Sep 21 07:25:29.932226: FIPS Product: YES Sep 21 07:25:29.932266: FIPS Kernel: NO Sep 21 07:25:29.932269: FIPS Mode: NO Sep 21 07:25:29.932272: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:25:29.932452: Initializing NSS Sep 21 07:25:29.932456: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:25:29.987884: NSS initialized Sep 21 07:25:29.987897: NSS crypto library initialized Sep 21 07:25:29.987899: FIPS HMAC integrity support [enabled] Sep 21 07:25:29.987901: FIPS mode disabled for pluto daemon Sep 21 07:25:30.063605: FIPS HMAC integrity verification self-test FAILED Sep 21 07:25:30.063723: libcap-ng support [enabled] Sep 21 07:25:30.063733: Linux audit support [enabled] Sep 21 07:25:30.063755: Linux audit activated Sep 21 07:25:30.063759: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:8625 Sep 21 07:25:30.063762: core dump dir: /tmp Sep 21 07:25:30.063763: secrets file: /etc/ipsec.secrets Sep 21 07:25:30.063764: leak-detective disabled Sep 21 07:25:30.063766: NSS crypto [enabled] Sep 21 07:25:30.063767: XAUTH PAM support [enabled] Sep 21 07:25:30.063838: | libevent is using pluto's memory allocator Sep 21 07:25:30.063846: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:25:30.063861: | libevent_malloc: new ptr-libevent@0x55fa0bccf4e0 size 40 Sep 21 07:25:30.063864: | libevent_malloc: new ptr-libevent@0x55fa0bcd0790 size 40 Sep 21 07:25:30.063867: | libevent_malloc: new ptr-libevent@0x55fa0bcd07c0 size 40 Sep 21 07:25:30.063869: | creating event base Sep 21 07:25:30.063872: | libevent_malloc: new ptr-libevent@0x55fa0bcd0750 size 56 Sep 21 07:25:30.063875: | libevent_malloc: new ptr-libevent@0x55fa0bcd07f0 size 664 Sep 21 07:25:30.063885: | libevent_malloc: new ptr-libevent@0x55fa0bcd0a90 size 24 Sep 21 07:25:30.063889: | libevent_malloc: new ptr-libevent@0x55fa0bcc2250 size 384 Sep 21 07:25:30.063899: | libevent_malloc: new ptr-libevent@0x55fa0bcd0ab0 size 16 Sep 21 07:25:30.063902: | libevent_malloc: new ptr-libevent@0x55fa0bcd0ad0 size 40 Sep 21 07:25:30.063905: | libevent_malloc: new ptr-libevent@0x55fa0bcd0b00 size 48 Sep 21 07:25:30.063913: | libevent_realloc: new ptr-libevent@0x55fa0bc54370 size 256 Sep 21 07:25:30.063915: | libevent_malloc: new ptr-libevent@0x55fa0bcd0b40 size 16 Sep 21 07:25:30.063922: | libevent_free: release ptr-libevent@0x55fa0bcd0750 Sep 21 07:25:30.063926: | libevent initialized Sep 21 07:25:30.063929: | libevent_realloc: new ptr-libevent@0x55fa0bcd0b60 size 64 Sep 21 07:25:30.063933: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:25:30.063948: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:25:30.063951: NAT-Traversal support [enabled] Sep 21 07:25:30.063954: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:25:30.063960: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:25:30.063968: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:25:30.064006: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:25:30.064011: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:25:30.064015: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:25:30.064065: Encryption algorithms: Sep 21 07:25:30.064077: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:25:30.064082: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:25:30.064086: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:25:30.064090: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:25:30.064093: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:25:30.064103: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:25:30.064107: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:25:30.064111: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:25:30.064114: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:25:30.064116: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:25:30.064118: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:25:30.064121: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:25:30.064123: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:25:30.064125: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:25:30.064127: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:25:30.064129: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:25:30.064131: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:25:30.064136: Hash algorithms: Sep 21 07:25:30.064138: MD5 IKEv1: IKE IKEv2: Sep 21 07:25:30.064140: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:25:30.064142: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:25:30.064144: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:25:30.064145: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:25:30.064154: PRF algorithms: Sep 21 07:25:30.064155: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:25:30.064157: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:25:30.064160: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:25:30.064162: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:25:30.064163: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:25:30.064165: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:25:30.064180: Integrity algorithms: Sep 21 07:25:30.064182: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:25:30.064185: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:25:30.064187: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:25:30.064189: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:25:30.064192: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:25:30.064193: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:25:30.064195: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:25:30.064197: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:25:30.064199: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:25:30.064207: DH algorithms: Sep 21 07:25:30.064209: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:25:30.064210: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:25:30.064212: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:25:30.064216: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:25:30.064218: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:25:30.064219: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:25:30.064221: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:25:30.064223: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:25:30.064225: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:25:30.064227: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:25:30.064229: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:25:30.064230: testing CAMELLIA_CBC: Sep 21 07:25:30.064232: Camellia: 16 bytes with 128-bit key Sep 21 07:25:30.064322: Camellia: 16 bytes with 128-bit key Sep 21 07:25:30.064342: Camellia: 16 bytes with 256-bit key Sep 21 07:25:30.064367: Camellia: 16 bytes with 256-bit key Sep 21 07:25:30.064395: testing AES_GCM_16: Sep 21 07:25:30.064399: empty string Sep 21 07:25:30.064428: one block Sep 21 07:25:30.064455: two blocks Sep 21 07:25:30.064484: two blocks with associated data Sep 21 07:25:30.064513: testing AES_CTR: Sep 21 07:25:30.064517: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:25:30.064546: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:25:30.064576: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:25:30.064603: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:25:30.064621: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:25:30.064639: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:25:30.064656: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:25:30.064671: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:25:30.064688: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:25:30.064705: testing AES_CBC: Sep 21 07:25:30.064706: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:25:30.064723: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:25:30.064740: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:25:30.064758: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:25:30.064778: testing AES_XCBC: Sep 21 07:25:30.064780: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:25:30.064862: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:25:30.064943: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:25:30.065019: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:25:30.065094: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:25:30.065171: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:25:30.065250: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:25:30.065416: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:25:30.065495: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:25:30.065577: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:25:30.065719: testing HMAC_MD5: Sep 21 07:25:30.065722: RFC 2104: MD5_HMAC test 1 Sep 21 07:25:30.065861: RFC 2104: MD5_HMAC test 2 Sep 21 07:25:30.066018: RFC 2104: MD5_HMAC test 3 Sep 21 07:25:30.066197: 8 CPU cores online Sep 21 07:25:30.066201: starting up 7 crypto helpers Sep 21 07:25:30.066234: started thread for crypto helper 0 Sep 21 07:25:30.066254: started thread for crypto helper 1 Sep 21 07:25:30.066277: started thread for crypto helper 2 Sep 21 07:25:30.066295: started thread for crypto helper 3 Sep 21 07:25:30.066317: started thread for crypto helper 4 Sep 21 07:25:30.066333: started thread for crypto helper 5 Sep 21 07:25:30.066354: started thread for crypto helper 6 Sep 21 07:25:30.066359: | checking IKEv1 state table Sep 21 07:25:30.066366: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:30.066368: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:25:30.066371: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:30.066373: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:25:30.066376: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:25:30.066378: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:25:30.066381: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:30.066383: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:30.066386: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:25:30.066388: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:25:30.066390: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:30.066392: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:30.066395: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:25:30.066397: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:30.066400: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:30.066402: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:25:30.066405: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:25:30.066407: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:30.066409: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:30.066411: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:25:30.066414: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:25:30.066416: | -> UNDEFINED EVENT_NULL Sep 21 07:25:30.066419: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:25:30.066421: | -> UNDEFINED EVENT_NULL Sep 21 07:25:30.066424: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:30.066426: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:25:30.066429: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:30.066431: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:25:30.066433: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:25:30.066436: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:25:30.066438: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:25:30.066441: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:25:30.066443: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:25:30.066446: | -> UNDEFINED EVENT_NULL Sep 21 07:25:30.066448: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:25:30.066451: | -> UNDEFINED EVENT_NULL Sep 21 07:25:30.066453: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:25:30.066456: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:25:30.066458: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:25:30.066461: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:25:30.066463: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:25:30.066466: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:25:30.066469: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:25:30.066471: | -> UNDEFINED EVENT_NULL Sep 21 07:25:30.066474: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:25:30.066476: | -> UNDEFINED EVENT_NULL Sep 21 07:25:30.066479: | INFO: category: informational flags: 0: Sep 21 07:25:30.066481: | -> UNDEFINED EVENT_NULL Sep 21 07:25:30.066484: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:25:30.066486: | -> UNDEFINED EVENT_NULL Sep 21 07:25:30.066488: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:25:30.066491: | -> XAUTH_R1 EVENT_NULL Sep 21 07:25:30.066493: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:25:30.066496: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:30.066498: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:25:30.066501: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:25:30.066504: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:25:30.066506: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:25:30.066509: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:25:30.066511: | -> UNDEFINED EVENT_NULL Sep 21 07:25:30.066514: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:25:30.066518: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:30.066521: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:25:30.066523: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:25:30.066526: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:25:30.066528: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:25:30.066534: | checking IKEv2 state table Sep 21 07:25:30.066540: | PARENT_I0: category: ignore flags: 0: Sep 21 07:25:30.066543: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:25:30.066546: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:30.066549: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:25:30.066552: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:25:30.066555: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:25:30.066557: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:25:30.066560: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:25:30.066563: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:25:30.066565: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:25:30.066568: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:25:30.066571: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:25:30.066573: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:25:30.066576: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:25:30.066578: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:25:30.066581: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:25:30.066584: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:30.066586: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:25:30.066589: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:25:30.066592: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:25:30.066594: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:25:30.066597: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:25:30.066600: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:25:30.066602: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:25:30.066605: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:25:30.066607: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:25:30.066610: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:25:30.066613: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:25:30.066616: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:25:30.066618: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:25:30.066621: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:25:30.066624: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:25:30.066627: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:25:30.066629: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:25:30.066632: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:25:30.066634: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:25:30.066637: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:25:30.066640: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:25:30.066643: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:25:30.066648: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:25:30.066650: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:25:30.066653: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:25:30.066656: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:25:30.066659: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:25:30.066662: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:25:30.066665: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:25:30.066668: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:25:30.066770: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:25:30.066843: | Hard-wiring algorithms Sep 21 07:25:30.066849: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:25:30.066853: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:25:30.066856: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:25:30.066858: | adding 3DES_CBC to kernel algorithm db Sep 21 07:25:30.066861: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:25:30.066863: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:25:30.066865: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:25:30.066868: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:25:30.066870: | adding AES_CTR to kernel algorithm db Sep 21 07:25:30.066872: | adding AES_CBC to kernel algorithm db Sep 21 07:25:30.066874: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:25:30.066877: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:25:30.066880: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:25:30.066882: | adding NULL to kernel algorithm db Sep 21 07:25:30.066884: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:25:30.066887: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:25:30.066889: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:25:30.066892: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:25:30.066894: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:25:30.066897: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:25:30.066899: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:25:30.066902: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:25:30.066904: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:25:30.066906: | adding NONE to kernel algorithm db Sep 21 07:25:30.066928: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:25:30.066933: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:25:30.066935: | setup kernel fd callback Sep 21 07:25:30.066938: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55fa0bcdaf10 Sep 21 07:25:30.066941: | libevent_malloc: new ptr-libevent@0x55fa0bce23e0 size 128 Sep 21 07:25:30.066944: | libevent_malloc: new ptr-libevent@0x55fa0bcd0ca0 size 16 Sep 21 07:25:30.066949: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55fa0bcd57b0 Sep 21 07:25:30.066952: | libevent_malloc: new ptr-libevent@0x55fa0bce2470 size 128 Sep 21 07:25:30.066955: | libevent_malloc: new ptr-libevent@0x55fa0bcd5700 size 16 Sep 21 07:25:30.067190: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:25:30.067198: selinux support is enabled. Sep 21 07:25:30.067274: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:25:30.067445: | unbound context created - setting debug level to 5 Sep 21 07:25:30.067476: | /etc/hosts lookups activated Sep 21 07:25:30.067492: | /etc/resolv.conf usage activated Sep 21 07:25:30.067555: | outgoing-port-avoid set 0-65535 Sep 21 07:25:30.067584: | outgoing-port-permit set 32768-60999 Sep 21 07:25:30.067587: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:25:30.067590: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:25:30.067593: | Setting up events, loop start Sep 21 07:25:30.067596: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55fa0bcd5500 Sep 21 07:25:30.067602: | libevent_malloc: new ptr-libevent@0x55fa0bcec9e0 size 128 Sep 21 07:25:30.067605: | libevent_malloc: new ptr-libevent@0x55fa0bceca70 size 16 Sep 21 07:25:30.067612: | libevent_realloc: new ptr-libevent@0x55fa0bc525b0 size 256 Sep 21 07:25:30.067615: | libevent_malloc: new ptr-libevent@0x55fa0bceca90 size 8 Sep 21 07:25:30.067618: | libevent_realloc: new ptr-libevent@0x55fa0bce16e0 size 144 Sep 21 07:25:30.067621: | libevent_malloc: new ptr-libevent@0x55fa0bcecab0 size 152 Sep 21 07:25:30.067625: | libevent_malloc: new ptr-libevent@0x55fa0bcecb50 size 16 Sep 21 07:25:30.067629: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:25:30.067632: | libevent_malloc: new ptr-libevent@0x55fa0bcecb70 size 8 Sep 21 07:25:30.067635: | libevent_malloc: new ptr-libevent@0x55fa0bcecb90 size 152 Sep 21 07:25:30.067638: | signal event handler PLUTO_SIGTERM installed Sep 21 07:25:30.067640: | libevent_malloc: new ptr-libevent@0x55fa0bcecc30 size 8 Sep 21 07:25:30.067643: | libevent_malloc: new ptr-libevent@0x55fa0bcecc50 size 152 Sep 21 07:25:30.067646: | signal event handler PLUTO_SIGHUP installed Sep 21 07:25:30.067648: | libevent_malloc: new ptr-libevent@0x55fa0bceccf0 size 8 Sep 21 07:25:30.067651: | libevent_realloc: release ptr-libevent@0x55fa0bce16e0 Sep 21 07:25:30.067654: | libevent_realloc: new ptr-libevent@0x55fa0bcecd10 size 256 Sep 21 07:25:30.067656: | libevent_malloc: new ptr-libevent@0x55fa0bce16e0 size 152 Sep 21 07:25:30.067659: | signal event handler PLUTO_SIGSYS installed Sep 21 07:25:30.068010: | created addconn helper (pid:8725) using fork+execve Sep 21 07:25:30.068024: | forked child 8725 Sep 21 07:25:30.068058: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:30.068079: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:25:30.068085: listening for IKE messages Sep 21 07:25:30.068123: | Inspecting interface lo Sep 21 07:25:30.068129: | found lo with address 127.0.0.1 Sep 21 07:25:30.068132: | Inspecting interface eth0 Sep 21 07:25:30.068136: | found eth0 with address 192.0.1.254 Sep 21 07:25:30.068138: | Inspecting interface eth1 Sep 21 07:25:30.068142: | found eth1 with address 192.1.2.45 Sep 21 07:25:30.068190: Kernel supports NIC esp-hw-offload Sep 21 07:25:30.068201: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 Sep 21 07:25:30.068225: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:30.068230: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:30.068234: adding interface eth1/eth1 192.1.2.45:4500 Sep 21 07:25:30.068261: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 Sep 21 07:25:30.068285: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:30.068289: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:30.068293: adding interface eth0/eth0 192.0.1.254:4500 Sep 21 07:25:30.068319: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:25:30.068341: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:30.068345: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:30.068349: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:25:30.068426: | no interfaces to sort Sep 21 07:25:30.068431: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:25:30.068439: | add_fd_read_event_handler: new ethX-pe@0x55fa0bcd6280 Sep 21 07:25:30.068442: | libevent_malloc: new ptr-libevent@0x55fa0bced080 size 128 Sep 21 07:25:30.068445: | libevent_malloc: new ptr-libevent@0x55fa0bced110 size 16 Sep 21 07:25:30.068453: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:25:30.068457: | add_fd_read_event_handler: new ethX-pe@0x55fa0bced130 Sep 21 07:25:30.068459: | libevent_malloc: new ptr-libevent@0x55fa0bced170 size 128 Sep 21 07:25:30.068462: | libevent_malloc: new ptr-libevent@0x55fa0bced200 size 16 Sep 21 07:25:30.068469: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:25:30.068472: | add_fd_read_event_handler: new ethX-pe@0x55fa0bced220 Sep 21 07:25:30.068475: | libevent_malloc: new ptr-libevent@0x55fa0bced260 size 128 Sep 21 07:25:30.068477: | libevent_malloc: new ptr-libevent@0x55fa0bced2f0 size 16 Sep 21 07:25:30.068482: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Sep 21 07:25:30.068484: | add_fd_read_event_handler: new ethX-pe@0x55fa0bced310 Sep 21 07:25:30.068487: | libevent_malloc: new ptr-libevent@0x55fa0bced350 size 128 Sep 21 07:25:30.068489: | libevent_malloc: new ptr-libevent@0x55fa0bced3e0 size 16 Sep 21 07:25:30.068494: | setup callback for interface eth0 192.0.1.254:500 fd 19 Sep 21 07:25:30.068496: | add_fd_read_event_handler: new ethX-pe@0x55fa0bced400 Sep 21 07:25:30.068499: | libevent_malloc: new ptr-libevent@0x55fa0bced440 size 128 Sep 21 07:25:30.068502: | libevent_malloc: new ptr-libevent@0x55fa0bced4d0 size 16 Sep 21 07:25:30.068506: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Sep 21 07:25:30.068509: | add_fd_read_event_handler: new ethX-pe@0x55fa0bced4f0 Sep 21 07:25:30.068511: | libevent_malloc: new ptr-libevent@0x55fa0bced530 size 128 Sep 21 07:25:30.068514: | libevent_malloc: new ptr-libevent@0x55fa0bced5c0 size 16 Sep 21 07:25:30.068518: | setup callback for interface eth1 192.1.2.45:500 fd 17 Sep 21 07:25:30.068523: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:30.068526: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:30.068546: loading secrets from "/etc/ipsec.secrets" Sep 21 07:25:30.068559: | id type added to secret(0x55fa0bce25c0) PKK_PSK: @east Sep 21 07:25:30.068564: | id type added to secret(0x55fa0bce25c0) PKK_PSK: 192.1.2.45 Sep 21 07:25:30.068568: | Processing PSK at line 1: passed Sep 21 07:25:30.068571: | certs and keys locked by 'process_secret' Sep 21 07:25:30.068575: | certs and keys unlocked by 'process_secret' Sep 21 07:25:30.068580: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:25:30.068589: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:30.068594: | spent 0.544 milliseconds in whack Sep 21 07:25:30.068607: | starting up helper thread 1 Sep 21 07:25:30.068616: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:25:30.068622: | crypto helper 1 waiting (nothing to do) Sep 21 07:25:30.068632: | starting up helper thread 5 Sep 21 07:25:30.068637: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:25:30.068639: | crypto helper 5 waiting (nothing to do) Sep 21 07:25:30.068654: | starting up helper thread 4 Sep 21 07:25:30.068659: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:25:30.068662: | crypto helper 4 waiting (nothing to do) Sep 21 07:25:30.068676: | starting up helper thread 0 Sep 21 07:25:30.068682: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:25:30.068684: | crypto helper 0 waiting (nothing to do) Sep 21 07:25:30.068698: | starting up helper thread 2 Sep 21 07:25:30.068704: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:25:30.068706: | crypto helper 2 waiting (nothing to do) Sep 21 07:25:30.068719: | starting up helper thread 3 Sep 21 07:25:30.068723: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:25:30.068726: | crypto helper 3 waiting (nothing to do) Sep 21 07:25:30.068737: | starting up helper thread 6 Sep 21 07:25:30.068742: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:25:30.068744: | crypto helper 6 waiting (nothing to do) Sep 21 07:25:30.107832: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:30.107877: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:25:30.107887: listening for IKE messages Sep 21 07:25:30.107926: | Inspecting interface lo Sep 21 07:25:30.107940: | found lo with address 127.0.0.1 Sep 21 07:25:30.107943: | Inspecting interface eth0 Sep 21 07:25:30.107947: | found eth0 with address 192.0.1.254 Sep 21 07:25:30.107950: | Inspecting interface eth1 Sep 21 07:25:30.107954: | found eth1 with address 192.1.2.45 Sep 21 07:25:30.108042: | no interfaces to sort Sep 21 07:25:30.108053: | libevent_free: release ptr-libevent@0x55fa0bced080 Sep 21 07:25:30.108057: | free_event_entry: release EVENT_NULL-pe@0x55fa0bcd6280 Sep 21 07:25:30.108060: | add_fd_read_event_handler: new ethX-pe@0x55fa0bcd6280 Sep 21 07:25:30.108064: | libevent_malloc: new ptr-libevent@0x55fa0bced080 size 128 Sep 21 07:25:30.108072: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:25:30.108077: | libevent_free: release ptr-libevent@0x55fa0bced170 Sep 21 07:25:30.108080: | free_event_entry: release EVENT_NULL-pe@0x55fa0bced130 Sep 21 07:25:30.108082: | add_fd_read_event_handler: new ethX-pe@0x55fa0bced130 Sep 21 07:25:30.108085: | libevent_malloc: new ptr-libevent@0x55fa0bced170 size 128 Sep 21 07:25:30.108090: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:25:30.108094: | libevent_free: release ptr-libevent@0x55fa0bced260 Sep 21 07:25:30.108097: | free_event_entry: release EVENT_NULL-pe@0x55fa0bced220 Sep 21 07:25:30.108100: | add_fd_read_event_handler: new ethX-pe@0x55fa0bced220 Sep 21 07:25:30.108102: | libevent_malloc: new ptr-libevent@0x55fa0bced260 size 128 Sep 21 07:25:30.108110: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Sep 21 07:25:30.108114: | libevent_free: release ptr-libevent@0x55fa0bced350 Sep 21 07:25:30.108116: | free_event_entry: release EVENT_NULL-pe@0x55fa0bced310 Sep 21 07:25:30.108119: | add_fd_read_event_handler: new ethX-pe@0x55fa0bced310 Sep 21 07:25:30.108122: | libevent_malloc: new ptr-libevent@0x55fa0bced350 size 128 Sep 21 07:25:30.108127: | setup callback for interface eth0 192.0.1.254:500 fd 19 Sep 21 07:25:30.108131: | libevent_free: release ptr-libevent@0x55fa0bced440 Sep 21 07:25:30.108134: | free_event_entry: release EVENT_NULL-pe@0x55fa0bced400 Sep 21 07:25:30.108136: | add_fd_read_event_handler: new ethX-pe@0x55fa0bced400 Sep 21 07:25:30.108139: | libevent_malloc: new ptr-libevent@0x55fa0bced440 size 128 Sep 21 07:25:30.108144: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Sep 21 07:25:30.108148: | libevent_free: release ptr-libevent@0x55fa0bced530 Sep 21 07:25:30.108150: | free_event_entry: release EVENT_NULL-pe@0x55fa0bced4f0 Sep 21 07:25:30.108153: | add_fd_read_event_handler: new ethX-pe@0x55fa0bced4f0 Sep 21 07:25:30.108156: | libevent_malloc: new ptr-libevent@0x55fa0bced530 size 128 Sep 21 07:25:30.108161: | setup callback for interface eth1 192.1.2.45:500 fd 17 Sep 21 07:25:30.108164: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:30.108166: forgetting secrets Sep 21 07:25:30.108176: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:30.108192: loading secrets from "/etc/ipsec.secrets" Sep 21 07:25:30.108202: | id type added to secret(0x55fa0bce25c0) PKK_PSK: @east Sep 21 07:25:30.108207: | id type added to secret(0x55fa0bce25c0) PKK_PSK: 192.1.2.45 Sep 21 07:25:30.108212: | Processing PSK at line 1: passed Sep 21 07:25:30.108214: | certs and keys locked by 'process_secret' Sep 21 07:25:30.108216: | certs and keys unlocked by 'process_secret' Sep 21 07:25:30.108222: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:25:30.108231: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:30.108238: | spent 0.408 milliseconds in whack Sep 21 07:25:30.108656: | processing signal PLUTO_SIGCHLD Sep 21 07:25:30.108674: | waitpid returned pid 8725 (exited with status 0) Sep 21 07:25:30.108678: | reaped addconn helper child (status 0) Sep 21 07:25:30.108683: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:30.108688: | spent 0.0228 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:30.161927: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:30.161957: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:30.161960: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:30.161962: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:30.161964: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:30.161968: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:30.161975: | Added new connection westnet-eastnet-ipv4-psk-ikev2 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:30.162026: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:25:30.162032: | from whack: got --esp= Sep 21 07:25:30.162064: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:25:30.162071: | counting wild cards for 192.1.2.45 is 0 Sep 21 07:25:30.162074: | counting wild cards for @east is 0 Sep 21 07:25:30.162084: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:25:30.162088: | new hp@0x55fa0bcb9a10 Sep 21 07:25:30.162092: added connection description "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:25:30.162101: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:30.162111: | 192.0.1.0/24===192.1.2.45<192.1.2.45>...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Sep 21 07:25:30.162118: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:30.162124: | spent 0.2 milliseconds in whack Sep 21 07:25:30.225752: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:30.226001: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:30.226009: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:30.226092: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:25:30.226106: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:30.226114: | spent 0.366 milliseconds in whack Sep 21 07:25:30.283136: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:30.283159: | old debugging base+cpu-usage + none Sep 21 07:25:30.283163: | base debugging = base+cpu-usage Sep 21 07:25:30.283166: | old impairing none + suppress-retransmits Sep 21 07:25:30.283168: | base impairing = suppress-retransmits Sep 21 07:25:30.283177: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:30.283185: | spent 0.0571 milliseconds in whack Sep 21 07:25:30.395015: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:30.395036: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Sep 21 07:25:30.395040: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:30.395045: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in initiate_a_connection() at initiate.c:186) Sep 21 07:25:30.395049: | connection 'westnet-eastnet-ipv4-psk-ikev2' +POLICY_UP Sep 21 07:25:30.395052: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Sep 21 07:25:30.395055: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:30.395074: | creating state object #1 at 0x55fa0bceedb0 Sep 21 07:25:30.395077: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:25:30.395085: | pstats #1 ikev2.ike started Sep 21 07:25:30.395089: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:25:30.395092: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:25:30.395102: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:30.395110: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:25:30.395116: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:25:30.395119: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:25:30.395124: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" IKE SA #1 "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:25:30.395129: "westnet-eastnet-ipv4-psk-ikev2" #1: initiating v2 parent SA Sep 21 07:25:30.395139: | constructing local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE) Sep 21 07:25:30.395148: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:30.395156: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:30.395160: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:30.395165: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:30.395169: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:30.395175: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:30.395178: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:30.395184: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:30.395194: "westnet-eastnet-ipv4-psk-ikev2": constructed local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:30.395204: | adding ikev2_outI1 KE work-order 1 for state #1 Sep 21 07:25:30.395208: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55fa0bcf1440 Sep 21 07:25:30.395211: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:25:30.395215: | libevent_malloc: new ptr-libevent@0x55fa0bcf1480 size 128 Sep 21 07:25:30.395229: | #1 spent 0.182 milliseconds in ikev2_parent_outI1() Sep 21 07:25:30.395232: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:30.395237: | RESET processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:30.395240: | RESET processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:30.395243: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:25:30.395249: | close_any(fd@23) (in initiate_connection() at initiate.c:372) Sep 21 07:25:30.395252: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:30.395256: | spent 0.252 milliseconds in whack Sep 21 07:25:30.395274: | crypto helper 1 resuming Sep 21 07:25:30.395282: | crypto helper 1 starting work-order 1 for state #1 Sep 21 07:25:30.395285: | crypto helper 1 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Sep 21 07:25:30.395909: | crypto helper 1 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000623 seconds Sep 21 07:25:30.395918: | (#1) spent 0.628 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Sep 21 07:25:30.395920: | crypto helper 1 sending results from work-order 1 for state #1 to event queue Sep 21 07:25:30.395922: | scheduling resume sending helper answer for #1 Sep 21 07:25:30.395924: | libevent_malloc: new ptr-libevent@0x7f31d0006900 size 128 Sep 21 07:25:30.395931: | crypto helper 1 waiting (nothing to do) Sep 21 07:25:30.395938: | processing resume sending helper answer for #1 Sep 21 07:25:30.395944: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:30.395948: | crypto helper 1 replies to request ID 1 Sep 21 07:25:30.395950: | calling continuation function 0x55fa0b36c630 Sep 21 07:25:30.395953: | ikev2_parent_outI1_continue for #1 Sep 21 07:25:30.395983: | **emit ISAKMP Message: Sep 21 07:25:30.395986: | initiator cookie: Sep 21 07:25:30.395989: | 1d 6d 17 28 01 df d9 ba Sep 21 07:25:30.395991: | responder cookie: Sep 21 07:25:30.395993: | 00 00 00 00 00 00 00 00 Sep 21 07:25:30.395996: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:30.395999: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:30.396002: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:30.396005: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:30.396007: | Message ID: 0 (0x0) Sep 21 07:25:30.396010: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:30.396025: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:30.396028: | Emitting ikev2_proposals ... Sep 21 07:25:30.396030: | ***emit IKEv2 Security Association Payload: Sep 21 07:25:30.396033: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.396036: | flags: none (0x0) Sep 21 07:25:30.396039: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:30.396042: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.396044: | discarding INTEG=NONE Sep 21 07:25:30.396047: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.396049: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.396052: | prop #: 1 (0x1) Sep 21 07:25:30.396054: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:30.396057: | spi size: 0 (0x0) Sep 21 07:25:30.396059: | # transforms: 11 (0xb) Sep 21 07:25:30.396062: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:30.396068: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396071: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396073: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.396076: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:30.396078: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396081: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.396084: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.396086: | length/value: 256 (0x100) Sep 21 07:25:30.396089: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:30.396091: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396094: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396096: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:30.396099: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:30.396102: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396105: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396107: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396110: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396112: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396114: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:30.396117: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:30.396120: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396122: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396125: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396127: | discarding INTEG=NONE Sep 21 07:25:30.396129: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396132: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396134: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.396137: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:30.396139: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396142: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396145: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396147: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396149: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396152: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.396154: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:30.396157: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396160: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396162: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396164: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396167: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396169: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.396172: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:30.396174: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396179: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396181: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396184: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396186: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396188: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.396191: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:30.396193: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396196: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396199: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396201: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396203: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396206: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.396208: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:30.396211: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396214: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396216: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396218: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396221: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396223: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.396226: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:30.396229: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396231: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396234: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396236: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396239: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396241: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.396243: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:30.396246: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396249: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396251: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396254: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396256: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.396258: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.396261: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:30.396264: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396266: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396269: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396271: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:25:30.396274: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:30.396276: | discarding INTEG=NONE Sep 21 07:25:30.396280: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.396283: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.396285: | prop #: 2 (0x2) Sep 21 07:25:30.396288: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:30.396290: | spi size: 0 (0x0) Sep 21 07:25:30.396292: | # transforms: 11 (0xb) Sep 21 07:25:30.396295: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.396298: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:30.396301: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396303: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396305: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.396308: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:30.396310: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396313: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.396315: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.396318: | length/value: 128 (0x80) Sep 21 07:25:30.396320: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:30.396323: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396325: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396327: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:30.396330: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:30.396333: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396335: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396338: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396340: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396343: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396345: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:30.396348: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:30.396351: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396353: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396356: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396358: | discarding INTEG=NONE Sep 21 07:25:30.396360: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396363: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396365: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.396367: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:30.396370: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396373: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396375: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396378: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396380: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396382: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.396385: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:30.396388: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396392: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396394: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396397: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396399: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396401: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.396404: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:30.396407: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396410: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396412: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396414: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396417: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396419: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.396422: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:30.396424: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396427: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396430: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396432: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396434: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396437: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.396439: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:30.396442: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396445: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396447: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396449: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396452: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396454: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.396457: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:30.396459: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396462: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396465: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396467: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396469: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396472: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.396474: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:30.396477: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396480: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396482: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396485: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396487: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.396489: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.396492: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:30.396498: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396501: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396503: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396506: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:25:30.396508: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:30.396511: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.396513: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.396515: | prop #: 3 (0x3) Sep 21 07:25:30.396518: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:30.396520: | spi size: 0 (0x0) Sep 21 07:25:30.396522: | # transforms: 13 (0xd) Sep 21 07:25:30.396525: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.396528: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:30.396530: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396533: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396536: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.396538: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:30.396541: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396543: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.396546: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.396548: | length/value: 256 (0x100) Sep 21 07:25:30.396551: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:30.396553: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396555: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396558: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:30.396560: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:30.396563: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396566: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396568: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396570: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396573: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396575: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:30.396577: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:30.396580: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396583: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396585: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396588: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396590: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396593: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:30.396595: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:30.396598: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396601: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396604: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396607: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396609: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396612: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:30.396614: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:30.396617: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396620: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396622: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396624: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396627: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396629: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.396631: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:30.396634: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396637: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396639: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396642: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396644: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396647: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.396649: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:30.396652: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396654: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396657: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396660: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396662: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396664: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.396667: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:30.396670: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396672: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396675: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396677: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396680: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396682: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.396684: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:30.396687: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396690: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396692: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396695: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396697: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396699: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.396702: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:30.396704: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396708: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396711: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396713: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396715: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396718: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.396720: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:30.396723: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396726: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396728: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396731: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396733: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396735: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.396738: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:30.396741: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396743: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396746: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396748: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396751: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.396753: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.396755: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:30.396758: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396761: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396763: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396766: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:25:30.396768: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:30.396771: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.396773: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:30.396775: | prop #: 4 (0x4) Sep 21 07:25:30.396778: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:30.396780: | spi size: 0 (0x0) Sep 21 07:25:30.396785: | # transforms: 13 (0xd) Sep 21 07:25:30.396803: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.396806: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:30.396811: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396814: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396816: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.396819: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:30.396821: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396837: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.396839: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.396841: | length/value: 128 (0x80) Sep 21 07:25:30.396844: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:30.396846: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396850: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396852: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:30.396855: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:30.396858: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396860: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396863: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396865: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396868: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396870: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:30.396872: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:30.396875: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396878: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396881: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396883: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396886: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396888: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:30.396890: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:30.396893: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396896: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396898: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396901: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396903: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396905: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:30.396908: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:30.396911: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396913: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396916: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396918: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396920: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396923: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.396925: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:30.396928: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396931: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396933: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396936: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396938: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396940: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.396943: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:30.396946: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396948: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396952: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396955: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396957: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396959: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.396962: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:30.396964: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396967: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396970: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396972: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396974: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396977: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.396979: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:30.396982: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396985: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.396987: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.396989: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.396992: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.396994: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.396996: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:30.396999: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.397002: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.397005: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.397007: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.397010: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.397012: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.397014: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:30.397017: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.397020: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.397023: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.397025: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.397027: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.397030: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.397032: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:30.397035: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.397038: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.397040: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.397043: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.397045: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.397047: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.397050: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:30.397053: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.397057: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.397059: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.397062: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:25:30.397064: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:30.397067: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:25:30.397069: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:30.397072: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:25:30.397074: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.397077: | flags: none (0x0) Sep 21 07:25:30.397079: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:30.397082: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:25:30.397085: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.397088: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:25:30.397091: | ikev2 g^x 76 08 f8 d0 0f 00 47 33 45 01 9e 66 0e 02 63 1f Sep 21 07:25:30.397093: | ikev2 g^x 04 fb 8f e8 9d 33 69 f3 62 b8 42 d7 d0 d7 e4 2f Sep 21 07:25:30.397096: | ikev2 g^x e1 c2 5b cb a9 1a 62 a8 31 ec e1 1a 78 0a 44 09 Sep 21 07:25:30.397098: | ikev2 g^x 6e d1 2d 92 f8 72 99 e5 a2 eb 10 47 b1 c4 ad 4b Sep 21 07:25:30.397100: | ikev2 g^x 79 33 e7 fe 0c d3 19 20 75 16 72 af 71 be 7e 35 Sep 21 07:25:30.397103: | ikev2 g^x 46 f7 4c ec cd 5f 54 41 fe 6f 54 bf 57 9a a0 00 Sep 21 07:25:30.397105: | ikev2 g^x c5 1b 85 ee ef 12 f2 e7 c5 cd 6d f8 43 d9 e7 0c Sep 21 07:25:30.397107: | ikev2 g^x ef 6a 05 bb 68 48 c0 e1 f2 f2 a3 51 ed 21 6a 09 Sep 21 07:25:30.397110: | ikev2 g^x dc cd 73 17 47 3b 59 76 4d d7 cc b9 ff c1 93 6b Sep 21 07:25:30.397112: | ikev2 g^x 87 85 36 23 33 0b f6 e0 6c 6b a8 f2 b5 d9 9f 3a Sep 21 07:25:30.397114: | ikev2 g^x 23 33 d3 25 88 c1 38 5a 39 41 60 08 e5 28 0f 95 Sep 21 07:25:30.397117: | ikev2 g^x 15 a7 17 8f ab 31 58 29 27 19 b6 f4 ea e2 14 9d Sep 21 07:25:30.397119: | ikev2 g^x c3 1f fb 1e f3 08 c3 4b 22 26 ae 5a 43 0d b9 99 Sep 21 07:25:30.397121: | ikev2 g^x db d3 16 f7 d7 b8 5b c4 7d ba 66 4a e5 7e 04 bf Sep 21 07:25:30.397124: | ikev2 g^x 22 6d d0 38 24 29 ab db 03 84 ae 3b e8 70 58 d6 Sep 21 07:25:30.397126: | ikev2 g^x ac 48 91 2f 2d be 0e 48 d9 ae b3 7d ad 7b 0a 2a Sep 21 07:25:30.397129: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:25:30.397131: | ***emit IKEv2 Nonce Payload: Sep 21 07:25:30.397134: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:30.397136: | flags: none (0x0) Sep 21 07:25:30.397139: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:25:30.397142: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:25:30.397144: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.397147: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:25:30.397150: | IKEv2 nonce 90 68 7b af f3 69 07 2f 0f c0 09 ce 05 3e 27 30 Sep 21 07:25:30.397152: | IKEv2 nonce 09 25 91 af 2a 78 e8 14 6e 66 c0 b7 55 75 8a 80 Sep 21 07:25:30.397154: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:25:30.397157: | Adding a v2N Payload Sep 21 07:25:30.397159: | ***emit IKEv2 Notify Payload: Sep 21 07:25:30.397162: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.397164: | flags: none (0x0) Sep 21 07:25:30.397168: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:30.397170: | SPI size: 0 (0x0) Sep 21 07:25:30.397173: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:30.397176: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:30.397178: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.397181: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:25:30.397184: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:25:30.397187: | natd_hash: rcookie is zero Sep 21 07:25:30.397198: | natd_hash: hasher=0x55fa0b4427a0(20) Sep 21 07:25:30.397201: | natd_hash: icookie= 1d 6d 17 28 01 df d9 ba Sep 21 07:25:30.397203: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:30.397206: | natd_hash: ip= c0 01 02 2d Sep 21 07:25:30.397208: | natd_hash: port= 01 f4 Sep 21 07:25:30.397210: | natd_hash: hash= cf f3 6f 94 38 fc 63 b0 bf e4 d8 4b 83 e9 bc 79 Sep 21 07:25:30.397212: | natd_hash: hash= 2d 8e 62 4f Sep 21 07:25:30.397215: | Adding a v2N Payload Sep 21 07:25:30.397217: | ***emit IKEv2 Notify Payload: Sep 21 07:25:30.397219: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.397222: | flags: none (0x0) Sep 21 07:25:30.397224: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:30.397226: | SPI size: 0 (0x0) Sep 21 07:25:30.397229: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:30.397232: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:30.397234: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.397237: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:30.397240: | Notify data cf f3 6f 94 38 fc 63 b0 bf e4 d8 4b 83 e9 bc 79 Sep 21 07:25:30.397242: | Notify data 2d 8e 62 4f Sep 21 07:25:30.397244: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:30.397246: | natd_hash: rcookie is zero Sep 21 07:25:30.397254: | natd_hash: hasher=0x55fa0b4427a0(20) Sep 21 07:25:30.397256: | natd_hash: icookie= 1d 6d 17 28 01 df d9 ba Sep 21 07:25:30.397259: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:30.397261: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:30.397263: | natd_hash: port= 01 f4 Sep 21 07:25:30.397265: | natd_hash: hash= f3 0b d9 46 dd 2f 67 e5 a6 c5 df 1d c5 0c b0 cb Sep 21 07:25:30.397268: | natd_hash: hash= e2 45 fd 0b Sep 21 07:25:30.397270: | Adding a v2N Payload Sep 21 07:25:30.397272: | ***emit IKEv2 Notify Payload: Sep 21 07:25:30.397274: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.397277: | flags: none (0x0) Sep 21 07:25:30.397279: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:30.397281: | SPI size: 0 (0x0) Sep 21 07:25:30.397284: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:30.397287: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:30.397290: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.397292: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:30.397295: | Notify data f3 0b d9 46 dd 2f 67 e5 a6 c5 df 1d c5 0c b0 cb Sep 21 07:25:30.397297: | Notify data e2 45 fd 0b Sep 21 07:25:30.397299: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:30.397302: | emitting length of ISAKMP Message: 828 Sep 21 07:25:30.397308: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:25:30.397318: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:30.397323: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:25:30.397326: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:25:30.397329: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:25:30.397332: | Message ID: updating counters for #1 to 4294967295 after switching state Sep 21 07:25:30.397335: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:25:30.397340: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:25:30.397343: "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:25:30.397353: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Sep 21 07:25:30.397361: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:30.397364: | 1d 6d 17 28 01 df d9 ba 00 00 00 00 00 00 00 00 Sep 21 07:25:30.397369: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:25:30.397372: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:25:30.397374: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:25:30.397376: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:25:30.397379: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:25:30.397381: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:25:30.397383: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:25:30.397385: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:25:30.397388: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:25:30.397390: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:25:30.397392: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:25:30.397394: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:25:30.397412: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:25:30.397414: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:25:30.397416: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:25:30.397431: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:30.397433: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:25:30.397436: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:25:30.397438: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:25:30.397440: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:25:30.397442: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:25:30.397445: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:25:30.397447: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:25:30.397449: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:25:30.397452: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:25:30.397454: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:25:30.397456: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:25:30.397458: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:25:30.397461: | 28 00 01 08 00 0e 00 00 76 08 f8 d0 0f 00 47 33 Sep 21 07:25:30.397463: | 45 01 9e 66 0e 02 63 1f 04 fb 8f e8 9d 33 69 f3 Sep 21 07:25:30.397465: | 62 b8 42 d7 d0 d7 e4 2f e1 c2 5b cb a9 1a 62 a8 Sep 21 07:25:30.397468: | 31 ec e1 1a 78 0a 44 09 6e d1 2d 92 f8 72 99 e5 Sep 21 07:25:30.397470: | a2 eb 10 47 b1 c4 ad 4b 79 33 e7 fe 0c d3 19 20 Sep 21 07:25:30.397472: | 75 16 72 af 71 be 7e 35 46 f7 4c ec cd 5f 54 41 Sep 21 07:25:30.397474: | fe 6f 54 bf 57 9a a0 00 c5 1b 85 ee ef 12 f2 e7 Sep 21 07:25:30.397477: | c5 cd 6d f8 43 d9 e7 0c ef 6a 05 bb 68 48 c0 e1 Sep 21 07:25:30.397479: | f2 f2 a3 51 ed 21 6a 09 dc cd 73 17 47 3b 59 76 Sep 21 07:25:30.397481: | 4d d7 cc b9 ff c1 93 6b 87 85 36 23 33 0b f6 e0 Sep 21 07:25:30.397483: | 6c 6b a8 f2 b5 d9 9f 3a 23 33 d3 25 88 c1 38 5a Sep 21 07:25:30.397487: | 39 41 60 08 e5 28 0f 95 15 a7 17 8f ab 31 58 29 Sep 21 07:25:30.397489: | 27 19 b6 f4 ea e2 14 9d c3 1f fb 1e f3 08 c3 4b Sep 21 07:25:30.397491: | 22 26 ae 5a 43 0d b9 99 db d3 16 f7 d7 b8 5b c4 Sep 21 07:25:30.397494: | 7d ba 66 4a e5 7e 04 bf 22 6d d0 38 24 29 ab db Sep 21 07:25:30.397496: | 03 84 ae 3b e8 70 58 d6 ac 48 91 2f 2d be 0e 48 Sep 21 07:25:30.397498: | d9 ae b3 7d ad 7b 0a 2a 29 00 00 24 90 68 7b af Sep 21 07:25:30.397501: | f3 69 07 2f 0f c0 09 ce 05 3e 27 30 09 25 91 af Sep 21 07:25:30.397503: | 2a 78 e8 14 6e 66 c0 b7 55 75 8a 80 29 00 00 08 Sep 21 07:25:30.397505: | 00 00 40 2e 29 00 00 1c 00 00 40 04 cf f3 6f 94 Sep 21 07:25:30.397508: | 38 fc 63 b0 bf e4 d8 4b 83 e9 bc 79 2d 8e 62 4f Sep 21 07:25:30.397510: | 00 00 00 1c 00 00 40 05 f3 0b d9 46 dd 2f 67 e5 Sep 21 07:25:30.397512: | a6 c5 df 1d c5 0c b0 cb e2 45 fd 0b Sep 21 07:25:30.397551: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:30.397570: | libevent_free: release ptr-libevent@0x55fa0bcf1480 Sep 21 07:25:30.397573: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55fa0bcf1440 Sep 21 07:25:30.397576: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:25:30.397579: "westnet-eastnet-ipv4-psk-ikev2" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:25:30.397587: | event_schedule: new EVENT_RETRANSMIT-pe@0x55fa0bcf1440 Sep 21 07:25:30.397591: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Sep 21 07:25:30.397594: | libevent_malloc: new ptr-libevent@0x55fa0bcf1480 size 128 Sep 21 07:25:30.397598: | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49376.765851 Sep 21 07:25:30.397602: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Sep 21 07:25:30.397607: | #1 spent 1.64 milliseconds in resume sending helper answer Sep 21 07:25:30.397612: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:30.397615: | libevent_free: release ptr-libevent@0x7f31d0006900 Sep 21 07:25:30.399923: | spent 0.00214 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:30.399940: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:25:30.399943: | 1d 6d 17 28 01 df d9 ba 4d 8f 7c 89 91 cc 50 f1 Sep 21 07:25:30.399945: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Sep 21 07:25:30.399948: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:25:30.399950: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:25:30.399952: | 04 00 00 0e 28 00 01 08 00 0e 00 00 88 67 46 1b Sep 21 07:25:30.399954: | 73 c6 6b 73 ca d4 65 65 6e 14 c3 3a 5a d3 11 d7 Sep 21 07:25:30.399957: | 92 cc 2c 55 f9 19 d4 b8 e2 2b 20 b9 ea 64 9c 1b Sep 21 07:25:30.399959: | 5c 82 83 b9 3d 51 2a 49 40 6d 35 9f 65 f8 48 f0 Sep 21 07:25:30.399961: | e9 4b d8 ff 8e ee 83 84 be 26 ad 2b 06 36 2f a2 Sep 21 07:25:30.399963: | c4 9e f3 96 05 70 07 17 2b 62 f1 e6 ae 23 4d 9f Sep 21 07:25:30.399966: | 2c a9 ff 6a 59 e2 38 b7 bc 97 8c 92 42 60 b2 d6 Sep 21 07:25:30.399968: | 28 f3 ec 33 ad 0e 39 f7 7b 88 f8 5d 74 01 d2 3d Sep 21 07:25:30.399970: | 5b e8 b7 11 44 73 07 e5 f3 48 0e 52 8f 74 4a ca Sep 21 07:25:30.399972: | fc 2e 91 55 1d 21 6d 17 bb 1f f2 46 8c e4 06 f2 Sep 21 07:25:30.399975: | bd f4 8f f2 e6 83 d1 f2 ff 9c ad 7f 74 52 df 20 Sep 21 07:25:30.399977: | 91 c6 93 19 d7 79 50 3e 85 dc df 80 91 de e1 94 Sep 21 07:25:30.399979: | c7 00 bc a7 73 41 0c e3 20 7e 2c d7 06 15 ae 3e Sep 21 07:25:30.399981: | 13 9f b4 bb 9b f4 b6 31 0c ce 93 a7 9a b6 c2 77 Sep 21 07:25:30.399983: | 64 71 90 3b 23 72 2e 41 db 53 5f 98 0e a6 96 26 Sep 21 07:25:30.399986: | 7e c5 61 08 85 6c 93 f7 dd 8d 7b 9f e7 62 5f 64 Sep 21 07:25:30.399988: | 78 0e ce 21 ba eb 96 55 fe a0 78 ef 29 00 00 24 Sep 21 07:25:30.399992: | a1 fe 8b 76 18 7e 58 0b 6d d2 1e e2 71 79 4f ef Sep 21 07:25:30.399994: | 10 1a 7c 4b d3 a1 95 bd f4 2b a5 70 23 61 7e b2 Sep 21 07:25:30.399997: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:25:30.399999: | 0e 3f e9 f0 86 4b ba d5 08 24 ef 29 ef b5 eb 0e Sep 21 07:25:30.400001: | 5e 9c 64 6e 00 00 00 1c 00 00 40 05 90 ac 38 92 Sep 21 07:25:30.400003: | 56 ce 5c c8 ea c7 a5 68 f3 e9 dc 08 ad 69 d1 1d Sep 21 07:25:30.400008: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:30.400011: | **parse ISAKMP Message: Sep 21 07:25:30.400013: | initiator cookie: Sep 21 07:25:30.400015: | 1d 6d 17 28 01 df d9 ba Sep 21 07:25:30.400018: | responder cookie: Sep 21 07:25:30.400020: | 4d 8f 7c 89 91 cc 50 f1 Sep 21 07:25:30.400023: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:30.400025: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:30.400028: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:30.400030: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:30.400032: | Message ID: 0 (0x0) Sep 21 07:25:30.400035: | length: 432 (0x1b0) Sep 21 07:25:30.400038: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:25:30.400041: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Sep 21 07:25:30.400044: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Sep 21 07:25:30.400049: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:30.400054: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:30.400056: | #1 is idle Sep 21 07:25:30.400058: | #1 idle Sep 21 07:25:30.400061: | unpacking clear payload Sep 21 07:25:30.400063: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:30.400066: | ***parse IKEv2 Security Association Payload: Sep 21 07:25:30.400068: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:25:30.400071: | flags: none (0x0) Sep 21 07:25:30.400073: | length: 40 (0x28) Sep 21 07:25:30.400076: | processing payload: ISAKMP_NEXT_v2SA (len=36) Sep 21 07:25:30.400078: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:25:30.400081: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:25:30.400083: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:25:30.400085: | flags: none (0x0) Sep 21 07:25:30.400088: | length: 264 (0x108) Sep 21 07:25:30.400090: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:30.400093: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:25:30.400095: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:25:30.400097: | ***parse IKEv2 Nonce Payload: Sep 21 07:25:30.400099: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:30.400102: | flags: none (0x0) Sep 21 07:25:30.400104: | length: 36 (0x24) Sep 21 07:25:30.400106: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:25:30.400109: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:30.400111: | ***parse IKEv2 Notify Payload: Sep 21 07:25:30.400114: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:30.400116: | flags: none (0x0) Sep 21 07:25:30.400118: | length: 8 (0x8) Sep 21 07:25:30.400120: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:30.400123: | SPI size: 0 (0x0) Sep 21 07:25:30.400125: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:30.400128: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:25:30.400131: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:30.400133: | ***parse IKEv2 Notify Payload: Sep 21 07:25:30.400135: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:30.400138: | flags: none (0x0) Sep 21 07:25:30.400140: | length: 28 (0x1c) Sep 21 07:25:30.400143: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:30.400146: | SPI size: 0 (0x0) Sep 21 07:25:30.400148: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:30.400151: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:25:30.400153: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:30.400155: | ***parse IKEv2 Notify Payload: Sep 21 07:25:30.400158: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.400160: | flags: none (0x0) Sep 21 07:25:30.400162: | length: 28 (0x1c) Sep 21 07:25:30.400165: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:30.400167: | SPI size: 0 (0x0) Sep 21 07:25:30.400169: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:30.400172: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:25:30.400174: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Sep 21 07:25:30.400178: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:25:30.400181: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:25:30.400183: | Now let's proceed with state specific processing Sep 21 07:25:30.400185: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:25:30.400190: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Sep 21 07:25:30.400205: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:30.400209: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Sep 21 07:25:30.400212: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:30.400214: | local proposal 1 type PRF has 2 transforms Sep 21 07:25:30.400217: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:30.400219: | local proposal 1 type DH has 8 transforms Sep 21 07:25:30.400222: | local proposal 1 type ESN has 0 transforms Sep 21 07:25:30.400225: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:25:30.400227: | local proposal 2 type ENCR has 1 transforms Sep 21 07:25:30.400230: | local proposal 2 type PRF has 2 transforms Sep 21 07:25:30.400232: | local proposal 2 type INTEG has 1 transforms Sep 21 07:25:30.400235: | local proposal 2 type DH has 8 transforms Sep 21 07:25:30.400237: | local proposal 2 type ESN has 0 transforms Sep 21 07:25:30.400240: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:25:30.400242: | local proposal 3 type ENCR has 1 transforms Sep 21 07:25:30.400245: | local proposal 3 type PRF has 2 transforms Sep 21 07:25:30.400247: | local proposal 3 type INTEG has 2 transforms Sep 21 07:25:30.400250: | local proposal 3 type DH has 8 transforms Sep 21 07:25:30.400252: | local proposal 3 type ESN has 0 transforms Sep 21 07:25:30.400255: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:25:30.400257: | local proposal 4 type ENCR has 1 transforms Sep 21 07:25:30.400260: | local proposal 4 type PRF has 2 transforms Sep 21 07:25:30.400262: | local proposal 4 type INTEG has 2 transforms Sep 21 07:25:30.400265: | local proposal 4 type DH has 8 transforms Sep 21 07:25:30.400267: | local proposal 4 type ESN has 0 transforms Sep 21 07:25:30.400270: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:25:30.400273: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.400276: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:30.400279: | length: 36 (0x24) Sep 21 07:25:30.400281: | prop #: 1 (0x1) Sep 21 07:25:30.400283: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:30.400286: | spi size: 0 (0x0) Sep 21 07:25:30.400288: | # transforms: 3 (0x3) Sep 21 07:25:30.400291: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:25:30.400294: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.400297: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.400299: | length: 12 (0xc) Sep 21 07:25:30.400301: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.400304: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:30.400306: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.400309: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.400312: | length/value: 256 (0x100) Sep 21 07:25:30.400316: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:30.400319: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.400321: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.400323: | length: 8 (0x8) Sep 21 07:25:30.400326: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:30.400328: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:30.400332: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:25:30.400334: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.400337: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.400339: | length: 8 (0x8) Sep 21 07:25:30.400341: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:30.400344: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:30.400347: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:25:30.400351: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:25:30.400355: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:25:30.400357: | remote proposal 1 matches local proposal 1 Sep 21 07:25:30.400360: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Sep 21 07:25:30.400363: | converting proposal to internal trans attrs Sep 21 07:25:30.400374: | natd_hash: hasher=0x55fa0b4427a0(20) Sep 21 07:25:30.400377: | natd_hash: icookie= 1d 6d 17 28 01 df d9 ba Sep 21 07:25:30.400379: | natd_hash: rcookie= 4d 8f 7c 89 91 cc 50 f1 Sep 21 07:25:30.400382: | natd_hash: ip= c0 01 02 2d Sep 21 07:25:30.400384: | natd_hash: port= 01 f4 Sep 21 07:25:30.400386: | natd_hash: hash= 90 ac 38 92 56 ce 5c c8 ea c7 a5 68 f3 e9 dc 08 Sep 21 07:25:30.400389: | natd_hash: hash= ad 69 d1 1d Sep 21 07:25:30.400394: | natd_hash: hasher=0x55fa0b4427a0(20) Sep 21 07:25:30.400397: | natd_hash: icookie= 1d 6d 17 28 01 df d9 ba Sep 21 07:25:30.400399: | natd_hash: rcookie= 4d 8f 7c 89 91 cc 50 f1 Sep 21 07:25:30.400401: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:30.400403: | natd_hash: port= 01 f4 Sep 21 07:25:30.400406: | natd_hash: hash= 0e 3f e9 f0 86 4b ba d5 08 24 ef 29 ef b5 eb 0e Sep 21 07:25:30.400408: | natd_hash: hash= 5e 9c 64 6e Sep 21 07:25:30.400410: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:25:30.400412: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:25:30.400415: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:25:30.400418: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:25:30.400421: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:25:30.400424: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Sep 21 07:25:30.400427: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:25:30.400430: | #1 STATE_PARENT_I1: retransmits: cleared Sep 21 07:25:30.400434: | libevent_free: release ptr-libevent@0x55fa0bcf1480 Sep 21 07:25:30.400437: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55fa0bcf1440 Sep 21 07:25:30.400440: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55fa0bcf1440 Sep 21 07:25:30.400443: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:25:30.400446: | libevent_malloc: new ptr-libevent@0x55fa0bcf1480 size 128 Sep 21 07:25:30.400455: | #1 spent 0.265 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Sep 21 07:25:30.400460: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:30.400464: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Sep 21 07:25:30.400466: | suspending state #1 and saving MD Sep 21 07:25:30.400469: | #1 is busy; has a suspended MD Sep 21 07:25:30.400473: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:30.400477: | "westnet-eastnet-ipv4-psk-ikev2" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:30.400481: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:30.400485: | #1 spent 0.554 milliseconds in ikev2_process_packet() Sep 21 07:25:30.400487: | crypto helper 5 resuming Sep 21 07:25:30.400496: | crypto helper 5 starting work-order 2 for state #1 Sep 21 07:25:30.400489: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:30.400506: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:30.400509: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:30.400501: | crypto helper 5 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Sep 21 07:25:30.400518: | spent 0.583 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:30.401093: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:25:30.401499: | crypto helper 5 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.000997 seconds Sep 21 07:25:30.401507: | (#1) spent 0.994 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Sep 21 07:25:30.401511: | crypto helper 5 sending results from work-order 2 for state #1 to event queue Sep 21 07:25:30.401514: | scheduling resume sending helper answer for #1 Sep 21 07:25:30.401517: | libevent_malloc: new ptr-libevent@0x7f31c8006b90 size 128 Sep 21 07:25:30.401524: | crypto helper 5 waiting (nothing to do) Sep 21 07:25:30.401531: | processing resume sending helper answer for #1 Sep 21 07:25:30.401538: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:30.401542: | crypto helper 5 replies to request ID 2 Sep 21 07:25:30.401544: | calling continuation function 0x55fa0b36c630 Sep 21 07:25:30.401547: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Sep 21 07:25:30.401554: | creating state object #2 at 0x55fa0bcf3d80 Sep 21 07:25:30.401557: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:25:30.401560: | pstats #2 ikev2.child started Sep 21 07:25:30.401563: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #2 for IPSEC SA Sep 21 07:25:30.401567: | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:25:30.401574: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:30.401578: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Sep 21 07:25:30.401585: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Sep 21 07:25:30.401587: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:30.401590: | libevent_free: release ptr-libevent@0x55fa0bcf1480 Sep 21 07:25:30.401593: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55fa0bcf1440 Sep 21 07:25:30.401596: | event_schedule: new EVENT_SA_REPLACE-pe@0x55fa0bcf1440 Sep 21 07:25:30.401599: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Sep 21 07:25:30.401602: | libevent_malloc: new ptr-libevent@0x55fa0bcf1480 size 128 Sep 21 07:25:30.401605: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Sep 21 07:25:30.401610: | **emit ISAKMP Message: Sep 21 07:25:30.401613: | initiator cookie: Sep 21 07:25:30.401615: | 1d 6d 17 28 01 df d9 ba Sep 21 07:25:30.401617: | responder cookie: Sep 21 07:25:30.401619: | 4d 8f 7c 89 91 cc 50 f1 Sep 21 07:25:30.401622: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:30.401624: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:30.401627: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:30.401630: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:30.401632: | Message ID: 1 (0x1) Sep 21 07:25:30.401635: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:30.401638: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:30.401640: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.401642: | flags: none (0x0) Sep 21 07:25:30.401645: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:30.401648: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.401651: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:30.401658: | IKEv2 CERT: send a certificate? Sep 21 07:25:30.401662: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Sep 21 07:25:30.401664: | IDr payload will be sent Sep 21 07:25:30.401681: | ****emit IKEv2 Identification - Initiator - Payload: Sep 21 07:25:30.401684: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.401686: | flags: none (0x0) Sep 21 07:25:30.401689: | ID type: ID_IPV4_ADDR (0x1) Sep 21 07:25:30.401692: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Sep 21 07:25:30.401694: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.401697: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Sep 21 07:25:30.401700: | my identity c0 01 02 2d Sep 21 07:25:30.401702: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Sep 21 07:25:30.401711: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:25:30.401714: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:25:30.401716: | flags: none (0x0) Sep 21 07:25:30.401718: | ID type: ID_FQDN (0x2) Sep 21 07:25:30.401721: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Sep 21 07:25:30.401724: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:25:30.401727: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.401730: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Sep 21 07:25:30.401732: | IDr 65 61 73 74 Sep 21 07:25:30.401734: | emitting length of IKEv2 Identification - Responder - Payload: 12 Sep 21 07:25:30.401738: | not sending INITIAL_CONTACT Sep 21 07:25:30.401741: | ****emit IKEv2 Authentication Payload: Sep 21 07:25:30.401743: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.401746: | flags: none (0x0) Sep 21 07:25:30.401748: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:25:30.401751: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:25:30.401754: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.401758: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Sep 21 07:25:30.401763: | started looking for secret for 192.1.2.45->@east of kind PKK_PSK Sep 21 07:25:30.401765: | actually looking for secret for 192.1.2.45->@east of kind PKK_PSK Sep 21 07:25:30.401769: | line 1: key type PKK_PSK(192.1.2.45) to type PKK_PSK Sep 21 07:25:30.401774: | 1: compared key 192.1.2.45 to 192.1.2.45 / @east -> 010 Sep 21 07:25:30.401778: | 2: compared key @east to 192.1.2.45 / @east -> 014 Sep 21 07:25:30.401781: | line 1: match=014 Sep 21 07:25:30.401808: | match 014 beats previous best_match 000 match=0x55fa0bce25c0 (line=1) Sep 21 07:25:30.401814: | concluding with best_match=014 best=0x55fa0bce25c0 (lineno=1) Sep 21 07:25:30.401887: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Sep 21 07:25:30.401890: | PSK auth b9 b4 91 18 93 43 e6 b7 eb 7a 99 f8 7c fa 9c 43 Sep 21 07:25:30.401892: | PSK auth b2 5e ab 1b 60 b7 32 c1 eb ff 55 e9 0f 0b 82 ee Sep 21 07:25:30.401895: | PSK auth dc 6c bf e3 55 a4 e5 39 bc 30 f4 ca 40 b2 5a 4e Sep 21 07:25:30.401897: | PSK auth 31 87 90 e8 6b d6 8c a9 ab a2 d8 a4 17 a5 44 55 Sep 21 07:25:30.401900: | emitting length of IKEv2 Authentication Payload: 72 Sep 21 07:25:30.401902: | getting first pending from state #1 Sep 21 07:25:30.401920: | netlink_get_spi: allocated 0xaab0e55 for esp.0@192.1.2.45 Sep 21 07:25:30.401924: | constructing ESP/AH proposals with all DH removed for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting ESP/AH proposals) Sep 21 07:25:30.401930: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:25:30.401935: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:25:30.401938: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:25:30.401942: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:25:30.401945: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:30.401949: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:30.401952: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:30.401956: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:30.401964: "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:30.401973: | Emitting ikev2_proposals ... Sep 21 07:25:30.401975: | ****emit IKEv2 Security Association Payload: Sep 21 07:25:30.401978: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.401980: | flags: none (0x0) Sep 21 07:25:30.401983: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:30.401986: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.401988: | discarding INTEG=NONE Sep 21 07:25:30.401993: | discarding DH=NONE Sep 21 07:25:30.401995: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.401998: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.402000: | prop #: 1 (0x1) Sep 21 07:25:30.402003: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:30.402005: | spi size: 4 (0x4) Sep 21 07:25:30.402007: | # transforms: 2 (0x2) Sep 21 07:25:30.402010: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:30.402013: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:30.402015: | our spi 0a ab 0e 55 Sep 21 07:25:30.402018: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.402020: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.402022: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.402040: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:30.402043: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.402045: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.402060: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.402063: | length/value: 256 (0x100) Sep 21 07:25:30.402066: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:30.402068: | discarding INTEG=NONE Sep 21 07:25:30.402070: | discarding DH=NONE Sep 21 07:25:30.402072: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.402075: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.402077: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:30.402079: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:30.402082: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.402085: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.402087: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.402090: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:25:30.402092: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:30.402095: | discarding INTEG=NONE Sep 21 07:25:30.402097: | discarding DH=NONE Sep 21 07:25:30.402099: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.402102: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.402104: | prop #: 2 (0x2) Sep 21 07:25:30.402106: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:30.402108: | spi size: 4 (0x4) Sep 21 07:25:30.402111: | # transforms: 2 (0x2) Sep 21 07:25:30.402114: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.402116: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:30.402119: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:30.402121: | our spi 0a ab 0e 55 Sep 21 07:25:30.402124: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.402126: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.402128: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.402131: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:30.402133: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.402136: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.402138: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.402141: | length/value: 128 (0x80) Sep 21 07:25:30.402143: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:30.402146: | discarding INTEG=NONE Sep 21 07:25:30.402149: | discarding DH=NONE Sep 21 07:25:30.402151: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.402153: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.402156: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:30.402158: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:30.402161: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.402164: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.402166: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.402169: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:25:30.402171: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:30.402173: | discarding DH=NONE Sep 21 07:25:30.402176: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.402178: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.402180: | prop #: 3 (0x3) Sep 21 07:25:30.402183: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:30.402185: | spi size: 4 (0x4) Sep 21 07:25:30.402187: | # transforms: 4 (0x4) Sep 21 07:25:30.402190: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.402193: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:30.402195: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:30.402197: | our spi 0a ab 0e 55 Sep 21 07:25:30.402200: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.402202: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.402204: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.402207: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:30.402209: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.402212: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.402214: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.402216: | length/value: 256 (0x100) Sep 21 07:25:30.402219: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:30.402221: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.402224: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.402226: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:30.402228: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:30.402231: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.402234: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.402236: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.402239: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.402241: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.402243: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:30.402246: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:30.402249: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.402251: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.402254: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.402257: | discarding DH=NONE Sep 21 07:25:30.402259: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.402262: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.402264: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:30.402266: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:30.402269: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.402272: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.402274: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.402277: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:25:30.402279: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:30.402281: | discarding DH=NONE Sep 21 07:25:30.402284: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.402286: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:30.402301: | prop #: 4 (0x4) Sep 21 07:25:30.402303: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:30.402306: | spi size: 4 (0x4) Sep 21 07:25:30.402308: | # transforms: 4 (0x4) Sep 21 07:25:30.402311: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:30.402314: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:30.402317: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:30.402319: | our spi 0a ab 0e 55 Sep 21 07:25:30.402321: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.402324: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.402326: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.402328: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:30.402331: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.402333: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.402336: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.402338: | length/value: 128 (0x80) Sep 21 07:25:30.402341: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:30.402343: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.402346: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.402348: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:30.402363: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:30.402366: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.402368: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.402371: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.402373: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.402376: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.402378: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:30.402380: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:30.402383: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.402386: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.402388: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.402391: | discarding DH=NONE Sep 21 07:25:30.402393: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:30.402396: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.402399: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:30.402401: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:30.402404: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.402406: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:30.402409: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:30.402411: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:25:30.402414: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:30.402416: | emitting length of IKEv2 Security Association Payload: 164 Sep 21 07:25:30.402419: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:30.402422: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:30.402424: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.402427: | flags: none (0x0) Sep 21 07:25:30.402429: | number of TS: 1 (0x1) Sep 21 07:25:30.402432: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:25:30.402435: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.402437: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:30.402440: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:30.402442: | IP Protocol ID: 0 (0x0) Sep 21 07:25:30.402445: | start port: 0 (0x0) Sep 21 07:25:30.402447: | end port: 65535 (0xffff) Sep 21 07:25:30.402450: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:30.402452: | IP start c0 00 01 00 Sep 21 07:25:30.402455: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:30.402457: | IP end c0 00 01 ff Sep 21 07:25:30.402459: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:30.402462: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:25:30.402464: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:30.402466: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.402469: | flags: none (0x0) Sep 21 07:25:30.402471: | number of TS: 1 (0x1) Sep 21 07:25:30.402474: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:25:30.402477: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:30.402479: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:30.402481: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:30.402484: | IP Protocol ID: 0 (0x0) Sep 21 07:25:30.402486: | start port: 0 (0x0) Sep 21 07:25:30.402488: | end port: 65535 (0xffff) Sep 21 07:25:30.402491: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:30.402493: | IP start c0 00 02 00 Sep 21 07:25:30.402495: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:30.402498: | IP end c0 00 02 ff Sep 21 07:25:30.402500: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:30.402502: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:25:30.402505: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:25:30.402507: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:25:30.402511: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:30.402514: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:30.402519: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:30.402522: | emitting length of IKEv2 Encryption Payload: 337 Sep 21 07:25:30.402524: | emitting length of ISAKMP Message: 365 Sep 21 07:25:30.402539: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:30.402544: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:30.402547: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Sep 21 07:25:30.402550: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Sep 21 07:25:30.402553: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Sep 21 07:25:30.402556: | Message ID: updating counters for #2 to 0 after switching state Sep 21 07:25:30.402561: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Sep 21 07:25:30.402566: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Sep 21 07:25:30.402570: "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:25:30.402578: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Sep 21 07:25:30.402584: | sending 365 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:30.402587: | 1d 6d 17 28 01 df d9 ba 4d 8f 7c 89 91 cc 50 f1 Sep 21 07:25:30.402589: | 2e 20 23 08 00 00 00 01 00 00 01 6d 23 00 01 51 Sep 21 07:25:30.402591: | ff bc bc ac 15 ea 77 6a c3 b3 5d 70 ee df 7d 6e Sep 21 07:25:30.402593: | a4 03 27 1f 61 01 09 4d 09 58 67 8b 93 32 00 38 Sep 21 07:25:30.402596: | 5d cd a7 26 08 7a 41 08 a6 ea 98 e2 d5 a6 4d 23 Sep 21 07:25:30.402598: | 09 7f 77 dc 92 b8 62 c0 8a aa 3e 8d 10 a8 ea 78 Sep 21 07:25:30.402600: | 6d d6 46 8d ed 03 2d bc 7f 1b e3 b5 1f ec ce 03 Sep 21 07:25:30.402602: | 6a 67 aa b9 5f 74 8d 38 43 e1 04 17 c4 4d 71 e5 Sep 21 07:25:30.402604: | 98 51 15 be 16 4e a8 10 27 0c 0e d2 4b 63 e4 20 Sep 21 07:25:30.402607: | 6e d3 c1 66 f6 e7 9b bd ba 5e e5 64 94 99 b2 c5 Sep 21 07:25:30.402609: | a9 b7 36 16 8d d8 33 ad 52 25 8d 70 14 c1 45 78 Sep 21 07:25:30.402611: | 04 3b f5 ee 16 80 11 69 c6 f2 4e 22 b9 e0 19 68 Sep 21 07:25:30.402613: | 08 9f d5 8a 5c 46 1a 8e 6a b1 03 cc 71 a2 50 c7 Sep 21 07:25:30.402616: | 06 7e 4b e9 5f 09 7c bd 2a b0 83 f9 a2 de 84 b3 Sep 21 07:25:30.402631: | ee 8b 81 85 69 3b 05 0c 92 56 5e e8 de d0 ce f2 Sep 21 07:25:30.402633: | 31 5b a2 06 9f 68 d0 ed 9e a3 52 3e 32 2d 0e f1 Sep 21 07:25:30.402636: | 3a dd a3 0f 52 60 48 87 1b 83 e1 26 73 78 b6 43 Sep 21 07:25:30.402638: | f3 13 9a ce ec 4c eb 24 3b 9c 56 c4 33 3c e9 92 Sep 21 07:25:30.402640: | b7 20 d6 d7 f7 7f e6 69 59 44 23 c0 96 4e 9d d2 Sep 21 07:25:30.402643: | 84 af 64 e9 c1 1e 9e 6b f9 2c a3 4d 18 43 d7 1e Sep 21 07:25:30.402645: | 68 9d 43 bc 45 96 92 25 ad 9e e2 46 38 03 45 c1 Sep 21 07:25:30.402647: | 96 4f 5e 86 79 6b d6 80 04 82 01 40 7c 0c 97 cf Sep 21 07:25:30.402650: | d8 b5 59 49 27 ef 7b 50 33 fc 8f a2 f9 Sep 21 07:25:30.402678: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:25:30.402681: "westnet-eastnet-ipv4-psk-ikev2" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:25:30.402689: | event_schedule: new EVENT_RETRANSMIT-pe@0x55fa0bcf11c0 Sep 21 07:25:30.402692: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 Sep 21 07:25:30.402696: | libevent_malloc: new ptr-libevent@0x55fa0bcf12a0 size 128 Sep 21 07:25:30.402702: | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49376.770953 Sep 21 07:25:30.402705: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:25:30.402710: | #1 spent 1.13 milliseconds in resume sending helper answer Sep 21 07:25:30.402715: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:30.402718: | libevent_free: release ptr-libevent@0x7f31c8006b90 Sep 21 07:25:30.433806: | spent 0.00297 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:30.433825: | *received 225 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:25:30.433828: | 1d 6d 17 28 01 df d9 ba 4d 8f 7c 89 91 cc 50 f1 Sep 21 07:25:30.433830: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Sep 21 07:25:30.433833: | e7 5a 3d 84 5c 9c 66 c3 1c c1 ff fc 9d ec 9d a9 Sep 21 07:25:30.433835: | 34 19 ed 95 26 61 26 0e e3 a5 55 de 19 f4 c6 f7 Sep 21 07:25:30.433837: | 17 6f b7 55 0a a1 b3 6e cf 33 5d 97 87 72 57 c0 Sep 21 07:25:30.433839: | 30 c3 ea 73 4d b6 91 7e d2 6a 34 28 13 86 f4 90 Sep 21 07:25:30.433841: | 09 66 93 76 f7 2e 26 a2 15 35 53 ea 55 20 8b 2f Sep 21 07:25:30.433843: | 2a 76 e1 07 7c 45 bf a1 33 9a 17 e6 c8 69 f6 62 Sep 21 07:25:30.433845: | f4 80 c9 55 78 2e 2e 75 59 88 f2 61 cb fe c0 39 Sep 21 07:25:30.433847: | 6d 10 71 84 f6 d0 6e 14 2e 6b e4 8d 78 11 80 76 Sep 21 07:25:30.433849: | c7 69 56 47 fb 9e ed 95 9a 1a 52 a5 57 cf b2 a2 Sep 21 07:25:30.433852: | 42 47 f9 e8 11 03 52 0b 74 fc 61 db 40 c0 58 fb Sep 21 07:25:30.433854: | 13 0e f7 02 c2 86 14 e2 ca 0b 06 52 ee aa 7b 41 Sep 21 07:25:30.433856: | 31 eb 9c b2 c6 c1 64 bc b4 92 f9 f6 9a 44 43 93 Sep 21 07:25:30.433858: | 01 Sep 21 07:25:30.433863: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:30.433867: | **parse ISAKMP Message: Sep 21 07:25:30.433883: | initiator cookie: Sep 21 07:25:30.433885: | 1d 6d 17 28 01 df d9 ba Sep 21 07:25:30.433887: | responder cookie: Sep 21 07:25:30.433889: | 4d 8f 7c 89 91 cc 50 f1 Sep 21 07:25:30.433892: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:30.433895: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:30.433897: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:30.433899: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:30.433902: | Message ID: 1 (0x1) Sep 21 07:25:30.433904: | length: 225 (0xe1) Sep 21 07:25:30.433907: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:25:30.433910: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:25:30.433914: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:25:30.433921: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:30.433924: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:25:30.433929: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:30.433933: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:30.433936: | #2 is idle Sep 21 07:25:30.433938: | #2 idle Sep 21 07:25:30.433940: | unpacking clear payload Sep 21 07:25:30.433943: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:30.433946: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:30.433948: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:25:30.433951: | flags: none (0x0) Sep 21 07:25:30.433953: | length: 197 (0xc5) Sep 21 07:25:30.433956: | processing payload: ISAKMP_NEXT_v2SK (len=193) Sep 21 07:25:30.433961: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:25:30.433976: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:25:30.433979: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:25:30.433983: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:25:30.433986: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:25:30.433988: | flags: none (0x0) Sep 21 07:25:30.433990: | length: 12 (0xc) Sep 21 07:25:30.433993: | ID type: ID_FQDN (0x2) Sep 21 07:25:30.433996: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Sep 21 07:25:30.433998: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:25:30.434000: | **parse IKEv2 Authentication Payload: Sep 21 07:25:30.434003: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:30.434005: | flags: none (0x0) Sep 21 07:25:30.434008: | length: 72 (0x48) Sep 21 07:25:30.434010: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:25:30.434013: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Sep 21 07:25:30.434015: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:30.434018: | **parse IKEv2 Security Association Payload: Sep 21 07:25:30.434020: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:25:30.434023: | flags: none (0x0) Sep 21 07:25:30.434025: | length: 36 (0x24) Sep 21 07:25:30.434028: | processing payload: ISAKMP_NEXT_v2SA (len=32) Sep 21 07:25:30.434030: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:25:30.434033: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:30.434036: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:25:30.434038: | flags: none (0x0) Sep 21 07:25:30.434040: | length: 24 (0x18) Sep 21 07:25:30.434043: | number of TS: 1 (0x1) Sep 21 07:25:30.434046: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:25:30.434048: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:25:30.434050: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:30.434053: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:30.434055: | flags: none (0x0) Sep 21 07:25:30.434057: | length: 24 (0x18) Sep 21 07:25:30.434060: | number of TS: 1 (0x1) Sep 21 07:25:30.434062: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:25:30.434065: | selected state microcode Initiator: process IKE_AUTH response Sep 21 07:25:30.434067: | Now let's proceed with state specific processing Sep 21 07:25:30.434070: | calling processor Initiator: process IKE_AUTH response Sep 21 07:25:30.434076: | offered CA: '%none' Sep 21 07:25:30.434080: "westnet-eastnet-ipv4-psk-ikev2" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Sep 21 07:25:30.434137: | verifying AUTH payload Sep 21 07:25:30.434142: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Sep 21 07:25:30.434148: | started looking for secret for 192.1.2.45->@east of kind PKK_PSK Sep 21 07:25:30.434151: | actually looking for secret for 192.1.2.45->@east of kind PKK_PSK Sep 21 07:25:30.434155: | line 1: key type PKK_PSK(192.1.2.45) to type PKK_PSK Sep 21 07:25:30.434161: | 1: compared key 192.1.2.45 to 192.1.2.45 / @east -> 010 Sep 21 07:25:30.434165: | 2: compared key @east to 192.1.2.45 / @east -> 014 Sep 21 07:25:30.434168: | line 1: match=014 Sep 21 07:25:30.434171: | match 014 beats previous best_match 000 match=0x55fa0bce25c0 (line=1) Sep 21 07:25:30.434174: | concluding with best_match=014 best=0x55fa0bce25c0 (lineno=1) Sep 21 07:25:30.434239: "westnet-eastnet-ipv4-psk-ikev2" #2: Authenticated using authby=secret Sep 21 07:25:30.434249: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Sep 21 07:25:30.434254: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Sep 21 07:25:30.434257: | state #1 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:25:30.434261: | libevent_free: release ptr-libevent@0x55fa0bcf1480 Sep 21 07:25:30.434263: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55fa0bcf1440 Sep 21 07:25:30.434266: | event_schedule: new EVENT_SA_REKEY-pe@0x55fa0bcf1440 Sep 21 07:25:30.434272: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Sep 21 07:25:30.434275: | libevent_malloc: new ptr-libevent@0x55fa0bcf1480 size 128 Sep 21 07:25:30.434388: | pstats #1 ikev2.ike established Sep 21 07:25:30.434394: | TSi: parsing 1 traffic selectors Sep 21 07:25:30.434397: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:30.434399: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:30.434401: | IP Protocol ID: 0 (0x0) Sep 21 07:25:30.434404: | length: 16 (0x10) Sep 21 07:25:30.434406: | start port: 0 (0x0) Sep 21 07:25:30.434409: | end port: 65535 (0xffff) Sep 21 07:25:30.434411: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:30.434413: | TS low c0 00 01 00 Sep 21 07:25:30.434429: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:30.434431: | TS high c0 00 01 ff Sep 21 07:25:30.434433: | TSi: parsed 1 traffic selectors Sep 21 07:25:30.434436: | TSr: parsing 1 traffic selectors Sep 21 07:25:30.434451: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:30.434453: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:30.434456: | IP Protocol ID: 0 (0x0) Sep 21 07:25:30.434458: | length: 16 (0x10) Sep 21 07:25:30.434460: | start port: 0 (0x0) Sep 21 07:25:30.434463: | end port: 65535 (0xffff) Sep 21 07:25:30.434465: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:30.434468: | TS low c0 00 02 00 Sep 21 07:25:30.434470: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:30.434472: | TS high c0 00 02 ff Sep 21 07:25:30.434474: | TSr: parsed 1 traffic selectors Sep 21 07:25:30.434480: | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:25:30.434486: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:30.434492: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Sep 21 07:25:30.434495: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:30.434498: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:30.434501: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:30.434504: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:30.434509: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:30.434514: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:25:30.434517: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:25:30.434520: | TSr[0] port match: YES fitness 65536 Sep 21 07:25:30.434522: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:25:30.434525: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:30.434528: | best fit so far: TSi[0] TSr[0] Sep 21 07:25:30.434530: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:25:30.434532: | printing contents struct traffic_selector Sep 21 07:25:30.434534: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:25:30.434536: | ipprotoid: 0 Sep 21 07:25:30.434538: | port range: 0-65535 Sep 21 07:25:30.434542: | ip range: 192.0.1.0-192.0.1.255 Sep 21 07:25:30.434544: | printing contents struct traffic_selector Sep 21 07:25:30.434546: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:25:30.434549: | ipprotoid: 0 Sep 21 07:25:30.434551: | port range: 0-65535 Sep 21 07:25:30.434554: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:25:30.434568: | using existing local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:30.434572: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Sep 21 07:25:30.434578: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:30.434580: | local proposal 1 type PRF has 0 transforms Sep 21 07:25:30.434582: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:30.434584: | local proposal 1 type DH has 1 transforms Sep 21 07:25:30.434587: | local proposal 1 type ESN has 1 transforms Sep 21 07:25:30.434590: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:25:30.434592: | local proposal 2 type ENCR has 1 transforms Sep 21 07:25:30.434594: | local proposal 2 type PRF has 0 transforms Sep 21 07:25:30.434597: | local proposal 2 type INTEG has 1 transforms Sep 21 07:25:30.434599: | local proposal 2 type DH has 1 transforms Sep 21 07:25:30.434601: | local proposal 2 type ESN has 1 transforms Sep 21 07:25:30.434604: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:25:30.434606: | local proposal 3 type ENCR has 1 transforms Sep 21 07:25:30.434608: | local proposal 3 type PRF has 0 transforms Sep 21 07:25:30.434610: | local proposal 3 type INTEG has 2 transforms Sep 21 07:25:30.434613: | local proposal 3 type DH has 1 transforms Sep 21 07:25:30.434615: | local proposal 3 type ESN has 1 transforms Sep 21 07:25:30.434618: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:25:30.434620: | local proposal 4 type ENCR has 1 transforms Sep 21 07:25:30.434622: | local proposal 4 type PRF has 0 transforms Sep 21 07:25:30.434624: | local proposal 4 type INTEG has 2 transforms Sep 21 07:25:30.434626: | local proposal 4 type DH has 1 transforms Sep 21 07:25:30.434628: | local proposal 4 type ESN has 1 transforms Sep 21 07:25:30.434631: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:25:30.434633: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:30.434636: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:30.434638: | length: 32 (0x20) Sep 21 07:25:30.434640: | prop #: 1 (0x1) Sep 21 07:25:30.434642: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:30.434644: | spi size: 4 (0x4) Sep 21 07:25:30.434646: | # transforms: 2 (0x2) Sep 21 07:25:30.434649: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:30.434651: | remote SPI 02 f6 25 d0 Sep 21 07:25:30.434654: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:25:30.434657: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.434659: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:30.434661: | length: 12 (0xc) Sep 21 07:25:30.434663: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:30.434665: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:30.434668: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:30.434671: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:30.434673: | length/value: 256 (0x100) Sep 21 07:25:30.434677: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:30.434680: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:30.434682: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:30.434685: | length: 8 (0x8) Sep 21 07:25:30.434687: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:30.434689: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:30.434693: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:25:30.434696: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Sep 21 07:25:30.434700: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Sep 21 07:25:30.434702: | remote proposal 1 matches local proposal 1 Sep 21 07:25:30.434705: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Sep 21 07:25:30.434711: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=02f625d0;ENCR=AES_GCM_C_256;ESN=DISABLED Sep 21 07:25:30.434714: | converting proposal to internal trans attrs Sep 21 07:25:30.434720: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:25:30.434883: | #1 spent 1.06 milliseconds Sep 21 07:25:30.434891: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:25:30.434895: | could_route called for westnet-eastnet-ipv4-psk-ikev2 (kind=CK_PERMANENT) Sep 21 07:25:30.434897: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:30.434900: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:30.434903: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Sep 21 07:25:30.434909: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Sep 21 07:25:30.434912: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:25:30.434916: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:25:30.434918: | AES_GCM_16 requires 4 salt bytes Sep 21 07:25:30.434921: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:25:30.434925: | setting IPsec SA replay-window to 32 Sep 21 07:25:30.434928: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Sep 21 07:25:30.434932: | netlink: enabling tunnel mode Sep 21 07:25:30.434934: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:30.434937: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:30.435024: | netlink response for Add SA esp.2f625d0@192.1.2.23 included non-error error Sep 21 07:25:30.435029: | set up outgoing SA, ref=0/0 Sep 21 07:25:30.435032: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:25:30.435035: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:25:30.435037: | AES_GCM_16 requires 4 salt bytes Sep 21 07:25:30.435040: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:25:30.435043: | setting IPsec SA replay-window to 32 Sep 21 07:25:30.435046: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Sep 21 07:25:30.435049: | netlink: enabling tunnel mode Sep 21 07:25:30.435051: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:30.435054: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:30.435105: | netlink response for Add SA esp.aab0e55@192.1.2.45 included non-error error Sep 21 07:25:30.435110: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:25:30.435117: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) Sep 21 07:25:30.435120: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:30.435171: | raw_eroute result=success Sep 21 07:25:30.435175: | set up incoming SA, ref=0/0 Sep 21 07:25:30.435178: | sr for #2: unrouted Sep 21 07:25:30.435180: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:25:30.435182: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:30.435184: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:30.435185: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Sep 21 07:25:30.435188: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Sep 21 07:25:30.435190: | route_and_eroute with c: westnet-eastnet-ipv4-psk-ikev2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:25:30.435193: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:25:30.435197: | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:25:30.435199: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:30.435218: | raw_eroute result=success Sep 21 07:25:30.435221: | running updown command "ipsec _updown" for verb up Sep 21 07:25:30.435226: | command executing up-client Sep 21 07:25:30.435242: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='192.1.2.45' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='n Sep 21 07:25:30.435245: | popen cmd is 1052 chars long Sep 21 07:25:30.435247: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv: Sep 21 07:25:30.435248: | cmd( 80):4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.: Sep 21 07:25:30.435250: | cmd( 160):2.45' PLUTO_MY_ID='192.1.2.45' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NE: Sep 21 07:25:30.435252: | cmd( 240):T='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Sep 21 07:25:30.435253: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PL: Sep 21 07:25:30.435255: | cmd( 400):UTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.: Sep 21 07:25:30.435256: | cmd( 480):0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PRO: Sep 21 07:25:30.435258: | cmd( 560):TOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POL: Sep 21 07:25:30.435259: | cmd( 640):ICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PL: Sep 21 07:25:30.435261: | cmd( 720):UTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_I: Sep 21 07:25:30.435262: | cmd( 800):S_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BAN: Sep 21 07:25:30.435264: | cmd( 880):NER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFA: Sep 21 07:25:30.435266: | cmd( 960):CE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2f625d0 SPI_OUT=0xaab0e55 ipsec : Sep 21 07:25:30.435267: | cmd(1040):_updown 2>&1: Sep 21 07:25:30.444942: | route_and_eroute: firewall_notified: true Sep 21 07:25:30.444960: | running updown command "ipsec _updown" for verb prepare Sep 21 07:25:30.444964: | command executing prepare-client Sep 21 07:25:30.445004: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='192.1.2.45' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI Sep 21 07:25:30.445008: | popen cmd is 1057 chars long Sep 21 07:25:30.445012: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Sep 21 07:25:30.445019: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='1: Sep 21 07:25:30.445023: | cmd( 160):92.1.2.45' PLUTO_MY_ID='192.1.2.45' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIE: Sep 21 07:25:30.445026: | cmd( 240):NT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_: Sep 21 07:25:30.445030: | cmd( 320):MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.2: Sep 21 07:25:30.445033: | cmd( 400):3' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET=: Sep 21 07:25:30.445037: | cmd( 480):'192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEE: Sep 21 07:25:30.445040: | cmd( 560):R_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CON: Sep 21 07:25:30.445044: | cmd( 640):N_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_N: Sep 21 07:25:30.445047: | cmd( 720):O' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PL: Sep 21 07:25:30.445051: | cmd( 800):UTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEE: Sep 21 07:25:30.445054: | cmd( 880):R_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VT: Sep 21 07:25:30.445057: | cmd( 960):I_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2f625d0 SPI_OUT=0xaab0e55 i: Sep 21 07:25:30.445060: | cmd(1040):psec _updown 2>&1: Sep 21 07:25:30.451880: | running updown command "ipsec _updown" for verb route Sep 21 07:25:30.451893: | command executing route-client Sep 21 07:25:30.451914: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='192.1.2.45' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHA Sep 21 07:25:30.451917: | popen cmd is 1055 chars long Sep 21 07:25:30.451919: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Sep 21 07:25:30.451921: | cmd( 80):ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192: Sep 21 07:25:30.451922: | cmd( 160):.1.2.45' PLUTO_MY_ID='192.1.2.45' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT: Sep 21 07:25:30.451924: | cmd( 240):_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY: Sep 21 07:25:30.451925: | cmd( 320):_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23': Sep 21 07:25:30.451927: | cmd( 400): PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='1: Sep 21 07:25:30.451929: | cmd( 480):92.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_: Sep 21 07:25:30.451930: | cmd( 560):PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_: Sep 21 07:25:30.451932: | cmd( 640):POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO': Sep 21 07:25:30.451933: | cmd( 720): PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUT: Sep 21 07:25:30.451935: | cmd( 800):O_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_: Sep 21 07:25:30.451939: | cmd( 880):BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_: Sep 21 07:25:30.451941: | cmd( 960):IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2f625d0 SPI_OUT=0xaab0e55 ips: Sep 21 07:25:30.451942: | cmd(1040):ec _updown 2>&1: Sep 21 07:25:30.463447: | route_and_eroute: instance "westnet-eastnet-ipv4-psk-ikev2", setting eroute_owner {spd=0x55fa0bcedf50,sr=0x55fa0bcedf50} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:25:30.463530: | #1 spent 0.897 milliseconds in install_ipsec_sa() Sep 21 07:25:30.463538: | inR2: instance westnet-eastnet-ipv4-psk-ikev2[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:25:30.463542: | state #2 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:25:30.463546: | #2 STATE_PARENT_I2: retransmits: cleared Sep 21 07:25:30.463551: | libevent_free: release ptr-libevent@0x55fa0bcf12a0 Sep 21 07:25:30.463555: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55fa0bcf11c0 Sep 21 07:25:30.463561: | #2 spent 1.73 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Sep 21 07:25:30.463570: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:30.463575: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Sep 21 07:25:30.463579: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Sep 21 07:25:30.463583: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:25:30.463587: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:25:30.463594: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Sep 21 07:25:30.463600: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:30.463603: | pstats #2 ikev2.child established Sep 21 07:25:30.463613: "westnet-eastnet-ipv4-psk-ikev2" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Sep 21 07:25:30.463624: | NAT-T: encaps is 'auto' Sep 21 07:25:30.463630: "westnet-eastnet-ipv4-psk-ikev2" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x02f625d0 <0x0aab0e55 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Sep 21 07:25:30.463635: | releasing whack for #2 (sock=fd@25) Sep 21 07:25:30.463639: | close_any(fd@25) (in release_whack() at state.c:654) Sep 21 07:25:30.463642: | releasing whack and unpending for parent #1 Sep 21 07:25:30.463646: | unpending state #1 connection "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:25:30.463651: | delete from pending Child SA with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:25:30.463655: | removing pending policy for no connection {0x55fa0bc7e490} Sep 21 07:25:30.463662: | close_any(fd@24) (in release_whack() at state.c:654) Sep 21 07:25:30.463667: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Sep 21 07:25:30.463671: | event_schedule: new EVENT_SA_REKEY-pe@0x55fa0bcf11c0 Sep 21 07:25:30.463675: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Sep 21 07:25:30.463679: | libevent_malloc: new ptr-libevent@0x55fa0bcf12a0 size 128 Sep 21 07:25:30.463686: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:30.463692: | #1 spent 2.12 milliseconds in ikev2_process_packet() Sep 21 07:25:30.463697: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:30.463701: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:30.463704: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:30.463709: | spent 2.14 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:30.463724: | processing signal PLUTO_SIGCHLD Sep 21 07:25:30.463733: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:30.463738: | spent 0.00887 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:30.463740: | processing signal PLUTO_SIGCHLD Sep 21 07:25:30.463745: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:30.463749: | spent 0.00401 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:30.463752: | processing signal PLUTO_SIGCHLD Sep 21 07:25:30.463755: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:30.463759: | spent 0.00381 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:31.609127: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:31.609144: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:25:31.609148: | FOR_EACH_STATE_... in sort_states Sep 21 07:25:31.609154: | get_sa_info esp.aab0e55@192.1.2.45 Sep 21 07:25:31.609167: | get_sa_info esp.2f625d0@192.1.2.23 Sep 21 07:25:31.609183: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:31.609190: | spent 0.0693 milliseconds in whack Sep 21 07:25:32.105134: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:32.105156: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:25:32.105160: | FOR_EACH_STATE_... in sort_states Sep 21 07:25:32.105166: | get_sa_info esp.aab0e55@192.1.2.45 Sep 21 07:25:32.105178: | get_sa_info esp.2f625d0@192.1.2.23 Sep 21 07:25:32.105194: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:32.105202: | spent 0.0726 milliseconds in whack Sep 21 07:25:32.221845: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:32.222041: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:32.222046: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:32.222110: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:25:32.222113: | FOR_EACH_STATE_... in sort_states Sep 21 07:25:32.222126: | get_sa_info esp.aab0e55@192.1.2.45 Sep 21 07:25:32.222141: | get_sa_info esp.2f625d0@192.1.2.23 Sep 21 07:25:32.222161: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:32.222169: | spent 0.331 milliseconds in whack Sep 21 07:25:32.566732: | spent 0.0027 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:32.566752: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:25:32.566756: | 1d 6d 17 28 01 df d9 ba 4d 8f 7c 89 91 cc 50 f1 Sep 21 07:25:32.566759: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:25:32.566761: | b5 74 df dc eb 4d 6d 55 df 91 c7 2b 22 67 04 1a Sep 21 07:25:32.566763: | 2f b6 8d c3 43 76 a9 f2 5f 28 50 26 bf e9 a6 fc Sep 21 07:25:32.566765: | 12 de 0b 2e be Sep 21 07:25:32.566770: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:32.566773: | **parse ISAKMP Message: Sep 21 07:25:32.566776: | initiator cookie: Sep 21 07:25:32.566778: | 1d 6d 17 28 01 df d9 ba Sep 21 07:25:32.566780: | responder cookie: Sep 21 07:25:32.566782: | 4d 8f 7c 89 91 cc 50 f1 Sep 21 07:25:32.566819: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:32.566824: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:32.566827: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:32.566830: | flags: none (0x0) Sep 21 07:25:32.566833: | Message ID: 0 (0x0) Sep 21 07:25:32.566835: | length: 69 (0x45) Sep 21 07:25:32.566839: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:25:32.566843: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:25:32.566847: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:25:32.566855: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:32.566862: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:32.566867: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:32.566871: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:25:32.566876: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 Sep 21 07:25:32.566879: | unpacking clear payload Sep 21 07:25:32.566882: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:32.566885: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:32.566888: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:25:32.566890: | flags: none (0x0) Sep 21 07:25:32.566893: | length: 41 (0x29) Sep 21 07:25:32.566896: | processing payload: ISAKMP_NEXT_v2SK (len=37) Sep 21 07:25:32.566902: | Message ID: start-responder #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:25:32.566905: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:25:32.566920: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:25:32.566923: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:25:32.566927: | **parse IKEv2 Delete Payload: Sep 21 07:25:32.566930: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.566933: | flags: none (0x0) Sep 21 07:25:32.566936: | length: 12 (0xc) Sep 21 07:25:32.566939: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:32.566941: | SPI size: 4 (0x4) Sep 21 07:25:32.566944: | number of SPIs: 1 (0x1) Sep 21 07:25:32.566947: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:25:32.566950: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:25:32.566953: | Now let's proceed with state specific processing Sep 21 07:25:32.566955: | calling processor I3: INFORMATIONAL Request Sep 21 07:25:32.566959: | an informational request should send a response Sep 21 07:25:32.566965: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:25:32.566968: | **emit ISAKMP Message: Sep 21 07:25:32.566971: | initiator cookie: Sep 21 07:25:32.566974: | 1d 6d 17 28 01 df d9 ba Sep 21 07:25:32.566976: | responder cookie: Sep 21 07:25:32.566978: | 4d 8f 7c 89 91 cc 50 f1 Sep 21 07:25:32.566980: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:32.566981: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:32.566983: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:32.566985: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:25:32.566986: | Message ID: 0 (0x0) Sep 21 07:25:32.566988: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:32.566990: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:32.566992: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.566993: | flags: none (0x0) Sep 21 07:25:32.566995: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:32.566997: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:32.566999: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:32.567004: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:25:32.567005: | SPI 02 f6 25 d0 Sep 21 07:25:32.567007: | delete PROTO_v2_ESP SA(0x02f625d0) Sep 21 07:25:32.567009: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Sep 21 07:25:32.567011: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Sep 21 07:25:32.567013: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x02f625d0) Sep 21 07:25:32.567015: "westnet-eastnet-ipv4-psk-ikev2" #1: received Delete SA payload: replace IPsec State #2 now Sep 21 07:25:32.567019: | state #2 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:32.567022: | libevent_free: release ptr-libevent@0x55fa0bcf12a0 Sep 21 07:25:32.567023: | free_event_entry: release EVENT_SA_REKEY-pe@0x55fa0bcf11c0 Sep 21 07:25:32.567026: | event_schedule: new EVENT_SA_REPLACE-pe@0x55fa0bcf11c0 Sep 21 07:25:32.567028: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Sep 21 07:25:32.567030: | libevent_malloc: new ptr-libevent@0x55fa0bcf12a0 size 128 Sep 21 07:25:32.567032: | ****emit IKEv2 Delete Payload: Sep 21 07:25:32.567034: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.567036: | flags: none (0x0) Sep 21 07:25:32.567037: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:32.567039: | SPI size: 4 (0x4) Sep 21 07:25:32.567040: | number of SPIs: 1 (0x1) Sep 21 07:25:32.567042: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:25:32.567048: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:32.567052: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:25:32.567055: | local SPIs 0a ab 0e 55 Sep 21 07:25:32.567058: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:25:32.567060: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:32.567063: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.567065: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:32.567067: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:25:32.567068: | emitting length of ISAKMP Message: 69 Sep 21 07:25:32.567079: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:32.567081: | 1d 6d 17 28 01 df d9 ba 4d 8f 7c 89 91 cc 50 f1 Sep 21 07:25:32.567082: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:25:32.567084: | 63 79 fb bc 61 d0 84 4a ec ff b5 57 da 02 07 1e Sep 21 07:25:32.567085: | 94 7b 54 7c 07 c2 49 ca 6d cd ee c3 15 3c ee 66 Sep 21 07:25:32.567086: | d9 84 56 ae 25 Sep 21 07:25:32.567107: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:25:32.567111: | Message ID: sent #1 response 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:25:32.567116: | #1 spent 0.148 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:25:32.567120: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:32.567122: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:25:32.567124: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:25:32.567127: | Message ID: recv #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:25:32.567130: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:32.567132: "westnet-eastnet-ipv4-psk-ikev2" #1: STATE_PARENT_I3: PARENT SA established Sep 21 07:25:32.567135: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:32.567138: | #1 spent 0.359 milliseconds in ikev2_process_packet() Sep 21 07:25:32.567140: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:32.567144: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:32.567146: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:32.567149: | spent 0.37 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:32.567154: | timer_event_cb: processing event@0x55fa0bcf11c0 Sep 21 07:25:32.567156: | handling event EVENT_SA_REPLACE for child state #2 Sep 21 07:25:32.567159: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:32.567161: | picked newest_ipsec_sa #2 for #2 Sep 21 07:25:32.567163: | replacing stale CHILD SA Sep 21 07:25:32.567166: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:25:32.567167: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:32.567170: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:25:32.567172: | creating state object #3 at 0x55fa0bcf86d0 Sep 21 07:25:32.567174: | State DB: adding IKEv2 state #3 in UNDEFINED Sep 21 07:25:32.567180: | pstats #3 ikev2.child started Sep 21 07:25:32.567182: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #3 for IPSEC SA Sep 21 07:25:32.567184: | #3 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:25:32.567188: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:32.567192: | suspend processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:25:32.567194: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:25:32.567197: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Sep 21 07:25:32.567199: | create child proposal's DH changed from no-PFS to MODP2048, flushing Sep 21 07:25:32.567201: | constructing ESP/AH proposals with default DH MODP2048 for westnet-eastnet-ipv4-psk-ikev2 (ESP/AH initiator emitting proposals) Sep 21 07:25:32.567206: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:25:32.567211: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:25:32.567213: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:25:32.567215: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:25:32.567217: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:32.567220: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:25:32.567222: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:32.567224: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:25:32.567229: "westnet-eastnet-ipv4-psk-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:25:32.567232: | #3 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Sep 21 07:25:32.567234: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x7f31d0002b20 Sep 21 07:25:32.567236: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Sep 21 07:25:32.567238: | libevent_malloc: new ptr-libevent@0x55fa0bcf3a90 size 128 Sep 21 07:25:32.567242: | RESET processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:25:32.567247: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55fa0bcf16e0 Sep 21 07:25:32.567249: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Sep 21 07:25:32.567251: | libevent_malloc: new ptr-libevent@0x55fa0bcf3690 size 128 Sep 21 07:25:32.567253: | libevent_free: release ptr-libevent@0x55fa0bcf12a0 Sep 21 07:25:32.567254: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55fa0bcf11c0 Sep 21 07:25:32.567257: | #2 spent 0.103 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:25:32.567259: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:25:32.567262: | timer_event_cb: processing event@0x7f31d0002b20 Sep 21 07:25:32.567264: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Sep 21 07:25:32.567267: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:32.567270: | adding Child Rekey Initiator KE and nonce ni work-order 3 for state #3 Sep 21 07:25:32.567271: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55fa0bcf11c0 Sep 21 07:25:32.567274: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:25:32.567275: | libevent_malloc: new ptr-libevent@0x55fa0bcf12a0 size 128 Sep 21 07:25:32.567281: | libevent_free: release ptr-libevent@0x55fa0bcf3a90 Sep 21 07:25:32.567283: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x7f31d0002b20 Sep 21 07:25:32.567285: | #3 spent 0.0222 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:25:32.567288: | stop processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:25:32.567287: | crypto helper 4 resuming Sep 21 07:25:32.567291: | timer_event_cb: processing event@0x55fa0bcf16e0 Sep 21 07:25:32.567300: | crypto helper 4 starting work-order 3 for state #3 Sep 21 07:25:32.567301: | handling event EVENT_SA_EXPIRE for child state #2 Sep 21 07:25:32.567307: | crypto helper 4 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 Sep 21 07:25:32.567308: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:32.567314: | picked newest_ipsec_sa #2 for #2 Sep 21 07:25:32.567316: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:25:32.567317: | pstats #2 ikev2.child re-failed exchange-timeout Sep 21 07:25:32.567319: | pstats #2 ikev2.child deleted completed Sep 21 07:25:32.567321: | #2 spent 1.83 milliseconds in total Sep 21 07:25:32.567324: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:32.567326: "westnet-eastnet-ipv4-psk-ikev2" #2: deleting state (STATE_V2_IPSEC_I) aged 2.165s and NOT sending notification Sep 21 07:25:32.567328: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Sep 21 07:25:32.567331: | get_sa_info esp.2f625d0@192.1.2.23 Sep 21 07:25:32.567340: | get_sa_info esp.aab0e55@192.1.2.45 Sep 21 07:25:32.567345: "westnet-eastnet-ipv4-psk-ikev2" #2: ESP traffic information: in=168B out=168B Sep 21 07:25:32.567347: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:25:32.567450: | running updown command "ipsec _updown" for verb down Sep 21 07:25:32.567457: | command executing down-client Sep 21 07:25:32.567481: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='192.1.2.45' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050730' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' Sep 21 07:25:32.567486: | popen cmd is 1063 chars long Sep 21 07:25:32.567488: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-i: Sep 21 07:25:32.567490: | cmd( 80):pv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.: Sep 21 07:25:32.567492: | cmd( 160):1.2.45' PLUTO_MY_ID='192.1.2.45' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_: Sep 21 07:25:32.567493: | cmd( 240):NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_: Sep 21 07:25:32.567495: | cmd( 320):PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' : Sep 21 07:25:32.567497: | cmd( 400):PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='19: Sep 21 07:25:32.567498: | cmd( 480):2.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_P: Sep 21 07:25:32.567500: | cmd( 560):ROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050730' PLU: Sep 21 07:25:32.567501: | cmd( 640):TO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW: Sep 21 07:25:32.567503: | cmd( 720):+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILE: Sep 21 07:25:32.567504: | cmd( 800):D=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLU: Sep 21 07:25:32.567506: | cmd( 880):TO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED=: Sep 21 07:25:32.567507: | cmd( 960):'0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2f625d0 SPI_OUT=0xaab: Sep 21 07:25:32.567509: | cmd(1040):0e55 ipsec _updown 2>&1: Sep 21 07:25:32.568243: | crypto helper 4 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 time elapsed 0.000936 seconds Sep 21 07:25:32.568255: | (#3) spent 0.944 milliseconds in crypto helper computing work-order 3: Child Rekey Initiator KE and nonce ni (pcr) Sep 21 07:25:32.568260: | crypto helper 4 sending results from work-order 3 for state #3 to event queue Sep 21 07:25:32.568263: | scheduling resume sending helper answer for #3 Sep 21 07:25:32.568267: | libevent_malloc: new ptr-libevent@0x7f31cc006900 size 128 Sep 21 07:25:32.568272: | crypto helper 4 waiting (nothing to do) Sep 21 07:25:32.578547: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:25:32.578560: | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:25:32.578564: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:25:32.578567: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:32.578669: | delete esp.2f625d0@192.1.2.23 Sep 21 07:25:32.578699: | netlink response for Del SA esp.2f625d0@192.1.2.23 included non-error error Sep 21 07:25:32.578763: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:25:32.578772: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Sep 21 07:25:32.578924: | raw_eroute result=success Sep 21 07:25:32.578933: | delete esp.aab0e55@192.1.2.45 Sep 21 07:25:32.578959: | netlink response for Del SA esp.aab0e55@192.1.2.45 included non-error error Sep 21 07:25:32.578964: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Sep 21 07:25:32.578968: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Sep 21 07:25:32.578972: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:25:32.578979: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:32.578987: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Sep 21 07:25:32.578990: | can't expire unused IKE SA #1; it has the child #3 Sep 21 07:25:32.578994: | libevent_free: release ptr-libevent@0x55fa0bcf3690 Sep 21 07:25:32.578998: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55fa0bcf16e0 Sep 21 07:25:32.579001: | in statetime_stop() and could not find #2 Sep 21 07:25:32.579004: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:25:32.579022: | spent 0.00251 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:32.579035: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:25:32.579038: | 1d 6d 17 28 01 df d9 ba 4d 8f 7c 89 91 cc 50 f1 Sep 21 07:25:32.579041: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Sep 21 07:25:32.579043: | ad a7 0b 24 a6 da d7 54 18 91 5d cd 5b 9c 4c e1 Sep 21 07:25:32.579046: | 10 9c 14 46 59 e1 b5 69 0a 44 2c 7d c6 d0 6f bd Sep 21 07:25:32.579048: | 23 Sep 21 07:25:32.579053: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:32.579057: | **parse ISAKMP Message: Sep 21 07:25:32.579060: | initiator cookie: Sep 21 07:25:32.579062: | 1d 6d 17 28 01 df d9 ba Sep 21 07:25:32.579065: | responder cookie: Sep 21 07:25:32.579067: | 4d 8f 7c 89 91 cc 50 f1 Sep 21 07:25:32.579070: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:32.579073: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:32.579076: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:32.579078: | flags: none (0x0) Sep 21 07:25:32.579081: | Message ID: 1 (0x1) Sep 21 07:25:32.579084: | length: 65 (0x41) Sep 21 07:25:32.579087: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:25:32.579090: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:25:32.579093: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:25:32.579100: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:32.579103: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:32.579108: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:32.579112: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:25:32.579116: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 Sep 21 07:25:32.579119: | unpacking clear payload Sep 21 07:25:32.579122: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:32.579125: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:32.579127: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:25:32.579130: | flags: none (0x0) Sep 21 07:25:32.579133: | length: 37 (0x25) Sep 21 07:25:32.579135: | processing payload: ISAKMP_NEXT_v2SK (len=33) Sep 21 07:25:32.579140: | Message ID: start-responder #1 request 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:25:32.579143: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:25:32.579160: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:25:32.579163: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:25:32.579166: | **parse IKEv2 Delete Payload: Sep 21 07:25:32.579169: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.579171: | flags: none (0x0) Sep 21 07:25:32.579174: | length: 8 (0x8) Sep 21 07:25:32.579177: | protocol ID: PROTO_v2_IKE (0x1) Sep 21 07:25:32.579179: | SPI size: 0 (0x0) Sep 21 07:25:32.579182: | number of SPIs: 0 (0x0) Sep 21 07:25:32.579184: | processing payload: ISAKMP_NEXT_v2D (len=0) Sep 21 07:25:32.579187: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:25:32.579192: | Now let's proceed with state specific processing Sep 21 07:25:32.579195: | calling processor I3: INFORMATIONAL Request Sep 21 07:25:32.579198: | an informational request should send a response Sep 21 07:25:32.579203: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:25:32.579207: | **emit ISAKMP Message: Sep 21 07:25:32.579209: | initiator cookie: Sep 21 07:25:32.579212: | 1d 6d 17 28 01 df d9 ba Sep 21 07:25:32.579214: | responder cookie: Sep 21 07:25:32.579216: | 4d 8f 7c 89 91 cc 50 f1 Sep 21 07:25:32.579219: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:32.579222: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:32.579225: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:32.579228: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:25:32.579230: | Message ID: 1 (0x1) Sep 21 07:25:32.579233: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:32.579237: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:32.579240: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.579242: | flags: none (0x0) Sep 21 07:25:32.579245: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:32.579248: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:32.579251: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:32.579261: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:32.579265: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.579268: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:32.579270: | emitting length of IKEv2 Encryption Payload: 29 Sep 21 07:25:32.579273: | emitting length of ISAKMP Message: 57 Sep 21 07:25:32.579285: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:32.579288: | 1d 6d 17 28 01 df d9 ba 4d 8f 7c 89 91 cc 50 f1 Sep 21 07:25:32.579291: | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d Sep 21 07:25:32.579293: | 48 e2 6c a4 b2 49 23 42 cd 13 c4 b9 fd a5 69 54 Sep 21 07:25:32.579296: | 12 b9 5f 6b 1a 7a 23 f0 f4 Sep 21 07:25:32.579324: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:25:32.579330: | Message ID: sent #1 response 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:25:32.579334: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Sep 21 07:25:32.579337: | pstats #3 ikev2.child deleted other Sep 21 07:25:32.579341: | #3 spent 0.0222 milliseconds in total Sep 21 07:25:32.579347: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:32.579351: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:32.579356: "westnet-eastnet-ipv4-psk-ikev2" #3: deleting other state #3 (STATE_CHILDSA_DEL) aged 0.012s and NOT sending notification Sep 21 07:25:32.579359: | child state #3: CHILDSA_DEL(informational) => delete Sep 21 07:25:32.579362: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:32.579365: | libevent_free: release ptr-libevent@0x55fa0bcf12a0 Sep 21 07:25:32.579368: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55fa0bcf11c0 Sep 21 07:25:32.579372: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:25:32.579381: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Sep 21 07:25:32.579394: | raw_eroute result=success Sep 21 07:25:32.579397: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Sep 21 07:25:32.579400: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Sep 21 07:25:32.579403: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:25:32.579408: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:32.579413: | resume processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:32.579416: | State DB: IKEv2 state not found (delete_my_family) Sep 21 07:25:32.579420: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Sep 21 07:25:32.579422: | pstats #1 ikev2.ike deleted completed Sep 21 07:25:32.579425: | #1 spent 7.6 milliseconds in total Sep 21 07:25:32.579430: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:32.579433: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting state (STATE_IKESA_DEL) aged 2.184s and NOT sending notification Sep 21 07:25:32.579436: | parent state #1: IKESA_DEL(established IKE SA) => delete Sep 21 07:25:32.579489: | state #1 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:32.579494: | libevent_free: release ptr-libevent@0x55fa0bcf1480 Sep 21 07:25:32.579497: | free_event_entry: release EVENT_SA_REKEY-pe@0x55fa0bcf1440 Sep 21 07:25:32.579500: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:25:32.579503: | picked newest_isakmp_sa #0 for #1 Sep 21 07:25:32.579506: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting IKE SA for connection 'westnet-eastnet-ipv4-psk-ikev2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:25:32.579509: | add revival: connection 'westnet-eastnet-ipv4-psk-ikev2' added to the list and scheduled for 0 seconds Sep 21 07:25:32.579512: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Sep 21 07:25:32.579516: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Sep 21 07:25:32.579519: | State DB: deleting IKEv2 state #1 in IKESA_DEL Sep 21 07:25:32.579522: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Sep 21 07:25:32.579539: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:32.579553: | in statetime_stop() and could not find #1 Sep 21 07:25:32.579557: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:32.579562: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Sep 21 07:25:32.579564: | STF_OK but no state object remains Sep 21 07:25:32.579567: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:32.579570: | in statetime_stop() and could not find #1 Sep 21 07:25:32.579574: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:32.579577: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:32.579580: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:32.579585: | spent 0.546 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:32.579593: | processing resume sending helper answer for #3 Sep 21 07:25:32.579597: | crypto helper 4 replies to request ID 3 Sep 21 07:25:32.579599: | calling continuation function 0x55fa0b36c630 Sep 21 07:25:32.579602: | work-order 3 state #3 crypto result suppressed Sep 21 07:25:32.579614: | (#3) spent 0.0164 milliseconds in resume sending helper answer Sep 21 07:25:32.579617: | libevent_free: release ptr-libevent@0x7f31cc006900 Sep 21 07:25:32.579620: | processing signal PLUTO_SIGCHLD Sep 21 07:25:32.579625: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:32.579631: | spent 0.00717 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:32.579637: | processing global timer EVENT_REVIVE_CONNS Sep 21 07:25:32.579641: Initiating connection westnet-eastnet-ipv4-psk-ikev2 which received a Delete/Notify but must remain up per local policy Sep 21 07:25:32.579644: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:32.579648: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in initiate_a_connection() at initiate.c:186) Sep 21 07:25:32.579651: | connection 'westnet-eastnet-ipv4-psk-ikev2' +POLICY_UP Sep 21 07:25:32.579654: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Sep 21 07:25:32.579657: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:32.579662: | creating state object #4 at 0x55fa0bcf86d0 Sep 21 07:25:32.579664: | State DB: adding IKEv2 state #4 in UNDEFINED Sep 21 07:25:32.579671: | pstats #4 ikev2.ike started Sep 21 07:25:32.579674: | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:25:32.579677: | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:25:32.579683: | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:32.579688: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:25:32.579693: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:25:32.579696: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:25:32.579700: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" IKE SA #4 "westnet-eastnet-ipv4-psk-ikev2" Sep 21 07:25:32.579704: "westnet-eastnet-ipv4-psk-ikev2" #4: initiating v2 parent SA Sep 21 07:25:32.579721: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:32.579727: | adding ikev2_outI1 KE work-order 4 for state #4 Sep 21 07:25:32.579731: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f31cc002b20 Sep 21 07:25:32.579734: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Sep 21 07:25:32.579738: | libevent_malloc: new ptr-libevent@0x7f31cc006900 size 128 Sep 21 07:25:32.579748: | #4 spent 0.0998 milliseconds in ikev2_parent_outI1() Sep 21 07:25:32.579754: | RESET processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:32.579753: | crypto helper 0 resuming Sep 21 07:25:32.579760: | RESET processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:32.579770: | crypto helper 0 starting work-order 4 for state #4 Sep 21 07:25:32.579775: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:25:32.579781: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 4 Sep 21 07:25:32.579792: | spent 0.138 milliseconds in global timer EVENT_REVIVE_CONNS Sep 21 07:25:32.580692: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 4 time elapsed 0.00091 seconds Sep 21 07:25:32.580703: | (#4) spent 0.914 milliseconds in crypto helper computing work-order 4: ikev2_outI1 KE (pcr) Sep 21 07:25:32.580710: | crypto helper 0 sending results from work-order 4 for state #4 to event queue Sep 21 07:25:32.580713: | scheduling resume sending helper answer for #4 Sep 21 07:25:32.580717: | libevent_malloc: new ptr-libevent@0x7f31c0006900 size 128 Sep 21 07:25:32.580726: | crypto helper 0 waiting (nothing to do) Sep 21 07:25:32.580737: | processing resume sending helper answer for #4 Sep 21 07:25:32.580748: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:32.580754: | crypto helper 0 replies to request ID 4 Sep 21 07:25:32.580757: | calling continuation function 0x55fa0b36c630 Sep 21 07:25:32.580761: | ikev2_parent_outI1_continue for #4 Sep 21 07:25:32.580767: | **emit ISAKMP Message: Sep 21 07:25:32.580771: | initiator cookie: Sep 21 07:25:32.580774: | 28 11 f0 f6 bb 6a 0d e2 Sep 21 07:25:32.580776: | responder cookie: Sep 21 07:25:32.580779: | 00 00 00 00 00 00 00 00 Sep 21 07:25:32.580789: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:32.580795: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:32.580799: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:32.580802: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:32.580805: | Message ID: 0 (0x0) Sep 21 07:25:32.580809: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:32.580828: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:32.580832: | Emitting ikev2_proposals ... Sep 21 07:25:32.580835: | ***emit IKEv2 Security Association Payload: Sep 21 07:25:32.580838: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.580841: | flags: none (0x0) Sep 21 07:25:32.580845: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:32.580849: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:32.580852: | discarding INTEG=NONE Sep 21 07:25:32.580855: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:32.580859: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:32.580861: | prop #: 1 (0x1) Sep 21 07:25:32.580864: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:32.580867: | spi size: 0 (0x0) Sep 21 07:25:32.580870: | # transforms: 11 (0xb) Sep 21 07:25:32.580874: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:32.580877: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.580880: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.580883: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:32.580886: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:32.580889: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.580893: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:32.580896: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:32.580899: | length/value: 256 (0x100) Sep 21 07:25:32.580902: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:32.580905: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.580911: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.580914: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:32.580917: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:32.580921: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.580925: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.580928: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.580930: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.580933: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.580936: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:32.580939: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:32.580943: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.580946: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.580949: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.580952: | discarding INTEG=NONE Sep 21 07:25:32.580954: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.580957: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.580960: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.580963: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:32.580967: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.580970: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.580973: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.580976: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.580979: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.580982: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.580985: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:32.580988: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.580992: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.580995: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.580998: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581000: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581003: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581006: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:32.581010: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581013: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581016: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581019: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581021: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581024: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581027: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:32.581031: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581034: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581039: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581042: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581045: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581048: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581050: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:32.581054: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581057: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581060: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581063: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581066: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581069: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581072: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:32.581075: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581079: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581082: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581085: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581087: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581090: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581093: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:32.581097: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581100: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581103: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581106: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581109: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:32.581112: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581115: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:32.581118: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581122: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581125: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581128: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:25:32.581131: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:32.581133: | discarding INTEG=NONE Sep 21 07:25:32.581136: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:32.581139: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:32.581142: | prop #: 2 (0x2) Sep 21 07:25:32.581145: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:32.581148: | spi size: 0 (0x0) Sep 21 07:25:32.581151: | # transforms: 11 (0xb) Sep 21 07:25:32.581154: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:32.581158: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:32.581161: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581165: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581168: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:32.581171: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:32.581175: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581178: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:32.581181: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:32.581183: | length/value: 128 (0x80) Sep 21 07:25:32.581185: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:32.581188: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581190: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581192: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:32.581194: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:32.581196: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581199: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581201: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581203: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581205: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581207: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:32.581209: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:32.581212: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581214: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581216: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581218: | discarding INTEG=NONE Sep 21 07:25:32.581220: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581223: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581226: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581229: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:32.581232: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581235: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581238: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581241: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581244: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581246: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581249: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:32.581252: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581254: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581257: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581259: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581261: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581264: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581266: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:32.581269: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581271: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581276: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581278: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581280: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581282: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581285: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:32.581288: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581290: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581293: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581295: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581298: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581300: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581303: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:32.581305: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581307: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581308: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581310: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581312: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581314: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581316: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:32.581319: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581321: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581324: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581326: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581328: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581330: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581332: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:32.581335: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581337: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581340: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581342: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581344: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:32.581346: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581348: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:32.581351: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581353: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581356: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581358: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:25:32.581361: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:32.581363: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:32.581366: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:32.581370: | prop #: 3 (0x3) Sep 21 07:25:32.581372: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:32.581375: | spi size: 0 (0x0) Sep 21 07:25:32.581377: | # transforms: 13 (0xd) Sep 21 07:25:32.581380: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:32.581383: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:32.581385: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581387: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581390: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:32.581392: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:32.581395: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581397: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:32.581400: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:32.581402: | length/value: 256 (0x100) Sep 21 07:25:32.581404: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:32.581406: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581407: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581409: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:32.581410: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:32.581412: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581414: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581415: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581417: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581418: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581420: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:32.581421: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:32.581423: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581425: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581426: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581428: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581429: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581431: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:32.581432: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:32.581434: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581435: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581437: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581438: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581440: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581441: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:32.581443: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:32.581445: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581446: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581448: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581451: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581453: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581454: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581456: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:32.581457: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581459: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581461: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581462: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581464: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581465: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581466: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:32.581468: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581470: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581471: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581473: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581474: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581476: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581477: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:32.581479: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581481: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581482: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581484: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581485: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581487: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581488: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:32.581490: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581491: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581493: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581494: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581496: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581497: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581499: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:32.581500: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581502: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581504: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581505: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581507: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581508: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581509: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:32.581511: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581516: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581518: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581519: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581520: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581522: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581523: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:32.581525: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581527: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581528: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581530: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581531: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:32.581533: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581534: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:32.581536: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581538: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581539: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581541: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:25:32.581542: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:32.581544: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:32.581545: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:32.581547: | prop #: 4 (0x4) Sep 21 07:25:32.581548: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:32.581550: | spi size: 0 (0x0) Sep 21 07:25:32.581551: | # transforms: 13 (0xd) Sep 21 07:25:32.581553: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:32.581555: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:32.581556: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581558: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581559: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:32.581561: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:32.581562: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581564: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:32.581565: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:32.581567: | length/value: 128 (0x80) Sep 21 07:25:32.581568: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:32.581570: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581571: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581573: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:32.581574: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:32.581576: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581578: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581579: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581581: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581583: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581584: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:32.581586: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:32.581588: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581589: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581591: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581592: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581594: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581595: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:32.581597: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:32.581598: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581600: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581602: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581603: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581605: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581606: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:32.581607: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:32.581609: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581611: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581612: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581614: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581615: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581617: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581618: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:32.581620: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581622: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581623: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581625: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581626: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581628: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581629: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:32.581631: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581632: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581634: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581635: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581637: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581638: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581640: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:32.581642: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581643: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581646: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581648: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581649: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581650: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581652: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:32.581654: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581655: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581657: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581659: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581661: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581663: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581666: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:32.581669: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581671: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581674: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581676: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581678: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581680: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581683: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:32.581686: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581688: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581691: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581694: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581696: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581698: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581699: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:32.581701: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581703: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581704: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581706: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.581708: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:32.581710: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.581712: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:32.581713: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.581715: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.581717: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.581718: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:25:32.581720: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:32.581723: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:25:32.581725: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:32.581730: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:25:32.581732: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.581733: | flags: none (0x0) Sep 21 07:25:32.581735: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:32.581737: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:25:32.581739: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:25:32.581741: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:25:32.581743: | ikev2 g^x ac 54 14 4d 7a aa 97 0c df 0d eb 45 91 1b 37 94 Sep 21 07:25:32.581745: | ikev2 g^x 62 6c 04 47 38 42 6c 8f 64 35 9e 73 78 6d 2b d8 Sep 21 07:25:32.581746: | ikev2 g^x 23 7b 00 c5 72 14 17 53 cb 6c 48 d5 c4 fd 84 5c Sep 21 07:25:32.581747: | ikev2 g^x 72 12 19 a3 d8 71 85 a2 ad a1 59 61 46 75 83 b7 Sep 21 07:25:32.581749: | ikev2 g^x d6 a9 10 aa a1 a8 79 d5 84 02 ee 38 61 b5 4f bb Sep 21 07:25:32.581750: | ikev2 g^x 06 2a 44 c1 7c ee 31 76 0c 36 01 63 dc 83 cd 6a Sep 21 07:25:32.581752: | ikev2 g^x a9 54 7c 44 1c 27 04 dc 0b e8 ad a7 ca 04 c7 54 Sep 21 07:25:32.581753: | ikev2 g^x 30 8e df 15 f5 cc 1a 91 3c 2b 74 46 9e 5e 1d f5 Sep 21 07:25:32.581754: | ikev2 g^x 84 1c 8f 52 f2 e8 05 43 d8 ee 1b 95 98 5b da 03 Sep 21 07:25:32.581756: | ikev2 g^x 4e e5 0a 47 e1 7f 37 f5 e0 f8 b3 ec 8f 34 e2 f2 Sep 21 07:25:32.581757: | ikev2 g^x 0d b7 e9 78 74 d5 b0 b6 a8 0b 43 b2 44 d9 04 91 Sep 21 07:25:32.581759: | ikev2 g^x e1 38 1e 62 7e e6 44 95 7d 19 57 97 14 5a 5b ce Sep 21 07:25:32.581760: | ikev2 g^x 41 e8 41 1c e1 bd 6c e5 ba 25 22 a5 dd 50 47 b2 Sep 21 07:25:32.581761: | ikev2 g^x 5a 41 a0 d1 ce ba 29 4f c6 15 37 de b4 79 e2 3b Sep 21 07:25:32.581763: | ikev2 g^x 42 81 3c fb f1 15 31 ca 5a 45 80 9e 2c 71 2d a6 Sep 21 07:25:32.581764: | ikev2 g^x fc 10 73 c2 9c d2 6c cd 80 03 ec 7a 43 53 0e bc Sep 21 07:25:32.581766: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:25:32.581767: | ***emit IKEv2 Nonce Payload: Sep 21 07:25:32.581769: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:32.581770: | flags: none (0x0) Sep 21 07:25:32.581772: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:25:32.581774: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:25:32.581776: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:25:32.581778: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:25:32.581779: | IKEv2 nonce 6f c5 83 a4 d8 69 a3 4e 13 35 6d 84 af 7e 3d e3 Sep 21 07:25:32.581781: | IKEv2 nonce 0b 6f 69 ff c9 ca a7 00 3a 88 30 7a fa 8d 89 75 Sep 21 07:25:32.581782: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:25:32.581791: | Adding a v2N Payload Sep 21 07:25:32.581794: | ***emit IKEv2 Notify Payload: Sep 21 07:25:32.581796: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.581798: | flags: none (0x0) Sep 21 07:25:32.581801: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:32.581803: | SPI size: 0 (0x0) Sep 21 07:25:32.581805: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:32.581808: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:32.581810: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:32.581813: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:25:32.581815: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:25:32.581818: | natd_hash: rcookie is zero Sep 21 07:25:32.581828: | natd_hash: hasher=0x55fa0b4427a0(20) Sep 21 07:25:32.581832: | natd_hash: icookie= 28 11 f0 f6 bb 6a 0d e2 Sep 21 07:25:32.581833: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:32.581835: | natd_hash: ip= c0 01 02 2d Sep 21 07:25:32.581836: | natd_hash: port= 01 f4 Sep 21 07:25:32.581838: | natd_hash: hash= 31 7f e3 32 0d 50 91 eb 53 c9 18 2c 99 15 32 0d Sep 21 07:25:32.581839: | natd_hash: hash= 8b b1 49 53 Sep 21 07:25:32.581841: | Adding a v2N Payload Sep 21 07:25:32.581842: | ***emit IKEv2 Notify Payload: Sep 21 07:25:32.581844: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.581845: | flags: none (0x0) Sep 21 07:25:32.581847: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:32.581848: | SPI size: 0 (0x0) Sep 21 07:25:32.581850: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:32.581852: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:32.581853: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:32.581855: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:32.581857: | Notify data 31 7f e3 32 0d 50 91 eb 53 c9 18 2c 99 15 32 0d Sep 21 07:25:32.581858: | Notify data 8b b1 49 53 Sep 21 07:25:32.581860: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:32.581861: | natd_hash: rcookie is zero Sep 21 07:25:32.581865: | natd_hash: hasher=0x55fa0b4427a0(20) Sep 21 07:25:32.581866: | natd_hash: icookie= 28 11 f0 f6 bb 6a 0d e2 Sep 21 07:25:32.581868: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:32.581869: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:32.581871: | natd_hash: port= 01 f4 Sep 21 07:25:32.581872: | natd_hash: hash= ad 16 7e 27 be 79 f3 a6 95 69 49 8f d7 5f e6 2f Sep 21 07:25:32.581873: | natd_hash: hash= 6a 82 3c f2 Sep 21 07:25:32.581875: | Adding a v2N Payload Sep 21 07:25:32.581876: | ***emit IKEv2 Notify Payload: Sep 21 07:25:32.581878: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.581879: | flags: none (0x0) Sep 21 07:25:32.581881: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:32.581882: | SPI size: 0 (0x0) Sep 21 07:25:32.581884: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:32.581885: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:32.581887: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:32.581889: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:32.581890: | Notify data ad 16 7e 27 be 79 f3 a6 95 69 49 8f d7 5f e6 2f Sep 21 07:25:32.581892: | Notify data 6a 82 3c f2 Sep 21 07:25:32.581893: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:32.581895: | emitting length of ISAKMP Message: 828 Sep 21 07:25:32.581900: | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:25:32.581904: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:32.581907: | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:25:32.581909: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:25:32.581911: | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:25:32.581913: | Message ID: updating counters for #4 to 4294967295 after switching state Sep 21 07:25:32.581915: | Message ID: IKE #4 skipping update_recv as MD is fake Sep 21 07:25:32.581918: | Message ID: sent #4 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:25:32.581921: "westnet-eastnet-ipv4-psk-ikev2" #4: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:25:32.581924: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Sep 21 07:25:32.581928: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #4) Sep 21 07:25:32.581930: | 28 11 f0 f6 bb 6a 0d e2 00 00 00 00 00 00 00 00 Sep 21 07:25:32.581932: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:25:32.581933: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:25:32.581934: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:25:32.581936: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:25:32.581937: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:25:32.581939: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:25:32.581940: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:25:32.581941: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:25:32.581943: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:25:32.581944: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:25:32.581945: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:25:32.581947: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:25:32.581948: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:25:32.581950: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:25:32.581951: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:25:32.581952: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:32.581954: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:25:32.581955: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:25:32.581956: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:25:32.581958: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:25:32.581959: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:25:32.581960: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:25:32.581962: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:25:32.581963: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:25:32.581965: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:25:32.581966: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:25:32.581967: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:25:32.581969: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:25:32.581970: | 28 00 01 08 00 0e 00 00 ac 54 14 4d 7a aa 97 0c Sep 21 07:25:32.581971: | df 0d eb 45 91 1b 37 94 62 6c 04 47 38 42 6c 8f Sep 21 07:25:32.581973: | 64 35 9e 73 78 6d 2b d8 23 7b 00 c5 72 14 17 53 Sep 21 07:25:32.581974: | cb 6c 48 d5 c4 fd 84 5c 72 12 19 a3 d8 71 85 a2 Sep 21 07:25:32.581976: | ad a1 59 61 46 75 83 b7 d6 a9 10 aa a1 a8 79 d5 Sep 21 07:25:32.581977: | 84 02 ee 38 61 b5 4f bb 06 2a 44 c1 7c ee 31 76 Sep 21 07:25:32.581978: | 0c 36 01 63 dc 83 cd 6a a9 54 7c 44 1c 27 04 dc Sep 21 07:25:32.581980: | 0b e8 ad a7 ca 04 c7 54 30 8e df 15 f5 cc 1a 91 Sep 21 07:25:32.581981: | 3c 2b 74 46 9e 5e 1d f5 84 1c 8f 52 f2 e8 05 43 Sep 21 07:25:32.581982: | d8 ee 1b 95 98 5b da 03 4e e5 0a 47 e1 7f 37 f5 Sep 21 07:25:32.581984: | e0 f8 b3 ec 8f 34 e2 f2 0d b7 e9 78 74 d5 b0 b6 Sep 21 07:25:32.581985: | a8 0b 43 b2 44 d9 04 91 e1 38 1e 62 7e e6 44 95 Sep 21 07:25:32.581987: | 7d 19 57 97 14 5a 5b ce 41 e8 41 1c e1 bd 6c e5 Sep 21 07:25:32.581988: | ba 25 22 a5 dd 50 47 b2 5a 41 a0 d1 ce ba 29 4f Sep 21 07:25:32.581989: | c6 15 37 de b4 79 e2 3b 42 81 3c fb f1 15 31 ca Sep 21 07:25:32.581991: | 5a 45 80 9e 2c 71 2d a6 fc 10 73 c2 9c d2 6c cd Sep 21 07:25:32.581992: | 80 03 ec 7a 43 53 0e bc 29 00 00 24 6f c5 83 a4 Sep 21 07:25:32.581993: | d8 69 a3 4e 13 35 6d 84 af 7e 3d e3 0b 6f 69 ff Sep 21 07:25:32.581995: | c9 ca a7 00 3a 88 30 7a fa 8d 89 75 29 00 00 08 Sep 21 07:25:32.581996: | 00 00 40 2e 29 00 00 1c 00 00 40 04 31 7f e3 32 Sep 21 07:25:32.581998: | 0d 50 91 eb 53 c9 18 2c 99 15 32 0d 8b b1 49 53 Sep 21 07:25:32.582000: | 00 00 00 1c 00 00 40 05 ad 16 7e 27 be 79 f3 a6 Sep 21 07:25:32.582001: | 95 69 49 8f d7 5f e6 2f 6a 82 3c f2 Sep 21 07:25:32.582027: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:32.582030: | libevent_free: release ptr-libevent@0x7f31cc006900 Sep 21 07:25:32.582032: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f31cc002b20 Sep 21 07:25:32.582033: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:25:32.582035: "westnet-eastnet-ipv4-psk-ikev2" #4: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:25:32.582038: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f31cc002b20 Sep 21 07:25:32.582040: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #4 Sep 21 07:25:32.582042: | libevent_malloc: new ptr-libevent@0x7f31cc006900 size 128 Sep 21 07:25:32.582045: | #4 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49378.950302 Sep 21 07:25:32.582048: | resume sending helper answer for #4 suppresed complete_v2_state_transition() and stole MD Sep 21 07:25:32.582051: | #4 spent 1.28 milliseconds in resume sending helper answer Sep 21 07:25:32.582055: | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:32.582057: | libevent_free: release ptr-libevent@0x7f31c0006900 Sep 21 07:25:33.302259: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:33.302277: shutting down Sep 21 07:25:33.302285: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:25:33.302293: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:25:33.302305: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:33.302310: forgetting secrets Sep 21 07:25:33.302314: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:33.302319: | start processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in delete_connection() at connections.c:189) Sep 21 07:25:33.302324: | removing pending policy for no connection {0x55fa0bc7e490} Sep 21 07:25:33.302331: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:25:33.302334: | pass 0 Sep 21 07:25:33.302337: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:33.302341: | state #4 Sep 21 07:25:33.302347: | suspend processing: connection "westnet-eastnet-ipv4-psk-ikev2" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:25:33.302354: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:25:33.302358: | pstats #4 ikev2.ike deleted other Sep 21 07:25:33.302364: | #4 spent 2.29 milliseconds in total Sep 21 07:25:33.302367: | [RE]START processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:33.302370: "westnet-eastnet-ipv4-psk-ikev2" #4: deleting state (STATE_PARENT_I1) aged 0.722s and NOT sending notification Sep 21 07:25:33.302372: | parent state #4: PARENT_I1(half-open IKE SA) => delete Sep 21 07:25:33.302375: | state #4 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:25:33.302376: | #4 STATE_PARENT_I1: retransmits: cleared Sep 21 07:25:33.302379: | libevent_free: release ptr-libevent@0x7f31cc006900 Sep 21 07:25:33.302381: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f31cc002b20 Sep 21 07:25:33.302384: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:25:33.302386: | picked newest_isakmp_sa #0 for #4 Sep 21 07:25:33.302388: "westnet-eastnet-ipv4-psk-ikev2" #4: deleting IKE SA for connection 'westnet-eastnet-ipv4-psk-ikev2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:25:33.302391: | add revival: connection 'westnet-eastnet-ipv4-psk-ikev2' added to the list and scheduled for 5 seconds Sep 21 07:25:33.302395: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Sep 21 07:25:33.302399: | stop processing: connection "westnet-eastnet-ipv4-psk-ikev2" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:25:33.302401: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:25:33.302402: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Sep 21 07:25:33.302404: | State DB: deleting IKEv2 state #4 in PARENT_I1 Sep 21 07:25:33.302407: | parent state #4: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Sep 21 07:25:33.302422: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:33.302425: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:25:33.302427: | pass 1 Sep 21 07:25:33.302428: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:33.302433: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:25:33.302436: | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:25:33.302438: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:25:33.302486: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 0xfe7e7 Sep 21 07:25:33.302500: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:33.302504: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:33.302507: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Sep 21 07:25:33.302511: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL Sep 21 07:25:33.302514: | running updown command "ipsec _updown" for verb unroute Sep 21 07:25:33.302517: | command executing unroute-client Sep 21 07:25:33.302550: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='192.1.2.45' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VT Sep 21 07:25:33.302555: | popen cmd is 1046 chars long Sep 21 07:25:33.302558: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Sep 21 07:25:33.302561: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='1: Sep 21 07:25:33.302565: | cmd( 160):92.1.2.45' PLUTO_MY_ID='192.1.2.45' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIE: Sep 21 07:25:33.302568: | cmd( 240):NT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_: Sep 21 07:25:33.302571: | cmd( 320):MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.: Sep 21 07:25:33.302574: | cmd( 400):23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET: Sep 21 07:25:33.302577: | cmd( 480):='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PE: Sep 21 07:25:33.302580: | cmd( 560):ER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CO: Sep 21 07:25:33.302583: | cmd( 640):NN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_: Sep 21 07:25:33.302588: | cmd( 720):NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 P: Sep 21 07:25:33.302592: | cmd( 800):LUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PE: Sep 21 07:25:33.302595: | cmd( 880):ER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' V: Sep 21 07:25:33.302597: | cmd( 960):TI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updow: Sep 21 07:25:33.302598: | cmd(1040):n 2>&1: Sep 21 07:25:33.312397: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.312415: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.312418: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.312421: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.312430: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.312439: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.312450: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.312459: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.312468: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.312478: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.312486: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.312498: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.312507: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.312517: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.312526: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.312536: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.312546: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.312556: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.312566: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.312575: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.312919: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.312928: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.312938: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.312947: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.312956: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.312965: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.312976: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.312985: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.312994: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313003: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313013: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313023: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313032: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313041: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313050: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313059: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313070: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313079: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313088: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313097: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313106: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313117: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313127: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313136: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313145: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313154: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313164: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313174: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313182: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313191: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313201: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313210: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313220: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313229: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313238: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313247: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313258: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313268: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313277: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313287: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313296: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313307: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313316: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313325: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313334: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313345: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313355: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313365: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313374: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313383: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313392: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313404: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313413: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313422: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313432: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313441: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313450: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313460: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313470: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313480: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313489: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313500: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313509: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313519: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313529: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313538: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313550: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313559: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313569: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313578: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313587: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313597: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313606: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313615: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313624: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313632: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313642: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313653: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313661: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.313670: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:33.318134: | free hp@0x55fa0bcb9a10 Sep 21 07:25:33.318147: | flush revival: connection 'westnet-eastnet-ipv4-psk-ikev2' revival flushed Sep 21 07:25:33.318152: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:25:33.318162: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:25:33.318165: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:25:33.318175: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:25:33.318179: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:25:33.318182: shutting down interface eth0/eth0 192.0.1.254:4500 Sep 21 07:25:33.318185: shutting down interface eth0/eth0 192.0.1.254:500 Sep 21 07:25:33.318189: shutting down interface eth1/eth1 192.1.2.45:4500 Sep 21 07:25:33.318192: shutting down interface eth1/eth1 192.1.2.45:500 Sep 21 07:25:33.318196: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:25:33.318205: | libevent_free: release ptr-libevent@0x55fa0bced080 Sep 21 07:25:33.318209: | free_event_entry: release EVENT_NULL-pe@0x55fa0bcd6280 Sep 21 07:25:33.318219: | libevent_free: release ptr-libevent@0x55fa0bced170 Sep 21 07:25:33.318222: | free_event_entry: release EVENT_NULL-pe@0x55fa0bced130 Sep 21 07:25:33.318229: | libevent_free: release ptr-libevent@0x55fa0bced260 Sep 21 07:25:33.318232: | free_event_entry: release EVENT_NULL-pe@0x55fa0bced220 Sep 21 07:25:33.318239: | libevent_free: release ptr-libevent@0x55fa0bced350 Sep 21 07:25:33.318241: | free_event_entry: release EVENT_NULL-pe@0x55fa0bced310 Sep 21 07:25:33.318248: | libevent_free: release ptr-libevent@0x55fa0bced440 Sep 21 07:25:33.318250: | free_event_entry: release EVENT_NULL-pe@0x55fa0bced400 Sep 21 07:25:33.318256: | libevent_free: release ptr-libevent@0x55fa0bced530 Sep 21 07:25:33.318259: | free_event_entry: release EVENT_NULL-pe@0x55fa0bced4f0 Sep 21 07:25:33.318264: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:25:33.318685: | libevent_free: release ptr-libevent@0x55fa0bcec9e0 Sep 21 07:25:33.318691: | free_event_entry: release EVENT_NULL-pe@0x55fa0bcd5500 Sep 21 07:25:33.318696: | libevent_free: release ptr-libevent@0x55fa0bce2470 Sep 21 07:25:33.318698: | free_event_entry: release EVENT_NULL-pe@0x55fa0bcd57b0 Sep 21 07:25:33.318702: | libevent_free: release ptr-libevent@0x55fa0bce23e0 Sep 21 07:25:33.318705: | free_event_entry: release EVENT_NULL-pe@0x55fa0bcdaf10 Sep 21 07:25:33.318708: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:25:33.318710: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:25:33.318712: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:25:33.318714: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:25:33.318717: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:25:33.318719: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:25:33.318720: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:25:33.318723: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:25:33.318727: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:25:33.318731: | libevent_free: release ptr-libevent@0x55fa0bcecab0 Sep 21 07:25:33.318734: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:25:33.318736: | libevent_free: release ptr-libevent@0x55fa0bcecb90 Sep 21 07:25:33.318738: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:25:33.318741: | libevent_free: release ptr-libevent@0x55fa0bcecc50 Sep 21 07:25:33.318743: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:25:33.318745: | libevent_free: release ptr-libevent@0x55fa0bce16e0 Sep 21 07:25:33.318747: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:25:33.318749: | releasing event base Sep 21 07:25:33.318761: | libevent_free: release ptr-libevent@0x55fa0bcecd10 Sep 21 07:25:33.318764: | libevent_free: release ptr-libevent@0x55fa0bcc2250 Sep 21 07:25:33.318768: | libevent_free: release ptr-libevent@0x55fa0bcd0a90 Sep 21 07:25:33.318770: | libevent_free: release ptr-libevent@0x55fa0bcd0b60 Sep 21 07:25:33.318772: | libevent_free: release ptr-libevent@0x55fa0bcd0ab0 Sep 21 07:25:33.318775: | libevent_free: release ptr-libevent@0x55fa0bceca70 Sep 21 07:25:33.318777: | libevent_free: release ptr-libevent@0x55fa0bcecb50 Sep 21 07:25:33.318779: | libevent_free: release ptr-libevent@0x55fa0bcd0b40 Sep 21 07:25:33.318781: | libevent_free: release ptr-libevent@0x55fa0bcd0ca0 Sep 21 07:25:33.318792: | libevent_free: release ptr-libevent@0x55fa0bcd5700 Sep 21 07:25:33.318795: | libevent_free: release ptr-libevent@0x55fa0bced5c0 Sep 21 07:25:33.318797: | libevent_free: release ptr-libevent@0x55fa0bced4d0 Sep 21 07:25:33.318799: | libevent_free: release ptr-libevent@0x55fa0bced3e0 Sep 21 07:25:33.318802: | libevent_free: release ptr-libevent@0x55fa0bced2f0 Sep 21 07:25:33.318804: | libevent_free: release ptr-libevent@0x55fa0bced200 Sep 21 07:25:33.318806: | libevent_free: release ptr-libevent@0x55fa0bced110 Sep 21 07:25:33.318809: | libevent_free: release ptr-libevent@0x55fa0bc54370 Sep 21 07:25:33.318811: | libevent_free: release ptr-libevent@0x55fa0bcecc30 Sep 21 07:25:33.318813: | libevent_free: release ptr-libevent@0x55fa0bcecb70 Sep 21 07:25:33.318816: | libevent_free: release ptr-libevent@0x55fa0bceca90 Sep 21 07:25:33.318818: | libevent_free: release ptr-libevent@0x55fa0bceccf0 Sep 21 07:25:33.318820: | libevent_free: release ptr-libevent@0x55fa0bc525b0 Sep 21 07:25:33.318823: | libevent_free: release ptr-libevent@0x55fa0bcd0ad0 Sep 21 07:25:33.318826: | libevent_free: release ptr-libevent@0x55fa0bcd0b00 Sep 21 07:25:33.318841: | libevent_free: release ptr-libevent@0x55fa0bcd07f0 Sep 21 07:25:33.318843: | releasing global libevent data Sep 21 07:25:33.318846: | libevent_free: release ptr-libevent@0x55fa0bccf4e0 Sep 21 07:25:33.318848: | libevent_free: release ptr-libevent@0x55fa0bcd0790 Sep 21 07:25:33.318851: | libevent_free: release ptr-libevent@0x55fa0bcd07c0