128 Sep 21 07:25:30.982165: | setup callback for interface lo 127.0.0.1:500 fd 19 Sep 21 07:25:30.982171: | libevent_free: release ptr-libevent@0x55b383d9fd70 Sep 21 07:25:30.982173: | free_event_entry: release EVENT_NULL-pe@0x55b383d9fd30 Sep 21 07:25:30.982174: | add_fd_read_event_handler: new ethX-pe@0x55b383d9fd30 Sep 21 07:25:30.982176: | libevent_malloc: new ptr-libevent@0x55b383d9fd70 size 128 Sep 21 07:25:30.982179: | setup callback for interface eth0 192.1.3.209:4500 fd 18 Sep 21 07:25:30.982181: | libevent_free: release ptr-libevent@0x55b383d9fe60 Sep 21 07:25:30.982183: | free_event_entry: release EVENT_NULL-pe@0x55b383d9fe20 Sep 21 07:25:30.982184: | add_fd_read_event_handler: new ethX-pe@0x55b383d9fe20 Sep 21 07:25:30.982186: | libevent_malloc: new ptr-libevent@0x55b383d9fe60 size 128 Sep 21 07:25:30.982189: | setup callback for interface eth0 192.1.3.209:500 fd 17 Sep 21 07:25:30.982191: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:30.982193: forgetting secrets Sep 21 07:25:30.982200: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:30.982212: loading secrets from "/etc/ipsec.secrets" Sep 21 07:25:30.982224: | saving Modulus Sep 21 07:25:30.982226: | saving PublicExponent Sep 21 07:25:30.982245: | computed rsa CKAID 1a 15 cc e8 92 73 43 9c 2b f4 20 2a c1 06 6e f2 Sep 21 07:25:30.982248: | computed rsa CKAID 59 b0 ef 45 Sep 21 07:25:30.982250: loaded private key for keyid: PKK_RSA:AQPHFfpyJ Sep 21 07:25:30.982254: | certs and keys locked by 'process_secret' Sep 21 07:25:30.982255: | certs and keys unlocked by 'process_secret' Sep 21 07:25:30.982259: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:25:30.982265: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:30.982270: | spent 0.273 milliseconds in whack Sep 21 07:25:30.982661: | processing signal PLUTO_SIGCHLD Sep 21 07:25:30.982673: | waitpid returned pid 9346 (exited with status 0) Sep 21 07:25:30.982676: | reaped addconn helper child (status 0) Sep 21 07:25:30.982679: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:30.982683: | spent 0.014 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:31.038941: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:31.038965: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:31.038970: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:31.038972: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:31.038975: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:31.038979: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:31.038986: | Added new connection road-eastnet with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:31.038990: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:25:31.039047: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:25:31.039051: | from whack: got --esp= Sep 21 07:25:31.039086: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:25:31.039091: | counting wild cards for @road is 0 Sep 21 07:25:31.039094: | counting wild cards for @east is 0 Sep 21 07:25:31.039104: | connect_to_host_pair: 192.1.3.209:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:25:31.039107: | new hp@0x55b383d81400 Sep 21 07:25:31.039111: added connection description "road-eastnet" Sep 21 07:25:31.039121: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:31.039133: | 192.1.3.209[@road]---192.1.3.254...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Sep 21 07:25:31.039145: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:31.039152: | spent 0.218 milliseconds in whack Sep 21 07:25:31.039198: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:31.039209: add keyid @road Sep 21 07:25:31.039214: | add pubkey 01 03 c7 15 fa 72 27 70 a4 e1 f3 0a 70 21 f9 0c Sep 21 07:25:31.039216: | add pubkey 3f e2 65 12 87 d9 fd 12 cb af d4 e0 c2 e3 dd 77 Sep 21 07:25:31.039219: | add pubkey a0 ef aa c7 d6 a2 b2 30 f2 64 b0 c5 e6 c7 a7 27 Sep 21 07:25:31.039221: | add pubkey 17 54 7a 8e 32 c9 ac fd bf 8f b3 33 b9 74 74 73 Sep 21 07:25:31.039223: | add pubkey dd 23 83 11 53 d6 d4 91 0e 36 7e 67 fc 89 1e 48 Sep 21 07:25:31.039226: | add pubkey ac e9 da 2e 66 9d 6e 4f e2 98 a7 dc 41 b3 a4 37 Sep 21 07:25:31.039228: | add pubkey f5 07 a9 9c 23 69 83 54 87 7b ea 00 a7 5b ab 2d Sep 21 07:25:31.039231: | add pubkey 41 34 d1 a3 17 1e a7 64 2d 7f ff 45 7a 5d 85 5c Sep 21 07:25:31.039233: | add pubkey 73 dd 63 e7 40 ad eb 71 e6 5f 21 43 80 f5 23 4c Sep 21 07:25:31.039235: | add pubkey 3d 4a 11 2c ca 9a d6 79 c5 c2 51 6e af c3 6e 99 Sep 21 07:25:31.039237: | add pubkey f5 26 1c 67 ee 8a 3e 30 4b c1 93 a7 92 34 36 8c Sep 21 07:25:31.039240: | add pubkey bf e6 d0 d3 fe 78 0b 0a 64 04 44 ca 8c 83 fd f1 Sep 21 07:25:31.039242: | add pubkey 2e b5 00 76 61 a6 de f1 59 67 2b 6d c2 57 e0 f2 Sep 21 07:25:31.039245: | add pubkey 7d 6b 9f d3 46 41 8c 31 c2 fd c4 60 72 08 3b bb Sep 21 07:25:31.039247: | add pubkey 56 fb 01 fc 1d 57 4e cf 7c 0f c4 6f 72 6f 2a 0e Sep 21 07:25:31.039249: | add pubkey f3 30 db a0 80 f9 70 cc bb 07 a9 f9 d7 76 99 63 Sep 21 07:25:31.039252: | add pubkey 4b 6a 0f 1a 37 95 cb 9b ea 17 f7 55 62 6b 8a 83 Sep 21 07:25:31.039254: | add pubkey 05 ff 43 78 57 dd bd 08 85 9c f1 62 35 6e 69 c7 Sep 21 07:25:31.039257: | add pubkey 04 0b 4b c4 1b d2 38 89 8c de 56 d0 c8 2c 51 54 Sep 21 07:25:31.039259: | add pubkey 32 1b 7d 27 dc cd 37 7a 4e cb 1a ec d2 ce 48 ed Sep 21 07:25:31.039261: | add pubkey 43 48 9c 8a fc 30 9f b1 57 1c a9 98 e5 84 93 6c Sep 21 07:25:31.039264: | add pubkey da 4d cc 95 e3 f5 f2 a5 b3 9d 70 ae 24 8d 08 3b Sep 21 07:25:31.039266: | add pubkey 0f 8c e9 5a a5 f0 4d 9c 3c 2f 7f bc 10 95 34 1c Sep 21 07:25:31.039269: | add pubkey 96 74 29 fc ab fb 8f 4b 71 aa 0b 26 b5 f0 32 98 Sep 21 07:25:31.039271: | add pubkey 90 6a fd 31 f5 ab Sep 21 07:25:31.039298: | computed rsa CKAID 1a 15 cc e8 92 73 43 9c 2b f4 20 2a c1 06 6e f2 Sep 21 07:25:31.039302: | computed rsa CKAID 59 b0 ef 45 Sep 21 07:25:31.039308: | keyid: *AQPHFfpyJ Sep 21 07:25:31.039310: | n c7 15 fa 72 27 70 a4 e1 f3 0a 70 21 f9 0c 3f e2 Sep 21 07:25:31.039313: | n 65 12 87 d9 fd 12 cb af d4 e0 c2 e3 dd 77 a0 ef Sep 21 07:25:31.039315: | n aa c7 d6 a2 b2 30 f2 64 b0 c5 e6 c7 a7 27 17 54 Sep 21 07:25:31.039317: | n 7a 8e 32 c9 ac fd bf 8f b3 33 b9 74 74 73 dd 23 Sep 21 07:25:31.039320: | n 83 11 53 d6 d4 91 0e 36 7e 67 fc 89 1e 48 ac e9 Sep 21 07:25:31.039322: | n da 2e 66 9d 6e 4f e2 98 a7 dc 41 b3 a4 37 f5 07 Sep 21 07:25:31.039325: | n a9 9c 23 69 83 54 87 7b ea 00 a7 5b ab 2d 41 34 Sep 21 07:25:31.039327: | n d1 a3 17 1e a7 64 2d 7f ff 45 7a 5d 85 5c 73 dd Sep 21 07:25:31.039329: | n 63 e7 40 ad eb 71 e6 5f 21 43 80 f5 23 4c 3d 4a Sep 21 07:25:31.039332: | n 11 2c ca 9a d6 79 c5 c2 51 6e af c3 6e 99 f5 26 Sep 21 07:25:31.039334: | n 1c 67 ee 8a 3e 30 4b c1 93 a7 92 34 36 8c bf e6 Sep 21 07:25:31.039336: | n d0 d3 fe 78 0b 0a 64 04 44 ca 8c 83 fd f1 2e b5 Sep 21 07:25:31.039339: | n 00 76 61 a6 de f1 59 67 2b 6d c2 57 e0 f2 7d 6b Sep 21 07:25:31.039341: | n 9f d3 46 41 8c 31 c2 fd c4 60 72 08 3b bb 56 fb Sep 21 07:25:31.039343: | n 01 fc 1d 57 4e cf 7c 0f c4 6f 72 6f 2a 0e f3 30 Sep 21 07:25:31.039345: | n db a0 80 f9 70 cc bb 07 a9 f9 d7 76 99 63 4b 6a Sep 21 07:25:31.039351: | n 0f 1a 37 95 cb 9b ea 17 f7 55 62 6b 8a 83 05 ff Sep 21 07:25:31.039354: | n 43 78 57 dd bd 08 85 9c f1 62 35 6e 69 c7 04 0b Sep 21 07:25:31.039356: | n 4b c4 1b d2 38 89 8c de 56 d0 c8 2c 51 54 32 1b Sep 21 07:25:31.039359: | n 7d 27 dc cd 37 7a 4e cb 1a ec d2 ce 48 ed 43 48 Sep 21 07:25:31.039361: | n 9c 8a fc 30 9f b1 57 1c a9 98 e5 84 93 6c da 4d Sep 21 07:25:31.039363: | n cc 95 e3 f5 f2 a5 b3 9d 70 ae 24 8d 08 3b 0f 8c Sep 21 07:25:31.039366: | n e9 5a a5 f0 4d 9c 3c 2f 7f bc 10 95 34 1c 96 74 Sep 21 07:25:31.039368: | n 29 fc ab fb 8f 4b 71 aa 0b 26 b5 f0 32 98 90 6a Sep 21 07:25:31.039371: | n fd 31 f5 ab Sep 21 07:25:31.039373: | e 03 Sep 21 07:25:31.039375: | CKAID 1a 15 cc e8 92 73 43 9c 2b f4 20 2a c1 06 6e f2 Sep 21 07:25:31.039377: | CKAID 59 b0 ef 45 Sep 21 07:25:31.039387: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:31.039392: | spent 0.199 milliseconds in whack Sep 21 07:25:31.039422: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:31.039433: add keyid @east Sep 21 07:25:31.039437: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Sep 21 07:25:31.039440: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Sep 21 07:25:31.039442: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Sep 21 07:25:31.039444: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Sep 21 07:25:31.039447: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Sep 21 07:25:31.039449: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Sep 21 07:25:31.039452: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Sep 21 07:25:31.039454: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Sep 21 07:25:31.039456: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Sep 21 07:25:31.039459: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Sep 21 07:25:31.039461: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Sep 21 07:25:31.039464: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Sep 21 07:25:31.039466: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Sep 21 07:25:31.039468: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Sep 21 07:25:31.039471: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Sep 21 07:25:31.039473: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Sep 21 07:25:31.039475: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Sep 21 07:25:31.039477: | add pubkey 51 51 48 ef Sep 21 07:25:31.039487: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:31.039490: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:25:31.039494: | keyid: *AQO9bJbr3 Sep 21 07:25:31.039496: | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Sep 21 07:25:31.039499: | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Sep 21 07:25:31.039501: | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Sep 21 07:25:31.039503: | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Sep 21 07:25:31.039506: | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Sep 21 07:25:31.039508: | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Sep 21 07:25:31.039510: | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Sep 21 07:25:31.039513: | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Sep 21 07:25:31.039515: | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Sep 21 07:25:31.039517: | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Sep 21 07:25:31.039519: | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Sep 21 07:25:31.039521: | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Sep 21 07:25:31.039524: | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Sep 21 07:25:31.039526: | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Sep 21 07:25:31.039531: | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Sep 21 07:25:31.039534: | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Sep 21 07:25:31.039536: | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Sep 21 07:25:31.039538: | n 48 ef Sep 21 07:25:31.039540: | e 03 Sep 21 07:25:31.039543: | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:31.039545: | CKAID 8a 82 25 f1 Sep 21 07:25:31.039553: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:31.039558: | spent 0.14 milliseconds in whack Sep 21 07:25:31.161797: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:31.161817: | dup_any(fd@16) -> fd@21 (in whack_process() at rcv_whack.c:590) Sep 21 07:25:31.161820: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:31.161824: | start processing: connection "road-eastnet" (in initiate_a_connection() at initiate.c:186) Sep 21 07:25:31.161827: | connection 'road-eastnet' +POLICY_UP Sep 21 07:25:31.161829: | dup_any(fd@21) -> fd@22 (in initiate_a_connection() at initiate.c:342) Sep 21 07:25:31.161831: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:31.161847: | creating state object #1 at 0x55b383da1b00 Sep 21 07:25:31.161850: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:25:31.161856: | pstats #1 ikev2.ike started Sep 21 07:25:31.161858: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:25:31.161861: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:25:31.161864: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:31.161869: | suspend processing: connection "road-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:25:31.161873: | start processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:25:31.161875: | dup_any(fd@22) -> fd@23 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:25:31.161878: | Queuing pending IPsec SA negotiating with 192.1.2.23 "road-eastnet" IKE SA #1 "road-eastnet" Sep 21 07:25:31.161881: "road-eastnet" #1: initiating v2 parent SA Sep 21 07:25:31.161890: | constructing local IKE proposals for road-eastnet (IKE SA initiator selecting KE) Sep 21 07:25:31.161896: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:31.161902: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:31.161907: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:31.161915: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:31.161919: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:31.161924: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:31.161927: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:31.161932: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:31.161943: "road-eastnet": constructed local IKE proposals for road-eastnet (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:31.161958: | adding ikev2_outI1 KE work-order 1 for state #1 Sep 21 07:25:31.161962: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55b383da41b0 Sep 21 07:25:31.161966: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:25:31.161970: | libevent_malloc: new ptr-libevent@0x55b383da41f0 size 128 Sep 21 07:25:31.161983: | #1 spent 0.156 milliseconds in ikev2_parent_outI1() Sep 21 07:25:31.161986: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:31.161986: | crypto helper 2 resuming Sep 21 07:25:31.162002: | crypto helper 2 starting work-order 1 for state #1 Sep 21 07:25:31.162007: | crypto helper 2 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Sep 21 07:25:31.161990: | RESET processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:31.162032: | RESET processing: connection "road-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:31.162037: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:25:31.162041: | close_any(fd@21) (in initiate_connection() at initiate.c:372) Sep 21 07:25:31.162044: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:31.162049: | spent 0.234 milliseconds in whack Sep 21 07:25:31.163049: | crypto helper 2 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.001042 seconds Sep 21 07:25:31.163061: | (#1) spent 1.05 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Sep 21 07:25:31.163064: | crypto helper 2 sending results from work-order 1 for state #1 to event queue Sep 21 07:25:31.163067: | scheduling resume sending helper answer for #1 Sep 21 07:25:31.163070: | libevent_malloc: new ptr-libevent@0x7f4efc006900 size 128 Sep 21 07:25:31.163078: | crypto helper 2 waiting (nothing to do) Sep 21 07:25:31.163086: | processing resume sending helper answer for #1 Sep 21 07:25:31.163096: | start processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:31.163100: | crypto helper 2 replies to request ID 1 Sep 21 07:25:31.163103: | calling continuation function 0x55b3831cf630 Sep 21 07:25:31.163105: | ikev2_parent_outI1_continue for #1 Sep 21 07:25:31.163135: | **emit ISAKMP Message: Sep 21 07:25:31.163138: | initiator cookie: Sep 21 07:25:31.163140: | ad 38 26 92 37 aa 4e 25 Sep 21 07:25:31.163143: | responder cookie: Sep 21 07:25:31.163145: | 00 00 00 00 00 00 00 00 Sep 21 07:25:31.163148: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:31.163150: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:31.163153: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:31.163156: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:31.163159: | Message ID: 0 (0x0) Sep 21 07:25:31.163161: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:31.163177: | using existing local IKE proposals for connection road-eastnet (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:31.163185: | Emitting ikev2_proposals ... Sep 21 07:25:31.163188: | ***emit IKEv2 Security Association Payload: Sep 21 07:25:31.163191: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:31.163194: | flags: none (0x0) Sep 21 07:25:31.163197: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:31.163200: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:31.163203: | discarding INTEG=NONE Sep 21 07:25:31.163205: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:31.163208: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:31.163210: | prop #: 1 (0x1) Sep 21 07:25:31.163213: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:31.163215: | spi size: 0 (0x0) Sep 21 07:25:31.163217: | # transforms: 11 (0xb) Sep 21 07:25:31.163220: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:31.163223: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163225: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163228: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:31.163230: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:31.163233: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163236: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:31.163239: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:31.163241: | length/value: 256 (0x100) Sep 21 07:25:31.163244: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:31.163246: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163249: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163251: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:31.163254: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:31.163257: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163260: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163262: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163265: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163267: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163270: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:31.163272: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:31.163275: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163278: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163280: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163283: | discarding INTEG=NONE Sep 21 07:25:31.163285: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163287: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163290: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.163292: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:31.163295: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163298: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163302: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163304: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163307: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163309: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.163312: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:31.163315: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163318: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163320: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163323: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163325: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163328: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.163330: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:31.163333: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163336: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163338: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163341: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163343: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163345: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.163348: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:31.163351: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163353: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163356: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163358: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163361: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163363: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.163365: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:31.163368: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163371: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163374: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163376: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163378: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163381: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.163383: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:31.163386: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163389: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163391: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163394: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163396: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163398: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.163401: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:31.163404: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163408: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163411: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163413: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163415: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:31.163418: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.163420: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:31.163423: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163426: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163428: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163431: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:25:31.163434: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:31.163436: | discarding INTEG=NONE Sep 21 07:25:31.163438: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:31.163441: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:31.163443: | prop #: 2 (0x2) Sep 21 07:25:31.163446: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:31.163448: | spi size: 0 (0x0) Sep 21 07:25:31.163450: | # transforms: 11 (0xb) Sep 21 07:25:31.163453: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:31.163456: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:31.163459: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163461: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163464: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:31.163466: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:31.163469: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163471: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:31.163474: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:31.163476: | length/value: 128 (0x80) Sep 21 07:25:31.163479: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:31.163481: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163484: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163486: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:31.163489: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:31.163492: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163494: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163497: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163499: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163502: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163504: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:31.163506: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:31.163509: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163512: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163518: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163520: | discarding INTEG=NONE Sep 21 07:25:31.163523: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163525: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163528: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.163530: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:31.163533: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163536: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163538: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163541: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163543: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163545: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.163548: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:31.163550: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163553: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163556: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163558: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163560: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163563: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.163565: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:31.163568: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163571: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163573: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163576: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163578: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163581: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.163583: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:31.163586: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163589: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163591: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163594: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163596: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163599: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.163601: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:31.163604: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163607: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163609: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163611: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163614: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163616: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.163619: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:31.163621: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163625: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163628: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163630: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163632: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163635: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.163637: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:31.163640: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163643: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163646: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163648: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163650: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:31.163653: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.163655: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:31.163658: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163661: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163663: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163666: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:25:31.163669: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:31.163671: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:31.163674: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:31.163676: | prop #: 3 (0x3) Sep 21 07:25:31.163678: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:31.163681: | spi size: 0 (0x0) Sep 21 07:25:31.163683: | # transforms: 13 (0xd) Sep 21 07:25:31.163686: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:31.163689: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:31.163691: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163693: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163696: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:31.163698: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:31.163701: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163703: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:31.163706: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:31.163708: | length/value: 256 (0x100) Sep 21 07:25:31.163711: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:31.163713: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163716: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163718: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:31.163721: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:31.163723: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163726: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163729: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163732: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163734: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163737: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:31.163739: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:31.163742: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163745: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163747: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163750: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163752: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163754: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:31.163757: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:31.163760: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163762: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163765: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163767: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163770: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163772: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:31.163775: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:31.163778: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163780: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163793: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163799: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163802: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163804: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.163807: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:31.163810: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163812: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163815: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163817: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163820: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163822: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.163825: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:31.163827: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163830: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163833: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163835: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163837: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163840: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.163842: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:31.163845: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163848: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163852: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163854: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163856: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163859: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.163861: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:31.163864: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163867: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163869: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163871: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163874: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163876: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.163879: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:31.163881: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163884: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163887: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163889: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163891: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163894: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.163896: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:31.163899: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163902: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163905: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163907: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163910: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163912: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.163914: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:31.163917: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163920: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163923: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163925: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163927: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:31.163930: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.163932: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:31.163935: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163938: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163940: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.163943: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:25:31.163945: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:31.163948: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:31.163951: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:31.163953: | prop #: 4 (0x4) Sep 21 07:25:31.163956: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:31.163958: | spi size: 0 (0x0) Sep 21 07:25:31.163961: | # transforms: 13 (0xd) Sep 21 07:25:31.163963: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:31.163966: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:31.163969: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163971: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163974: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:31.163976: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:31.163979: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.163981: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:31.163984: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:31.163986: | length/value: 128 (0x80) Sep 21 07:25:31.163989: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:31.163991: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.163993: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.163996: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:31.163998: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:31.164001: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.164004: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.164006: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.164009: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.164011: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.164013: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:31.164016: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:31.164019: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.164021: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.164024: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.164026: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.164029: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.164031: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:31.164034: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:31.164037: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.164039: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.164042: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.164044: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.164047: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.164049: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:31.164052: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:31.164054: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.164057: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.164061: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.164063: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.164065: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.164068: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.164070: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:31.164073: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.164076: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.164079: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.164081: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.164083: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.164086: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.164088: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:31.164091: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.164094: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.164096: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.164098: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.164101: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.164104: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.164106: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:31.164109: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.164112: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.164114: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.164117: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.164119: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.164121: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.164124: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:31.164127: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.164130: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.164132: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.164134: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.164137: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.164139: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.164142: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:31.164145: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.164147: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.164150: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.164152: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.164154: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.164157: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.164159: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:31.164162: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.164166: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.164169: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.164171: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.164174: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.164176: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.164179: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:31.164181: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.164184: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.164187: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.164189: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.164192: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:31.164194: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.164197: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:31.164199: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.164202: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.164205: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.164207: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:25:31.164210: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:31.164213: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:25:31.164215: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:31.164218: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:25:31.164221: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:31.164223: | flags: none (0x0) Sep 21 07:25:31.164226: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:31.164229: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:25:31.164232: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:25:31.164235: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:25:31.164238: | ikev2 g^x 30 17 0d 0c fb 4e 2b b9 ac a4 5a 7b f9 ef f0 a8 Sep 21 07:25:31.164241: | ikev2 g^x 1c 63 2d 0a c3 07 a8 74 24 d3 43 5e 51 c9 a0 0f Sep 21 07:25:31.164243: | ikev2 g^x 8d 19 2f 01 3a 73 bc 92 4b 95 aa 46 66 b0 95 be Sep 21 07:25:31.164246: | ikev2 g^x 16 2e 5f ee 36 1b c2 4f 2b db 0a 31 3c 80 c1 76 Sep 21 07:25:31.164248: | ikev2 g^x b0 b3 27 b1 0f e9 39 12 c0 fd fc 16 32 be 26 34 Sep 21 07:25:31.164250: | ikev2 g^x fd f2 dd ad 64 a5 67 b9 28 13 31 63 c1 fa 89 77 Sep 21 07:25:31.164253: | ikev2 g^x e7 f4 6f b8 1c 07 fe 6c 06 d0 6d c4 e0 07 e5 87 Sep 21 07:25:31.164255: | ikev2 g^x 39 76 d8 5a 50 b1 39 b4 97 37 72 6e 48 5d 23 e6 Sep 21 07:25:31.164257: | ikev2 g^x b5 4a dd 8c ff 93 31 33 52 86 f9 c3 83 83 cc 9f Sep 21 07:25:31.164260: | ikev2 g^x ba f3 ed 42 be 5a ca e2 ec d0 97 3c 9d 69 c5 6a Sep 21 07:25:31.164262: | ikev2 g^x 7f 30 bd 0b ab ee 34 f3 41 b1 6a 7e 7b cb 98 1b Sep 21 07:25:31.164264: | ikev2 g^x 3c fb f3 66 96 c0 8e 4e 90 78 76 0c 0d e1 9c 1f Sep 21 07:25:31.164267: | ikev2 g^x 3b 5f 7b ec ad 55 77 92 cb d7 dc 44 3e d7 23 12 Sep 21 07:25:31.164269: | ikev2 g^x 1a 4a 14 61 fa 98 a4 ae 58 d5 43 f8 7c 8b 10 17 Sep 21 07:25:31.164271: | ikev2 g^x eb 52 1f 5a 47 3b 95 f6 b4 d5 5f 85 ad 0c 01 7c Sep 21 07:25:31.164275: | ikev2 g^x 37 ca 05 95 ba 4c 0d ac ea b8 c2 f2 da f7 61 c4 Sep 21 07:25:31.164277: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:25:31.164280: | ***emit IKEv2 Nonce Payload: Sep 21 07:25:31.164282: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:31.164285: | flags: none (0x0) Sep 21 07:25:31.164287: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:25:31.164290: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:25:31.164293: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:25:31.164296: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:25:31.164299: | IKEv2 nonce d7 93 e1 ea a5 ed 86 22 77 e9 e4 a4 81 d9 a4 4b Sep 21 07:25:31.164301: | IKEv2 nonce f2 54 75 af 24 d4 c9 0c 8b b1 e4 d3 d7 fd 99 d7 Sep 21 07:25:31.164303: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:25:31.164306: | Adding a v2N Payload Sep 21 07:25:31.164308: | ***emit IKEv2 Notify Payload: Sep 21 07:25:31.164311: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:31.164313: | flags: none (0x0) Sep 21 07:25:31.164316: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:31.164318: | SPI size: 0 (0x0) Sep 21 07:25:31.164321: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:31.164324: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:31.164327: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:31.164329: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:25:31.164332: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:25:31.164335: | natd_hash: rcookie is zero Sep 21 07:25:31.164350: | natd_hash: hasher=0x55b3832a57a0(20) Sep 21 07:25:31.164352: | natd_hash: icookie= ad 38 26 92 37 aa 4e 25 Sep 21 07:25:31.164355: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:31.164357: | natd_hash: ip= c0 01 03 d1 Sep 21 07:25:31.164359: | natd_hash: port= 01 f4 Sep 21 07:25:31.164362: | natd_hash: hash= 77 4e d4 ef 6d 08 67 94 ac 54 f7 26 f8 36 85 ba Sep 21 07:25:31.164364: | natd_hash: hash= 1d 27 e3 68 Sep 21 07:25:31.164366: | Adding a v2N Payload Sep 21 07:25:31.164369: | ***emit IKEv2 Notify Payload: Sep 21 07:25:31.164371: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:31.164374: | flags: none (0x0) Sep 21 07:25:31.164376: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:31.164378: | SPI size: 0 (0x0) Sep 21 07:25:31.164381: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:31.164384: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:31.164387: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:31.164389: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:31.164392: | Notify data 77 4e d4 ef 6d 08 67 94 ac 54 f7 26 f8 36 85 ba Sep 21 07:25:31.164394: | Notify data 1d 27 e3 68 Sep 21 07:25:31.164396: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:31.164399: | natd_hash: rcookie is zero Sep 21 07:25:31.164405: | natd_hash: hasher=0x55b3832a57a0(20) Sep 21 07:25:31.164407: | natd_hash: icookie= ad 38 26 92 37 aa 4e 25 Sep 21 07:25:31.164410: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:31.164412: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:31.164414: | natd_hash: port= 01 f4 Sep 21 07:25:31.164416: | natd_hash: hash= 69 ff ef c1 68 08 fe d0 a0 dc 15 25 85 dc 3e 81 Sep 21 07:25:31.164419: | natd_hash: hash= 72 fe 7c 37 Sep 21 07:25:31.164421: | Adding a v2N Payload Sep 21 07:25:31.164423: | ***emit IKEv2 Notify Payload: Sep 21 07:25:31.164427: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:31.164429: | flags: none (0x0) Sep 21 07:25:31.164432: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:31.164434: | SPI size: 0 (0x0) Sep 21 07:25:31.164437: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:31.164440: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:31.164442: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:31.164445: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:31.164447: | Notify data 69 ff ef c1 68 08 fe d0 a0 dc 15 25 85 dc 3e 81 Sep 21 07:25:31.164450: | Notify data 72 fe 7c 37 Sep 21 07:25:31.164452: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:31.164455: | emitting length of ISAKMP Message: 828 Sep 21 07:25:31.164462: | stop processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:25:31.164473: | start processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:31.164477: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:25:31.164480: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:25:31.164484: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:25:31.164487: | Message ID: updating counters for #1 to 4294967295 after switching state Sep 21 07:25:31.164489: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:25:31.164494: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:25:31.164498: "road-eastnet" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:25:31.164511: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.209:500) Sep 21 07:25:31.164520: | sending 828 bytes for STATE_PARENT_I0 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:31.164523: | ad 38 26 92 37 aa 4e 25 00 00 00 00 00 00 00 00 Sep 21 07:25:31.164528: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:25:31.164531: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:25:31.164533: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:25:31.164535: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:25:31.164537: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:25:31.164540: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:25:31.164542: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:25:31.164544: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:25:31.164546: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:25:31.164549: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:25:31.164551: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:25:31.164553: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:25:31.164555: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:25:31.164558: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:25:31.164560: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:25:31.164562: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:31.164564: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:25:31.164567: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:25:31.164569: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:25:31.164571: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:25:31.164573: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:25:31.164576: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:25:31.164578: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:25:31.164582: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:25:31.164584: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:25:31.164586: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:25:31.164589: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:25:31.164591: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:25:31.164593: | 28 00 01 08 00 0e 00 00 30 17 0d 0c fb 4e 2b b9 Sep 21 07:25:31.164595: | ac a4 5a 7b f9 ef f0 a8 1c 63 2d 0a c3 07 a8 74 Sep 21 07:25:31.164598: | 24 d3 43 5e 51 c9 a0 0f 8d 19 2f 01 3a 73 bc 92 Sep 21 07:25:31.164600: | 4b 95 aa 46 66 b0 95 be 16 2e 5f ee 36 1b c2 4f Sep 21 07:25:31.164602: | 2b db 0a 31 3c 80 c1 76 b0 b3 27 b1 0f e9 39 12 Sep 21 07:25:31.164605: | c0 fd fc 16 32 be 26 34 fd f2 dd ad 64 a5 67 b9 Sep 21 07:25:31.164607: | 28 13 31 63 c1 fa 89 77 e7 f4 6f b8 1c 07 fe 6c Sep 21 07:25:31.164609: | 06 d0 6d c4 e0 07 e5 87 39 76 d8 5a 50 b1 39 b4 Sep 21 07:25:31.164612: | 97 37 72 6e 48 5d 23 e6 b5 4a dd 8c ff 93 31 33 Sep 21 07:25:31.164614: | 52 86 f9 c3 83 83 cc 9f ba f3 ed 42 be 5a ca e2 Sep 21 07:25:31.164616: | ec d0 97 3c 9d 69 c5 6a 7f 30 bd 0b ab ee 34 f3 Sep 21 07:25:31.164619: | 41 b1 6a 7e 7b cb 98 1b 3c fb f3 66 96 c0 8e 4e Sep 21 07:25:31.164621: | 90 78 76 0c 0d e1 9c 1f 3b 5f 7b ec ad 55 77 92 Sep 21 07:25:31.164623: | cb d7 dc 44 3e d7 23 12 1a 4a 14 61 fa 98 a4 ae Sep 21 07:25:31.164625: | 58 d5 43 f8 7c 8b 10 17 eb 52 1f 5a 47 3b 95 f6 Sep 21 07:25:31.164628: | b4 d5 5f 85 ad 0c 01 7c 37 ca 05 95 ba 4c 0d ac Sep 21 07:25:31.164630: | ea b8 c2 f2 da f7 61 c4 29 00 00 24 d7 93 e1 ea Sep 21 07:25:31.164632: | a5 ed 86 22 77 e9 e4 a4 81 d9 a4 4b f2 54 75 af Sep 21 07:25:31.164634: | 24 d4 c9 0c 8b b1 e4 d3 d7 fd 99 d7 29 00 00 08 Sep 21 07:25:31.164637: | 00 00 40 2e 29 00 00 1c 00 00 40 04 77 4e d4 ef Sep 21 07:25:31.164639: | 6d 08 67 94 ac 54 f7 26 f8 36 85 ba 1d 27 e3 68 Sep 21 07:25:31.164641: | 00 00 00 1c 00 00 40 05 69 ff ef c1 68 08 fe d0 Sep 21 07:25:31.164643: | a0 dc 15 25 85 dc 3e 81 72 fe 7c 37 Sep 21 07:25:31.164740: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:31.164746: | libevent_free: release ptr-libevent@0x55b383da41f0 Sep 21 07:25:31.164749: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55b383da41b0 Sep 21 07:25:31.164752: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=25000ms Sep 21 07:25:31.164756: | event_schedule: new EVENT_RETRANSMIT-pe@0x55b383da41b0 Sep 21 07:25:31.164759: | inserting event EVENT_RETRANSMIT, timeout in 25 seconds for #1 Sep 21 07:25:31.164762: | libevent_malloc: new ptr-libevent@0x55b383da41f0 size 128 Sep 21 07:25:31.164767: | #1 STATE_PARENT_I1: retransmits: first event in 25 seconds; timeout in 107 seconds; limit of 12 retransmits; current time is 49377.533019 Sep 21 07:25:31.164771: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Sep 21 07:25:31.164776: | #1 spent 1.6 milliseconds in resume sending helper answer Sep 21 07:25:31.164781: | stop processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:31.164790: | libevent_free: release ptr-libevent@0x7f4efc006900 Sep 21 07:25:31.167366: | spent 0.00299 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:31.167392: | *received 437 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) Sep 21 07:25:31.167396: | ad 38 26 92 37 aa 4e 25 aa c2 01 74 c3 00 a6 5c Sep 21 07:25:31.167398: | 21 20 22 20 00 00 00 00 00 00 01 b5 22 00 00 28 Sep 21 07:25:31.167400: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:25:31.167402: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:25:31.167404: | 04 00 00 0e 28 00 01 08 00 0e 00 00 3a 8c 8a 36 Sep 21 07:25:31.167406: | 37 db eb 1b 3c 06 bd 31 0e 0c 66 cc 3d 7e 77 83 Sep 21 07:25:31.167410: | 82 f7 64 67 c0 fe 41 db 41 ab 0d ca 74 90 c5 26 Sep 21 07:25:31.167412: | 1c b4 d7 85 fa 8e b6 bd d0 dd 71 2c 00 25 f2 c7 Sep 21 07:25:31.167414: | 1a 4b 14 ca 3a a4 94 c7 ef 17 b0 a4 91 46 05 8c Sep 21 07:25:31.167416: | 05 9d f3 35 be 79 45 a0 c5 51 f5 5e ae 40 33 ba Sep 21 07:25:31.167418: | 47 b8 cd 82 d2 2a 13 ce 40 77 f3 63 15 c5 57 e6 Sep 21 07:25:31.167420: | f8 37 80 79 66 ae 65 59 89 a1 8f e8 34 b9 ef ee Sep 21 07:25:31.167422: | a9 8a ce 80 8b 6a 28 da d3 37 b7 ff f1 09 62 5b Sep 21 07:25:31.167424: | 2e 4f 46 de 98 28 2d 36 1e 52 d9 1f d4 bf 5a 72 Sep 21 07:25:31.167426: | 77 43 60 af 1a 05 8a 6a 29 22 f1 98 7a d2 04 db Sep 21 07:25:31.167428: | b8 86 d3 84 5a d4 6a 8d 0b c1 be 1c 55 49 69 30 Sep 21 07:25:31.167430: | c7 f4 b1 29 98 1d 99 8c 1a c2 c3 c2 67 63 1f d7 Sep 21 07:25:31.167432: | 55 56 57 04 fd f6 3a 69 d7 9a 67 bc b0 54 71 9a Sep 21 07:25:31.167434: | 80 70 fb b9 8a 05 e2 5e a3 c4 53 7a ba 7d aa a0 Sep 21 07:25:31.167436: | 74 d6 50 41 40 f3 ff 64 65 d5 4a 12 77 71 61 57 Sep 21 07:25:31.167439: | 2c 3d be 30 98 a3 3c 69 58 24 4b 3e 29 00 00 24 Sep 21 07:25:31.167441: | 7c f9 cf 2a 97 60 9d b1 88 95 ed d8 96 f4 27 41 Sep 21 07:25:31.167443: | 7c 58 ac 46 5c 93 b1 4d c5 59 31 d9 b4 ea 6b e5 Sep 21 07:25:31.167445: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:25:31.167447: | 8b fc 7d bf 92 4b 22 be 6f 78 15 42 4b 78 32 13 Sep 21 07:25:31.167449: | 9c f3 75 b5 26 00 00 1c 00 00 40 05 62 c0 ea b6 Sep 21 07:25:31.167452: | 0f 26 ab 68 4f 2e 94 e9 d8 d2 2c b1 56 a1 cb 34 Sep 21 07:25:31.167454: | 00 00 00 05 04 Sep 21 07:25:31.167458: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:31.167462: | **parse ISAKMP Message: Sep 21 07:25:31.167464: | initiator cookie: Sep 21 07:25:31.167466: | ad 38 26 92 37 aa 4e 25 Sep 21 07:25:31.167468: | responder cookie: Sep 21 07:25:31.167471: | aa c2 01 74 c3 00 a6 5c Sep 21 07:25:31.167473: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:31.167476: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:31.167478: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:31.167481: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:31.167483: | Message ID: 0 (0x0) Sep 21 07:25:31.167486: | length: 437 (0x1b5) Sep 21 07:25:31.167489: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:25:31.167492: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Sep 21 07:25:31.167496: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Sep 21 07:25:31.167503: | start processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:31.167508: | [RE]START processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:31.167511: | #1 is idle Sep 21 07:25:31.167513: | #1 idle Sep 21 07:25:31.167515: | unpacking clear payload Sep 21 07:25:31.167518: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:31.167521: | ***parse IKEv2 Security Association Payload: Sep 21 07:25:31.167524: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:25:31.167526: | flags: none (0x0) Sep 21 07:25:31.167529: | length: 40 (0x28) Sep 21 07:25:31.167531: | processing payload: ISAKMP_NEXT_v2SA (len=36) Sep 21 07:25:31.167533: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:25:31.167536: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:25:31.167539: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:25:31.167541: | flags: none (0x0) Sep 21 07:25:31.167544: | length: 264 (0x108) Sep 21 07:25:31.167546: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:31.167549: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:25:31.167551: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:25:31.167556: | ***parse IKEv2 Nonce Payload: Sep 21 07:25:31.167558: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:31.167561: | flags: none (0x0) Sep 21 07:25:31.167563: | length: 36 (0x24) Sep 21 07:25:31.167565: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:25:31.167568: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:31.167570: | ***parse IKEv2 Notify Payload: Sep 21 07:25:31.167573: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:31.167575: | flags: none (0x0) Sep 21 07:25:31.167578: | length: 8 (0x8) Sep 21 07:25:31.167580: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:31.167582: | SPI size: 0 (0x0) Sep 21 07:25:31.167585: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:31.167587: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:25:31.167589: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:31.167591: | ***parse IKEv2 Notify Payload: Sep 21 07:25:31.167594: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:31.167596: | flags: none (0x0) Sep 21 07:25:31.167599: | length: 28 (0x1c) Sep 21 07:25:31.167601: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:31.167603: | SPI size: 0 (0x0) Sep 21 07:25:31.167606: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:31.167608: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:25:31.167611: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:31.167613: | ***parse IKEv2 Notify Payload: Sep 21 07:25:31.167616: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) Sep 21 07:25:31.167618: | flags: none (0x0) Sep 21 07:25:31.167620: | length: 28 (0x1c) Sep 21 07:25:31.167622: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:31.167624: | SPI size: 0 (0x0) Sep 21 07:25:31.167626: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:31.167629: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:25:31.167631: | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) Sep 21 07:25:31.167633: | ***parse IKEv2 Certificate Request Payload: Sep 21 07:25:31.167636: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:31.167638: | flags: none (0x0) Sep 21 07:25:31.167640: | length: 5 (0x5) Sep 21 07:25:31.167642: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:25:31.167644: | processing payload: ISAKMP_NEXT_v2CERTREQ (len=0) Sep 21 07:25:31.167646: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Sep 21 07:25:31.167651: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:25:31.167654: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:25:31.167657: | Now let's proceed with state specific processing Sep 21 07:25:31.167659: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:25:31.167663: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Sep 21 07:25:31.167680: | using existing local IKE proposals for connection road-eastnet (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:31.167684: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Sep 21 07:25:31.167688: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:31.167690: | local proposal 1 type PRF has 2 transforms Sep 21 07:25:31.167693: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:31.167697: | local proposal 1 type DH has 8 transforms Sep 21 07:25:31.167700: | local proposal 1 type ESN has 0 transforms Sep 21 07:25:31.167703: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:25:31.167706: | local proposal 2 type ENCR has 1 transforms Sep 21 07:25:31.167708: | local proposal 2 type PRF has 2 transforms Sep 21 07:25:31.167711: | local proposal 2 type INTEG has 1 transforms Sep 21 07:25:31.167713: | local proposal 2 type DH has 8 transforms Sep 21 07:25:31.167716: | local proposal 2 type ESN has 0 transforms Sep 21 07:25:31.167719: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:25:31.167721: | local proposal 3 type ENCR has 1 transforms Sep 21 07:25:31.167723: | local proposal 3 type PRF has 2 transforms Sep 21 07:25:31.167725: | local proposal 3 type INTEG has 2 transforms Sep 21 07:25:31.167728: | local proposal 3 type DH has 8 transforms Sep 21 07:25:31.167730: | local proposal 3 type ESN has 0 transforms Sep 21 07:25:31.167733: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:25:31.167736: | local proposal 4 type ENCR has 1 transforms Sep 21 07:25:31.167738: | local proposal 4 type PRF has 2 transforms Sep 21 07:25:31.167740: | local proposal 4 type INTEG has 2 transforms Sep 21 07:25:31.167743: | local proposal 4 type DH has 8 transforms Sep 21 07:25:31.167745: | local proposal 4 type ESN has 0 transforms Sep 21 07:25:31.167748: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:25:31.167751: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:31.167754: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:31.167757: | length: 36 (0x24) Sep 21 07:25:31.167759: | prop #: 1 (0x1) Sep 21 07:25:31.167762: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:31.167764: | spi size: 0 (0x0) Sep 21 07:25:31.167767: | # transforms: 3 (0x3) Sep 21 07:25:31.167770: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:25:31.167772: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:31.167773: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.167775: | length: 12 (0xc) Sep 21 07:25:31.167776: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:31.167778: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:31.167780: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:31.167781: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:31.167791: | length/value: 256 (0x100) Sep 21 07:25:31.167796: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:31.167798: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:31.167800: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.167801: | length: 8 (0x8) Sep 21 07:25:31.167803: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:31.167804: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:31.167806: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:25:31.167808: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:31.167809: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:31.167811: | length: 8 (0x8) Sep 21 07:25:31.167812: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:31.167814: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:31.167816: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:25:31.167818: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:25:31.167821: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:25:31.167823: | remote proposal 1 matches local proposal 1 Sep 21 07:25:31.167825: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Sep 21 07:25:31.167828: | converting proposal to internal trans attrs Sep 21 07:25:31.167841: | natd_hash: hasher=0x55b3832a57a0(20) Sep 21 07:25:31.167843: | natd_hash: icookie= ad 38 26 92 37 aa 4e 25 Sep 21 07:25:31.167844: | natd_hash: rcookie= aa c2 01 74 c3 00 a6 5c Sep 21 07:25:31.167845: | natd_hash: ip= c0 01 03 d1 Sep 21 07:25:31.167847: | natd_hash: port= 01 f4 Sep 21 07:25:31.167848: | natd_hash: hash= 62 c0 ea b6 0f 26 ab 68 4f 2e 94 e9 d8 d2 2c b1 Sep 21 07:25:31.167850: | natd_hash: hash= 56 a1 cb 34 Sep 21 07:25:31.167853: | natd_hash: hasher=0x55b3832a57a0(20) Sep 21 07:25:31.167855: | natd_hash: icookie= ad 38 26 92 37 aa 4e 25 Sep 21 07:25:31.167856: | natd_hash: rcookie= aa c2 01 74 c3 00 a6 5c Sep 21 07:25:31.167858: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:31.167859: | natd_hash: port= 01 f4 Sep 21 07:25:31.167861: | natd_hash: hash= 8b fc 7d bf 92 4b 22 be 6f 78 15 42 4b 78 32 13 Sep 21 07:25:31.167862: | natd_hash: hash= 9c f3 75 b5 Sep 21 07:25:31.167864: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:25:31.167865: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:25:31.167866: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:25:31.167868: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:25:31.167873: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:25:31.167876: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Sep 21 07:25:31.167877: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:25:31.167879: | #1 STATE_PARENT_I1: retransmits: cleared Sep 21 07:25:31.167882: | libevent_free: release ptr-libevent@0x55b383da41f0 Sep 21 07:25:31.167884: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55b383da41b0 Sep 21 07:25:31.167886: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55b383da41b0 Sep 21 07:25:31.167888: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:25:31.167890: | libevent_malloc: new ptr-libevent@0x55b383da41f0 size 128 Sep 21 07:25:31.167899: | #1 spent 0.228 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Sep 21 07:25:31.167902: | [RE]START processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:31.167905: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Sep 21 07:25:31.167906: | suspending state #1 and saving MD Sep 21 07:25:31.167911: | #1 is busy; has a suspended MD Sep 21 07:25:31.167916: | [RE]START processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:31.167905: | crypto helper 3 resuming Sep 21 07:25:31.167919: | "road-eastnet" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:31.167932: | crypto helper 3 starting work-order 2 for state #1 Sep 21 07:25:31.167944: | stop processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:31.167946: | crypto helper 3 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Sep 21 07:25:31.167952: | #1 spent 0.558 milliseconds in ikev2_process_packet() Sep 21 07:25:31.167956: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:31.167960: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:31.167962: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:31.167966: | spent 0.574 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:31.169196: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:25:31.169648: | crypto helper 3 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001701 seconds Sep 21 07:25:31.169660: | (#1) spent 1.37 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Sep 21 07:25:31.169665: | crypto helper 3 sending results from work-order 2 for state #1 to event queue Sep 21 07:25:31.169672: | scheduling resume sending helper answer for #1 Sep 21 07:25:31.169676: | libevent_malloc: new ptr-libevent@0x7f4ef4006b90 size 128 Sep 21 07:25:31.169688: | crypto helper 3 waiting (nothing to do) Sep 21 07:25:31.169697: | processing resume sending helper answer for #1 Sep 21 07:25:31.169709: | start processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:31.169713: | crypto helper 3 replies to request ID 2 Sep 21 07:25:31.169716: | calling continuation function 0x55b3831cf630 Sep 21 07:25:31.169719: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Sep 21 07:25:31.169728: | creating state object #2 at 0x55b383da6a50 Sep 21 07:25:31.169731: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:25:31.169735: | pstats #2 ikev2.child started Sep 21 07:25:31.169739: | duplicating state object #1 "road-eastnet" as #2 for IPSEC SA Sep 21 07:25:31.169743: | #2 setting local endpoint to 192.1.3.209:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:25:31.169750: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:31.169755: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Sep 21 07:25:31.169759: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Sep 21 07:25:31.169763: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:31.169766: | libevent_free: release ptr-libevent@0x55b383da41f0 Sep 21 07:25:31.169769: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55b383da41b0 Sep 21 07:25:31.169772: | event_schedule: new EVENT_SA_REPLACE-pe@0x55b383da41b0 Sep 21 07:25:31.169776: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Sep 21 07:25:31.169779: | libevent_malloc: new ptr-libevent@0x55b383da41f0 size 128 Sep 21 07:25:31.169786: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Sep 21 07:25:31.169796: | **emit ISAKMP Message: Sep 21 07:25:31.169799: | initiator cookie: Sep 21 07:25:31.169801: | ad 38 26 92 37 aa 4e 25 Sep 21 07:25:31.169803: | responder cookie: Sep 21 07:25:31.169805: | aa c2 01 74 c3 00 a6 5c Sep 21 07:25:31.169808: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:31.169810: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:31.169813: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:31.169815: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:31.169818: | Message ID: 1 (0x1) Sep 21 07:25:31.169821: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:31.169824: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:31.169826: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:31.169828: | flags: none (0x0) Sep 21 07:25:31.169831: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:31.169834: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:25:31.169837: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:31.169847: | IKEv2 CERT: send a certificate? Sep 21 07:25:31.169850: | IKEv2 CERT: no certificate to send Sep 21 07:25:31.169852: | IDr payload will be sent Sep 21 07:25:31.169871: | ****emit IKEv2 Identification - Initiator - Payload: Sep 21 07:25:31.169875: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:31.169877: | flags: none (0x0) Sep 21 07:25:31.169879: | ID type: ID_FQDN (0x2) Sep 21 07:25:31.169883: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Sep 21 07:25:31.169888: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:31.169891: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Sep 21 07:25:31.169894: | my identity 72 6f 61 64 Sep 21 07:25:31.169896: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Sep 21 07:25:31.169906: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:25:31.169908: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:25:31.169911: | flags: none (0x0) Sep 21 07:25:31.169914: | ID type: ID_FQDN (0x2) Sep 21 07:25:31.169917: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Sep 21 07:25:31.169920: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:25:31.169923: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:31.169926: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Sep 21 07:25:31.169929: | IDr 65 61 73 74 Sep 21 07:25:31.169931: | emitting length of IKEv2 Identification - Responder - Payload: 12 Sep 21 07:25:31.169934: | not sending INITIAL_CONTACT Sep 21 07:25:31.169937: | ****emit IKEv2 Authentication Payload: Sep 21 07:25:31.169939: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:31.169941: | flags: none (0x0) Sep 21 07:25:31.169944: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:25:31.169947: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:25:31.169950: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:25:31.169956: | started looking for secret for @road->@east of kind PKK_RSA Sep 21 07:25:31.169959: | actually looking for secret for @road->@east of kind PKK_RSA Sep 21 07:25:31.169962: | line 1: key type PKK_RSA(@road) to type PKK_RSA Sep 21 07:25:31.169966: | 1: compared key (none) to @road / @east -> 002 Sep 21 07:25:31.169969: | 2: compared key (none) to @road / @east -> 002 Sep 21 07:25:31.169971: | line 1: match=002 Sep 21 07:25:31.169974: | match 002 beats previous best_match 000 match=0x55b383d95030 (line=1) Sep 21 07:25:31.169977: | concluding with best_match=002 best=0x55b383d95030 (lineno=1) Sep 21 07:25:31.180039: | #1 spent 9.98 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Sep 21 07:25:31.180058: | emitting 388 raw bytes of rsa signature into IKEv2 Authentication Payload Sep 21 07:25:31.180061: | rsa signature bb 09 35 e2 41 de ea 11 b8 37 51 e7 1e 29 2f 06 Sep 21 07:25:31.180064: | rsa signature ac 90 53 29 1b a7 05 83 9b 89 05 7b e0 8b ae c3 Sep 21 07:25:31.180066: | rsa signature 63 96 bb 79 ee 89 2a cb f6 1f e1 64 28 9e 30 1c Sep 21 07:25:31.180069: | rsa signature 8d b9 66 c8 96 8c bc f1 f6 ed de b5 30 e9 2f 5e Sep 21 07:25:31.180071: | rsa signature 36 17 5c 46 cc 80 7d 76 fe b0 6c b4 a1 00 4b 5a Sep 21 07:25:31.180073: | rsa signature 0a aa ef 57 f8 3e 98 66 54 1f be 72 76 97 81 65 Sep 21 07:25:31.180076: | rsa signature 79 8e 90 14 68 27 b0 24 fb 6f 7f ee de b3 8c ac Sep 21 07:25:31.180078: | rsa signature 01 74 79 12 72 7b 68 3d e5 55 97 38 23 69 98 2f Sep 21 07:25:31.180080: | rsa signature 85 e1 2a c3 e2 7a 37 ec ef bd d5 12 e4 51 b4 9f Sep 21 07:25:31.180083: | rsa signature c5 d4 8c 37 d0 48 04 f5 70 2e 9b b7 fd 80 d9 d9 Sep 21 07:25:31.180085: | rsa signature df 48 39 91 0a 6c e7 7a cd e1 c0 a1 f7 b4 19 9e Sep 21 07:25:31.180087: | rsa signature e7 e2 bf 1d 2d 42 b0 a1 7c ab 3e a6 20 5c 8e 49 Sep 21 07:25:31.180090: | rsa signature 53 0c cd 49 32 be 56 bb 71 28 97 43 c2 18 f8 94 Sep 21 07:25:31.180100: | rsa signature 93 f2 be c4 df 91 54 3b 22 8f 6c f5 60 58 a6 a1 Sep 21 07:25:31.180102: | rsa signature ab 72 94 a1 0e 7c af d6 5c 4d 52 a0 67 b6 85 60 Sep 21 07:25:31.180105: | rsa signature 0b 13 18 ce 30 60 03 21 de 56 2c c3 42 79 9f 85 Sep 21 07:25:31.180107: | rsa signature a8 52 d0 00 55 4b ca 33 85 38 3b aa ae 6a cf 6b Sep 21 07:25:31.180109: | rsa signature 28 65 b5 f8 ff 47 57 12 ef 9e 18 47 1e dc 74 dd Sep 21 07:25:31.180112: | rsa signature d7 00 7e ca cf 89 56 28 52 5f 80 91 32 e1 4b 13 Sep 21 07:25:31.180114: | rsa signature 36 bf 91 5b 7e 1a 30 0b 70 d4 3e b2 51 54 dd 63 Sep 21 07:25:31.180116: | rsa signature 68 78 de 61 a8 f7 1c d0 88 93 98 e7 79 5f 9b 1e Sep 21 07:25:31.180119: | rsa signature aa 36 1c ae 60 ff 4a 06 49 2c e6 0d 16 4a a5 ce Sep 21 07:25:31.180121: | rsa signature cc 69 f1 94 23 17 e2 02 2a 5f 35 bd fb 12 3a fd Sep 21 07:25:31.180123: | rsa signature 83 c4 f5 cb 6a d1 1c 33 28 d7 6e d0 de 7c aa 3d Sep 21 07:25:31.180125: | rsa signature bf 1f db cf Sep 21 07:25:31.180130: | #1 spent 10.1 milliseconds in ikev2_calculate_rsa_hash() Sep 21 07:25:31.180133: | emitting length of IKEv2 Authentication Payload: 396 Sep 21 07:25:31.180136: | getting first pending from state #1 Sep 21 07:25:31.180159: | netlink_get_spi: allocated 0x7aa9eaf5 for esp.0@192.1.3.209 Sep 21 07:25:31.180163: | constructing ESP/AH proposals with all DH removed for road-eastnet (IKE SA initiator emitting ESP/AH proposals) Sep 21 07:25:31.180168: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:25:31.180174: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:25:31.180177: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:25:31.180181: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:25:31.180184: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:31.180189: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:31.180191: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:31.180195: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:31.180204: "road-eastnet": constructed local ESP/AH proposals for road-eastnet (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:31.180215: | Emitting ikev2_proposals ... Sep 21 07:25:31.180218: | ****emit IKEv2 Security Association Payload: Sep 21 07:25:31.180222: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:31.180225: | flags: none (0x0) Sep 21 07:25:31.180229: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:31.180231: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:31.180234: | discarding INTEG=NONE Sep 21 07:25:31.180237: | discarding DH=NONE Sep 21 07:25:31.180239: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:31.180242: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:31.180244: | prop #: 1 (0x1) Sep 21 07:25:31.180247: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:31.180249: | spi size: 4 (0x4) Sep 21 07:25:31.180251: | # transforms: 2 (0x2) Sep 21 07:25:31.180254: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:31.180257: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:31.180260: | our spi 7a a9 ea f5 Sep 21 07:25:31.180264: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.180267: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.180269: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:31.180272: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:31.180275: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.180278: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:31.180280: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:31.180283: | length/value: 256 (0x100) Sep 21 07:25:31.180286: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:31.180288: | discarding INTEG=NONE Sep 21 07:25:31.180290: | discarding DH=NONE Sep 21 07:25:31.180292: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.180295: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:31.180297: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:31.180300: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:31.180303: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.180306: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.180308: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.180311: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:25:31.180313: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:31.180316: | discarding INTEG=NONE Sep 21 07:25:31.180318: | discarding DH=NONE Sep 21 07:25:31.180320: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:31.180323: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:31.180325: | prop #: 2 (0x2) Sep 21 07:25:31.180327: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:31.180330: | spi size: 4 (0x4) Sep 21 07:25:31.180332: | # transforms: 2 (0x2) Sep 21 07:25:31.180335: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:31.180338: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:31.180341: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:31.180343: | our spi 7a a9 ea f5 Sep 21 07:25:31.180345: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.180348: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.180350: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:31.180352: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:31.180355: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.180358: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:31.180360: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:31.180362: | length/value: 128 (0x80) Sep 21 07:25:31.180365: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:31.180367: | discarding INTEG=NONE Sep 21 07:25:31.180369: | discarding DH=NONE Sep 21 07:25:31.180372: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.180374: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:31.180376: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:31.180379: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:31.180382: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.180385: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.180388: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.180391: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:25:31.180394: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:31.180396: | discarding DH=NONE Sep 21 07:25:31.180398: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:31.180401: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:31.180403: | prop #: 3 (0x3) Sep 21 07:25:31.180405: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:31.180408: | spi size: 4 (0x4) Sep 21 07:25:31.180410: | # transforms: 4 (0x4) Sep 21 07:25:31.180413: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:31.180416: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:31.180418: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:31.180421: | our spi 7a a9 ea f5 Sep 21 07:25:31.180423: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.180425: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.180428: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:31.180430: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:31.180433: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.180435: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:31.180438: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:31.180440: | length/value: 256 (0x100) Sep 21 07:25:31.180442: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:31.180445: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.180447: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.180450: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:31.180452: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:31.180455: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.180458: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.180461: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.180463: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.180466: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.180468: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:31.180471: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:31.180474: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.180476: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.180479: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.180481: | discarding DH=NONE Sep 21 07:25:31.180483: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.180486: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:31.180488: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:31.180491: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:31.180493: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.180496: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.180499: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.180502: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:25:31.180505: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:31.180507: | discarding DH=NONE Sep 21 07:25:31.180510: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:31.180512: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:31.180514: | prop #: 4 (0x4) Sep 21 07:25:31.180517: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:31.180519: | spi size: 4 (0x4) Sep 21 07:25:31.180521: | # transforms: 4 (0x4) Sep 21 07:25:31.180524: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:31.180527: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:31.180530: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:31.180532: | our spi 7a a9 ea f5 Sep 21 07:25:31.180534: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.180537: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.180539: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:31.180541: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:31.180544: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.180547: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:31.180549: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:31.180551: | length/value: 128 (0x80) Sep 21 07:25:31.180554: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:31.180556: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.180559: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.180561: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:31.180564: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:31.180566: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.180569: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.180572: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.180574: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.180576: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.180579: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:31.180581: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:31.180584: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.180587: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.180589: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.180592: | discarding DH=NONE Sep 21 07:25:31.180594: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:31.180596: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:31.180599: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:31.180601: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:31.180604: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.180607: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:31.180609: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:31.180612: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:25:31.180616: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:31.180618: | emitting length of IKEv2 Security Association Payload: 164 Sep 21 07:25:31.180621: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:31.180624: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:31.180627: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:31.180630: | flags: none (0x0) Sep 21 07:25:31.180632: | number of TS: 1 (0x1) Sep 21 07:25:31.180635: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:25:31.180638: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:31.180641: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:31.180643: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:31.180645: | IP Protocol ID: 0 (0x0) Sep 21 07:25:31.180648: | start port: 0 (0x0) Sep 21 07:25:31.180650: | end port: 65535 (0xffff) Sep 21 07:25:31.180653: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:31.180656: | IP start c0 01 03 d1 Sep 21 07:25:31.180658: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:31.180660: | IP end c0 01 03 d1 Sep 21 07:25:31.180663: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:31.180665: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:25:31.180668: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:31.180670: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:31.180672: | flags: none (0x0) Sep 21 07:25:31.180675: | number of TS: 1 (0x1) Sep 21 07:25:31.180678: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:25:31.180680: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:31.180683: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:31.180685: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:31.180688: | IP Protocol ID: 0 (0x0) Sep 21 07:25:31.180690: | start port: 0 (0x0) Sep 21 07:25:31.180692: | end port: 65535 (0xffff) Sep 21 07:25:31.180695: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:31.180697: | IP start c0 00 02 00 Sep 21 07:25:31.180699: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:31.180702: | IP end c0 00 02 ff Sep 21 07:25:31.180704: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:31.180706: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:25:31.180709: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:25:31.180712: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:25:31.180715: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:31.180718: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:31.180721: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:31.180723: | emitting length of IKEv2 Encryption Payload: 661 Sep 21 07:25:31.180726: | emitting length of ISAKMP Message: 689 Sep 21 07:25:31.180730: | **parse ISAKMP Message: Sep 21 07:25:31.180732: | initiator cookie: Sep 21 07:25:31.180734: | ad 38 26 92 37 aa 4e 25 Sep 21 07:25:31.180737: | responder cookie: Sep 21 07:25:31.180739: | aa c2 01 74 c3 00 a6 5c Sep 21 07:25:31.180741: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:31.180744: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:31.180748: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:31.180750: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:31.180753: | Message ID: 1 (0x1) Sep 21 07:25:31.180755: | length: 689 (0x2b1) Sep 21 07:25:31.180758: | **parse IKEv2 Encryption Payload: Sep 21 07:25:31.180760: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:25:31.180762: | flags: none (0x0) Sep 21 07:25:31.180765: | length: 661 (0x295) Sep 21 07:25:31.180767: | **emit ISAKMP Message: Sep 21 07:25:31.180769: | initiator cookie: Sep 21 07:25:31.180772: | ad 38 26 92 37 aa 4e 25 Sep 21 07:25:31.180774: | responder cookie: Sep 21 07:25:31.180776: | aa c2 01 74 c3 00 a6 5c Sep 21 07:25:31.180778: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:31.180781: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:31.180788: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:31.180792: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:31.180794: | Message ID: 1 (0x1) Sep 21 07:25:31.180797: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:31.180800: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:25:31.180802: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:25:31.180805: | flags: none (0x0) Sep 21 07:25:31.180807: | fragment number: 1 (0x1) Sep 21 07:25:31.180809: | total fragments: 2 (0x2) Sep 21 07:25:31.180812: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi Sep 21 07:25:31.180816: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:25:31.180818: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:25:31.180821: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:25:31.180829: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:25:31.180832: | cleartext fragment 24 00 00 0c 02 00 00 00 72 6f 61 64 27 00 00 0c Sep 21 07:25:31.180834: | cleartext fragment 02 00 00 00 65 61 73 74 21 00 01 8c 01 00 00 00 Sep 21 07:25:31.180836: | cleartext fragment bb 09 35 e2 41 de ea 11 b8 37 51 e7 1e 29 2f 06 Sep 21 07:25:31.180839: | cleartext fragment ac 90 53 29 1b a7 05 83 9b 89 05 7b e0 8b ae c3 Sep 21 07:25:31.180841: | cleartext fragment 63 96 bb 79 ee 89 2a cb f6 1f e1 64 28 9e 30 1c Sep 21 07:25:31.180843: | cleartext fragment 8d b9 66 c8 96 8c bc f1 f6 ed de b5 30 e9 2f 5e Sep 21 07:25:31.180846: | cleartext fragment 36 17 5c 46 cc 80 7d 76 fe b0 6c b4 a1 00 4b 5a Sep 21 07:25:31.180848: | cleartext fragment 0a aa ef 57 f8 3e 98 66 54 1f be 72 76 97 81 65 Sep 21 07:25:31.180851: | cleartext fragment 79 8e 90 14 68 27 b0 24 fb 6f 7f ee de b3 8c ac Sep 21 07:25:31.180853: | cleartext fragment 01 74 79 12 72 7b 68 3d e5 55 97 38 23 69 98 2f Sep 21 07:25:31.180855: | cleartext fragment 85 e1 2a c3 e2 7a 37 ec ef bd d5 12 e4 51 b4 9f Sep 21 07:25:31.180858: | cleartext fragment c5 d4 8c 37 d0 48 04 f5 70 2e 9b b7 fd 80 d9 d9 Sep 21 07:25:31.180860: | cleartext fragment df 48 39 91 0a 6c e7 7a cd e1 c0 a1 f7 b4 19 9e Sep 21 07:25:31.180862: | cleartext fragment e7 e2 bf 1d 2d 42 b0 a1 7c ab 3e a6 20 5c 8e 49 Sep 21 07:25:31.180864: | cleartext fragment 53 0c cd 49 32 be 56 bb 71 28 97 43 c2 18 f8 94 Sep 21 07:25:31.180867: | cleartext fragment 93 f2 be c4 df 91 54 3b 22 8f 6c f5 60 58 a6 a1 Sep 21 07:25:31.180869: | cleartext fragment ab 72 94 a1 0e 7c af d6 5c 4d 52 a0 67 b6 85 60 Sep 21 07:25:31.180871: | cleartext fragment 0b 13 18 ce 30 60 03 21 de 56 2c c3 42 79 9f 85 Sep 21 07:25:31.180874: | cleartext fragment a8 52 d0 00 55 4b ca 33 85 38 3b aa ae 6a cf 6b Sep 21 07:25:31.180876: | cleartext fragment 28 65 b5 f8 ff 47 57 12 ef 9e 18 47 1e dc 74 dd Sep 21 07:25:31.180878: | cleartext fragment d7 00 7e ca cf 89 56 28 52 5f 80 91 32 e1 4b 13 Sep 21 07:25:31.180882: | cleartext fragment 36 bf 91 5b 7e 1a 30 0b 70 d4 3e b2 51 54 dd 63 Sep 21 07:25:31.180885: | cleartext fragment 68 78 de 61 a8 f7 1c d0 88 93 98 e7 79 5f 9b 1e Sep 21 07:25:31.180887: | cleartext fragment aa 36 1c ae 60 ff 4a 06 49 2c e6 0d 16 4a a5 ce Sep 21 07:25:31.180889: | cleartext fragment cc 69 f1 94 23 17 e2 02 2a 5f 35 bd fb 12 3a fd Sep 21 07:25:31.180891: | cleartext fragment 83 c4 f5 cb 6a d1 1c 33 28 d7 6e d0 de 7c aa 3d Sep 21 07:25:31.180894: | cleartext fragment bf 1f db cf 2c 00 00 a4 02 00 00 20 01 03 04 02 Sep 21 07:25:31.180896: | cleartext fragment 7a a9 ea f5 03 00 00 0c 01 00 00 14 80 0e 01 00 Sep 21 07:25:31.180898: | cleartext fragment 00 00 00 08 05 00 00 00 02 00 00 20 02 03 04 02 Sep 21 07:25:31.180901: | cleartext fragment 7a a9 ea f5 03 00 00 0c 01 00 00 14 80 0e Sep 21 07:25:31.180903: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:31.180906: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:25:31.180909: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:25:31.180911: | emitting length of IKEv2 Encrypted Fragment: 511 Sep 21 07:25:31.180914: | emitting length of ISAKMP Message: 539 Sep 21 07:25:31.180928: | **emit ISAKMP Message: Sep 21 07:25:31.180931: | initiator cookie: Sep 21 07:25:31.180933: | ad 38 26 92 37 aa 4e 25 Sep 21 07:25:31.180935: | responder cookie: Sep 21 07:25:31.180937: | aa c2 01 74 c3 00 a6 5c Sep 21 07:25:31.180940: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:31.180942: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:31.180945: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:31.180947: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:31.180950: | Message ID: 1 (0x1) Sep 21 07:25:31.180952: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:31.180955: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:25:31.180957: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:31.180959: | flags: none (0x0) Sep 21 07:25:31.180962: | fragment number: 2 (0x2) Sep 21 07:25:31.180964: | total fragments: 2 (0x2) Sep 21 07:25:31.180967: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Sep 21 07:25:31.180970: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:25:31.180973: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:25:31.180975: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:25:31.180978: | emitting 154 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:25:31.180981: | cleartext fragment 00 80 00 00 00 08 05 00 00 00 02 00 00 30 03 03 Sep 21 07:25:31.180983: | cleartext fragment 04 04 7a a9 ea f5 03 00 00 0c 01 00 00 0c 80 0e Sep 21 07:25:31.180986: | cleartext fragment 01 00 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 Sep 21 07:25:31.180988: | cleartext fragment 00 0c 00 00 00 08 05 00 00 00 00 00 00 30 04 03 Sep 21 07:25:31.180990: | cleartext fragment 04 04 7a a9 ea f5 03 00 00 0c 01 00 00 0c 80 0e Sep 21 07:25:31.180992: | cleartext fragment 00 80 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 Sep 21 07:25:31.180995: | cleartext fragment 00 0c 00 00 00 08 05 00 00 00 2d 00 00 18 01 00 Sep 21 07:25:31.180997: | cleartext fragment 00 00 07 00 00 10 00 00 ff ff c0 01 03 d1 c0 01 Sep 21 07:25:31.181000: | cleartext fragment 03 d1 00 00 00 18 01 00 00 00 07 00 00 10 00 00 Sep 21 07:25:31.181002: | cleartext fragment ff ff c0 00 02 00 c0 00 02 ff Sep 21 07:25:31.181004: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:31.181007: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:25:31.181011: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:25:31.181013: | emitting length of IKEv2 Encrypted Fragment: 187 Sep 21 07:25:31.181016: | emitting length of ISAKMP Message: 215 Sep 21 07:25:31.181026: | suspend processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:31.181031: | start processing: state #2 connection "road-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:31.181036: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Sep 21 07:25:31.181039: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Sep 21 07:25:31.181042: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Sep 21 07:25:31.181045: | Message ID: updating counters for #2 to 0 after switching state Sep 21 07:25:31.181051: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Sep 21 07:25:31.181056: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Sep 21 07:25:31.181061: "road-eastnet" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:25:31.181070: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.209:500) Sep 21 07:25:31.181073: | sending fragments ... Sep 21 07:25:31.181079: | sending 539 bytes for STATE_PARENT_I1 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:31.181081: | ad 38 26 92 37 aa 4e 25 aa c2 01 74 c3 00 a6 5c Sep 21 07:25:31.181083: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Sep 21 07:25:31.181086: | 00 01 00 02 65 ff c7 fd 8d c7 f7 22 d3 ac 52 d1 Sep 21 07:25:31.181088: | 22 75 35 fc a9 ce 48 d2 0a 1e 2a 34 28 35 4c b2 Sep 21 07:25:31.181090: | 15 4a f9 c2 45 5d 92 99 30 61 82 0b ba 9c 3d 31 Sep 21 07:25:31.181092: | 17 64 e5 da d5 ac 83 14 ca 60 7e 26 2a 79 57 9b Sep 21 07:25:31.181095: | 16 ec e2 92 29 f7 c9 18 4f e9 8f 1e af f0 73 78 Sep 21 07:25:31.181097: | d3 e2 45 80 02 48 58 f9 ad 36 24 db a5 9e 22 67 Sep 21 07:25:31.181099: | 0b 48 e6 ce 8c 25 68 87 e6 e5 26 43 43 51 eb 9a Sep 21 07:25:31.181102: | 56 23 e0 d4 51 45 2a a6 6c 57 c0 98 69 da 37 7b Sep 21 07:25:31.181104: | 1a 5e 7a f0 f0 2c a1 ea 6f 7e 61 fc b9 0c 9a b8 Sep 21 07:25:31.181106: | a6 18 85 e2 0b 57 82 d3 e1 3d b7 1b c0 ab 6e 7a Sep 21 07:25:31.181108: | 07 be cc 85 31 d6 46 75 fc 8b 17 07 96 d1 5e bf Sep 21 07:25:31.181111: | e0 1a 47 18 56 82 cc 7a c3 0f d7 d0 d8 b9 20 fd Sep 21 07:25:31.181113: | 2e d0 5e 61 55 4a 95 6b f3 04 83 30 11 98 b8 0f Sep 21 07:25:31.181115: | 55 d6 fd 54 40 ef 17 ec 4b 7a 22 fa e9 5e d7 84 Sep 21 07:25:31.181117: | 4c 8d 16 2a 88 f9 61 00 6c 35 13 b6 67 7b e8 98 Sep 21 07:25:31.181119: | bb b3 3a 26 dc 9e b9 28 b3 e6 41 ba 4f 74 80 28 Sep 21 07:25:31.181122: | ed 86 08 31 35 9a 27 17 66 4d 74 91 44 83 bb 6c Sep 21 07:25:31.181124: | 9d 5e 4b 46 63 de 0a a4 79 57 da 77 9d 03 37 34 Sep 21 07:25:31.181126: | 80 cb b9 e6 a5 42 93 f1 6e 4f 66 40 bb c1 0b 0b Sep 21 07:25:31.181128: | e4 88 1f 72 e7 e3 26 71 5d 7d 54 ac 03 8a a2 dd Sep 21 07:25:31.181131: | be ae d3 b7 1a 68 7d ec 3f 94 52 49 32 4f 4a c0 Sep 21 07:25:31.181133: | f3 44 93 ca 53 42 d8 80 90 55 e4 d8 e4 9f 2a d4 Sep 21 07:25:31.181135: | d9 96 e8 9a d9 2a 6b 3f 8f f2 0e 77 41 45 54 51 Sep 21 07:25:31.181137: | a7 ed a3 d2 b8 3f 7a 02 d5 1d 6b 68 86 0d fe c3 Sep 21 07:25:31.181140: | 5f 3b 06 a4 45 38 cf f8 aa 90 cd 11 01 23 a2 96 Sep 21 07:25:31.181142: | f9 d8 f7 a1 5a 4d 1c c5 d3 5b 06 82 e1 0c 42 7f Sep 21 07:25:31.181144: | 07 bb 83 be 1b bb 2f 41 4c 7c 21 50 18 d7 5c b3 Sep 21 07:25:31.181146: | 4a 69 a2 8b a8 c9 06 82 23 63 5c f2 fa 6f a0 31 Sep 21 07:25:31.181150: | 65 d2 cd 68 52 c9 1e ca e7 7b 78 e2 eb 68 56 19 Sep 21 07:25:31.181153: | fc 77 da dc 06 6d 9b c6 2c 15 c8 68 c5 54 5b 7e Sep 21 07:25:31.181155: | 67 3f 7e e4 09 bd 79 1d 94 0c 4e b1 64 06 02 3d Sep 21 07:25:31.181157: | 53 eb b0 50 1d d7 51 a6 e3 1e f0 Sep 21 07:25:31.181210: | sending 215 bytes for STATE_PARENT_I1 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:31.181214: | ad 38 26 92 37 aa 4e 25 aa c2 01 74 c3 00 a6 5c Sep 21 07:25:31.181216: | 35 20 23 08 00 00 00 01 00 00 00 d7 00 00 00 bb Sep 21 07:25:31.181218: | 00 02 00 02 43 c8 05 e0 18 24 92 69 e0 b4 1d cb Sep 21 07:25:31.181220: | 91 26 49 4f 6b e8 3b 1e 5f 69 15 cc 79 2a 4a 37 Sep 21 07:25:31.181223: | fd 15 4f 84 8d 24 66 e3 13 a9 ef 9f d5 b3 aa 6a Sep 21 07:25:31.181225: | 33 80 83 72 38 dd 01 84 85 d4 f1 8c f1 83 f5 96 Sep 21 07:25:31.181227: | 80 d3 81 81 4a fd ca 6a af 8d 5a 0d 50 e9 a6 10 Sep 21 07:25:31.181229: | c7 54 49 b2 a3 f3 1c 90 c0 76 e8 bc 7c 54 30 97 Sep 21 07:25:31.181232: | 0b 94 2f c1 50 74 70 dc 3c 8b c4 ec 7e 2a 0a 90 Sep 21 07:25:31.181234: | 96 8d 54 2c e5 85 06 83 af 26 ee 73 c9 c7 45 53 Sep 21 07:25:31.181236: | 59 54 b9 6d 44 3b 7f 49 c9 5b d4 85 08 3f fd d3 Sep 21 07:25:31.181238: | e5 5a fe e0 32 b4 c4 fb 2e b2 77 57 b9 10 95 86 Sep 21 07:25:31.181241: | 17 ae c3 45 78 1b 34 8e c6 ee 5f c6 6c c0 23 70 Sep 21 07:25:31.181243: | 16 95 fa 0b cc 58 87 Sep 21 07:25:31.181256: | sent 2 fragments Sep 21 07:25:31.181259: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=25000ms Sep 21 07:25:31.181263: | event_schedule: new EVENT_RETRANSMIT-pe@0x55b383da8760 Sep 21 07:25:31.181267: | inserting event EVENT_RETRANSMIT, timeout in 25 seconds for #2 Sep 21 07:25:31.181271: | libevent_malloc: new ptr-libevent@0x7f4efc006900 size 128 Sep 21 07:25:31.181276: | #2 STATE_PARENT_I2: retransmits: first event in 25 seconds; timeout in 107 seconds; limit of 12 retransmits; current time is 49377.549527 Sep 21 07:25:31.181280: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:25:31.181285: | #1 spent 1.12 milliseconds Sep 21 07:25:31.181289: | #1 spent 11.5 milliseconds in resume sending helper answer Sep 21 07:25:31.181294: | stop processing: state #2 connection "road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:31.181298: | libevent_free: release ptr-libevent@0x7f4ef4006b90 Sep 21 07:25:31.243386: | spent 0.00287 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:31.243408: | *received 435 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) Sep 21 07:25:31.243412: | ad 38 26 92 37 aa 4e 25 aa c2 01 74 c3 00 a6 5c Sep 21 07:25:31.243414: | 2e 20 23 20 00 00 00 01 00 00 01 b3 24 00 01 97 Sep 21 07:25:31.243417: | ec 05 72 8c 2a 65 85 d1 37 24 1d a1 ab 21 d0 25 Sep 21 07:25:31.243419: | 40 2f cf 60 8e 1a 9b 11 31 22 07 c2 8e 7a 00 c0 Sep 21 07:25:31.243421: | 19 a5 bf 96 2c da be 7f dc 2c e3 2f 2c 97 6e 1d Sep 21 07:25:31.243424: | 80 dc 22 2e 88 ad 98 a1 fc 1a 21 a2 ef 8d b0 d4 Sep 21 07:25:31.243426: | e6 42 ec 9e 4a 5f e9 b0 5f 1b 59 81 b5 51 50 2a Sep 21 07:25:31.243428: | 01 ca ca db a1 a3 ac 6f f5 9c f2 04 72 40 a9 8d Sep 21 07:25:31.243431: | 70 0d 73 3d 3f f5 41 37 08 56 49 ea a9 ff 99 bd Sep 21 07:25:31.243433: | ff bc c3 fe 7d bd 5e c0 d8 06 e9 76 99 a7 2d c7 Sep 21 07:25:31.243435: | 30 de 49 87 53 7a a3 de b2 aa ee 19 9c 7a da 2f Sep 21 07:25:31.243438: | f0 6e 5c da dc c3 9d 28 79 5f c4 3a e7 57 5f 34 Sep 21 07:25:31.243440: | 4a 10 06 f2 eb 19 ac 44 15 dd 6f 89 53 70 fb 56 Sep 21 07:25:31.243442: | e3 b7 2b 36 2a 96 99 ba 26 70 b6 5d 1e 66 0b 56 Sep 21 07:25:31.243444: | f1 58 6f b3 51 e1 a3 87 e5 57 90 ed 6d a3 68 42 Sep 21 07:25:31.243447: | 6e c2 ae 9e 1b 30 31 16 7e ec 3c 60 dd cd f9 14 Sep 21 07:25:31.243449: | b4 14 33 51 e2 45 7b e4 5d 53 b6 a6 2e b1 a8 b4 Sep 21 07:25:31.243454: | b2 cf 03 4d df c4 a8 78 c3 94 6f 6b 54 e0 e4 c3 Sep 21 07:25:31.243456: | c9 d9 30 6e 6b f6 95 7e f1 eb 7a 8b 03 5f 19 6d Sep 21 07:25:31.243459: | 18 3a 1b b4 97 ad ac 85 58 26 51 81 f7 9e 2e 74 Sep 21 07:25:31.243461: | e6 cb 6a e9 e4 1c ee a8 a2 1a 06 ea e0 4a 17 8e Sep 21 07:25:31.243463: | 04 cb c6 4f 60 77 b5 0c 88 42 ad 58 e3 28 10 ea Sep 21 07:25:31.243466: | 5e c6 60 60 32 72 13 ab 96 1b 36 8e b2 92 db 1c Sep 21 07:25:31.243468: | b9 9a 55 94 7c e1 e0 63 14 c1 af af 4d 61 96 c2 Sep 21 07:25:31.243470: | 43 b6 d1 25 f7 c9 92 16 24 f2 42 f1 70 02 1d 55 Sep 21 07:25:31.243472: | fc 57 f9 61 00 fe 5f 95 d0 04 c7 bc a6 bb b9 fd Sep 21 07:25:31.243475: | 6f b6 dc 71 a2 26 5d 46 00 d4 ec 86 bf 8f 6b a1 Sep 21 07:25:31.243477: | de 43 a4 Sep 21 07:25:31.243482: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:31.243486: | **parse ISAKMP Message: Sep 21 07:25:31.243489: | initiator cookie: Sep 21 07:25:31.243491: | ad 38 26 92 37 aa 4e 25 Sep 21 07:25:31.243493: | responder cookie: Sep 21 07:25:31.243495: | aa c2 01 74 c3 00 a6 5c Sep 21 07:25:31.243498: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:31.243501: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:31.243504: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:31.243507: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:31.243509: | Message ID: 1 (0x1) Sep 21 07:25:31.243512: | length: 435 (0x1b3) Sep 21 07:25:31.243515: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:25:31.243518: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:25:31.243522: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:25:31.243528: | start processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:31.243532: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:25:31.243536: | suspend processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:31.243541: | start processing: state #2 connection "road-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:31.243544: | #2 is idle Sep 21 07:25:31.243546: | #2 idle Sep 21 07:25:31.243549: | unpacking clear payload Sep 21 07:25:31.243551: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:31.243554: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:31.243557: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:25:31.243559: | flags: none (0x0) Sep 21 07:25:31.243562: | length: 407 (0x197) Sep 21 07:25:31.243565: | processing payload: ISAKMP_NEXT_v2SK (len=403) Sep 21 07:25:31.243567: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:25:31.243583: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:25:31.243586: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:25:31.243589: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:25:31.243592: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:25:31.243594: | flags: none (0x0) Sep 21 07:25:31.243597: | length: 12 (0xc) Sep 21 07:25:31.243599: | ID type: ID_FQDN (0x2) Sep 21 07:25:31.243602: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Sep 21 07:25:31.243604: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:25:31.243607: | **parse IKEv2 Authentication Payload: Sep 21 07:25:31.243609: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:31.243612: | flags: none (0x0) Sep 21 07:25:31.243614: | length: 282 (0x11a) Sep 21 07:25:31.243617: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:25:31.243619: | processing payload: ISAKMP_NEXT_v2AUTH (len=274) Sep 21 07:25:31.243622: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:31.243624: | **parse IKEv2 Security Association Payload: Sep 21 07:25:31.243628: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:25:31.243631: | flags: none (0x0) Sep 21 07:25:31.243633: | length: 36 (0x24) Sep 21 07:25:31.243636: | processing payload: ISAKMP_NEXT_v2SA (len=32) Sep 21 07:25:31.243638: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:25:31.243641: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:31.243643: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:25:31.243645: | flags: none (0x0) Sep 21 07:25:31.243648: | length: 24 (0x18) Sep 21 07:25:31.243650: | number of TS: 1 (0x1) Sep 21 07:25:31.243652: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:25:31.243655: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:25:31.243657: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:31.243660: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:31.243662: | flags: none (0x0) Sep 21 07:25:31.243665: | length: 24 (0x18) Sep 21 07:25:31.243667: | number of TS: 1 (0x1) Sep 21 07:25:31.243669: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:25:31.243672: | selected state microcode Initiator: process IKE_AUTH response Sep 21 07:25:31.243675: | Now let's proceed with state specific processing Sep 21 07:25:31.243677: | calling processor Initiator: process IKE_AUTH response Sep 21 07:25:31.243682: | offered CA: '%none' Sep 21 07:25:31.243686: "road-eastnet" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Sep 21 07:25:31.243723: | verifying AUTH payload Sep 21 07:25:31.243738: | required RSA CA is '%any' Sep 21 07:25:31.243742: | checking RSA keyid '@east' for match with '@east' Sep 21 07:25:31.243745: | RSA key issuer CA is '%any' Sep 21 07:25:31.243827: | an RSA Sig check passed with *AQO9bJbr3 [preloaded keys] Sep 21 07:25:31.243836: | #1 spent 0.069 milliseconds in try_all_keys() trying a pubkey Sep 21 07:25:31.243839: "road-eastnet" #2: Authenticated using RSA Sep 21 07:25:31.243848: | #1 spent 0.103 milliseconds in ikev2_verify_rsa_hash() Sep 21 07:25:31.243852: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Sep 21 07:25:31.243856: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Sep 21 07:25:31.243859: | state #1 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:25:31.243863: | libevent_free: release ptr-libevent@0x55b383da41f0 Sep 21 07:25:31.243866: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55b383da41b0 Sep 21 07:25:31.243869: | event_schedule: new EVENT_SA_REKEY-pe@0x55b383da41b0 Sep 21 07:25:31.243872: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Sep 21 07:25:31.243875: | libevent_malloc: new ptr-libevent@0x55b383da41f0 size 128 Sep 21 07:25:31.244017: | pstats #1 ikev2.ike established Sep 21 07:25:31.244025: | TSi: parsing 1 traffic selectors Sep 21 07:25:31.244029: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:31.244032: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:31.244036: | IP Protocol ID: 0 (0x0) Sep 21 07:25:31.244039: | length: 16 (0x10) Sep 21 07:25:31.244041: | start port: 0 (0x0) Sep 21 07:25:31.244044: | end port: 65535 (0xffff) Sep 21 07:25:31.244048: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:31.244051: | TS low c0 01 03 d1 Sep 21 07:25:31.244058: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:31.244061: | TS high c0 01 03 d1 Sep 21 07:25:31.244064: | TSi: parsed 1 traffic selectors Sep 21 07:25:31.244067: | TSr: parsing 1 traffic selectors Sep 21 07:25:31.244070: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:31.244073: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:31.244075: | IP Protocol ID: 0 (0x0) Sep 21 07:25:31.244078: | length: 16 (0x10) Sep 21 07:25:31.244081: | start port: 0 (0x0) Sep 21 07:25:31.244084: | end port: 65535 (0xffff) Sep 21 07:25:31.244088: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:31.244090: | TS low c0 00 02 00 Sep 21 07:25:31.244093: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:31.244098: | TS high c0 00 02 ff Sep 21 07:25:31.244101: | TSr: parsed 1 traffic selectors Sep 21 07:25:31.244109: | evaluating our conn="road-eastnet" I=192.1.3.209/32:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:25:31.244115: | TSi[0] .net=192.1.3.209-192.1.3.209 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:31.244123: | match address end->client=192.1.3.209/32 == TSi[0]net=192.1.3.209-192.1.3.209: YES fitness 32 Sep 21 07:25:31.244127: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:31.244130: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:31.244134: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:31.244138: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:31.244143: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:31.244151: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:25:31.244155: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:25:31.244158: | TSr[0] port match: YES fitness 65536 Sep 21 07:25:31.244161: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:25:31.244165: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:31.244168: | best fit so far: TSi[0] TSr[0] Sep 21 07:25:31.244171: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:25:31.244173: | printing contents struct traffic_selector Sep 21 07:25:31.244176: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:25:31.244179: | ipprotoid: 0 Sep 21 07:25:31.244181: | port range: 0-65535 Sep 21 07:25:31.244186: | ip range: 192.1.3.209-192.1.3.209 Sep 21 07:25:31.244189: | printing contents struct traffic_selector Sep 21 07:25:31.244192: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:25:31.244194: | ipprotoid: 0 Sep 21 07:25:31.244197: | port range: 0-65535 Sep 21 07:25:31.244202: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:25:31.244220: | using existing local ESP/AH proposals for road-eastnet (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:31.244225: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Sep 21 07:25:31.244229: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:31.244232: | local proposal 1 type PRF has 0 transforms Sep 21 07:25:31.244235: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:31.244238: | local proposal 1 type DH has 1 transforms Sep 21 07:25:31.244241: | local proposal 1 type ESN has 1 transforms Sep 21 07:25:31.244246: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:25:31.244249: | local proposal 2 type ENCR has 1 transforms Sep 21 07:25:31.244252: | local proposal 2 type PRF has 0 transforms Sep 21 07:25:31.244255: | local proposal 2 type INTEG has 1 transforms Sep 21 07:25:31.244258: | local proposal 2 type DH has 1 transforms Sep 21 07:25:31.244261: | local proposal 2 type ESN has 1 transforms Sep 21 07:25:31.244265: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:25:31.244268: | local proposal 3 type ENCR has 1 transforms Sep 21 07:25:31.244271: | local proposal 3 type PRF has 0 transforms Sep 21 07:25:31.244274: | local proposal 3 type INTEG has 2 transforms Sep 21 07:25:31.244277: | local proposal 3 type DH has 1 transforms Sep 21 07:25:31.244280: | local proposal 3 type ESN has 1 transforms Sep 21 07:25:31.244284: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:25:31.244288: | local proposal 4 type ENCR has 1 transforms Sep 21 07:25:31.244291: | local proposal 4 type PRF has 0 transforms Sep 21 07:25:31.244295: | local proposal 4 type INTEG has 2 transforms Sep 21 07:25:31.244298: | local proposal 4 type DH has 1 transforms Sep 21 07:25:31.244301: | local proposal 4 type ESN has 1 transforms Sep 21 07:25:31.244305: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:25:31.244309: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:31.244312: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:31.244315: | length: 32 (0x20) Sep 21 07:25:31.244318: | prop #: 1 (0x1) Sep 21 07:25:31.244321: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:31.244323: | spi size: 4 (0x4) Sep 21 07:25:31.244326: | # transforms: 2 (0x2) Sep 21 07:25:31.244330: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:31.244333: | remote SPI 66 44 fb 12 Sep 21 07:25:31.244337: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:25:31.244341: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:31.244344: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:31.244347: | length: 12 (0xc) Sep 21 07:25:31.244350: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:31.244353: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:31.244356: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:31.244359: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:31.244362: | length/value: 256 (0x100) Sep 21 07:25:31.244368: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:31.244371: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:31.244374: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:31.244377: | length: 8 (0x8) Sep 21 07:25:31.244380: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:31.244383: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:31.244387: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:25:31.244392: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Sep 21 07:25:31.244398: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Sep 21 07:25:31.244401: | remote proposal 1 matches local proposal 1 Sep 21 07:25:31.244404: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Sep 21 07:25:31.244411: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=6644fb12;ENCR=AES_GCM_C_256;ESN=DISABLED Sep 21 07:25:31.244414: | converting proposal to internal trans attrs Sep 21 07:25:31.244420: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:25:31.244586: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:25:31.244591: | could_route called for road-eastnet (kind=CK_PERMANENT) Sep 21 07:25:31.244594: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:31.244598: | conn road-eastnet mark 0/00000000, 0/00000000 vs Sep 21 07:25:31.244601: | conn road-eastnet mark 0/00000000, 0/00000000 Sep 21 07:25:31.244608: | route owner of "road-eastnet" unrouted: NULL; eroute owner: NULL Sep 21 07:25:31.244612: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:25:31.244617: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:25:31.244620: | AES_GCM_16 requires 4 salt bytes Sep 21 07:25:31.244623: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:25:31.244628: | setting IPsec SA replay-window to 32 Sep 21 07:25:31.244631: | NIC esp-hw-offload not for connection 'road-eastnet' not available on interface eth0 Sep 21 07:25:31.244635: | netlink: enabling tunnel mode Sep 21 07:25:31.244639: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:31.244642: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:31.244935: | netlink response for Add SA esp.6644fb12@192.1.2.23 included non-error error Sep 21 07:25:31.244946: | set up outgoing SA, ref=0/0 Sep 21 07:25:31.244950: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:25:31.244954: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:25:31.244957: | AES_GCM_16 requires 4 salt bytes Sep 21 07:25:31.244960: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:25:31.244964: | setting IPsec SA replay-window to 32 Sep 21 07:25:31.244968: | NIC esp-hw-offload not for connection 'road-eastnet' not available on interface eth0 Sep 21 07:25:31.244971: | netlink: enabling tunnel mode Sep 21 07:25:31.244975: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:31.244978: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:31.245044: | netlink response for Add SA esp.7aa9eaf5@192.1.3.209 included non-error error Sep 21 07:25:31.245049: | priority calculation of connection "road-eastnet" is 0xfdfe7 Sep 21 07:25:31.245057: | add inbound eroute 192.0.2.0/24:0 --0-> 192.1.3.209/32:0 => tun.10000@192.1.3.209 (raw_eroute) Sep 21 07:25:31.245061: | IPsec Sa SPD priority set to 1040359 Sep 21 07:25:31.245114: | raw_eroute result=success Sep 21 07:25:31.245118: | set up incoming SA, ref=0/0 Sep 21 07:25:31.245121: | sr for #2: unrouted Sep 21 07:25:31.245125: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:25:31.245127: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:31.245131: | conn road-eastnet mark 0/00000000, 0/00000000 vs Sep 21 07:25:31.245134: | conn road-eastnet mark 0/00000000, 0/00000000 Sep 21 07:25:31.245139: | route owner of "road-eastnet" unrouted: NULL; eroute owner: NULL Sep 21 07:25:31.245143: | route_and_eroute with c: road-eastnet (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:25:31.245147: | priority calculation of connection "road-eastnet" is 0xfdfe7 Sep 21 07:25:31.245156: | eroute_connection add eroute 192.1.3.209/32:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:25:31.245159: | IPsec Sa SPD priority set to 1040359 Sep 21 07:25:31.245181: | raw_eroute result=success Sep 21 07:25:31.245185: | running updown command "ipsec _updown" for verb up Sep 21 07:25:31.245188: | command executing up-host Sep 21 07:25:31.245223: | executing up-host: PLUTO_VERB='up-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6644 Sep 21 07:25:31.245227: | popen cmd is 1040 chars long Sep 21 07:25:31.245231: | cmd( 0):PLUTO_VERB='up-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_I: Sep 21 07:25:31.245234: | cmd( 80):NTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID=: Sep 21 07:25:31.245238: | cmd( 160):'@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO: Sep 21 07:25:31.245241: | cmd( 240):_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_: Sep 21 07:25:31.245245: | cmd( 320):SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@eas: Sep 21 07:25:31.245248: | cmd( 400):t' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER: Sep 21 07:25:31.245253: | cmd( 480):_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_P: Sep 21 07:25:31.245257: | cmd( 560):EER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRY: Sep 21 07:25:31.245260: | cmd( 640):PT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND=: Sep 21 07:25:31.245264: | cmd( 720):'CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO=': Sep 21 07:25:31.245267: | cmd( 800):0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_C: Sep 21 07:25:31.245271: | cmd( 880):FG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUT: Sep 21 07:25:31.245274: | cmd( 960):ING='no' VTI_SHARED='no' SPI_IN=0x6644fb12 SPI_OUT=0x7aa9eaf5 ipsec _updown 2>&1: Sep 21 07:25:31.257906: | route_and_eroute: firewall_notified: true Sep 21 07:25:31.257923: | running updown command "ipsec _updown" for verb prepare Sep 21 07:25:31.257927: | command executing prepare-host Sep 21 07:25:31.257966: | executing prepare-host: PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI Sep 21 07:25:31.257970: | popen cmd is 1045 chars long Sep 21 07:25:31.257974: | cmd( 0):PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PL: Sep 21 07:25:31.257978: | cmd( 80):UTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_M: Sep 21 07:25:31.257981: | cmd( 160):Y_ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' : Sep 21 07:25:31.257985: | cmd( 240):PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' P: Sep 21 07:25:31.257988: | cmd( 320):LUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=: Sep 21 07:25:31.257991: | cmd( 400):'@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO: Sep 21 07:25:31.257994: | cmd( 480):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Sep 21 07:25:31.257998: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+: Sep 21 07:25:31.258001: | cmd( 640):ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_: Sep 21 07:25:31.258004: | cmd( 720):KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CI: Sep 21 07:25:31.258008: | cmd( 800):SCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PL: Sep 21 07:25:31.258011: | cmd( 880):UTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI: Sep 21 07:25:31.258014: | cmd( 960):_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6644fb12 SPI_OUT=0x7aa9eaf5 ipsec _updown: Sep 21 07:25:31.258017: | cmd(1040): 2>&1: Sep 21 07:25:31.271626: | running updown command "ipsec _updown" for verb route Sep 21 07:25:31.271644: | command executing route-host Sep 21 07:25:31.271678: | executing route-host: PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN= Sep 21 07:25:31.271686: | popen cmd is 1043 chars long Sep 21 07:25:31.271690: | cmd( 0):PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUT: Sep 21 07:25:31.271693: | cmd( 80):O_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_: Sep 21 07:25:31.271696: | cmd( 160):ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PL: Sep 21 07:25:31.271699: | cmd( 240):UTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLU: Sep 21 07:25:31.271702: | cmd( 320):TO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@: Sep 21 07:25:31.271704: | cmd( 400):east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_P: Sep 21 07:25:31.271706: | cmd( 480):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Sep 21 07:25:31.271709: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+EN: Sep 21 07:25:31.271712: | cmd( 640):CRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KI: Sep 21 07:25:31.271714: | cmd( 720):ND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISC: Sep 21 07:25:31.271717: | cmd( 800):O='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUT: Sep 21 07:25:31.271719: | cmd( 880):O_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_R: Sep 21 07:25:31.271722: | cmd( 960):OUTING='no' VTI_SHARED='no' SPI_IN=0x6644fb12 SPI_OUT=0x7aa9eaf5 ipsec _updown 2: Sep 21 07:25:31.271724: | cmd(1040):>&1: Sep 21 07:25:31.285962: | route_and_eroute: instance "road-eastnet", setting eroute_owner {spd=0x55b383da0a10,sr=0x55b383da0a10} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:25:31.286057: | #1 spent 0.967 milliseconds in install_ipsec_sa() Sep 21 07:25:31.286065: | inR2: instance road-eastnet[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:25:31.286069: | state #2 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:25:31.286072: | #2 STATE_PARENT_I2: retransmits: cleared Sep 21 07:25:31.286079: | libevent_free: release ptr-libevent@0x7f4efc006900 Sep 21 07:25:31.286082: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55b383da8760 Sep 21 07:25:31.286089: | #2 spent 1.83 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Sep 21 07:25:31.286097: | [RE]START processing: state #2 connection "road-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:31.286101: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Sep 21 07:25:31.286105: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Sep 21 07:25:31.286110: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:25:31.286113: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:25:31.286120: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Sep 21 07:25:31.286126: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:31.286136: | pstats #2 ikev2.child established Sep 21 07:25:31.286145: "road-eastnet" #2: negotiated connection [192.1.3.209-192.1.3.209:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Sep 21 07:25:31.286155: | NAT-T: encaps is 'auto' Sep 21 07:25:31.286161: "road-eastnet" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x6644fb12 <0x7aa9eaf5 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Sep 21 07:25:31.286166: | releasing whack for #2 (sock=fd@23) Sep 21 07:25:31.286170: | close_any(fd@23) (in release_whack() at state.c:654) Sep 21 07:25:31.286173: | releasing whack and unpending for parent #1 Sep 21 07:25:31.286177: | unpending state #1 connection "road-eastnet" Sep 21 07:25:31.286182: | delete from pending Child SA with 192.1.2.23 "road-eastnet" Sep 21 07:25:31.286186: | removing pending policy for no connection {0x55b383d52460} Sep 21 07:25:31.286192: | close_any(fd@22) (in release_whack() at state.c:654) Sep 21 07:25:31.286198: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Sep 21 07:25:31.286201: | event_schedule: new EVENT_SA_REKEY-pe@0x55b383da86d0 Sep 21 07:25:31.286205: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Sep 21 07:25:31.286209: | libevent_malloc: new ptr-libevent@0x7f4efc006900 size 128 Sep 21 07:25:31.286217: | stop processing: state #2 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:31.286223: | #1 spent 2.25 milliseconds in ikev2_process_packet() Sep 21 07:25:31.286228: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:31.286232: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:31.286235: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:31.286240: | spent 2.27 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:31.286253: | processing signal PLUTO_SIGCHLD Sep 21 07:25:31.286258: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:31.286263: | spent 0.0055 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:31.286266: | processing signal PLUTO_SIGCHLD Sep 21 07:25:31.286270: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:31.286274: | spent 0.00388 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:31.286277: | processing signal PLUTO_SIGCHLD Sep 21 07:25:31.286280: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:31.286290: | spent 0.0051 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:34.492665: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:34.492692: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:25:34.492697: | FOR_EACH_STATE_... in sort_states Sep 21 07:25:34.492704: | get_sa_info esp.7aa9eaf5@192.1.3.209 Sep 21 07:25:34.492720: | get_sa_info esp.6644fb12@192.1.2.23 Sep 21 07:25:34.492737: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:34.492743: | spent 0.0818 milliseconds in whack Sep 21 07:25:35.570907: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:35.571101: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:35.571106: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:35.571170: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:25:35.571173: | FOR_EACH_STATE_... in sort_states Sep 21 07:25:35.571186: | get_sa_info esp.7aa9eaf5@192.1.3.209 Sep 21 07:25:35.571201: | get_sa_info esp.6644fb12@192.1.2.23 Sep 21 07:25:35.571222: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:35.571229: | spent 0.33 milliseconds in whack Sep 21 07:25:36.349742: | spent 0.00307 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:36.349763: | *received 69 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) Sep 21 07:25:36.349768: | ad 38 26 92 37 aa 4e 25 aa c2 01 74 c3 00 a6 5c Sep 21 07:25:36.349770: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:25:36.349773: | 5d 24 2e 8b 1e 69 b5 ac 76 d5 e5 c1 9e ac 9e ad Sep 21 07:25:36.349775: | 8d bb 28 5f 40 b6 37 f8 18 7c 9a e8 b1 56 74 a1 Sep 21 07:25:36.349777: | 12 18 b7 af e8 Sep 21 07:25:36.349782: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:36.349795: | **parse ISAKMP Message: Sep 21 07:25:36.349798: | initiator cookie: Sep 21 07:25:36.349800: | ad 38 26 92 37 aa 4e 25 Sep 21 07:25:36.349802: | responder cookie: Sep 21 07:25:36.349805: | aa c2 01 74 c3 00 a6 5c Sep 21 07:25:36.349808: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:36.349810: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:36.349813: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:36.349815: | flags: none (0x0) Sep 21 07:25:36.349818: | Message ID: 0 (0x0) Sep 21 07:25:36.349820: | length: 69 (0x45) Sep 21 07:25:36.349823: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:25:36.349826: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:25:36.349831: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:25:36.349837: | start processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:36.349840: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:36.349844: | [RE]START processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:36.349848: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:25:36.349852: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 Sep 21 07:25:36.349854: | unpacking clear payload Sep 21 07:25:36.349857: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:36.349859: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:36.349862: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:25:36.349864: | flags: none (0x0) Sep 21 07:25:36.349867: | length: 41 (0x29) Sep 21 07:25:36.349869: | processing payload: ISAKMP_NEXT_v2SK (len=37) Sep 21 07:25:36.349874: | Message ID: start-responder #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:25:36.349877: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:25:36.349891: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:25:36.349894: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:25:36.349897: | **parse IKEv2 Delete Payload: Sep 21 07:25:36.349899: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:36.349901: | flags: none (0x0) Sep 21 07:25:36.349904: | length: 12 (0xc) Sep 21 07:25:36.349906: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:36.349908: | SPI size: 4 (0x4) Sep 21 07:25:36.349911: | number of SPIs: 1 (0x1) Sep 21 07:25:36.349913: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:25:36.349916: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:25:36.349918: | Now let's proceed with state specific processing Sep 21 07:25:36.349920: | calling processor I3: INFORMATIONAL Request Sep 21 07:25:36.349924: | an informational request should send a response Sep 21 07:25:36.349929: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:25:36.349932: | **emit ISAKMP Message: Sep 21 07:25:36.349934: | initiator cookie: Sep 21 07:25:36.349936: | ad 38 26 92 37 aa 4e 25 Sep 21 07:25:36.349939: | responder cookie: Sep 21 07:25:36.349941: | aa c2 01 74 c3 00 a6 5c Sep 21 07:25:36.349943: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:36.349946: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:36.349950: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:36.349953: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:25:36.349956: | Message ID: 0 (0x0) Sep 21 07:25:36.349959: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:36.349961: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:36.349964: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:36.349966: | flags: none (0x0) Sep 21 07:25:36.349969: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:36.349972: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:36.349975: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:36.349981: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:25:36.349983: | SPI 66 44 fb 12 Sep 21 07:25:36.349986: | delete PROTO_v2_ESP SA(0x6644fb12) Sep 21 07:25:36.349989: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Sep 21 07:25:36.349992: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Sep 21 07:25:36.349994: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x6644fb12) Sep 21 07:25:36.349998: "road-eastnet" #1: received Delete SA payload: replace IPsec State #2 now Sep 21 07:25:36.350000: | state #2 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:36.350004: | libevent_free: release ptr-libevent@0x7f4efc006900 Sep 21 07:25:36.350007: | free_event_entry: release EVENT_SA_REKEY-pe@0x55b383da86d0 Sep 21 07:25:36.350010: | event_schedule: new EVENT_SA_REPLACE-pe@0x55b383da86d0 Sep 21 07:25:36.350013: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Sep 21 07:25:36.350017: | libevent_malloc: new ptr-libevent@0x7f4efc006900 size 128 Sep 21 07:25:36.350020: | ****emit IKEv2 Delete Payload: Sep 21 07:25:36.350022: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:36.350025: | flags: none (0x0) Sep 21 07:25:36.350027: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:36.350029: | SPI size: 4 (0x4) Sep 21 07:25:36.350032: | number of SPIs: 1 (0x1) Sep 21 07:25:36.350035: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:25:36.350038: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:36.350041: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:25:36.350043: | local SPIs 7a a9 ea f5 Sep 21 07:25:36.350045: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:25:36.350048: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:36.350051: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:36.350054: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:36.350056: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:25:36.350059: | emitting length of ISAKMP Message: 69 Sep 21 07:25:36.350071: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:36.350074: | ad 38 26 92 37 aa 4e 25 aa c2 01 74 c3 00 a6 5c Sep 21 07:25:36.350076: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:25:36.350078: | b9 d4 37 bc dc b4 4c 72 2d 0d a6 f5 8a fd 0f 62 Sep 21 07:25:36.350080: | 5f e3 9e 3d 76 84 2c 0c 9d 09 ce 80 54 3b 4b 54 Sep 21 07:25:36.350083: | ec f2 38 bd 2b Sep 21 07:25:36.350110: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:25:36.350116: | Message ID: sent #1 response 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:25:36.350122: | #1 spent 0.183 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:25:36.350128: | [RE]START processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:36.350132: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:25:36.350135: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:25:36.350139: | Message ID: recv #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:25:36.350143: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:36.350146: "road-eastnet" #1: STATE_PARENT_I3: PARENT SA established Sep 21 07:25:36.350151: | stop processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:36.350155: | #1 spent 0.38 milliseconds in ikev2_process_packet() Sep 21 07:25:36.350159: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:36.350162: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:36.350165: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:36.350169: | spent 0.394 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:36.350175: | timer_event_cb: processing event@0x55b383da86d0 Sep 21 07:25:36.350178: | handling event EVENT_SA_REPLACE for child state #2 Sep 21 07:25:36.350183: | start processing: state #2 connection "road-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:36.350186: | picked newest_ipsec_sa #2 for #2 Sep 21 07:25:36.350189: | replacing stale CHILD SA Sep 21 07:25:36.350193: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:25:36.350195: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:36.350199: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:25:36.350202: | creating state object #3 at 0x55b383da5ea0 Sep 21 07:25:36.350205: | State DB: adding IKEv2 state #3 in UNDEFINED Sep 21 07:25:36.350212: | pstats #3 ikev2.child started Sep 21 07:25:36.350215: | duplicating state object #1 "road-eastnet" as #3 for IPSEC SA Sep 21 07:25:36.350219: | #3 setting local endpoint to 192.1.3.209:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:25:36.350225: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:36.350230: | suspend processing: state #2 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:25:36.350235: | start processing: state #3 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:25:36.350238: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Sep 21 07:25:36.350242: | create child proposal's DH changed from no-PFS to MODP2048, flushing Sep 21 07:25:36.350246: | constructing ESP/AH proposals with default DH MODP2048 for road-eastnet (ESP/AH initiator emitting proposals) Sep 21 07:25:36.350250: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:25:36.350256: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:25:36.350259: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:25:36.350263: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:25:36.350266: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:36.350270: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:25:36.350274: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:36.350279: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:25:36.350287: "road-eastnet": constructed local ESP/AH proposals for road-eastnet (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:25:36.350292: | #3 schedule rekey initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Sep 21 07:25:36.350295: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x55b383daa540 Sep 21 07:25:36.350298: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Sep 21 07:25:36.350301: | libevent_malloc: new ptr-libevent@0x55b383da9fa0 size 128 Sep 21 07:25:36.350306: | RESET processing: state #3 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:25:36.350309: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55b383da8360 Sep 21 07:25:36.350312: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Sep 21 07:25:36.350314: | libevent_malloc: new ptr-libevent@0x55b383dab310 size 128 Sep 21 07:25:36.350317: | libevent_free: release ptr-libevent@0x7f4efc006900 Sep 21 07:25:36.350320: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55b383da86d0 Sep 21 07:25:36.350324: | #2 spent 0.148 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:25:36.350327: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:25:36.350331: | timer_event_cb: processing event@0x55b383daa540 Sep 21 07:25:36.350334: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Sep 21 07:25:36.350338: | start processing: state #3 connection "road-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:36.350343: | adding Child Rekey Initiator KE and nonce ni work-order 3 for state #3 Sep 21 07:25:36.350345: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55b383da86d0 Sep 21 07:25:36.350349: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:25:36.350351: | libevent_malloc: new ptr-libevent@0x7f4efc006900 size 128 Sep 21 07:25:36.350359: | libevent_free: release ptr-libevent@0x55b383da9fa0 Sep 21 07:25:36.350362: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x55b383daa540 Sep 21 07:25:36.350366: | #3 spent 0.0337 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:25:36.350370: | stop processing: state #3 connection "road-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:25:36.350373: | timer_event_cb: processing event@0x55b383da8360 Sep 21 07:25:36.350376: | handling event EVENT_SA_EXPIRE for child state #2 Sep 21 07:25:36.350380: | start processing: state #2 connection "road-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:36.350383: | picked newest_ipsec_sa #2 for #2 Sep 21 07:25:36.350386: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:25:36.350388: | pstats #2 ikev2.child re-failed exchange-timeout Sep 21 07:25:36.350391: | pstats #2 ikev2.child deleted completed Sep 21 07:25:36.350393: | #2 spent 1.98 milliseconds in total Sep 21 07:25:36.350398: | [RE]START processing: state #2 connection "road-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:36.350401: "road-eastnet" #2: deleting state (STATE_V2_IPSEC_I) aged 5.180s and NOT sending notification Sep 21 07:25:36.350404: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Sep 21 07:25:36.350408: | get_sa_info esp.6644fb12@192.1.2.23 Sep 21 07:25:36.350420: | get_sa_info esp.7aa9eaf5@192.1.3.209 Sep 21 07:25:36.350429: "road-eastnet" #2: ESP traffic information: in=336B out=336B Sep 21 07:25:36.350433: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:25:36.350484: | running updown command "ipsec _updown" for verb down Sep 21 07:25:36.350488: | command executing down-host Sep 21 07:25:36.350514: | executing down-host: PLUTO_VERB='down-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050731' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' Sep 21 07:25:36.350517: | popen cmd is 1051 chars long Sep 21 07:25:36.350520: | cmd( 0):PLUTO_VERB='down-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO: Sep 21 07:25:36.350523: | cmd( 80):_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_I: Sep 21 07:25:36.350526: | cmd( 160):D='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLU: Sep 21 07:25:36.350528: | cmd( 240):TO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUT: Sep 21 07:25:36.350531: | cmd( 320):O_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@e: Sep 21 07:25:36.350533: | cmd( 400):ast' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PE: Sep 21 07:25:36.350536: | cmd( 480):ER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO: Sep 21 07:25:36.350538: | cmd( 560):_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050731' PLUTO_CONN_POLICY='R: Sep 21 07:25:36.350541: | cmd( 640):SASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO: Sep 21 07:25:36.350543: | cmd( 720):_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_P: Sep 21 07:25:36.350546: | cmd( 800):EER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER: Sep 21 07:25:36.350549: | cmd( 880):='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=: Sep 21 07:25:36.350551: | cmd( 960):'' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6644fb12 SPI_OUT=0x7aa9eaf5 ipsec _: Sep 21 07:25:36.350553: | cmd(1040):updown 2>&1: Sep 21 07:25:36.350595: | crypto helper 0 resuming Sep 21 07:25:36.350601: | crypto helper 0 starting work-order 3 for state #3 Sep 21 07:25:36.350605: | crypto helper 0 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 Sep 21 07:25:36.351805: | crypto helper 0 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 time elapsed 0.001199 seconds Sep 21 07:25:36.351818: | (#3) spent 0.99 milliseconds in crypto helper computing work-order 3: Child Rekey Initiator KE and nonce ni (pcr) Sep 21 07:25:36.351822: | crypto helper 0 sending results from work-order 3 for state #3 to event queue Sep 21 07:25:36.351824: | scheduling resume sending helper answer for #3 Sep 21 07:25:36.351827: | libevent_malloc: new ptr-libevent@0x7f4ef8006900 size 128 Sep 21 07:25:36.351832: | crypto helper 0 waiting (nothing to do) Sep 21 07:25:36.439843: | shunt_eroute() called for connection 'road-eastnet' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.1.3.209/32:0 --0->- 192.0.2.0/24:0 Sep 21 07:25:36.439863: | netlink_shunt_eroute for proto 0, and source 192.1.3.209/32:0 dest 192.0.2.0/24:0 Sep 21 07:25:36.439872: | priority calculation of connection "road-eastnet" is 0xfdfe7 Sep 21 07:25:36.439876: | IPsec Sa SPD priority set to 1040359 Sep 21 07:25:36.439924: | delete esp.6644fb12@192.1.2.23 Sep 21 07:25:36.439958: | netlink response for Del SA esp.6644fb12@192.1.2.23 included non-error error Sep 21 07:25:36.439963: | priority calculation of connection "road-eastnet" is 0xfdfe7 Sep 21 07:25:36.439970: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.1.3.209/32:0 => unk255.10000@192.1.3.209 (raw_eroute) Sep 21 07:25:36.440015: | raw_eroute result=success Sep 21 07:25:36.440020: | delete esp.7aa9eaf5@192.1.3.209 Sep 21 07:25:36.440047: | netlink response for Del SA esp.7aa9eaf5@192.1.3.209 included non-error error Sep 21 07:25:36.440054: | in connection_discard for connection road-eastnet Sep 21 07:25:36.440058: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Sep 21 07:25:36.440062: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:25:36.440069: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:36.440076: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Sep 21 07:25:36.440079: | can't expire unused IKE SA #1; it has the child #3 Sep 21 07:25:36.440085: | libevent_free: release ptr-libevent@0x55b383dab310 Sep 21 07:25:36.440088: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55b383da8360 Sep 21 07:25:36.440091: | in statetime_stop() and could not find #2 Sep 21 07:25:36.440094: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:25:36.440108: | processing resume sending helper answer for #3 Sep 21 07:25:36.440114: | start processing: state #3 connection "road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:36.440119: | crypto helper 0 replies to request ID 3 Sep 21 07:25:36.440122: | calling continuation function 0x55b3831cf630 Sep 21 07:25:36.440126: | ikev2_child_outI_continue for #3 STATE_V2_REKEY_CHILD_I0 Sep 21 07:25:36.440130: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:36.440133: | libevent_free: release ptr-libevent@0x7f4efc006900 Sep 21 07:25:36.440136: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55b383da86d0 Sep 21 07:25:36.440139: | event_schedule: new EVENT_SA_REPLACE-pe@0x55b383da7fc0 Sep 21 07:25:36.440143: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #3 Sep 21 07:25:36.440146: | libevent_malloc: new ptr-libevent@0x7f4efc006900 size 128 Sep 21 07:25:36.440152: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:36.440155: | scheduling callback v2_msgid_schedule_next_initiator (#1) Sep 21 07:25:36.440158: | libevent_malloc: new ptr-libevent@0x55b383dab310 size 128 Sep 21 07:25:36.440163: | [RE]START processing: state #3 connection "road-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:36.440168: | #3 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Sep 21 07:25:36.440171: | suspending state #3 and saving MD Sep 21 07:25:36.440173: | #3 is busy; has a suspended MD Sep 21 07:25:36.440177: | [RE]START processing: state #3 connection "road-eastnet" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:36.440181: | "road-eastnet" #3 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:36.440184: | resume sending helper answer for #3 suppresed complete_v2_state_transition() Sep 21 07:25:36.440191: | #3 spent 0.0692 milliseconds in resume sending helper answer Sep 21 07:25:36.440196: | stop processing: state #3 connection "road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:36.440200: | libevent_free: release ptr-libevent@0x7f4ef8006900 Sep 21 07:25:36.440203: | processing signal PLUTO_SIGCHLD Sep 21 07:25:36.440210: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:36.440214: | spent 0.00517 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:36.440219: | processing callback v2_msgid_schedule_next_initiator for #1 Sep 21 07:25:36.440224: | start processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in callback_handler() at server.c:904) Sep 21 07:25:36.440230: | Message ID: #1.#3 resuming SA using IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:36.440235: | suspend processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:25:36.440240: | start processing: state #3 connection "road-eastnet" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:25:36.440246: | **emit ISAKMP Message: Sep 21 07:25:36.440249: | initiator cookie: Sep 21 07:25:36.440251: | ad 38 26 92 37 aa 4e 25 Sep 21 07:25:36.440254: | responder cookie: Sep 21 07:25:36.440256: | aa c2 01 74 c3 00 a6 5c Sep 21 07:25:36.440259: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:36.440262: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:36.440264: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:25:36.440268: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:36.440270: | Message ID: 2 (0x2) Sep 21 07:25:36.440273: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:36.440276: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:36.440279: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:36.440281: | flags: none (0x0) Sep 21 07:25:36.440285: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:36.440288: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:25:36.440291: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:36.440314: | netlink_get_spi: allocated 0x81365b51 for esp.0@192.1.3.209 Sep 21 07:25:36.440318: | Emitting ikev2_proposals ... Sep 21 07:25:36.440321: | ****emit IKEv2 Security Association Payload: Sep 21 07:25:36.440324: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:36.440326: | flags: none (0x0) Sep 21 07:25:36.440329: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:36.440332: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:36.440335: | discarding INTEG=NONE Sep 21 07:25:36.440338: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:36.440340: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:36.440342: | prop #: 1 (0x1) Sep 21 07:25:36.440345: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:36.440347: | spi size: 4 (0x4) Sep 21 07:25:36.440350: | # transforms: 3 (0x3) Sep 21 07:25:36.440353: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:36.440356: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:36.440358: | our spi 81 36 5b 51 Sep 21 07:25:36.440361: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.440363: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.440366: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:36.440369: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:36.440372: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.440375: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:36.440378: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:36.440380: | length/value: 256 (0x100) Sep 21 07:25:36.440385: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:36.440387: | discarding INTEG=NONE Sep 21 07:25:36.440390: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.440392: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.440395: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.440398: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:36.440401: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.440404: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.440406: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.440409: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.440411: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:36.440414: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:36.440416: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:36.440419: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.440422: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.440424: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.440427: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:25:36.440430: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:36.440432: | discarding INTEG=NONE Sep 21 07:25:36.440434: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:36.440437: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:36.440439: | prop #: 2 (0x2) Sep 21 07:25:36.440442: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:36.440444: | spi size: 4 (0x4) Sep 21 07:25:36.440446: | # transforms: 3 (0x3) Sep 21 07:25:36.440449: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:36.440452: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:36.440455: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:36.440458: | our spi 81 36 5b 51 Sep 21 07:25:36.440460: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.440462: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.440465: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:36.440467: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:36.440470: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.440473: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:36.440476: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:36.440478: | length/value: 128 (0x80) Sep 21 07:25:36.440481: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:36.440483: | discarding INTEG=NONE Sep 21 07:25:36.440485: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.440488: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.440490: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.440492: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:36.440495: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.440498: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.440501: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.440505: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.440507: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:36.440510: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:36.440512: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:36.440515: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.440518: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.440520: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.440523: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:25:36.440526: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:36.440528: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:36.440531: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:36.440533: | prop #: 3 (0x3) Sep 21 07:25:36.440535: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:36.440538: | spi size: 4 (0x4) Sep 21 07:25:36.440540: | # transforms: 5 (0x5) Sep 21 07:25:36.440543: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:36.440546: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:36.440549: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:36.440551: | our spi 81 36 5b 51 Sep 21 07:25:36.440553: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.440556: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.440558: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:36.440561: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:36.440564: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.440566: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:36.440569: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:36.440571: | length/value: 256 (0x100) Sep 21 07:25:36.440574: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:36.440576: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.440579: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.440581: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:36.440584: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:36.440586: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.440589: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.440592: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.440594: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.440597: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.440599: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:36.440601: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:36.440604: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.440607: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.440610: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.440612: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.440615: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.440619: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.440621: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:36.440624: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.440627: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.440629: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.440632: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.440634: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:36.440637: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:36.440639: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:36.440642: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.440645: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.440647: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.440650: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:25:36.440652: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:36.440655: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:36.440657: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:36.440659: | prop #: 4 (0x4) Sep 21 07:25:36.440662: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:36.440664: | spi size: 4 (0x4) Sep 21 07:25:36.440666: | # transforms: 5 (0x5) Sep 21 07:25:36.440669: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:36.440672: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:36.440675: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:36.440677: | our spi 81 36 5b 51 Sep 21 07:25:36.440680: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.440682: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.440684: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:36.440687: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:36.440690: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.440692: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:36.440695: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:36.440697: | length/value: 128 (0x80) Sep 21 07:25:36.440700: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:36.440702: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.440704: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.440707: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:36.440710: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:36.440712: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.440715: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.440718: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.440720: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.440722: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.440725: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:36.440727: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:36.440732: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.440735: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.440737: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.440740: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.440742: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.440745: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.440747: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:36.440750: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.440753: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.440755: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.440758: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.440760: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:36.440762: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:36.440765: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:36.440768: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.440771: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.440773: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.440776: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:25:36.440779: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:36.440781: | emitting length of IKEv2 Security Association Payload: 196 Sep 21 07:25:36.440787: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:36.440793: "road-eastnet" #3: CHILD SA to rekey #2 vanished abort this exchange Sep 21 07:25:36.440795: | ikev2_child_sa_respond returned STF_INTERNAL_ERROR Sep 21 07:25:36.440801: | [RE]START processing: state #3 connection "road-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:36.440804: | #3 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_INTERNAL_ERROR Sep 21 07:25:36.440873: | state transition function for STATE_V2_REKEY_CHILD_I0 had internal error Sep 21 07:25:36.440880: | stop processing: state #3 connection "road-eastnet" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:25:36.440885: | resume processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:25:36.440890: | #1 spent 0.655 milliseconds in callback v2_msgid_schedule_next_initiator Sep 21 07:25:36.440895: | stop processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in callback_handler() at server.c:908) Sep 21 07:25:36.440898: | libevent_free: release ptr-libevent@0x55b383dab310 Sep 21 07:25:36.449908: | spent 0.00312 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:36.449932: | *received 65 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) Sep 21 07:25:36.449936: | ad 38 26 92 37 aa 4e 25 aa c2 01 74 c3 00 a6 5c Sep 21 07:25:36.449939: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Sep 21 07:25:36.449941: | 97 3c 9f 2e f9 af e4 35 02 65 6d 41 2a 25 cc 6c Sep 21 07:25:36.449943: | 31 4d c9 87 a4 b9 5f a5 b8 83 37 0b 22 76 34 70 Sep 21 07:25:36.449945: | 9e Sep 21 07:25:36.449950: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:36.449956: | **parse ISAKMP Message: Sep 21 07:25:36.449959: | initiator cookie: Sep 21 07:25:36.449961: | ad 38 26 92 37 aa 4e 25 Sep 21 07:25:36.449964: | responder cookie: Sep 21 07:25:36.449966: | aa c2 01 74 c3 00 a6 5c Sep 21 07:25:36.449969: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:36.449971: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:36.449974: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:36.449977: | flags: none (0x0) Sep 21 07:25:36.449979: | Message ID: 1 (0x1) Sep 21 07:25:36.449981: | length: 65 (0x41) Sep 21 07:25:36.449985: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:25:36.449988: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:25:36.449992: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:25:36.449999: | start processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:36.450003: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:36.450007: | [RE]START processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:36.450011: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:25:36.450015: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 Sep 21 07:25:36.450017: | unpacking clear payload Sep 21 07:25:36.450020: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:36.450023: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:36.450025: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:25:36.450028: | flags: none (0x0) Sep 21 07:25:36.450030: | length: 37 (0x25) Sep 21 07:25:36.450033: | processing payload: ISAKMP_NEXT_v2SK (len=33) Sep 21 07:25:36.450038: | Message ID: start-responder #1 request 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:25:36.450041: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:25:36.450056: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:25:36.450059: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:25:36.450062: | **parse IKEv2 Delete Payload: Sep 21 07:25:36.450065: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:36.450068: | flags: none (0x0) Sep 21 07:25:36.450070: | length: 8 (0x8) Sep 21 07:25:36.450072: | protocol ID: PROTO_v2_IKE (0x1) Sep 21 07:25:36.450075: | SPI size: 0 (0x0) Sep 21 07:25:36.450077: | number of SPIs: 0 (0x0) Sep 21 07:25:36.450080: | processing payload: ISAKMP_NEXT_v2D (len=0) Sep 21 07:25:36.450082: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:25:36.450084: | Now let's proceed with state specific processing Sep 21 07:25:36.450087: | calling processor I3: INFORMATIONAL Request Sep 21 07:25:36.450090: | an informational request should send a response Sep 21 07:25:36.450095: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:25:36.450099: | **emit ISAKMP Message: Sep 21 07:25:36.450102: | initiator cookie: Sep 21 07:25:36.450104: | ad 38 26 92 37 aa 4e 25 Sep 21 07:25:36.450106: | responder cookie: Sep 21 07:25:36.450108: | aa c2 01 74 c3 00 a6 5c Sep 21 07:25:36.450111: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:36.450113: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:36.450116: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:36.450119: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:25:36.450121: | Message ID: 1 (0x1) Sep 21 07:25:36.450124: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:36.450127: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:36.450130: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:36.450132: | flags: none (0x0) Sep 21 07:25:36.450137: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:36.450140: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:36.450143: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:36.450149: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:36.450152: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:36.450155: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:36.450158: | emitting length of IKEv2 Encryption Payload: 29 Sep 21 07:25:36.450160: | emitting length of ISAKMP Message: 57 Sep 21 07:25:36.450174: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:36.450178: | ad 38 26 92 37 aa 4e 25 aa c2 01 74 c3 00 a6 5c Sep 21 07:25:36.450180: | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d Sep 21 07:25:36.450182: | 08 50 1a ac 89 f0 54 30 5b 55 3a d8 db fe f9 85 Sep 21 07:25:36.450184: | 73 4c ec ee 64 80 90 51 62 Sep 21 07:25:36.450215: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:25:36.450221: | Message ID: sent #1 response 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:25:36.450225: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Sep 21 07:25:36.450229: | pstats #3 ikev2.child deleted other Sep 21 07:25:36.450232: | #3 spent 1.09 milliseconds in total Sep 21 07:25:36.450237: | suspend processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:36.450242: | start processing: state #3 connection "road-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:36.450246: "road-eastnet" #3: deleting other state #3 (STATE_CHILDSA_DEL) aged 0.100s and NOT sending notification Sep 21 07:25:36.450249: | child state #3: CHILDSA_DEL(informational) => delete Sep 21 07:25:36.450252: | state #3 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:25:36.450256: | libevent_free: release ptr-libevent@0x7f4efc006900 Sep 21 07:25:36.450259: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55b383da7fc0 Sep 21 07:25:36.450262: | priority calculation of connection "road-eastnet" is 0xfdfe7 Sep 21 07:25:36.450270: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.1.3.209/32:0 => unk255.10000@192.1.3.209 (raw_eroute) Sep 21 07:25:36.450283: | raw_eroute result=success Sep 21 07:25:36.450287: | in connection_discard for connection road-eastnet Sep 21 07:25:36.450290: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Sep 21 07:25:36.450293: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:25:36.450306: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:36.450311: | resume processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:36.450315: | State DB: IKEv2 state not found (delete_my_family) Sep 21 07:25:36.450319: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Sep 21 07:25:36.450321: | pstats #1 ikev2.ike deleted completed Sep 21 07:25:36.450325: | #1 spent 19.5 milliseconds in total Sep 21 07:25:36.450329: | [RE]START processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:36.450333: "road-eastnet" #1: deleting state (STATE_IKESA_DEL) aged 5.288s and NOT sending notification Sep 21 07:25:36.450336: | parent state #1: IKESA_DEL(established IKE SA) => delete Sep 21 07:25:36.450392: | state #1 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:36.450397: | libevent_free: release ptr-libevent@0x55b383da41f0 Sep 21 07:25:36.450400: | free_event_entry: release EVENT_SA_REKEY-pe@0x55b383da41b0 Sep 21 07:25:36.450403: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:25:36.450405: | picked newest_isakmp_sa #0 for #1 Sep 21 07:25:36.450409: "road-eastnet" #1: deleting IKE SA for connection 'road-eastnet' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:25:36.450411: | add revival: connection 'road-eastnet' added to the list and scheduled for 0 seconds Sep 21 07:25:36.450415: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Sep 21 07:25:36.450419: | in connection_discard for connection road-eastnet Sep 21 07:25:36.450422: | State DB: deleting IKEv2 state #1 in IKESA_DEL Sep 21 07:25:36.450425: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Sep 21 07:25:36.450428: | unreference key: 0x55b383da19c0 @east cnt 2-- Sep 21 07:25:36.450439: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:36.450454: | in statetime_stop() and could not find #1 Sep 21 07:25:36.450458: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:36.450463: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Sep 21 07:25:36.450465: | STF_OK but no state object remains Sep 21 07:25:36.450469: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:36.450471: | in statetime_stop() and could not find #1 Sep 21 07:25:36.450475: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:36.450479: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:36.450481: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:36.450486: | spent 0.548 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:36.450492: | processing global timer EVENT_REVIVE_CONNS Sep 21 07:25:36.450496: Initiating connection road-eastnet which received a Delete/Notify but must remain up per local policy Sep 21 07:25:36.450499: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:36.450504: | start processing: connection "road-eastnet" (in initiate_a_connection() at initiate.c:186) Sep 21 07:25:36.450507: | connection 'road-eastnet' +POLICY_UP Sep 21 07:25:36.450510: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Sep 21 07:25:36.450512: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:36.450518: | creating state object #4 at 0x55b383da1b00 Sep 21 07:25:36.450521: | State DB: adding IKEv2 state #4 in UNDEFINED Sep 21 07:25:36.450527: | pstats #4 ikev2.ike started Sep 21 07:25:36.450531: | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:25:36.450534: | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:25:36.450540: | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:36.450545: | suspend processing: connection "road-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:25:36.450550: | start processing: state #4 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:25:36.450553: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:25:36.450557: | Queuing pending IPsec SA negotiating with 192.1.2.23 "road-eastnet" IKE SA #4 "road-eastnet" Sep 21 07:25:36.450560: "road-eastnet" #4: initiating v2 parent SA Sep 21 07:25:36.450578: | using existing local IKE proposals for connection road-eastnet (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:36.450585: | adding ikev2_outI1 KE work-order 4 for state #4 Sep 21 07:25:36.450589: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f4ef8002b20 Sep 21 07:25:36.450592: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Sep 21 07:25:36.450596: | libevent_malloc: new ptr-libevent@0x55b383da41f0 size 128 Sep 21 07:25:36.450607: | #4 spent 0.103 milliseconds in ikev2_parent_outI1() Sep 21 07:25:36.450612: | RESET processing: state #4 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:36.450615: | RESET processing: connection "road-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:36.450615: | crypto helper 5 resuming Sep 21 07:25:36.450629: | crypto helper 5 starting work-order 4 for state #4 Sep 21 07:25:36.450634: | crypto helper 5 doing build KE and nonce (ikev2_outI1 KE); request ID 4 Sep 21 07:25:36.451445: | crypto helper 5 finished build KE and nonce (ikev2_outI1 KE); request ID 4 time elapsed 0.00081 seconds Sep 21 07:25:36.451457: | (#4) spent 0.819 milliseconds in crypto helper computing work-order 4: ikev2_outI1 KE (pcr) Sep 21 07:25:36.451460: | crypto helper 5 sending results from work-order 4 for state #4 to event queue Sep 21 07:25:36.451463: | scheduling resume sending helper answer for #4 Sep 21 07:25:36.451466: | libevent_malloc: new ptr-libevent@0x7f4eec006900 size 128 Sep 21 07:25:36.451471: | crypto helper 5 waiting (nothing to do) Sep 21 07:25:36.450619: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:25:36.451481: | spent 0.131 milliseconds in global timer EVENT_REVIVE_CONNS Sep 21 07:25:36.451488: | processing resume sending helper answer for #4 Sep 21 07:25:36.451494: | start processing: state #4 connection "road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:36.451497: | crypto helper 5 replies to request ID 4 Sep 21 07:25:36.451499: | calling continuation function 0x55b3831cf630 Sep 21 07:25:36.451501: | ikev2_parent_outI1_continue for #4 Sep 21 07:25:36.451506: | **emit ISAKMP Message: Sep 21 07:25:36.451509: | initiator cookie: Sep 21 07:25:36.451511: | b3 2d 94 55 82 f9 6a 54 Sep 21 07:25:36.451513: | responder cookie: Sep 21 07:25:36.451515: | 00 00 00 00 00 00 00 00 Sep 21 07:25:36.451517: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:36.451520: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:36.451522: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:36.451524: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:36.451526: | Message ID: 0 (0x0) Sep 21 07:25:36.451529: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:36.451543: | using existing local IKE proposals for connection road-eastnet (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:36.451546: | Emitting ikev2_proposals ... Sep 21 07:25:36.451552: | ***emit IKEv2 Security Association Payload: Sep 21 07:25:36.451555: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:36.451557: | flags: none (0x0) Sep 21 07:25:36.451560: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:36.451563: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:36.451566: | discarding INTEG=NONE Sep 21 07:25:36.451569: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:36.451572: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:36.451574: | prop #: 1 (0x1) Sep 21 07:25:36.451577: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:36.451579: | spi size: 0 (0x0) Sep 21 07:25:36.451582: | # transforms: 11 (0xb) Sep 21 07:25:36.451585: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:36.451588: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.451591: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451593: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:36.451595: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:36.451597: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.451600: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:36.451603: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:36.451605: | length/value: 256 (0x100) Sep 21 07:25:36.451607: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:36.451610: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.451612: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451614: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:36.451616: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:36.451619: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451622: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.451624: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.451626: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.451628: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451630: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:36.451632: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:36.451635: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451637: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.451640: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.451642: | discarding INTEG=NONE Sep 21 07:25:36.451644: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.451646: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451648: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.451650: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:36.451653: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451655: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.451658: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.451660: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.451662: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451666: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.451668: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:36.451670: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451673: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.451675: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.451677: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.451679: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451681: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.451684: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:36.451686: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451688: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.451691: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.451693: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.451695: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451697: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.451699: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:36.451702: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451704: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.451707: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.451709: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.451711: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451713: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.451715: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:36.451718: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451721: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.451723: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.451725: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.451727: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451729: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.451731: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:36.451734: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451736: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.451739: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.451741: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.451743: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451745: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.451747: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:36.451749: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451752: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.451755: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.451758: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.451761: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:36.451763: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.451766: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:36.451769: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451772: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.451775: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.451777: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:25:36.451780: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:36.451786: | discarding INTEG=NONE Sep 21 07:25:36.451791: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:36.451793: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:36.451795: | prop #: 2 (0x2) Sep 21 07:25:36.451798: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:36.451800: | spi size: 0 (0x0) Sep 21 07:25:36.451802: | # transforms: 11 (0xb) Sep 21 07:25:36.451805: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:36.451807: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:36.451810: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.451812: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451814: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:36.451816: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:36.451818: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.451820: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:36.451823: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:36.451825: | length/value: 128 (0x80) Sep 21 07:25:36.451827: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:36.451829: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.451831: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451833: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:36.451836: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:36.451838: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451841: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.451843: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.451845: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.451847: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451849: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:36.451851: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:36.451854: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451856: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.451859: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.451861: | discarding INTEG=NONE Sep 21 07:25:36.451863: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.451865: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451867: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.451871: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:36.451874: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451876: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.451879: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.451881: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.451883: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451885: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.451887: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:36.451889: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451892: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.451894: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.451896: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.451898: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451901: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.451903: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:36.451905: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451908: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.451910: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.451912: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.451914: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451916: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.451918: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:36.451921: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451924: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.451926: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.451928: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.451930: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451932: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.451934: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:36.451936: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451939: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.451941: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.451943: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.451945: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451948: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.451950: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:36.451952: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451954: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.451957: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.451961: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.451964: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451966: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.451968: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:36.451971: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451974: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.451977: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.451979: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.451982: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:36.451984: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.451986: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:36.451989: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.451992: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.451995: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.451997: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:25:36.452000: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:36.452003: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:36.452005: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:36.452008: | prop #: 3 (0x3) Sep 21 07:25:36.452010: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:36.452013: | spi size: 0 (0x0) Sep 21 07:25:36.452015: | # transforms: 13 (0xd) Sep 21 07:25:36.452018: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:36.452021: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:36.452024: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.452026: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452029: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:36.452031: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:36.452034: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.452037: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:36.452040: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:36.452042: | length/value: 256 (0x100) Sep 21 07:25:36.452045: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:36.452048: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.452050: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452053: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:36.452055: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:36.452058: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452061: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.452064: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.452066: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.452069: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452071: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:36.452074: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:36.452078: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452081: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.452084: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.452087: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.452089: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452092: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:36.452094: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:36.452098: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452100: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.452103: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.452106: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.452109: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452111: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:36.452114: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:36.452117: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452120: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.452122: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.452125: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.452127: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452130: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.452133: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:36.452136: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452139: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.452141: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.452144: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.452146: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452149: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.452151: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:36.452154: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452157: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.452160: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.452162: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.452164: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452166: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.452169: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:36.452171: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452174: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.452176: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.452178: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.452181: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452186: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.452189: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:36.452192: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452194: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.452197: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.452199: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.452201: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452204: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.452206: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:36.452208: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452211: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.452213: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.452216: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.452218: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452220: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.452222: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:36.452225: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452228: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.452230: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.452232: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.452234: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452237: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.452239: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:36.452242: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452245: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.452248: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.452250: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.452252: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:36.452254: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.452257: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:36.452259: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452262: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.452264: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.452266: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:25:36.452268: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:36.452270: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:36.452272: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:36.452275: | prop #: 4 (0x4) Sep 21 07:25:36.452277: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:36.452279: | spi size: 0 (0x0) Sep 21 07:25:36.452281: | # transforms: 13 (0xd) Sep 21 07:25:36.452283: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:36.452287: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:36.452289: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.452291: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452293: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:36.452295: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:36.452297: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.452300: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:36.452302: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:36.452304: | length/value: 128 (0x80) Sep 21 07:25:36.452306: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:36.452308: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.452310: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452312: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:36.452314: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:36.452316: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452319: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.452321: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.452323: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.452325: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452327: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:36.452329: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:36.452332: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452335: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.452338: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.452340: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.452343: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452345: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:36.452347: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:36.452350: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452353: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.452356: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.452358: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.452361: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452363: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:36.452365: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:36.452369: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452371: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.452374: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.452376: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.452379: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452381: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.452384: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:36.452389: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452392: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.452394: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.452396: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.452399: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452401: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.452404: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:36.452407: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452410: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.452412: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.452415: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.452417: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452420: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.452422: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:36.452425: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452428: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.452431: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.452433: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.452435: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452438: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.452441: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:36.452443: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452446: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.452449: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.452451: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.452453: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452456: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.452458: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:36.452462: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452464: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.452467: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.452469: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.452472: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452474: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.452476: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:36.452480: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452483: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.452485: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.452487: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.452492: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452494: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.452496: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:36.452499: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452502: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.452505: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.452507: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:36.452510: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:36.452512: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:36.452515: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:36.452518: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:36.452521: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:36.452523: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:36.452526: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:25:36.452528: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:36.452531: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:25:36.452534: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:36.452536: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:25:36.452539: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:36.452542: | flags: none (0x0) Sep 21 07:25:36.452544: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:36.452548: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:25:36.452551: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:25:36.452554: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:25:36.452557: | ikev2 g^x 74 08 38 46 f6 0e 98 3f f5 d6 5e 47 c6 82 3e dd Sep 21 07:25:36.452560: | ikev2 g^x 6f 2a e7 ed e9 20 ff 27 65 a8 11 f1 4d 69 de 6b Sep 21 07:25:36.452562: | ikev2 g^x f4 53 5d ef 5e 51 f6 19 44 00 82 95 b8 6e 89 97 Sep 21 07:25:36.452565: | ikev2 g^x c5 27 d2 f5 04 d2 2a 03 2c cd dc d9 2e 0d e5 51 Sep 21 07:25:36.452567: | ikev2 g^x 0e d1 1b 0d 37 73 4b 55 6d 03 3d cd 43 c0 21 73 Sep 21 07:25:36.452569: | ikev2 g^x a1 26 ec 0a 40 b8 5d 00 23 6a 57 f6 3d e5 b4 eb Sep 21 07:25:36.452572: | ikev2 g^x 19 3c e2 01 4d 98 6a 41 67 b1 ef 5b 24 59 dd 9b Sep 21 07:25:36.452574: | ikev2 g^x 92 f9 f3 d9 2e a5 bc 81 83 b7 12 40 41 f0 89 25 Sep 21 07:25:36.452576: | ikev2 g^x f6 48 65 b3 f1 07 12 c7 9d e5 cd 35 61 1a 68 41 Sep 21 07:25:36.452579: | ikev2 g^x 6f 87 c2 fc 40 bd 25 cb 10 6b 87 14 23 d2 d8 94 Sep 21 07:25:36.452581: | ikev2 g^x 8a 92 4c 62 e4 b3 11 f4 ca 41 e1 05 d4 cc 45 47 Sep 21 07:25:36.452584: | ikev2 g^x c2 4d d5 e9 5e 9c a9 b8 db 13 79 07 25 a7 7b 7f Sep 21 07:25:36.452586: | ikev2 g^x 83 4d 4c 8a 57 da d8 fa 48 cf f0 95 33 85 c4 ba Sep 21 07:25:36.452588: | ikev2 g^x fe 5d 6a 5a 73 2b 64 9e cd ea c1 2d 78 c6 4a 19 Sep 21 07:25:36.452591: | ikev2 g^x 3e 56 48 41 90 48 ed ec f3 8b e0 a0 a0 6c 8f 49 Sep 21 07:25:36.452593: | ikev2 g^x 0c 98 c3 fa 83 64 bf be d0 91 e6 1d cb ef a1 f3 Sep 21 07:25:36.452595: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:25:36.452598: | ***emit IKEv2 Nonce Payload: Sep 21 07:25:36.452601: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:36.452604: | flags: none (0x0) Sep 21 07:25:36.452608: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:25:36.452611: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:25:36.452614: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:25:36.452617: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:25:36.452619: | IKEv2 nonce db 05 ef 26 94 85 b1 45 8d 48 0d f5 9d 5b 08 3e Sep 21 07:25:36.452622: | IKEv2 nonce 5b fd b5 78 c8 39 b6 20 c6 ae 6a 6e 5d ac c5 60 Sep 21 07:25:36.452624: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:25:36.452627: | Adding a v2N Payload Sep 21 07:25:36.452629: | ***emit IKEv2 Notify Payload: Sep 21 07:25:36.452632: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:36.452634: | flags: none (0x0) Sep 21 07:25:36.452637: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:36.452640: | SPI size: 0 (0x0) Sep 21 07:25:36.452643: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:36.452646: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:36.452649: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:36.452651: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:25:36.452655: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:25:36.452657: | natd_hash: rcookie is zero Sep 21 07:25:36.452669: | natd_hash: hasher=0x55b3832a57a0(20) Sep 21 07:25:36.452672: | natd_hash: icookie= b3 2d 94 55 82 f9 6a 54 Sep 21 07:25:36.452675: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:36.452677: | natd_hash: ip= c0 01 03 d1 Sep 21 07:25:36.452679: | natd_hash: port= 01 f4 Sep 21 07:25:36.452682: | natd_hash: hash= 0f 32 08 3b 1f 66 99 06 04 92 b2 79 17 a4 7d d2 Sep 21 07:25:36.452685: | natd_hash: hash= 5c f9 a8 0e Sep 21 07:25:36.452687: | Adding a v2N Payload Sep 21 07:25:36.452690: | ***emit IKEv2 Notify Payload: Sep 21 07:25:36.452692: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:36.452694: | flags: none (0x0) Sep 21 07:25:36.452697: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:36.452699: | SPI size: 0 (0x0) Sep 21 07:25:36.452702: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:36.452705: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:36.452708: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:36.452711: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:36.452713: | Notify data 0f 32 08 3b 1f 66 99 06 04 92 b2 79 17 a4 7d d2 Sep 21 07:25:36.452715: | Notify data 5c f9 a8 0e Sep 21 07:25:36.452718: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:36.452720: | natd_hash: rcookie is zero Sep 21 07:25:36.452727: | natd_hash: hasher=0x55b3832a57a0(20) Sep 21 07:25:36.452730: | natd_hash: icookie= b3 2d 94 55 82 f9 6a 54 Sep 21 07:25:36.452732: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:36.452734: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:36.452737: | natd_hash: port= 01 f4 Sep 21 07:25:36.452739: | natd_hash: hash= 5b c1 d3 3a 22 de ee 12 b6 6d 02 3e 2d 64 a6 44 Sep 21 07:25:36.452742: | natd_hash: hash= 79 3e ba c9 Sep 21 07:25:36.452744: | Adding a v2N Payload Sep 21 07:25:36.452746: | ***emit IKEv2 Notify Payload: Sep 21 07:25:36.452749: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:36.452751: | flags: none (0x0) Sep 21 07:25:36.452754: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:36.452756: | SPI size: 0 (0x0) Sep 21 07:25:36.452759: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:36.452764: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:36.452767: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:36.452769: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:36.452772: | Notify data 5b c1 d3 3a 22 de ee 12 b6 6d 02 3e 2d 64 a6 44 Sep 21 07:25:36.452774: | Notify data 79 3e ba c9 Sep 21 07:25:36.452777: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:36.452779: | emitting length of ISAKMP Message: 828 Sep 21 07:25:36.452789: | stop processing: state #4 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:25:36.452798: | start processing: state #4 connection "road-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:36.452801: | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:25:36.452804: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:25:36.452807: | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:25:36.452809: | Message ID: updating counters for #4 to 4294967295 after switching state Sep 21 07:25:36.452812: | Message ID: IKE #4 skipping update_recv as MD is fake Sep 21 07:25:36.452816: | Message ID: sent #4 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:25:36.452819: "road-eastnet" #4: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:25:36.452824: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.209:500) Sep 21 07:25:36.452829: | sending 828 bytes for STATE_PARENT_I0 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #4) Sep 21 07:25:36.452832: | b3 2d 94 55 82 f9 6a 54 00 00 00 00 00 00 00 00 Sep 21 07:25:36.452834: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:25:36.452836: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:25:36.452838: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:25:36.452840: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:25:36.452842: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:25:36.452844: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:25:36.452846: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:25:36.452848: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:25:36.452850: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:25:36.452852: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:25:36.452854: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:25:36.452856: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:25:36.452858: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:25:36.452860: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:25:36.452862: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:25:36.452864: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:36.452866: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:25:36.452868: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:25:36.452870: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:25:36.452873: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:25:36.452875: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:25:36.452877: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:25:36.452879: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:25:36.452881: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:25:36.452883: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:25:36.452885: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:25:36.452888: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:25:36.452892: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:25:36.452894: | 28 00 01 08 00 0e 00 00 74 08 38 46 f6 0e 98 3f Sep 21 07:25:36.452896: | f5 d6 5e 47 c6 82 3e dd 6f 2a e7 ed e9 20 ff 27 Sep 21 07:25:36.452898: | 65 a8 11 f1 4d 69 de 6b f4 53 5d ef 5e 51 f6 19 Sep 21 07:25:36.452901: | 44 00 82 95 b8 6e 89 97 c5 27 d2 f5 04 d2 2a 03 Sep 21 07:25:36.452903: | 2c cd dc d9 2e 0d e5 51 0e d1 1b 0d 37 73 4b 55 Sep 21 07:25:36.452905: | 6d 03 3d cd 43 c0 21 73 a1 26 ec 0a 40 b8 5d 00 Sep 21 07:25:36.452908: | 23 6a 57 f6 3d e5 b4 eb 19 3c e2 01 4d 98 6a 41 Sep 21 07:25:36.452910: | 67 b1 ef 5b 24 59 dd 9b 92 f9 f3 d9 2e a5 bc 81 Sep 21 07:25:36.452912: | 83 b7 12 40 41 f0 89 25 f6 48 65 b3 f1 07 12 c7 Sep 21 07:25:36.452914: | 9d e5 cd 35 61 1a 68 41 6f 87 c2 fc 40 bd 25 cb Sep 21 07:25:36.452916: | 10 6b 87 14 23 d2 d8 94 8a 92 4c 62 e4 b3 11 f4 Sep 21 07:25:36.452918: | ca 41 e1 05 d4 cc 45 47 c2 4d d5 e9 5e 9c a9 b8 Sep 21 07:25:36.452920: | db 13 79 07 25 a7 7b 7f 83 4d 4c 8a 57 da d8 fa Sep 21 07:25:36.452922: | 48 cf f0 95 33 85 c4 ba fe 5d 6a 5a 73 2b 64 9e Sep 21 07:25:36.452924: | cd ea c1 2d 78 c6 4a 19 3e 56 48 41 90 48 ed ec Sep 21 07:25:36.452927: | f3 8b e0 a0 a0 6c 8f 49 0c 98 c3 fa 83 64 bf be Sep 21 07:25:36.452929: | d0 91 e6 1d cb ef a1 f3 29 00 00 24 db 05 ef 26 Sep 21 07:25:36.452931: | 94 85 b1 45 8d 48 0d f5 9d 5b 08 3e 5b fd b5 78 Sep 21 07:25:36.452933: | c8 39 b6 20 c6 ae 6a 6e 5d ac c5 60 29 00 00 08 Sep 21 07:25:36.452936: | 00 00 40 2e 29 00 00 1c 00 00 40 04 0f 32 08 3b Sep 21 07:25:36.452938: | 1f 66 99 06 04 92 b2 79 17 a4 7d d2 5c f9 a8 0e Sep 21 07:25:36.452940: | 00 00 00 1c 00 00 40 05 5b c1 d3 3a 22 de ee 12 Sep 21 07:25:36.452942: | b6 6d 02 3e 2d 64 a6 44 79 3e ba c9 Sep 21 07:25:36.452975: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:36.452981: | libevent_free: release ptr-libevent@0x55b383da41f0 Sep 21 07:25:36.452984: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f4ef8002b20 Sep 21 07:25:36.452988: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=25000ms Sep 21 07:25:36.452992: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f4ef8002b20 Sep 21 07:25:36.452995: | inserting event EVENT_RETRANSMIT, timeout in 25 seconds for #4 Sep 21 07:25:36.452998: | libevent_malloc: new ptr-libevent@0x55b383da41f0 size 128 Sep 21 07:25:36.453003: | #4 STATE_PARENT_I1: retransmits: first event in 25 seconds; timeout in 107 seconds; limit of 12 retransmits; current time is 49382.821255 Sep 21 07:25:36.453008: | resume sending helper answer for #4 suppresed complete_v2_state_transition() and stole MD Sep 21 07:25:36.453014: | #4 spent 1.49 milliseconds in resume sending helper answer Sep 21 07:25:36.453019: | stop processing: state #4 connection "road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:36.453023: | libevent_free: release ptr-libevent@0x7f4eec006900 Sep 21 07:25:37.812712: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:37.812732: shutting down Sep 21 07:25:37.812740: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:25:37.812744: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:25:37.812749: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:37.812752: forgetting secrets Sep 21 07:25:37.812757: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:37.812761: | unreference key: 0x55b383da19c0 @east cnt 1-- Sep 21 07:25:37.812765: | unreference key: 0x55b383da15d0 @road cnt 1-- Sep 21 07:25:37.812770: | start processing: connection "road-eastnet" (in delete_connection() at connections.c:189) Sep 21 07:25:37.812773: | removing pending policy for no connection {0x55b383d52460} Sep 21 07:25:37.812776: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:25:37.812781: | pass 0 Sep 21 07:25:37.812787: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:37.812791: | state #4 Sep 21 07:25:37.812795: | suspend processing: connection "road-eastnet" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:25:37.812801: | start processing: state #4 connection "road-eastnet" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:25:37.812804: | pstats #4 ikev2.ike deleted other Sep 21 07:25:37.812808: | #4 spent 2.41 milliseconds in total Sep 21 07:25:37.812813: | [RE]START processing: state #4 connection "road-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:37.812817: "road-eastnet" #4: deleting state (STATE_PARENT_I1) aged 1.362s and NOT sending notification Sep 21 07:25:37.812820: | parent state #4: PARENT_I1(half-open IKE SA) => delete Sep 21 07:25:37.812824: | state #4 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:25:37.812827: | #4 STATE_PARENT_I1: retransmits: cleared Sep 21 07:25:37.812831: | libevent_free: release ptr-libevent@0x55b383da41f0 Sep 21 07:25:37.812834: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f4ef8002b20 Sep 21 07:25:37.812837: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:25:37.812840: | picked newest_isakmp_sa #0 for #4 Sep 21 07:25:37.812843: "road-eastnet" #4: deleting IKE SA for connection 'road-eastnet' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:25:37.812846: | add revival: connection 'road-eastnet' added to the list and scheduled for 5 seconds Sep 21 07:25:37.812849: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Sep 21 07:25:37.812855: | stop processing: connection "road-eastnet" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:25:37.812858: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:25:37.812860: | in connection_discard for connection road-eastnet Sep 21 07:25:37.812863: | State DB: deleting IKEv2 state #4 in PARENT_I1 Sep 21 07:25:37.812867: | parent state #4: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Sep 21 07:25:37.812885: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:37.812889: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:25:37.812891: | pass 1 Sep 21 07:25:37.812894: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:37.812900: | shunt_eroute() called for connection 'road-eastnet' to 'delete' for rt_kind 'unrouted' using protoports 192.1.3.209/32:0 --0->- 192.0.2.0/24:0 Sep 21 07:25:37.812906: | netlink_shunt_eroute for proto 0, and source 192.1.3.209/32:0 dest 192.0.2.0/24:0 Sep 21 07:25:37.812909: | priority calculation of connection "road-eastnet" is 0xfdfe7 Sep 21 07:25:37.813036: | priority calculation of connection "road-eastnet" is 0xfdfe7 Sep 21 07:25:37.813053: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:37.813056: | conn road-eastnet mark 0/00000000, 0/00000000 vs Sep 21 07:25:37.813059: | conn road-eastnet mark 0/00000000, 0/00000000 Sep 21 07:25:37.813062: | route owner of "road-eastnet" unrouted: NULL Sep 21 07:25:37.813065: | running updown command "ipsec _updown" for verb unroute Sep 21 07:25:37.813068: | command executing unroute-host Sep 21 07:25:37.813095: | executing unroute-host: PLUTO_VERB='unroute-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP Sep 21 07:25:37.813100: | popen cmd is 1032 chars long Sep 21 07:25:37.813103: | cmd( 0):PLUTO_VERB='unroute-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PL: Sep 21 07:25:37.813106: | cmd( 80):UTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_M: Sep 21 07:25:37.813109: | cmd( 160):Y_ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' : Sep 21 07:25:37.813111: | cmd( 240):PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' P: Sep 21 07:25:37.813114: | cmd( 320):LUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: Sep 21 07:25:37.813116: | cmd( 400):='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUT: Sep 21 07:25:37.813119: | cmd( 480):O_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' P: Sep 21 07:25:37.813121: | cmd( 560):LUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG: Sep 21 07:25:37.813124: | cmd( 640):+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN: Sep 21 07:25:37.813126: | cmd( 720):_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_C: Sep 21 07:25:37.813129: | cmd( 800):ISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' P: Sep 21 07:25:37.813131: | cmd( 880):LUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VT: Sep 21 07:25:37.813134: | cmd( 960):I_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:25:37.897531: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.897549: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.897555: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.897565: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.897578: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.897591: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.897715: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.897720: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.897723: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.897725: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.897727: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.897729: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.897731: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.898118: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.898129: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.898141: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.898251: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.898257: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.898259: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.898261: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.898264: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.898266: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.898268: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.898270: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.898274: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.898279: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.898287: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899051: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899063: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899066: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899068: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899070: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899073: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899075: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899077: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899079: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899081: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899084: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899086: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899088: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899090: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899092: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899094: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899096: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899099: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899101: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899103: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899105: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899108: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899110: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899112: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899114: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899116: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899118: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899121: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899123: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899125: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899127: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899129: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899131: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899134: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899136: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899138: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899140: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899143: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899690: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899696: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899698: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899701: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899703: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899705: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899707: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899709: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899715: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899717: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899719: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899721: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899724: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899726: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899728: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899730: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899732: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899734: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899737: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899739: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899741: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899743: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899745: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899747: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899749: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899752: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899754: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.899756: unroute-host output: Error: Peer netns reference is invalid. Sep 21 07:25:37.951703: | free hp@0x55b383d81400 Sep 21 07:25:37.951719: | flush revival: connection 'road-eastnet' revival flushed Sep 21 07:25:37.951723: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:25:37.951730: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:25:37.951733: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:25:37.951745: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:25:37.951749: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:25:37.951753: shutting down interface eth0/eth0 192.1.3.209:4500 Sep 21 07:25:37.951756: shutting down interface eth0/eth0 192.1.3.209:500 Sep 21 07:25:37.951760: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:25:37.951768: | libevent_free: release ptr-libevent@0x55b383d9fb90 Sep 21 07:25:37.951771: | free_event_entry: release EVENT_NULL-pe@0x55b383d88890 Sep 21 07:25:37.951780: | libevent_free: release ptr-libevent@0x55b383d9fc80 Sep 21 07:25:37.951786: | free_event_entry: release EVENT_NULL-pe@0x55b383d9fc40 Sep 21 07:25:37.951794: | libevent_free: release ptr-libevent@0x55b383d9fd70 Sep 21 07:25:37.951797: | free_event_entry: release EVENT_NULL-pe@0x55b383d9fd30 Sep 21 07:25:37.951802: | libevent_free: release ptr-libevent@0x55b383d9fe60 Sep 21 07:25:37.951805: | free_event_entry: release EVENT_NULL-pe@0x55b383d9fe20 Sep 21 07:25:37.951810: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:25:37.952327: | libevent_free: release ptr-libevent@0x55b383d9f450 Sep 21 07:25:37.952335: | free_event_entry: release EVENT_NULL-pe@0x55b383d82ab0 Sep 21 07:25:37.952339: | libevent_free: release ptr-libevent@0x55b383d94ee0 Sep 21 07:25:37.952343: | free_event_entry: release EVENT_NULL-pe@0x55b383d890f0 Sep 21 07:25:37.952347: | libevent_free: release ptr-libevent@0x55b383d94e50 Sep 21 07:25:37.952350: | free_event_entry: release EVENT_NULL-pe@0x55b383d89130 Sep 21 07:25:37.952353: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:25:37.952355: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:25:37.952358: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:25:37.952360: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:25:37.952363: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:25:37.952365: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:25:37.952371: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:25:37.952373: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:25:37.952376: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:25:37.952380: | libevent_free: release ptr-libevent@0x55b383d9f630 Sep 21 07:25:37.952382: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:25:37.952386: | libevent_free: release ptr-libevent@0x55b383d9f710 Sep 21 07:25:37.952388: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:25:37.952391: | libevent_free: release ptr-libevent@0x55b383d9f7d0 Sep 21 07:25:37.952393: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:25:37.952396: | libevent_free: release ptr-libevent@0x55b383d94250 Sep 21 07:25:37.952399: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:25:37.952401: | releasing event base Sep 21 07:25:37.952413: | libevent_free: release ptr-libevent@0x55b383d9f890 Sep 21 07:25:37.952416: | libevent_free: release ptr-libevent@0x55b383d56bd0 Sep 21 07:25:37.952420: | libevent_free: release ptr-libevent@0x55b383d834a0 Sep 21 07:25:37.952423: | libevent_free: release ptr-libevent@0x55b383d83680 Sep 21 07:25:37.952425: | libevent_free: release ptr-libevent@0x55b383d834c0 Sep 21 07:25:37.952428: | libevent_free: release ptr-libevent@0x55b383d9f4e0 Sep 21 07:25:37.952430: | libevent_free: release ptr-libevent@0x55b383d9f6d0 Sep 21 07:25:37.952433: | libevent_free: release ptr-libevent@0x55b383d83660 Sep 21 07:25:37.952435: | libevent_free: release ptr-libevent@0x55b383d83940 Sep 21 07:25:37.952437: | libevent_free: release ptr-libevent@0x55b383d880b0 Sep 21 07:25:37.952440: | libevent_free: release ptr-libevent@0x55b383d9fef0 Sep 21 07:25:37.952442: | libevent_free: release ptr-libevent@0x55b383d9fe00 Sep 21 07:25:37.952444: | libevent_free: release ptr-libevent@0x55b383d9fd10 Sep 21 07:25:37.952447: | libevent_free: release ptr-libevent@0x55b383d9fc20 Sep 21 07:25:37.952449: | libevent_free: release ptr-libevent@0x55b383d83550 Sep 21 07:25:37.952452: | libevent_free: release ptr-libevent@0x55b383d9f7b0 Sep 21 07:25:37.952454: | libevent_free: release ptr-libevent@0x55b383d9f6f0 Sep 21 07:25:37.952456: | libevent_free: release ptr-libevent@0x55b383d9f610 Sep 21 07:25:37.952459: | libevent_free: release ptr-libevent@0x55b383d9f870 Sep 21 07:25:37.952461: | libevent_free: release ptr-libevent@0x55b383d9f500 Sep 21 07:25:37.952464: | libevent_free: release ptr-libevent@0x55b383d834e0 Sep 21 07:25:37.952467: | libevent_free: release ptr-libevent@0x55b383d83510 Sep 21 07:25:37.952469: | libevent_free: release ptr-libevent@0x55b383d83200 Sep 21 07:25:37.952471: | releasing global libevent data Sep 21 07:25:37.952474: | libevent_free: release ptr-libevent@0x55b383d814b0 Sep 21 07:25:37.952477: | libevent_free: release ptr-libevent@0x55b383d814e0 Sep 21 07:25:37.952480: | libevent_free: release ptr-libevent@0x55b383d831d0