Sep 21 07:25:35.210306: FIPS Product: YES Sep 21 07:25:35.210340: FIPS Kernel: NO Sep 21 07:25:35.210344: FIPS Mode: NO Sep 21 07:25:35.210346: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:25:35.210504: Initializing NSS Sep 21 07:25:35.210509: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:25:35.262852: NSS initialized Sep 21 07:25:35.262867: NSS crypto library initialized Sep 21 07:25:35.262870: FIPS HMAC integrity support [enabled] Sep 21 07:25:35.262872: FIPS mode disabled for pluto daemon Sep 21 07:25:35.327264: FIPS HMAC integrity verification self-test FAILED Sep 21 07:25:35.327365: libcap-ng support [enabled] Sep 21 07:25:35.327375: Linux audit support [enabled] Sep 21 07:25:35.327401: Linux audit activated Sep 21 07:25:35.327404: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:12714 Sep 21 07:25:35.327406: core dump dir: /tmp Sep 21 07:25:35.327407: secrets file: /etc/ipsec.secrets Sep 21 07:25:35.327408: leak-detective disabled Sep 21 07:25:35.327410: NSS crypto [enabled] Sep 21 07:25:35.327411: XAUTH PAM support [enabled] Sep 21 07:25:35.327467: | libevent is using pluto's memory allocator Sep 21 07:25:35.327474: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:25:35.327484: | libevent_malloc: new ptr-libevent@0x55ed0ff14300 size 40 Sep 21 07:25:35.327487: | libevent_malloc: new ptr-libevent@0x55ed0ff155b0 size 40 Sep 21 07:25:35.327489: | libevent_malloc: new ptr-libevent@0x55ed0ff155e0 size 40 Sep 21 07:25:35.327490: | creating event base Sep 21 07:25:35.327492: | libevent_malloc: new ptr-libevent@0x55ed0ff15570 size 56 Sep 21 07:25:35.327494: | libevent_malloc: new ptr-libevent@0x55ed0ff15610 size 664 Sep 21 07:25:35.327503: | libevent_malloc: new ptr-libevent@0x55ed0ff158b0 size 24 Sep 21 07:25:35.327506: | libevent_malloc: new ptr-libevent@0x55ed0ff07020 size 384 Sep 21 07:25:35.327513: | libevent_malloc: new ptr-libevent@0x55ed0ff158d0 size 16 Sep 21 07:25:35.327514: | libevent_malloc: new ptr-libevent@0x55ed0ff158f0 size 40 Sep 21 07:25:35.327516: | libevent_malloc: new ptr-libevent@0x55ed0ff15920 size 48 Sep 21 07:25:35.327521: | libevent_realloc: new ptr-libevent@0x55ed0fe97370 size 256 Sep 21 07:25:35.327523: | libevent_malloc: new ptr-libevent@0x55ed0ff15960 size 16 Sep 21 07:25:35.327527: | libevent_free: release ptr-libevent@0x55ed0ff15570 Sep 21 07:25:35.327531: | libevent initialized Sep 21 07:25:35.327534: | libevent_realloc: new ptr-libevent@0x55ed0ff15980 size 64 Sep 21 07:25:35.327537: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:25:35.327551: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:25:35.327554: NAT-Traversal support [enabled] Sep 21 07:25:35.327557: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:25:35.327563: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:25:35.327570: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:25:35.327603: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:25:35.327605: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:25:35.327607: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:25:35.327642: Encryption algorithms: Sep 21 07:25:35.327649: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:25:35.327652: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:25:35.327654: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:25:35.327656: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:25:35.327658: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:25:35.327666: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:25:35.327669: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:25:35.327671: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:25:35.327673: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:25:35.327675: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:25:35.327677: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:25:35.327679: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:25:35.327681: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:25:35.327684: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:25:35.327686: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:25:35.327687: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:25:35.327690: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:25:35.327695: Hash algorithms: Sep 21 07:25:35.327697: MD5 IKEv1: IKE IKEv2: Sep 21 07:25:35.327698: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:25:35.327700: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:25:35.327702: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:25:35.327704: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:25:35.327712: PRF algorithms: Sep 21 07:25:35.327714: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:25:35.327716: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:25:35.327718: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:25:35.327720: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:25:35.327722: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:25:35.327724: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:25:35.327739: Integrity algorithms: Sep 21 07:25:35.327741: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:25:35.327743: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:25:35.327745: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:25:35.327748: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:25:35.327750: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:25:35.327752: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:25:35.327754: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:25:35.327756: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:25:35.327758: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:25:35.327765: DH algorithms: Sep 21 07:25:35.327767: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:25:35.327769: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:25:35.327771: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:25:35.327774: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:25:35.327776: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:25:35.327778: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:25:35.327779: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:25:35.327781: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:25:35.327790: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:25:35.327796: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:25:35.327798: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:25:35.327800: testing CAMELLIA_CBC: Sep 21 07:25:35.327803: Camellia: 16 bytes with 128-bit key Sep 21 07:25:35.327902: Camellia: 16 bytes with 128-bit key Sep 21 07:25:35.327923: Camellia: 16 bytes with 256-bit key Sep 21 07:25:35.327941: Camellia: 16 bytes with 256-bit key Sep 21 07:25:35.327958: testing AES_GCM_16: Sep 21 07:25:35.327960: empty string Sep 21 07:25:35.327980: one block Sep 21 07:25:35.327997: two blocks Sep 21 07:25:35.328013: two blocks with associated data Sep 21 07:25:35.328029: testing AES_CTR: Sep 21 07:25:35.328031: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:25:35.328047: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:25:35.328064: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:25:35.328081: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:25:35.328097: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:25:35.328113: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:25:35.328131: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:25:35.328147: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:25:35.328163: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:25:35.328180: testing AES_CBC: Sep 21 07:25:35.328182: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:25:35.328198: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:25:35.328216: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:25:35.328234: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:25:35.328254: testing AES_XCBC: Sep 21 07:25:35.328256: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:25:35.328331: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:25:35.328421: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:25:35.328514: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:25:35.328608: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:25:35.328703: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:25:35.328808: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:25:35.329018: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:25:35.329113: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:25:35.329215: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:25:35.329390: testing HMAC_MD5: Sep 21 07:25:35.329394: RFC 2104: MD5_HMAC test 1 Sep 21 07:25:35.329538: RFC 2104: MD5_HMAC test 2 Sep 21 07:25:35.329679: RFC 2104: MD5_HMAC test 3 Sep 21 07:25:35.329841: 8 CPU cores online Sep 21 07:25:35.329847: starting up 7 crypto helpers Sep 21 07:25:35.329882: started thread for crypto helper 0 Sep 21 07:25:35.329902: started thread for crypto helper 1 Sep 21 07:25:35.329908: | starting up helper thread 1 Sep 21 07:25:35.329918: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:25:35.329921: | crypto helper 1 waiting (nothing to do) Sep 21 07:25:35.329932: started thread for crypto helper 2 Sep 21 07:25:35.329933: | starting up helper thread 2 Sep 21 07:25:35.329948: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:25:35.329951: | crypto helper 2 waiting (nothing to do) Sep 21 07:25:35.329956: started thread for crypto helper 3 Sep 21 07:25:35.329957: | starting up helper thread 3 Sep 21 07:25:35.329972: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:25:35.329974: | crypto helper 3 waiting (nothing to do) Sep 21 07:25:35.329977: started thread for crypto helper 4 Sep 21 07:25:35.329979: | starting up helper thread 4 Sep 21 07:25:35.329986: | starting up helper thread 0 Sep 21 07:25:35.330023: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:25:35.330006: started thread for crypto helper 5 Sep 21 07:25:35.330051: started thread for crypto helper 6 Sep 21 07:25:35.330055: | checking IKEv1 state table Sep 21 07:25:35.330064: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:35.330066: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:25:35.330069: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:35.330072: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:25:35.330075: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:25:35.330077: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:25:35.330079: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:35.330081: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:35.330084: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:25:35.330086: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:25:35.330088: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:35.330090: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:35.330093: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:25:35.330095: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:35.330097: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:35.330099: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:25:35.330102: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:25:35.330104: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:35.330107: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:35.330109: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:25:35.330111: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:25:35.330114: | -> UNDEFINED EVENT_NULL Sep 21 07:25:35.330116: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:25:35.330119: | -> UNDEFINED EVENT_NULL Sep 21 07:25:35.330121: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:35.330124: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:25:35.330126: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:35.330128: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:25:35.330131: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:25:35.330133: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:25:35.330136: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:25:35.330138: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:25:35.330141: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:25:35.330143: | -> UNDEFINED EVENT_NULL Sep 21 07:25:35.330145: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:25:35.330147: | -> UNDEFINED EVENT_NULL Sep 21 07:25:35.330150: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:25:35.330152: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:25:35.330155: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:25:35.330157: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:25:35.330160: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:25:35.330162: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:25:35.330165: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:25:35.330167: | -> UNDEFINED EVENT_NULL Sep 21 07:25:35.330169: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:25:35.330172: | -> UNDEFINED EVENT_NULL Sep 21 07:25:35.330174: | INFO: category: informational flags: 0: Sep 21 07:25:35.330177: | -> UNDEFINED EVENT_NULL Sep 21 07:25:35.330182: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:25:35.330185: | -> UNDEFINED EVENT_NULL Sep 21 07:25:35.330188: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:25:35.330190: | -> XAUTH_R1 EVENT_NULL Sep 21 07:25:35.330192: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:25:35.330194: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:35.330197: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:25:35.330199: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:25:35.330201: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:25:35.330204: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:25:35.330206: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:25:35.330209: | -> UNDEFINED EVENT_NULL Sep 21 07:25:35.330211: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:25:35.330213: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:35.330216: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:25:35.330218: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:25:35.330221: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:25:35.330224: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:25:35.330229: | checking IKEv2 state table Sep 21 07:25:35.330235: | PARENT_I0: category: ignore flags: 0: Sep 21 07:25:35.330238: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:25:35.330241: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:35.330243: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:25:35.330246: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:25:35.330249: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:25:35.330252: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:25:35.330255: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:25:35.330257: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:25:35.330260: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:25:35.330263: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:25:35.330266: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:25:35.330268: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:25:35.330270: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:25:35.330273: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:25:35.330275: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:25:35.330278: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:35.330281: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:25:35.330283: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:25:35.330286: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:25:35.330288: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:25:35.330291: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:25:35.330293: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:25:35.330296: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:25:35.330298: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:25:35.330300: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:25:35.330303: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:25:35.330305: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:25:35.330307: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:25:35.330309: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:25:35.330314: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:25:35.330316: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:25:35.330318: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:25:35.330320: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:25:35.330322: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:25:35.330324: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:25:35.330327: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:25:35.330329: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:25:35.330331: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:25:35.330333: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:25:35.330335: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:25:35.330337: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:25:35.330340: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:25:35.330342: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:25:35.330344: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:25:35.330346: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:25:35.330348: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:25:35.330432: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:25:35.330437: | starting up helper thread 6 Sep 21 07:25:35.330449: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:25:35.330432: | starting up helper thread 5 Sep 21 07:25:35.330026: | crypto helper 0 waiting (nothing to do) Sep 21 07:25:35.330464: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:25:35.330467: | crypto helper 5 waiting (nothing to do) Sep 21 07:25:35.330471: | crypto helper 6 waiting (nothing to do) Sep 21 07:25:35.330508: | Hard-wiring algorithms Sep 21 07:25:35.330512: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:25:35.330516: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:25:35.330519: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:25:35.330521: | adding 3DES_CBC to kernel algorithm db Sep 21 07:25:35.330524: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:25:35.330526: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:25:35.330528: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:25:35.330530: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:25:35.330533: | adding AES_CTR to kernel algorithm db Sep 21 07:25:35.330535: | adding AES_CBC to kernel algorithm db Sep 21 07:25:35.330537: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:25:35.330539: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:25:35.330542: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:25:35.330544: | adding NULL to kernel algorithm db Sep 21 07:25:35.330547: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:25:35.330549: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:25:35.330551: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:25:35.330554: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:25:35.330557: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:25:35.330560: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:25:35.330563: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:25:35.330565: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:25:35.330567: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:25:35.330569: | adding NONE to kernel algorithm db Sep 21 07:25:35.330591: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:25:35.330596: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:25:35.330602: | setup kernel fd callback Sep 21 07:25:35.330605: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55ed0ff1b020 Sep 21 07:25:35.330608: | libevent_malloc: new ptr-libevent@0x55ed0ff27140 size 128 Sep 21 07:25:35.330611: | libevent_malloc: new ptr-libevent@0x55ed0ff1a300 size 16 Sep 21 07:25:35.330617: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55ed0ff1afe0 Sep 21 07:25:35.330620: | libevent_malloc: new ptr-libevent@0x55ed0ff271d0 size 128 Sep 21 07:25:35.330622: | libevent_malloc: new ptr-libevent@0x55ed0ff1a320 size 16 Sep 21 07:25:35.330879: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:25:35.330894: selinux support is enabled. Sep 21 07:25:35.330994: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:25:35.331179: | unbound context created - setting debug level to 5 Sep 21 07:25:35.331214: | /etc/hosts lookups activated Sep 21 07:25:35.331233: | /etc/resolv.conf usage activated Sep 21 07:25:35.331284: | outgoing-port-avoid set 0-65535 Sep 21 07:25:35.331311: | outgoing-port-permit set 32768-60999 Sep 21 07:25:35.331315: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:25:35.331318: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:25:35.331322: | Setting up events, loop start Sep 21 07:25:35.331325: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55ed0ff15570 Sep 21 07:25:35.331328: | libevent_malloc: new ptr-libevent@0x55ed0ff31740 size 128 Sep 21 07:25:35.331331: | libevent_malloc: new ptr-libevent@0x55ed0ff317d0 size 16 Sep 21 07:25:35.331338: | libevent_realloc: new ptr-libevent@0x55ed0fe955b0 size 256 Sep 21 07:25:35.331341: | libevent_malloc: new ptr-libevent@0x55ed0ff317f0 size 8 Sep 21 07:25:35.331344: | libevent_realloc: new ptr-libevent@0x55ed0ff26540 size 144 Sep 21 07:25:35.331347: | libevent_malloc: new ptr-libevent@0x55ed0ff31810 size 152 Sep 21 07:25:35.331351: | libevent_malloc: new ptr-libevent@0x55ed0ff318b0 size 16 Sep 21 07:25:35.331355: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:25:35.331358: | libevent_malloc: new ptr-libevent@0x55ed0ff318d0 size 8 Sep 21 07:25:35.331361: | libevent_malloc: new ptr-libevent@0x55ed0ff318f0 size 152 Sep 21 07:25:35.331364: | signal event handler PLUTO_SIGTERM installed Sep 21 07:25:35.331367: | libevent_malloc: new ptr-libevent@0x55ed0ff31990 size 8 Sep 21 07:25:35.331369: | libevent_malloc: new ptr-libevent@0x55ed0ff319b0 size 152 Sep 21 07:25:35.331372: | signal event handler PLUTO_SIGHUP installed Sep 21 07:25:35.331375: | libevent_malloc: new ptr-libevent@0x55ed0ff31a50 size 8 Sep 21 07:25:35.331378: | libevent_realloc: release ptr-libevent@0x55ed0ff26540 Sep 21 07:25:35.331381: | libevent_realloc: new ptr-libevent@0x55ed0ff31a70 size 256 Sep 21 07:25:35.331383: | libevent_malloc: new ptr-libevent@0x55ed0ff26540 size 152 Sep 21 07:25:35.331386: | signal event handler PLUTO_SIGSYS installed Sep 21 07:25:35.331767: | created addconn helper (pid:12811) using fork+execve Sep 21 07:25:35.331782: | forked child 12811 Sep 21 07:25:35.331833: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:35.331856: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:25:35.331863: listening for IKE messages Sep 21 07:25:35.331942: | Inspecting interface lo Sep 21 07:25:35.331950: | found lo with address 127.0.0.1 Sep 21 07:25:35.331953: | Inspecting interface eth0 Sep 21 07:25:35.331958: | found eth0 with address 192.0.2.254 Sep 21 07:25:35.331960: | Inspecting interface eth1 Sep 21 07:25:35.331965: | found eth1 with address 192.1.2.23 Sep 21 07:25:35.332039: Kernel supports NIC esp-hw-offload Sep 21 07:25:35.332074: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Sep 21 07:25:35.332099: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:35.332105: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:35.332109: adding interface eth1/eth1 192.1.2.23:4500 Sep 21 07:25:35.332141: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Sep 21 07:25:35.332162: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:35.332166: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:35.332170: adding interface eth0/eth0 192.0.2.254:4500 Sep 21 07:25:35.332194: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:25:35.332215: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:35.332219: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:35.332222: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:25:35.332289: | no interfaces to sort Sep 21 07:25:35.332294: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:25:35.332303: | add_fd_read_event_handler: new ethX-pe@0x55ed0ff31de0 Sep 21 07:25:35.332306: | libevent_malloc: new ptr-libevent@0x55ed0ff31e20 size 128 Sep 21 07:25:35.332309: | libevent_malloc: new ptr-libevent@0x55ed0ff31eb0 size 16 Sep 21 07:25:35.332318: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:25:35.332321: | add_fd_read_event_handler: new ethX-pe@0x55ed0ff31ed0 Sep 21 07:25:35.332323: | libevent_malloc: new ptr-libevent@0x55ed0ff31f10 size 128 Sep 21 07:25:35.332326: | libevent_malloc: new ptr-libevent@0x55ed0ff31fa0 size 16 Sep 21 07:25:35.332331: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:25:35.332333: | add_fd_read_event_handler: new ethX-pe@0x55ed0ff31fc0 Sep 21 07:25:35.332336: | libevent_malloc: new ptr-libevent@0x55ed0ff32000 size 128 Sep 21 07:25:35.332338: | libevent_malloc: new ptr-libevent@0x55ed0ff32090 size 16 Sep 21 07:25:35.332343: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Sep 21 07:25:35.332345: | add_fd_read_event_handler: new ethX-pe@0x55ed0ff320b0 Sep 21 07:25:35.332348: | libevent_malloc: new ptr-libevent@0x55ed0ff320f0 size 128 Sep 21 07:25:35.332351: | libevent_malloc: new ptr-libevent@0x55ed0ff32180 size 16 Sep 21 07:25:35.332355: | setup callback for interface eth0 192.0.2.254:500 fd 19 Sep 21 07:25:35.332358: | add_fd_read_event_handler: new ethX-pe@0x55ed0ff321a0 Sep 21 07:25:35.332360: | libevent_malloc: new ptr-libevent@0x55ed0ff321e0 size 128 Sep 21 07:25:35.332362: | libevent_malloc: new ptr-libevent@0x55ed0ff32270 size 16 Sep 21 07:25:35.332367: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:25:35.332369: | add_fd_read_event_handler: new ethX-pe@0x55ed0ff32290 Sep 21 07:25:35.332371: | libevent_malloc: new ptr-libevent@0x55ed0ff322d0 size 128 Sep 21 07:25:35.332374: | libevent_malloc: new ptr-libevent@0x55ed0ff32360 size 16 Sep 21 07:25:35.332378: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:25:35.332384: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:35.332387: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:35.332408: loading secrets from "/etc/ipsec.secrets" Sep 21 07:25:35.332428: | saving Modulus Sep 21 07:25:35.332432: | saving PublicExponent Sep 21 07:25:35.332436: | ignoring PrivateExponent Sep 21 07:25:35.332439: | ignoring Prime1 Sep 21 07:25:35.332442: | ignoring Prime2 Sep 21 07:25:35.332445: | ignoring Exponent1 Sep 21 07:25:35.332448: | ignoring Exponent2 Sep 21 07:25:35.332451: | ignoring Coefficient Sep 21 07:25:35.332454: | ignoring CKAIDNSS Sep 21 07:25:35.332499: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:35.332503: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:25:35.332507: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Sep 21 07:25:35.332515: | certs and keys locked by 'process_secret' Sep 21 07:25:35.332520: | certs and keys unlocked by 'process_secret' Sep 21 07:25:35.332526: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:25:35.332535: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:35.332542: | spent 0.715 milliseconds in whack Sep 21 07:25:35.330015: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:25:35.332567: | crypto helper 4 waiting (nothing to do) Sep 21 07:25:35.377186: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:35.377205: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:35.377208: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:35.377211: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:35.377213: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:35.377217: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:35.377224: | Added new connection north-east with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:35.377228: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:25:35.377421: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:25:35.377427: | from whack: got --esp= Sep 21 07:25:35.377469: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:25:35.377475: | counting wild cards for @north is 0 Sep 21 07:25:35.377478: | counting wild cards for @east is 0 Sep 21 07:25:35.377485: | based upon policy narrowing=yes, the connection is a template. Sep 21 07:25:35.377493: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@(nil): none Sep 21 07:25:35.377497: | new hp@0x55ed0fefe840 Sep 21 07:25:35.377502: added connection description "north-east" Sep 21 07:25:35.377513: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:35.377524: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.3.33<192.1.3.33>[@north]===192.0.3.254/32 Sep 21 07:25:35.377532: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:35.377539: | spent 0.225 milliseconds in whack Sep 21 07:25:35.377577: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:35.377586: add keyid @north Sep 21 07:25:35.377590: | add pubkey 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Sep 21 07:25:35.377592: | add pubkey 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Sep 21 07:25:35.377595: | add pubkey 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Sep 21 07:25:35.377597: | add pubkey 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Sep 21 07:25:35.377599: | add pubkey 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Sep 21 07:25:35.377602: | add pubkey f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Sep 21 07:25:35.377604: | add pubkey 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Sep 21 07:25:35.377606: | add pubkey c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Sep 21 07:25:35.377608: | add pubkey cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Sep 21 07:25:35.377611: | add pubkey 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Sep 21 07:25:35.377613: | add pubkey 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Sep 21 07:25:35.377615: | add pubkey 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Sep 21 07:25:35.377618: | add pubkey ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Sep 21 07:25:35.377620: | add pubkey 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Sep 21 07:25:35.377622: | add pubkey 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Sep 21 07:25:35.377624: | add pubkey 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Sep 21 07:25:35.377627: | add pubkey f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Sep 21 07:25:35.377634: | add pubkey c7 5e a5 99 Sep 21 07:25:35.377657: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:25:35.377660: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:25:35.377666: | keyid: *AQPl33O2P Sep 21 07:25:35.377669: | n e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab 7f ec Sep 21 07:25:35.377671: | n 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 93 9e Sep 21 07:25:35.377673: | n 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 01 03 Sep 21 07:25:35.377676: | n 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 10 84 Sep 21 07:25:35.377678: | n b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 f4 6b Sep 21 07:25:35.377680: | n 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f 25 b4 Sep 21 07:25:35.377682: | n 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e c8 16 Sep 21 07:25:35.377685: | n 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 cc 92 Sep 21 07:25:35.377687: | n 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 13 0f Sep 21 07:25:35.377689: | n 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 39 f9 Sep 21 07:25:35.377691: | n 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d 9e ca Sep 21 07:25:35.377694: | n 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 ba 64 Sep 21 07:25:35.377696: | n 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 9c 85 Sep 21 07:25:35.377698: | n 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 61 eb Sep 21 07:25:35.377700: | n 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 83 c2 Sep 21 07:25:35.377703: | n d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca f5 38 Sep 21 07:25:35.377705: | n 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 c7 5e Sep 21 07:25:35.377707: | n a5 99 Sep 21 07:25:35.377709: | e 03 Sep 21 07:25:35.377711: | CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:25:35.377714: | CKAID 88 aa 7c 5d Sep 21 07:25:35.377721: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:35.377725: | spent 0.153 milliseconds in whack Sep 21 07:25:35.377758: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:35.377766: add keyid @east Sep 21 07:25:35.377769: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Sep 21 07:25:35.377772: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Sep 21 07:25:35.377774: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Sep 21 07:25:35.377776: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Sep 21 07:25:35.377779: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Sep 21 07:25:35.377781: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Sep 21 07:25:35.377790: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Sep 21 07:25:35.377794: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Sep 21 07:25:35.377797: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Sep 21 07:25:35.377799: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Sep 21 07:25:35.377801: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Sep 21 07:25:35.377803: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Sep 21 07:25:35.377806: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Sep 21 07:25:35.377808: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Sep 21 07:25:35.377810: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Sep 21 07:25:35.377812: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Sep 21 07:25:35.377815: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Sep 21 07:25:35.377817: | add pubkey 51 51 48 ef Sep 21 07:25:35.377829: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:35.377832: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:25:35.377836: | keyid: *AQO9bJbr3 Sep 21 07:25:35.377838: | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Sep 21 07:25:35.377841: | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Sep 21 07:25:35.377846: | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Sep 21 07:25:35.377848: | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Sep 21 07:25:35.377851: | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Sep 21 07:25:35.377853: | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Sep 21 07:25:35.377855: | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Sep 21 07:25:35.377857: | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Sep 21 07:25:35.377859: | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Sep 21 07:25:35.377862: | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Sep 21 07:25:35.377864: | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Sep 21 07:25:35.377866: | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Sep 21 07:25:35.377868: | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Sep 21 07:25:35.377871: | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Sep 21 07:25:35.377873: | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Sep 21 07:25:35.377875: | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Sep 21 07:25:35.377877: | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Sep 21 07:25:35.377879: | n 48 ef Sep 21 07:25:35.377881: | e 03 Sep 21 07:25:35.377884: | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:35.377886: | CKAID 8a 82 25 f1 Sep 21 07:25:35.377894: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:35.377898: | spent 0.138 milliseconds in whack Sep 21 07:25:35.378674: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:35.378688: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:25:35.378693: listening for IKE messages Sep 21 07:25:35.384732: | Inspecting interface lo Sep 21 07:25:35.384752: | found lo with address 127.0.0.1 Sep 21 07:25:35.384756: | Inspecting interface eth0 Sep 21 07:25:35.384761: | found eth0 with address 192.0.2.254 Sep 21 07:25:35.384763: | Inspecting interface eth1 Sep 21 07:25:35.384767: | found eth1 with address 192.1.2.23 Sep 21 07:25:35.384847: | no interfaces to sort Sep 21 07:25:35.384860: | libevent_free: release ptr-libevent@0x55ed0ff31e20 Sep 21 07:25:35.384863: | free_event_entry: release EVENT_NULL-pe@0x55ed0ff31de0 Sep 21 07:25:35.384866: | add_fd_read_event_handler: new ethX-pe@0x55ed0ff31de0 Sep 21 07:25:35.384869: | libevent_malloc: new ptr-libevent@0x55ed0ff31e20 size 128 Sep 21 07:25:35.384878: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:25:35.384881: | libevent_free: release ptr-libevent@0x55ed0ff31f10 Sep 21 07:25:35.384884: | free_event_entry: release EVENT_NULL-pe@0x55ed0ff31ed0 Sep 21 07:25:35.384887: | add_fd_read_event_handler: new ethX-pe@0x55ed0ff31ed0 Sep 21 07:25:35.384889: | libevent_malloc: new ptr-libevent@0x55ed0ff31f10 size 128 Sep 21 07:25:35.384894: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:25:35.384898: | libevent_free: release ptr-libevent@0x55ed0ff32000 Sep 21 07:25:35.384900: | free_event_entry: release EVENT_NULL-pe@0x55ed0ff31fc0 Sep 21 07:25:35.384902: | add_fd_read_event_handler: new ethX-pe@0x55ed0ff31fc0 Sep 21 07:25:35.384905: | libevent_malloc: new ptr-libevent@0x55ed0ff32000 size 128 Sep 21 07:25:35.384910: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Sep 21 07:25:35.384914: | libevent_free: release ptr-libevent@0x55ed0ff320f0 Sep 21 07:25:35.384916: | free_event_entry: release EVENT_NULL-pe@0x55ed0ff320b0 Sep 21 07:25:35.384919: | add_fd_read_event_handler: new ethX-pe@0x55ed0ff320b0 Sep 21 07:25:35.384921: | libevent_malloc: new ptr-libevent@0x55ed0ff320f0 size 128 Sep 21 07:25:35.384926: | setup callback for interface eth0 192.0.2.254:500 fd 19 Sep 21 07:25:35.384930: | libevent_free: release ptr-libevent@0x55ed0ff321e0 Sep 21 07:25:35.384932: | free_event_entry: release EVENT_NULL-pe@0x55ed0ff321a0 Sep 21 07:25:35.384935: | add_fd_read_event_handler: new ethX-pe@0x55ed0ff321a0 Sep 21 07:25:35.384943: | libevent_malloc: new ptr-libevent@0x55ed0ff321e0 size 128 Sep 21 07:25:35.384948: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:25:35.384951: | libevent_free: release ptr-libevent@0x55ed0ff322d0 Sep 21 07:25:35.384954: | free_event_entry: release EVENT_NULL-pe@0x55ed0ff32290 Sep 21 07:25:35.384956: | add_fd_read_event_handler: new ethX-pe@0x55ed0ff32290 Sep 21 07:25:35.384959: | libevent_malloc: new ptr-libevent@0x55ed0ff322d0 size 128 Sep 21 07:25:35.384963: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:25:35.384967: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:35.384969: forgetting secrets Sep 21 07:25:35.384981: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:35.384997: loading secrets from "/etc/ipsec.secrets" Sep 21 07:25:35.385013: | saving Modulus Sep 21 07:25:35.385017: | saving PublicExponent Sep 21 07:25:35.385020: | ignoring PrivateExponent Sep 21 07:25:35.385023: | ignoring Prime1 Sep 21 07:25:35.385026: | ignoring Prime2 Sep 21 07:25:35.385029: | ignoring Exponent1 Sep 21 07:25:35.385032: | ignoring Exponent2 Sep 21 07:25:35.385035: | ignoring Coefficient Sep 21 07:25:35.385038: | ignoring CKAIDNSS Sep 21 07:25:35.385058: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:35.385062: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:25:35.385065: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Sep 21 07:25:35.385072: | certs and keys locked by 'process_secret' Sep 21 07:25:35.385074: | certs and keys unlocked by 'process_secret' Sep 21 07:25:35.385080: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:25:35.385089: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:35.385097: | spent 0.579 milliseconds in whack Sep 21 07:25:35.385144: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:35.385154: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:35.385159: | start processing: connection "north-east" (in whack_route_connection() at rcv_whack.c:106) Sep 21 07:25:35.385162: | could_route called for north-east (kind=CK_TEMPLATE) Sep 21 07:25:35.385165: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:35.385168: | conn north-east mark 0/00000000, 0/00000000 vs Sep 21 07:25:35.385171: | conn north-east mark 0/00000000, 0/00000000 Sep 21 07:25:35.385176: | route owner of "north-east" unrouted: NULL; eroute owner: NULL Sep 21 07:25:35.385179: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:25:35.385181: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:35.385184: | conn north-east mark 0/00000000, 0/00000000 vs Sep 21 07:25:35.385186: | conn north-east mark 0/00000000, 0/00000000 Sep 21 07:25:35.385190: | route owner of "north-east" unrouted: NULL; eroute owner: NULL Sep 21 07:25:35.385193: | route_and_eroute with c: north-east (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #0 Sep 21 07:25:35.385200: | shunt_eroute() called for connection 'north-east' to 'add' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.3.254/32:0 Sep 21 07:25:35.385205: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.3.254/32:0 Sep 21 07:25:35.385208: | priority calculation of connection "north-east" is 0xfe7df Sep 21 07:25:35.385216: | IPsec Sa SPD priority set to 1042399 Sep 21 07:25:35.385262: | priority calculation of connection "north-east" is 0xfe7df Sep 21 07:25:35.385266: | route_and_eroute: firewall_notified: true Sep 21 07:25:35.385268: | running updown command "ipsec _updown" for verb prepare Sep 21 07:25:35.385271: | command executing prepare-client Sep 21 07:25:35.385299: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.254/32' PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_TEMPLATE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' Sep 21 07:25:35.385306: | popen cmd is 1049 chars long Sep 21 07:25:35.385310: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PL: Sep 21 07:25:35.385312: | cmd( 80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_: Sep 21 07:25:35.385315: | cmd( 160):ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_: Sep 21 07:25:35.385317: | cmd( 240):MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_: Sep 21 07:25:35.385320: | cmd( 320):REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north: Sep 21 07:25:35.385322: | cmd( 400):' PLUTO_PEER_CLIENT='192.0.3.254/32' PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_P: Sep 21 07:25:35.385325: | cmd( 480):EER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Sep 21 07:25:35.385327: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+: Sep 21 07:25:35.385330: | cmd( 640):ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+: Sep 21 07:25:35.385332: | cmd( 720):ESN_NO' PLUTO_CONN_KIND='CK_TEMPLATE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=: Sep 21 07:25:35.385335: | cmd( 800):0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO: Sep 21 07:25:35.385337: | cmd( 880):_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0: Sep 21 07:25:35.385339: | cmd( 960):' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _up: Sep 21 07:25:35.385342: | cmd(1040):down 2>&1: Sep 21 07:25:35.419041: | running updown command "ipsec _updown" for verb route Sep 21 07:25:35.419064: | command executing route-client Sep 21 07:25:35.419111: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.254/32' PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_TEMPLATE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI Sep 21 07:25:35.419116: | popen cmd is 1047 chars long Sep 21 07:25:35.419121: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUT: Sep 21 07:25:35.419124: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID: Sep 21 07:25:35.419128: | cmd( 160):='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY: Sep 21 07:25:35.419132: | cmd( 240):_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_RE: Sep 21 07:25:35.419135: | cmd( 320):QID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' : Sep 21 07:25:35.419146: | cmd( 400):PLUTO_PEER_CLIENT='192.0.3.254/32' PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_PEE: Sep 21 07:25:35.419150: | cmd( 480):R_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Sep 21 07:25:35.419153: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+EN: Sep 21 07:25:35.419157: | cmd( 640):CRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+ES: Sep 21 07:25:35.419160: | cmd( 720):N_NO' PLUTO_CONN_KIND='CK_TEMPLATE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 : Sep 21 07:25:35.419164: | cmd( 800):PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_P: Sep 21 07:25:35.419167: | cmd( 880):EER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' : Sep 21 07:25:35.419171: | cmd( 960):VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updo: Sep 21 07:25:35.419174: | cmd(1040):wn 2>&1: Sep 21 07:25:35.442455: | stop processing: connection "north-east" (in whack_route_connection() at rcv_whack.c:116) Sep 21 07:25:35.442479: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:35.442488: | spent 0.548 milliseconds in whack Sep 21 07:25:35.442502: | processing signal PLUTO_SIGCHLD Sep 21 07:25:35.442507: | waitpid returned nothing left to do (all child processes are busy) Sep 21 07:25:35.442511: | spent 0.00513 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:35.442514: | processing signal PLUTO_SIGCHLD Sep 21 07:25:35.442517: | waitpid returned nothing left to do (all child processes are busy) Sep 21 07:25:35.442521: | spent 0.00351 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:35.442969: | processing signal PLUTO_SIGCHLD Sep 21 07:25:35.442984: | waitpid returned pid 12811 (exited with status 0) Sep 21 07:25:35.442989: | reaped addconn helper child (status 0) Sep 21 07:25:35.442993: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:35.442999: | spent 0.0173 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:37.184029: | spent 0.00291 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:37.184060: | *received 828 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:25:37.184064: | d8 2e 48 1a 96 e0 84 09 00 00 00 00 00 00 00 00 Sep 21 07:25:37.184067: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:25:37.184069: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:25:37.184071: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:25:37.184074: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:25:37.184076: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:25:37.184078: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:25:37.184081: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:25:37.184083: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:25:37.184085: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:25:37.184087: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:25:37.184089: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:25:37.184092: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:25:37.184094: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:25:37.184096: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:25:37.184099: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:25:37.184101: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:37.184103: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:25:37.184106: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:25:37.184108: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:25:37.184110: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:25:37.184112: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:25:37.184119: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:25:37.184121: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:25:37.184124: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:25:37.184126: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:25:37.184128: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:25:37.184130: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:25:37.184132: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:25:37.184135: | 28 00 01 08 00 0e 00 00 b9 39 81 8c 03 90 5f 86 Sep 21 07:25:37.184138: | c3 d3 43 13 b1 e7 c1 95 93 2e 85 f6 58 b6 6f 6a Sep 21 07:25:37.184140: | cf ac 8f 28 84 d8 0a 05 27 0b 79 93 ce a1 5a 3a Sep 21 07:25:37.184142: | 70 27 b7 33 e3 91 4f 3a 39 05 9f b1 9b 2c a4 12 Sep 21 07:25:37.184144: | 1b 18 ac f0 2f c9 9c d0 fa 5d b8 ae b6 42 c3 b7 Sep 21 07:25:37.184146: | d2 49 da ff 88 f2 f1 a8 bf e9 d9 95 0d ef 79 84 Sep 21 07:25:37.184149: | 4f db fe 01 5b f7 e2 fa ed fb 69 ca 47 70 99 a6 Sep 21 07:25:37.184151: | 97 4f 8a ce 1e e1 74 ec f1 09 0c 55 0f 76 a8 a8 Sep 21 07:25:37.184154: | fb 8e bf 9f f6 bc 50 05 ef ad 52 81 4d bb 7b c5 Sep 21 07:25:37.184156: | d0 29 48 66 71 af 25 88 ff 9c db ee 69 3d 2a 81 Sep 21 07:25:37.184158: | ca 0c 47 d0 ef 04 51 db b7 2b a4 c7 fb c8 ef 62 Sep 21 07:25:37.184160: | f1 37 3f f5 55 e6 ce ed 1c 8d 85 7e b1 4b b6 ca Sep 21 07:25:37.184162: | 24 59 5a 2e b3 1f 9b f8 6a ea 45 91 1e 14 81 34 Sep 21 07:25:37.184165: | 82 a2 da 93 0f 89 5b 58 51 f6 3a e2 3b 1a f8 8c Sep 21 07:25:37.184167: | 4f 0a 26 18 5a 73 17 0a eb 1f 18 5c 91 4c 10 34 Sep 21 07:25:37.184169: | 87 e3 1c 55 81 8b 4b a8 00 67 d4 2e 28 2e bb 35 Sep 21 07:25:37.184171: | 8e c7 ad 08 15 97 3d dd 29 00 00 24 6e 64 46 8c Sep 21 07:25:37.184173: | 48 76 d0 e7 7d 9b 79 c9 ca 39 43 db aa 0c 37 9d Sep 21 07:25:37.184175: | af 61 8d 9e 50 5b 79 7d 34 92 e6 88 29 00 00 08 Sep 21 07:25:37.184178: | 00 00 40 2e 29 00 00 1c 00 00 40 04 80 19 10 a7 Sep 21 07:25:37.184180: | 78 14 6f 22 ba 5a d6 59 fb 51 64 f0 5a 1a 1b 0e Sep 21 07:25:37.184182: | 00 00 00 1c 00 00 40 05 4d 2f b6 d6 2b 39 4f ce Sep 21 07:25:37.184184: | 8f 45 5c 15 ca 4b ac 32 79 c3 2f 84 Sep 21 07:25:37.184191: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:25:37.184195: | **parse ISAKMP Message: Sep 21 07:25:37.184198: | initiator cookie: Sep 21 07:25:37.184200: | d8 2e 48 1a 96 e0 84 09 Sep 21 07:25:37.184202: | responder cookie: Sep 21 07:25:37.184204: | 00 00 00 00 00 00 00 00 Sep 21 07:25:37.184207: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:37.184210: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:37.184213: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:37.184215: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:37.184218: | Message ID: 0 (0x0) Sep 21 07:25:37.184220: | length: 828 (0x33c) Sep 21 07:25:37.184224: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:25:37.184227: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Sep 21 07:25:37.184231: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Sep 21 07:25:37.184234: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:37.184238: | ***parse IKEv2 Security Association Payload: Sep 21 07:25:37.184240: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:25:37.184242: | flags: none (0x0) Sep 21 07:25:37.184245: | length: 436 (0x1b4) Sep 21 07:25:37.184247: | processing payload: ISAKMP_NEXT_v2SA (len=432) Sep 21 07:25:37.184250: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:25:37.184253: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:25:37.184256: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:25:37.184258: | flags: none (0x0) Sep 21 07:25:37.184260: | length: 264 (0x108) Sep 21 07:25:37.184266: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:37.184268: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:25:37.184271: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:25:37.184273: | ***parse IKEv2 Nonce Payload: Sep 21 07:25:37.184276: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:37.184278: | flags: none (0x0) Sep 21 07:25:37.184280: | length: 36 (0x24) Sep 21 07:25:37.184282: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:25:37.184285: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:37.184287: | ***parse IKEv2 Notify Payload: Sep 21 07:25:37.184290: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:37.184292: | flags: none (0x0) Sep 21 07:25:37.184295: | length: 8 (0x8) Sep 21 07:25:37.184297: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:37.184300: | SPI size: 0 (0x0) Sep 21 07:25:37.184303: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:37.184305: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:25:37.184307: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:37.184310: | ***parse IKEv2 Notify Payload: Sep 21 07:25:37.184312: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:37.184314: | flags: none (0x0) Sep 21 07:25:37.184317: | length: 28 (0x1c) Sep 21 07:25:37.184319: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:37.184322: | SPI size: 0 (0x0) Sep 21 07:25:37.184324: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:37.184326: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:25:37.184329: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:37.184331: | ***parse IKEv2 Notify Payload: Sep 21 07:25:37.184334: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.184337: | flags: none (0x0) Sep 21 07:25:37.184339: | length: 28 (0x1c) Sep 21 07:25:37.184341: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:37.184343: | SPI size: 0 (0x0) Sep 21 07:25:37.184346: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:37.184348: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:25:37.184351: | DDOS disabled and no cookie sent, continuing Sep 21 07:25:37.184356: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Sep 21 07:25:37.184362: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Sep 21 07:25:37.184365: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Sep 21 07:25:37.184369: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (north-east) Sep 21 07:25:37.184372: | find_next_host_connection returns empty Sep 21 07:25:37.184376: | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports Sep 21 07:25:37.184379: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Sep 21 07:25:37.184381: | find_next_host_connection returns empty Sep 21 07:25:37.184385: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW Sep 21 07:25:37.184390: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports Sep 21 07:25:37.184395: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Sep 21 07:25:37.184397: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:25:37.184400: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (north-east) Sep 21 07:25:37.184402: | find_next_host_connection returns north-east Sep 21 07:25:37.184405: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:25:37.184407: | find_next_host_connection returns empty Sep 21 07:25:37.184410: | local endpoint has narrowing=yes - needs instantiation Sep 21 07:25:37.184417: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Sep 21 07:25:37.184426: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@0x55ed0fefe840: north-east Sep 21 07:25:37.184432: | rw_instantiate() instantiated "north-east"[1] 192.1.3.33 for 192.1.3.33 Sep 21 07:25:37.184436: | found connection: north-east[1] 192.1.3.33 with policy RSASIG+IKEV2_ALLOW Sep 21 07:25:37.184454: | creating state object #1 at 0x55ed0ff362e0 Sep 21 07:25:37.184458: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:25:37.184465: | pstats #1 ikev2.ike started Sep 21 07:25:37.184469: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:25:37.184472: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Sep 21 07:25:37.184477: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:37.184486: | start processing: state #1 connection "north-east"[1] 192.1.3.33 from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:37.184489: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:37.184495: | [RE]START processing: state #1 connection "north-east"[1] 192.1.3.33 from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:37.184499: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:25:37.184503: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 Sep 21 07:25:37.184507: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:25:37.184510: | #1 in state PARENT_R0: processing SA_INIT request Sep 21 07:25:37.184513: | selected state microcode Respond to IKE_SA_INIT Sep 21 07:25:37.184515: | Now let's proceed with state specific processing Sep 21 07:25:37.184518: | calling processor Respond to IKE_SA_INIT Sep 21 07:25:37.184525: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:25:37.184528: | constructing local IKE proposals for north-east (IKE SA responder matching remote proposals) Sep 21 07:25:37.184536: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:37.184543: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:37.184547: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:37.184553: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:37.184557: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:37.184563: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:37.184567: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:37.184572: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:37.184585: "north-east"[1] 192.1.3.33: constructed local IKE proposals for north-east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:37.184590: | Comparing remote proposals against IKE responder 4 local proposals Sep 21 07:25:37.184594: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:37.184597: | local proposal 1 type PRF has 2 transforms Sep 21 07:25:37.184599: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:37.184602: | local proposal 1 type DH has 8 transforms Sep 21 07:25:37.184604: | local proposal 1 type ESN has 0 transforms Sep 21 07:25:37.184608: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:25:37.184610: | local proposal 2 type ENCR has 1 transforms Sep 21 07:25:37.184613: | local proposal 2 type PRF has 2 transforms Sep 21 07:25:37.184615: | local proposal 2 type INTEG has 1 transforms Sep 21 07:25:37.184617: | local proposal 2 type DH has 8 transforms Sep 21 07:25:37.184619: | local proposal 2 type ESN has 0 transforms Sep 21 07:25:37.184622: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:25:37.184625: | local proposal 3 type ENCR has 1 transforms Sep 21 07:25:37.184627: | local proposal 3 type PRF has 2 transforms Sep 21 07:25:37.184629: | local proposal 3 type INTEG has 2 transforms Sep 21 07:25:37.184632: | local proposal 3 type DH has 8 transforms Sep 21 07:25:37.184634: | local proposal 3 type ESN has 0 transforms Sep 21 07:25:37.184637: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:25:37.184640: | local proposal 4 type ENCR has 1 transforms Sep 21 07:25:37.184642: | local proposal 4 type PRF has 2 transforms Sep 21 07:25:37.184645: | local proposal 4 type INTEG has 2 transforms Sep 21 07:25:37.184647: | local proposal 4 type DH has 8 transforms Sep 21 07:25:37.184649: | local proposal 4 type ESN has 0 transforms Sep 21 07:25:37.184652: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:25:37.184654: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.184657: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:37.184660: | length: 100 (0x64) Sep 21 07:25:37.184662: | prop #: 1 (0x1) Sep 21 07:25:37.184664: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:37.184666: | spi size: 0 (0x0) Sep 21 07:25:37.184669: | # transforms: 11 (0xb) Sep 21 07:25:37.184672: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals Sep 21 07:25:37.184675: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.184677: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.184680: | length: 12 (0xc) Sep 21 07:25:37.184682: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.184684: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:37.184686: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.184689: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.184692: | length/value: 256 (0x100) Sep 21 07:25:37.184696: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:37.184699: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.184701: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.184704: | length: 8 (0x8) Sep 21 07:25:37.184706: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:37.184708: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:37.184712: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:25:37.184715: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0 Sep 21 07:25:37.184718: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0 Sep 21 07:25:37.184723: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0 Sep 21 07:25:37.184726: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.184728: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.184730: | length: 8 (0x8) Sep 21 07:25:37.184733: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:37.184735: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:37.184738: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.184740: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.184743: | length: 8 (0x8) Sep 21 07:25:37.184745: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.184747: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:37.184750: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:25:37.184754: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Sep 21 07:25:37.184757: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Sep 21 07:25:37.184760: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Sep 21 07:25:37.184763: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.184765: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.184767: | length: 8 (0x8) Sep 21 07:25:37.184770: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.184772: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:37.184775: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.184778: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.184780: | length: 8 (0x8) Sep 21 07:25:37.184786: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.184792: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:37.184795: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.184797: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.184800: | length: 8 (0x8) Sep 21 07:25:37.184802: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.184805: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:37.184807: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.184810: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.184813: | length: 8 (0x8) Sep 21 07:25:37.184815: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.184818: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:37.184820: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.184823: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.184825: | length: 8 (0x8) Sep 21 07:25:37.184828: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.184831: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:37.184833: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.184836: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.184839: | length: 8 (0x8) Sep 21 07:25:37.184841: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.184844: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:37.184846: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.184849: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.184851: | length: 8 (0x8) Sep 21 07:25:37.184853: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.184856: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:37.184860: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:25:37.184865: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:25:37.184867: | remote proposal 1 matches local proposal 1 Sep 21 07:25:37.184872: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.184874: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:37.184876: | length: 100 (0x64) Sep 21 07:25:37.184878: | prop #: 2 (0x2) Sep 21 07:25:37.184881: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:37.184883: | spi size: 0 (0x0) Sep 21 07:25:37.184885: | # transforms: 11 (0xb) Sep 21 07:25:37.184888: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:37.184891: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.184893: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.184896: | length: 12 (0xc) Sep 21 07:25:37.184898: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.184900: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:37.184903: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.184905: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.184907: | length/value: 128 (0x80) Sep 21 07:25:37.184910: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.184913: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.184915: | length: 8 (0x8) Sep 21 07:25:37.184917: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:37.184920: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:37.184922: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.184925: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.184927: | length: 8 (0x8) Sep 21 07:25:37.184929: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:37.184931: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:37.184934: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.184936: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.184939: | length: 8 (0x8) Sep 21 07:25:37.184941: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.184943: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:37.184946: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.184948: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.184950: | length: 8 (0x8) Sep 21 07:25:37.184953: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.184955: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:37.184958: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.184961: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.184963: | length: 8 (0x8) Sep 21 07:25:37.184966: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.184968: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:37.184971: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.184974: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.184976: | length: 8 (0x8) Sep 21 07:25:37.184978: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.184980: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:37.184983: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.184986: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.184988: | length: 8 (0x8) Sep 21 07:25:37.184991: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.184993: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:37.184996: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.184999: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.185001: | length: 8 (0x8) Sep 21 07:25:37.185003: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.185006: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:37.185008: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.185011: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.185013: | length: 8 (0x8) Sep 21 07:25:37.185016: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.185018: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:37.185023: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.185026: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.185028: | length: 8 (0x8) Sep 21 07:25:37.185031: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.185033: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:37.185037: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH Sep 21 07:25:37.185040: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH Sep 21 07:25:37.185043: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.185045: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:37.185048: | length: 116 (0x74) Sep 21 07:25:37.185050: | prop #: 3 (0x3) Sep 21 07:25:37.185052: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:37.185054: | spi size: 0 (0x0) Sep 21 07:25:37.185056: | # transforms: 13 (0xd) Sep 21 07:25:37.185059: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:37.185062: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.185064: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.185067: | length: 12 (0xc) Sep 21 07:25:37.185069: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.185072: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:37.185074: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.185077: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.185079: | length/value: 256 (0x100) Sep 21 07:25:37.185082: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.185084: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.185086: | length: 8 (0x8) Sep 21 07:25:37.185088: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:37.185091: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:37.185093: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.185095: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.185097: | length: 8 (0x8) Sep 21 07:25:37.185099: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:37.185101: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:37.185104: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.185106: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.185108: | length: 8 (0x8) Sep 21 07:25:37.185110: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:37.185113: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:37.185115: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.185117: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.185119: | length: 8 (0x8) Sep 21 07:25:37.185122: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:37.185124: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:37.185127: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.185129: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.185131: | length: 8 (0x8) Sep 21 07:25:37.185133: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.185135: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:37.185138: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.185140: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.185142: | length: 8 (0x8) Sep 21 07:25:37.185145: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.185147: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:37.185150: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.185152: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.185154: | length: 8 (0x8) Sep 21 07:25:37.185156: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.185158: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:37.185161: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.185165: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.185167: | length: 8 (0x8) Sep 21 07:25:37.185169: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.185172: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:37.185174: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.185177: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.185179: | length: 8 (0x8) Sep 21 07:25:37.185181: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.185183: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:37.185186: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.185188: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.185190: | length: 8 (0x8) Sep 21 07:25:37.185193: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.185195: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:37.185197: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.185200: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.185202: | length: 8 (0x8) Sep 21 07:25:37.185204: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.185207: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:37.185209: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.185212: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.185214: | length: 8 (0x8) Sep 21 07:25:37.185216: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.185219: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:37.185223: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Sep 21 07:25:37.185226: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Sep 21 07:25:37.185228: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.185231: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:37.185233: | length: 116 (0x74) Sep 21 07:25:37.185235: | prop #: 4 (0x4) Sep 21 07:25:37.185237: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:37.185240: | spi size: 0 (0x0) Sep 21 07:25:37.185242: | # transforms: 13 (0xd) Sep 21 07:25:37.185245: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:37.185248: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.185250: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.185252: | length: 12 (0xc) Sep 21 07:25:37.185255: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.185257: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:37.185260: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.185262: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.185264: | length/value: 128 (0x80) Sep 21 07:25:37.185268: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.185270: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.185272: | length: 8 (0x8) Sep 21 07:25:37.185275: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:37.185277: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:37.185280: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.185282: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.185284: | length: 8 (0x8) Sep 21 07:25:37.185286: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:37.185289: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:37.185292: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.185294: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.185296: | length: 8 (0x8) Sep 21 07:25:37.185299: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:37.185301: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:37.185304: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.185306: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.185310: | length: 8 (0x8) Sep 21 07:25:37.185312: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:37.185314: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:37.185317: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.185320: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.185322: | length: 8 (0x8) Sep 21 07:25:37.185324: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.185327: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:37.185329: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.185332: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.185334: | length: 8 (0x8) Sep 21 07:25:37.185336: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.185338: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:37.185341: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.185343: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.185346: | length: 8 (0x8) Sep 21 07:25:37.185348: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.185350: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:37.185353: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.185355: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.185358: | length: 8 (0x8) Sep 21 07:25:37.185360: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.185362: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:37.185365: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.185367: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.185370: | length: 8 (0x8) Sep 21 07:25:37.185372: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.185374: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:37.185377: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.185379: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.185382: | length: 8 (0x8) Sep 21 07:25:37.185384: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.185386: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:37.185389: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.185392: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.185394: | length: 8 (0x8) Sep 21 07:25:37.185396: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.185398: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:37.185401: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.185403: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.185406: | length: 8 (0x8) Sep 21 07:25:37.185408: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.185411: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:37.185415: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Sep 21 07:25:37.185418: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Sep 21 07:25:37.185423: "north-east"[1] 192.1.3.33 #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 Sep 21 07:25:37.185428: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 Sep 21 07:25:37.185432: | converting proposal to internal trans attrs Sep 21 07:25:37.185436: | natd_hash: rcookie is zero Sep 21 07:25:37.185448: | natd_hash: hasher=0x55ed0f0427a0(20) Sep 21 07:25:37.185451: | natd_hash: icookie= d8 2e 48 1a 96 e0 84 09 Sep 21 07:25:37.185453: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:37.185455: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:37.185457: | natd_hash: port= 01 f4 Sep 21 07:25:37.185460: | natd_hash: hash= 4d 2f b6 d6 2b 39 4f ce 8f 45 5c 15 ca 4b ac 32 Sep 21 07:25:37.185462: | natd_hash: hash= 79 c3 2f 84 Sep 21 07:25:37.185464: | natd_hash: rcookie is zero Sep 21 07:25:37.185470: | natd_hash: hasher=0x55ed0f0427a0(20) Sep 21 07:25:37.185473: | natd_hash: icookie= d8 2e 48 1a 96 e0 84 09 Sep 21 07:25:37.185475: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:37.185477: | natd_hash: ip= c0 01 03 21 Sep 21 07:25:37.185480: | natd_hash: port= 01 f4 Sep 21 07:25:37.185482: | natd_hash: hash= 80 19 10 a7 78 14 6f 22 ba 5a d6 59 fb 51 64 f0 Sep 21 07:25:37.185484: | natd_hash: hash= 5a 1a 1b 0e Sep 21 07:25:37.185487: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:25:37.185489: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:25:37.185491: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:25:37.185494: | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.33 Sep 21 07:25:37.185501: | adding ikev2_inI1outR1 KE work-order 1 for state #1 Sep 21 07:25:37.185504: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55ed0ff34e80 Sep 21 07:25:37.185508: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:25:37.185512: | libevent_malloc: new ptr-libevent@0x55ed0ff34870 size 128 Sep 21 07:25:37.185523: | #1 spent 0.997 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() Sep 21 07:25:37.185529: | crypto helper 1 resuming Sep 21 07:25:37.185531: | [RE]START processing: state #1 connection "north-east"[1] 192.1.3.33 from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:37.185540: | crypto helper 1 starting work-order 1 for state #1 Sep 21 07:25:37.185548: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Sep 21 07:25:37.185557: | crypto helper 1 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 Sep 21 07:25:37.185558: | suspending state #1 and saving MD Sep 21 07:25:37.185565: | #1 is busy; has a suspended MD Sep 21 07:25:37.185571: | [RE]START processing: state #1 connection "north-east"[1] 192.1.3.33 from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:37.185576: | "north-east"[1] 192.1.3.33 #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:37.185581: | stop processing: state #1 connection "north-east"[1] 192.1.3.33 from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:37.185586: | #1 spent 1.53 milliseconds in ikev2_process_packet() Sep 21 07:25:37.185590: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Sep 21 07:25:37.185593: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:37.185596: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:37.185599: | spent 1.55 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:37.186513: | crypto helper 1 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.000956 seconds Sep 21 07:25:37.186524: | (#1) spent 0.955 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) Sep 21 07:25:37.186528: | crypto helper 1 sending results from work-order 1 for state #1 to event queue Sep 21 07:25:37.186531: | scheduling resume sending helper answer for #1 Sep 21 07:25:37.186535: | libevent_malloc: new ptr-libevent@0x7f9dd4006900 size 128 Sep 21 07:25:37.186542: | crypto helper 1 waiting (nothing to do) Sep 21 07:25:37.186552: | processing resume sending helper answer for #1 Sep 21 07:25:37.186566: | start processing: state #1 connection "north-east"[1] 192.1.3.33 from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:25:37.186571: | crypto helper 1 replies to request ID 1 Sep 21 07:25:37.186573: | calling continuation function 0x55ed0ef6c630 Sep 21 07:25:37.186576: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 Sep 21 07:25:37.186606: | **emit ISAKMP Message: Sep 21 07:25:37.186609: | initiator cookie: Sep 21 07:25:37.186611: | d8 2e 48 1a 96 e0 84 09 Sep 21 07:25:37.186614: | responder cookie: Sep 21 07:25:37.186616: | 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:37.186619: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:37.186621: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:37.186624: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:37.186627: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:37.186629: | Message ID: 0 (0x0) Sep 21 07:25:37.186632: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:37.186635: | Emitting ikev2_proposal ... Sep 21 07:25:37.186637: | ***emit IKEv2 Security Association Payload: Sep 21 07:25:37.186640: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.186642: | flags: none (0x0) Sep 21 07:25:37.186645: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:37.186648: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.186651: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.186653: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:37.186656: | prop #: 1 (0x1) Sep 21 07:25:37.186658: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:37.186660: | spi size: 0 (0x0) Sep 21 07:25:37.186663: | # transforms: 3 (0x3) Sep 21 07:25:37.186665: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:37.186668: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.186671: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.186673: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.186675: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:37.186678: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.186681: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.186684: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.186686: | length/value: 256 (0x100) Sep 21 07:25:37.186689: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:37.186691: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.186694: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.186696: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:37.186699: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:37.186702: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.186704: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.186707: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.186710: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.186712: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.186714: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.186717: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:37.186720: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.186722: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.186726: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.186729: | emitting length of IKEv2 Proposal Substructure Payload: 36 Sep 21 07:25:37.186731: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:37.186734: | emitting length of IKEv2 Security Association Payload: 40 Sep 21 07:25:37.186737: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:37.186740: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:25:37.186742: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.186744: | flags: none (0x0) Sep 21 07:25:37.186747: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:37.186750: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:25:37.186753: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.186756: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:25:37.186759: | ikev2 g^x b4 54 21 0c 4e f3 a4 a2 2f 9b 97 74 63 62 1d de Sep 21 07:25:37.186761: | ikev2 g^x 29 60 19 41 73 d5 2b d5 ca 41 ad 6b 08 db d6 24 Sep 21 07:25:37.186763: | ikev2 g^x 0a e3 7a 7b 42 64 1a fe 5f 3b f7 4d 62 80 7f 4f Sep 21 07:25:37.186766: | ikev2 g^x 6d 80 c8 39 13 bc 65 64 22 0d 8c ca 21 48 9a 9c Sep 21 07:25:37.186768: | ikev2 g^x 3c c6 e9 a4 33 37 1c e3 0b 58 eb 28 6d f9 b9 b5 Sep 21 07:25:37.186770: | ikev2 g^x 8a f7 92 24 b7 be ca 67 88 b0 3b 52 0d 88 99 3b Sep 21 07:25:37.186772: | ikev2 g^x c9 05 0b 2b 85 c8 85 9d 51 2f 48 10 4f 76 df 62 Sep 21 07:25:37.186775: | ikev2 g^x 0d 1c d3 41 13 07 81 2b 67 7a 44 31 3a fb 7f 94 Sep 21 07:25:37.186777: | ikev2 g^x f2 33 56 7e 55 5f 74 44 0c 10 a5 90 88 a2 28 87 Sep 21 07:25:37.186779: | ikev2 g^x 75 e8 a7 de d4 bf 23 cd 51 1b 56 ab db 29 10 48 Sep 21 07:25:37.186782: | ikev2 g^x c4 f4 dc b2 68 b8 7d 6e e4 8e 9a 9a c8 6e 5d af Sep 21 07:25:37.186790: | ikev2 g^x 04 18 09 ef 27 f4 ab 8b 65 de b0 88 70 ea b3 ca Sep 21 07:25:37.186793: | ikev2 g^x 46 f0 92 a4 e9 39 81 8e 18 b8 9f e3 9d ca 8f b3 Sep 21 07:25:37.186795: | ikev2 g^x b5 8e 5e 01 7f c5 f1 9a 96 c8 d1 c7 3d 3d 8c 4f Sep 21 07:25:37.186797: | ikev2 g^x 9c cc 9e 1e b6 fb bb 0b 8c ae ff 29 43 33 0d b4 Sep 21 07:25:37.186800: | ikev2 g^x 14 f2 5a b9 e3 85 6e 56 ea c5 da a7 7c f5 14 74 Sep 21 07:25:37.186802: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:25:37.186805: | ***emit IKEv2 Nonce Payload: Sep 21 07:25:37.186808: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:37.186810: | flags: none (0x0) Sep 21 07:25:37.186813: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:25:37.186816: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:25:37.186819: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.186822: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:25:37.186824: | IKEv2 nonce c5 a5 e6 06 2c 27 b1 a5 e7 58 e6 c4 c8 ca b8 a6 Sep 21 07:25:37.186826: | IKEv2 nonce 4f a8 d3 c4 75 1e 3b 69 e1 88 a1 96 d4 4e 35 fe Sep 21 07:25:37.186829: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:25:37.186831: | Adding a v2N Payload Sep 21 07:25:37.186834: | ***emit IKEv2 Notify Payload: Sep 21 07:25:37.186836: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.186839: | flags: none (0x0) Sep 21 07:25:37.186841: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:37.186844: | SPI size: 0 (0x0) Sep 21 07:25:37.186848: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:37.186851: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:37.186853: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.186856: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:25:37.186859: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:25:37.186869: | natd_hash: hasher=0x55ed0f0427a0(20) Sep 21 07:25:37.186871: | natd_hash: icookie= d8 2e 48 1a 96 e0 84 09 Sep 21 07:25:37.186874: | natd_hash: rcookie= 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:37.186876: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:37.186878: | natd_hash: port= 01 f4 Sep 21 07:25:37.186881: | natd_hash: hash= 48 9f d3 72 1b 2a c6 ce 8f e6 37 aa 5c c3 95 85 Sep 21 07:25:37.186883: | natd_hash: hash= f8 58 78 31 Sep 21 07:25:37.186885: | Adding a v2N Payload Sep 21 07:25:37.186887: | ***emit IKEv2 Notify Payload: Sep 21 07:25:37.186890: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.186892: | flags: none (0x0) Sep 21 07:25:37.186895: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:37.186897: | SPI size: 0 (0x0) Sep 21 07:25:37.186899: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:37.186902: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:37.186905: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.186908: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:37.186910: | Notify data 48 9f d3 72 1b 2a c6 ce 8f e6 37 aa 5c c3 95 85 Sep 21 07:25:37.186913: | Notify data f8 58 78 31 Sep 21 07:25:37.186915: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:37.186921: | natd_hash: hasher=0x55ed0f0427a0(20) Sep 21 07:25:37.186924: | natd_hash: icookie= d8 2e 48 1a 96 e0 84 09 Sep 21 07:25:37.186926: | natd_hash: rcookie= 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:37.186928: | natd_hash: ip= c0 01 03 21 Sep 21 07:25:37.186930: | natd_hash: port= 01 f4 Sep 21 07:25:37.186933: | natd_hash: hash= 9a d6 3e 5a 71 8e d0 9a 10 39 b5 bb 30 be c0 7b Sep 21 07:25:37.186935: | natd_hash: hash= 8a b6 91 a2 Sep 21 07:25:37.186937: | Adding a v2N Payload Sep 21 07:25:37.186939: | ***emit IKEv2 Notify Payload: Sep 21 07:25:37.186942: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.186944: | flags: none (0x0) Sep 21 07:25:37.186947: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:37.186949: | SPI size: 0 (0x0) Sep 21 07:25:37.186951: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:37.186954: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:37.186957: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.186960: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:37.186962: | Notify data 9a d6 3e 5a 71 8e d0 9a 10 39 b5 bb 30 be c0 7b Sep 21 07:25:37.186964: | Notify data 8a b6 91 a2 Sep 21 07:25:37.186967: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:37.186969: | going to send a certreq Sep 21 07:25:37.186971: | connection->kind is not CK_PERMANENT (instance), so collect CAs Sep 21 07:25:37.186974: | Not a roadwarrior instance, sending empty CA in CERTREQ Sep 21 07:25:37.186977: | ***emit IKEv2 Certificate Request Payload: Sep 21 07:25:37.186979: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.186982: | flags: none (0x0) Sep 21 07:25:37.186984: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:25:37.186987: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Certificate Request Payload (38:ISAKMP_NEXT_v2CERTREQ) Sep 21 07:25:37.186991: | next payload chain: saving location 'IKEv2 Certificate Request Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.186994: | emitting length of IKEv2 Certificate Request Payload: 5 Sep 21 07:25:37.186996: | emitting length of ISAKMP Message: 437 Sep 21 07:25:37.187006: | [RE]START processing: state #1 connection "north-east"[1] 192.1.3.33 from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:37.187009: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Sep 21 07:25:37.187012: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 Sep 21 07:25:37.187015: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Sep 21 07:25:37.187017: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:25:37.187022: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:25:37.187027: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:37.187032: "north-east"[1] 192.1.3.33 #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:25:37.187037: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:25:37.187045: | sending 437 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:25:37.187048: | d8 2e 48 1a 96 e0 84 09 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:37.187050: | 21 20 22 20 00 00 00 00 00 00 01 b5 22 00 00 28 Sep 21 07:25:37.187052: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:25:37.187055: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:25:37.187057: | 04 00 00 0e 28 00 01 08 00 0e 00 00 b4 54 21 0c Sep 21 07:25:37.187059: | 4e f3 a4 a2 2f 9b 97 74 63 62 1d de 29 60 19 41 Sep 21 07:25:37.187061: | 73 d5 2b d5 ca 41 ad 6b 08 db d6 24 0a e3 7a 7b Sep 21 07:25:37.187064: | 42 64 1a fe 5f 3b f7 4d 62 80 7f 4f 6d 80 c8 39 Sep 21 07:25:37.187066: | 13 bc 65 64 22 0d 8c ca 21 48 9a 9c 3c c6 e9 a4 Sep 21 07:25:37.187068: | 33 37 1c e3 0b 58 eb 28 6d f9 b9 b5 8a f7 92 24 Sep 21 07:25:37.187070: | b7 be ca 67 88 b0 3b 52 0d 88 99 3b c9 05 0b 2b Sep 21 07:25:37.187072: | 85 c8 85 9d 51 2f 48 10 4f 76 df 62 0d 1c d3 41 Sep 21 07:25:37.187075: | 13 07 81 2b 67 7a 44 31 3a fb 7f 94 f2 33 56 7e Sep 21 07:25:37.187077: | 55 5f 74 44 0c 10 a5 90 88 a2 28 87 75 e8 a7 de Sep 21 07:25:37.187079: | d4 bf 23 cd 51 1b 56 ab db 29 10 48 c4 f4 dc b2 Sep 21 07:25:37.187081: | 68 b8 7d 6e e4 8e 9a 9a c8 6e 5d af 04 18 09 ef Sep 21 07:25:37.187083: | 27 f4 ab 8b 65 de b0 88 70 ea b3 ca 46 f0 92 a4 Sep 21 07:25:37.187086: | e9 39 81 8e 18 b8 9f e3 9d ca 8f b3 b5 8e 5e 01 Sep 21 07:25:37.187088: | 7f c5 f1 9a 96 c8 d1 c7 3d 3d 8c 4f 9c cc 9e 1e Sep 21 07:25:37.187090: | b6 fb bb 0b 8c ae ff 29 43 33 0d b4 14 f2 5a b9 Sep 21 07:25:37.187092: | e3 85 6e 56 ea c5 da a7 7c f5 14 74 29 00 00 24 Sep 21 07:25:37.187095: | c5 a5 e6 06 2c 27 b1 a5 e7 58 e6 c4 c8 ca b8 a6 Sep 21 07:25:37.187097: | 4f a8 d3 c4 75 1e 3b 69 e1 88 a1 96 d4 4e 35 fe Sep 21 07:25:37.187099: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:25:37.187101: | 48 9f d3 72 1b 2a c6 ce 8f e6 37 aa 5c c3 95 85 Sep 21 07:25:37.187103: | f8 58 78 31 26 00 00 1c 00 00 40 05 9a d6 3e 5a Sep 21 07:25:37.187106: | 71 8e d0 9a 10 39 b5 bb 30 be c0 7b 8a b6 91 a2 Sep 21 07:25:37.187108: | 00 00 00 05 04 Sep 21 07:25:37.187143: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:37.187147: | libevent_free: release ptr-libevent@0x55ed0ff34870 Sep 21 07:25:37.187150: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55ed0ff34e80 Sep 21 07:25:37.187153: | event_schedule: new EVENT_SO_DISCARD-pe@0x55ed0ff34e80 Sep 21 07:25:37.187159: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Sep 21 07:25:37.187162: | libevent_malloc: new ptr-libevent@0x55ed0ff34870 size 128 Sep 21 07:25:37.187165: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:25:37.187170: | #1 spent 0.577 milliseconds in resume sending helper answer Sep 21 07:25:37.187176: | stop processing: state #1 connection "north-east"[1] 192.1.3.33 from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:25:37.187179: | libevent_free: release ptr-libevent@0x7f9dd4006900 Sep 21 07:25:37.206919: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:37.206939: | *received 539 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:25:37.206943: | d8 2e 48 1a 96 e0 84 09 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:37.206946: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Sep 21 07:25:37.206948: | 00 01 00 02 b9 d5 21 1e 31 4d 00 68 54 19 52 74 Sep 21 07:25:37.206950: | b7 e9 37 c0 37 4b 2a a9 45 f5 37 1a bc 85 c0 80 Sep 21 07:25:37.206953: | c6 e0 5f 0b af 02 83 65 54 9b c1 83 8b 7a 46 c0 Sep 21 07:25:37.206955: | bd eb d5 3d 6c bd 13 26 e2 8c 90 57 c3 8c c7 57 Sep 21 07:25:37.206957: | 13 10 d8 03 d1 83 31 42 dc f7 84 6a d3 6a 51 e5 Sep 21 07:25:37.206959: | 11 83 42 87 70 6b 7c 40 f7 0e 04 1c e8 77 fd 53 Sep 21 07:25:37.206961: | 86 b7 dc eb d4 f1 7b 5e 9b 4d 25 1b 6b 2f 90 23 Sep 21 07:25:37.206964: | 43 10 6b 3d 3a 1d 4a a8 fd ca 43 51 f5 24 ce 36 Sep 21 07:25:37.206966: | 17 88 2e 41 d3 f8 ce 36 78 91 25 86 20 8f 1a a3 Sep 21 07:25:37.206968: | fc fd c8 07 31 dd e0 8f fd 5d 63 55 1e 9d 4b d4 Sep 21 07:25:37.206971: | be 1b b9 b3 29 b6 90 0c d2 48 b6 ce cb 34 86 fa Sep 21 07:25:37.206973: | 53 46 98 3e f9 47 2f d2 ca 77 dc 13 0c 1a 42 0d Sep 21 07:25:37.206975: | b3 2d bb f3 51 a4 c9 21 52 dc 3d f8 01 e9 44 fa Sep 21 07:25:37.206977: | da 67 63 cd 92 53 35 2c 59 76 17 e3 0d 1c 85 63 Sep 21 07:25:37.206979: | b7 f5 bb e4 11 81 d7 3b 54 df 38 b7 58 46 f7 d1 Sep 21 07:25:37.206981: | d1 d8 16 3b d3 98 2a 41 9b 36 59 4b a3 5f b4 a0 Sep 21 07:25:37.206984: | ce 56 a0 62 7d fc d1 d5 d6 f5 23 65 d5 57 07 e4 Sep 21 07:25:37.206986: | 5e 41 58 75 d3 4e d0 3b a1 53 72 d4 70 2d ed 5f Sep 21 07:25:37.206988: | a9 36 6a 90 5f 4f 74 c9 ad 62 96 a4 39 20 e5 b5 Sep 21 07:25:37.206990: | 43 2d 9b f2 62 7a 86 33 1c 9d 57 71 70 90 58 6c Sep 21 07:25:37.206992: | e0 8c df 7a 51 07 4d 93 27 08 22 43 1d 89 7f 4e Sep 21 07:25:37.206994: | 2c 07 bb 6d 94 e5 ee 84 11 1c c6 47 9f ea 19 fa Sep 21 07:25:37.206997: | 20 cf 1d d4 49 18 0b 8e 08 39 58 e8 61 2e 63 d1 Sep 21 07:25:37.206999: | 7e 72 8b 1d 3d 16 9a c5 5f 7d c7 91 98 1e de 40 Sep 21 07:25:37.207001: | c9 ce 68 f3 bf 70 55 4a 5c 83 bf 20 60 23 73 e1 Sep 21 07:25:37.207003: | 7d 18 d7 94 3a ea a9 1a ca 33 62 53 b3 fe a4 41 Sep 21 07:25:37.207005: | 03 77 5d 56 eb 76 43 f4 da f2 c2 df 9a 70 91 b1 Sep 21 07:25:37.207007: | fa db 0e a7 96 07 c5 e1 7e 41 86 c8 30 05 45 c7 Sep 21 07:25:37.207009: | 9c f6 a8 fb 71 6f 65 94 b9 e7 35 00 89 ee 70 e9 Sep 21 07:25:37.207010: | 5c c8 0a ab 38 1a 35 7f 07 c8 a9 32 87 da 8b ca Sep 21 07:25:37.207012: | 08 c7 b0 df a4 07 8a a3 d1 9e 77 a5 54 ae 6d 7d Sep 21 07:25:37.207014: | 39 fc 01 23 23 fe 5b ce 48 4d 8a Sep 21 07:25:37.207019: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:25:37.207023: | **parse ISAKMP Message: Sep 21 07:25:37.207025: | initiator cookie: Sep 21 07:25:37.207028: | d8 2e 48 1a 96 e0 84 09 Sep 21 07:25:37.207030: | responder cookie: Sep 21 07:25:37.207032: | 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:37.207035: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Sep 21 07:25:37.207037: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:37.207040: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:37.207043: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:37.207047: | Message ID: 1 (0x1) Sep 21 07:25:37.207050: | length: 539 (0x21b) Sep 21 07:25:37.207053: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:25:37.207057: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Sep 21 07:25:37.207061: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Sep 21 07:25:37.207069: | start processing: state #1 connection "north-east"[1] 192.1.3.33 from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:37.207072: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:37.207077: | [RE]START processing: state #1 connection "north-east"[1] 192.1.3.33 from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:37.207081: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:25:37.207086: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 Sep 21 07:25:37.207089: | unpacking clear payload Sep 21 07:25:37.207091: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Sep 21 07:25:37.207094: | ***parse IKEv2 Encrypted Fragment: Sep 21 07:25:37.207096: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:25:37.207098: | flags: none (0x0) Sep 21 07:25:37.207101: | length: 511 (0x1ff) Sep 21 07:25:37.207103: | fragment number: 1 (0x1) Sep 21 07:25:37.207105: | total fragments: 2 (0x2) Sep 21 07:25:37.207108: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Sep 21 07:25:37.207113: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:25:37.207116: | #1 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:25:37.207121: | received IKE encrypted fragment number '1', total number '2', next payload '35' Sep 21 07:25:37.207123: | updated IKE fragment state to respond using fragments without waiting for re-transmits Sep 21 07:25:37.207132: | stop processing: state #1 connection "north-east"[1] 192.1.3.33 from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:37.207139: | #1 spent 0.208 milliseconds in ikev2_process_packet() Sep 21 07:25:37.207144: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Sep 21 07:25:37.207147: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:37.207151: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:37.207155: | spent 0.226 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:37.207231: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:37.207243: | *received 102 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:25:37.207246: | d8 2e 48 1a 96 e0 84 09 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:37.207249: | 35 20 23 08 00 00 00 01 00 00 00 66 00 00 00 4a Sep 21 07:25:37.207252: | 00 02 00 02 7b 88 8f a3 8a 48 d7 54 67 8f 67 40 Sep 21 07:25:37.207254: | b3 df 6c 6f 31 81 9a cb 5a 25 55 c2 4e 02 90 5b Sep 21 07:25:37.207257: | eb 32 c1 61 6c d0 bb 90 e7 02 51 4a cb 4b 2f cf Sep 21 07:25:37.207259: | c0 ea 7d 3e 55 c4 49 79 53 ec 17 56 9a 61 85 80 Sep 21 07:25:37.207262: | 1b 7e 63 c6 41 77 Sep 21 07:25:37.207267: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:25:37.207270: | **parse ISAKMP Message: Sep 21 07:25:37.207273: | initiator cookie: Sep 21 07:25:37.207276: | d8 2e 48 1a 96 e0 84 09 Sep 21 07:25:37.207278: | responder cookie: Sep 21 07:25:37.207281: | 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:37.207284: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Sep 21 07:25:37.207287: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:37.207290: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:37.207293: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:37.207296: | Message ID: 1 (0x1) Sep 21 07:25:37.207298: | length: 102 (0x66) Sep 21 07:25:37.207304: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:25:37.207308: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Sep 21 07:25:37.207311: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Sep 21 07:25:37.207319: | start processing: state #1 connection "north-east"[1] 192.1.3.33 from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:37.207326: | [RE]START processing: state #1 connection "north-east"[1] 192.1.3.33 from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:37.207329: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:25:37.207332: | #1 is idle Sep 21 07:25:37.207334: | #1 idle Sep 21 07:25:37.207339: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:25:37.207342: | unpacking clear payload Sep 21 07:25:37.207345: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Sep 21 07:25:37.207348: | ***parse IKEv2 Encrypted Fragment: Sep 21 07:25:37.207351: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.207353: | flags: none (0x0) Sep 21 07:25:37.207356: | length: 74 (0x4a) Sep 21 07:25:37.207359: | fragment number: 2 (0x2) Sep 21 07:25:37.207361: | total fragments: 2 (0x2) Sep 21 07:25:37.207364: | processing payload: ISAKMP_NEXT_v2SKF (len=66) Sep 21 07:25:37.207367: | #1 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:25:37.207371: | received IKE encrypted fragment number '2', total number '2', next payload '0' Sep 21 07:25:37.207374: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Sep 21 07:25:37.207377: | Now let's proceed with state specific processing Sep 21 07:25:37.207380: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Sep 21 07:25:37.207383: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 Sep 21 07:25:37.207388: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:25:37.207392: | adding ikev2_inI2outR2 KE work-order 2 for state #1 Sep 21 07:25:37.207395: | state #1 requesting EVENT_SO_DISCARD to be deleted Sep 21 07:25:37.207400: | libevent_free: release ptr-libevent@0x55ed0ff34870 Sep 21 07:25:37.207403: | free_event_entry: release EVENT_SO_DISCARD-pe@0x55ed0ff34e80 Sep 21 07:25:37.207407: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55ed0ff34e80 Sep 21 07:25:37.207411: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:25:37.207415: | libevent_malloc: new ptr-libevent@0x55ed0ff34870 size 128 Sep 21 07:25:37.207427: | #1 spent 0.0415 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() Sep 21 07:25:37.207434: | [RE]START processing: state #1 connection "north-east"[1] 192.1.3.33 from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:37.207438: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND Sep 21 07:25:37.207441: | suspending state #1 and saving MD Sep 21 07:25:37.207444: | #1 is busy; has a suspended MD Sep 21 07:25:37.207450: | [RE]START processing: state #1 connection "north-east"[1] 192.1.3.33 from 192.1.3.33:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:37.207455: | "north-east"[1] 192.1.3.33 #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:37.207462: | stop processing: state #1 connection "north-east"[1] 192.1.3.33 from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:37.207466: | #1 spent 0.228 milliseconds in ikev2_process_packet() Sep 21 07:25:37.207471: | stop processing: from 192.1.3.33:500 (in process_md() at demux.c:380) Sep 21 07:25:37.207474: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:37.207477: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:37.207484: | spent 0.246 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:37.207497: | crypto helper 2 resuming Sep 21 07:25:37.207503: | crypto helper 2 starting work-order 2 for state #1 Sep 21 07:25:37.207508: | crypto helper 2 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 Sep 21 07:25:37.208379: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:25:37.208856: | crypto helper 2 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.001347 seconds Sep 21 07:25:37.208866: | (#1) spent 1.35 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr) Sep 21 07:25:37.208870: | crypto helper 2 sending results from work-order 2 for state #1 to event queue Sep 21 07:25:37.208873: | scheduling resume sending helper answer for #1 Sep 21 07:25:37.208876: | libevent_malloc: new ptr-libevent@0x7f9dcc006b90 size 128 Sep 21 07:25:37.208885: | crypto helper 2 waiting (nothing to do) Sep 21 07:25:37.208949: | processing resume sending helper answer for #1 Sep 21 07:25:37.208958: | start processing: state #1 connection "north-east"[1] 192.1.3.33 from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:25:37.208962: | crypto helper 2 replies to request ID 2 Sep 21 07:25:37.208965: | calling continuation function 0x55ed0ef6c630 Sep 21 07:25:37.208967: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2 Sep 21 07:25:37.208970: | #1 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:25:37.208973: | already have all fragments, skipping fragment collection Sep 21 07:25:37.208975: | already have all fragments, skipping fragment collection Sep 21 07:25:37.208991: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:25:37.208995: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Sep 21 07:25:37.208998: | **parse IKEv2 Identification - Initiator - Payload: Sep 21 07:25:37.209001: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:25:37.209004: | flags: none (0x0) Sep 21 07:25:37.209006: | length: 13 (0xd) Sep 21 07:25:37.209009: | ID type: ID_FQDN (0x2) Sep 21 07:25:37.209011: | processing payload: ISAKMP_NEXT_v2IDi (len=5) Sep 21 07:25:37.209014: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:25:37.209016: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:25:37.209019: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:25:37.209021: | flags: none (0x0) Sep 21 07:25:37.209023: | length: 12 (0xc) Sep 21 07:25:37.209025: | ID type: ID_FQDN (0x2) Sep 21 07:25:37.209028: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Sep 21 07:25:37.209030: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:25:37.209033: | **parse IKEv2 Authentication Payload: Sep 21 07:25:37.209036: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:37.209038: | flags: none (0x0) Sep 21 07:25:37.209040: | length: 282 (0x11a) Sep 21 07:25:37.209043: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:25:37.209045: | processing payload: ISAKMP_NEXT_v2AUTH (len=274) Sep 21 07:25:37.209047: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:37.209050: | **parse IKEv2 Security Association Payload: Sep 21 07:25:37.209052: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:25:37.209055: | flags: none (0x0) Sep 21 07:25:37.209057: | length: 164 (0xa4) Sep 21 07:25:37.209059: | processing payload: ISAKMP_NEXT_v2SA (len=160) Sep 21 07:25:37.209062: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:25:37.209064: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:37.209067: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:25:37.209069: | flags: none (0x0) Sep 21 07:25:37.209071: | length: 24 (0x18) Sep 21 07:25:37.209074: | number of TS: 1 (0x1) Sep 21 07:25:37.209076: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:25:37.209078: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:25:37.209081: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:37.209086: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.209089: | flags: none (0x0) Sep 21 07:25:37.209091: | length: 24 (0x18) Sep 21 07:25:37.209093: | number of TS: 1 (0x1) Sep 21 07:25:37.209095: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:25:37.209098: | selected state microcode Responder: process IKE_AUTH request Sep 21 07:25:37.209100: | Now let's proceed with state specific processing Sep 21 07:25:37.209103: | calling processor Responder: process IKE_AUTH request Sep 21 07:25:37.209110: "north-east"[1] 192.1.3.33 #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} Sep 21 07:25:37.209116: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:25:37.209120: | received IDr payload - extracting our alleged ID Sep 21 07:25:37.209124: | refine_host_connection for IKEv2: starting with "north-east"[1] 192.1.3.33 Sep 21 07:25:37.209129: | match_id a=@north Sep 21 07:25:37.209132: | b=@north Sep 21 07:25:37.209134: | results matched Sep 21 07:25:37.209140: | refine_host_connection: checking "north-east"[1] 192.1.3.33 against "north-east"[1] 192.1.3.33, best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) Sep 21 07:25:37.209143: | Warning: not switching back to template of current instance Sep 21 07:25:37.209146: | Peer expects us to be @east (ID_FQDN) according to its IDr payload Sep 21 07:25:37.209149: | This connection's local id is @east (ID_FQDN) Sep 21 07:25:37.209154: | refine_host_connection: checked north-east[1] 192.1.3.33 against north-east[1] 192.1.3.33, now for see if best Sep 21 07:25:37.209158: | started looking for secret for @east->@north of kind PKK_RSA Sep 21 07:25:37.209161: | actually looking for secret for @east->@north of kind PKK_RSA Sep 21 07:25:37.209164: | line 1: key type PKK_RSA(@east) to type PKK_RSA Sep 21 07:25:37.209168: | 1: compared key (none) to @east / @north -> 002 Sep 21 07:25:37.209172: | 2: compared key (none) to @east / @north -> 002 Sep 21 07:25:37.209174: | line 1: match=002 Sep 21 07:25:37.209177: | match 002 beats previous best_match 000 match=0x55ed0ff27320 (line=1) Sep 21 07:25:37.209180: | concluding with best_match=002 best=0x55ed0ff27320 (lineno=1) Sep 21 07:25:37.209182: | returning because exact peer id match Sep 21 07:25:37.209185: | offered CA: '%none' Sep 21 07:25:37.209189: "north-east"[1] 192.1.3.33 #1: IKEv2 mode peer ID is ID_FQDN: '@north' Sep 21 07:25:37.209208: | verifying AUTH payload Sep 21 07:25:37.209225: | required RSA CA is '%any' Sep 21 07:25:37.209229: | checking RSA keyid '@east' for match with '@north' Sep 21 07:25:37.209233: | checking RSA keyid '@north' for match with '@north' Sep 21 07:25:37.209236: | RSA key issuer CA is '%any' Sep 21 07:25:37.209305: | an RSA Sig check passed with *AQPl33O2P [preloaded keys] Sep 21 07:25:37.209313: | #1 spent 0.0722 milliseconds in try_all_keys() trying a pubkey Sep 21 07:25:37.209318: "north-east"[1] 192.1.3.33 #1: Authenticated using RSA Sep 21 07:25:37.209322: | #1 spent 0.108 milliseconds in ikev2_verify_rsa_hash() Sep 21 07:25:37.209326: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) Sep 21 07:25:37.209331: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Sep 21 07:25:37.209334: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:37.209337: | libevent_free: release ptr-libevent@0x55ed0ff34870 Sep 21 07:25:37.209340: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55ed0ff34e80 Sep 21 07:25:37.209343: | event_schedule: new EVENT_SA_REKEY-pe@0x55ed0ff34e80 Sep 21 07:25:37.209347: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 Sep 21 07:25:37.209350: | libevent_malloc: new ptr-libevent@0x55ed0ff34870 size 128 Sep 21 07:25:37.209595: | pstats #1 ikev2.ike established Sep 21 07:25:37.209604: | **emit ISAKMP Message: Sep 21 07:25:37.209608: | initiator cookie: Sep 21 07:25:37.209610: | d8 2e 48 1a 96 e0 84 09 Sep 21 07:25:37.209616: | responder cookie: Sep 21 07:25:37.209618: | 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:37.209621: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:37.209624: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:37.209626: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:37.209629: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:37.209632: | Message ID: 1 (0x1) Sep 21 07:25:37.209634: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:37.209637: | IKEv2 CERT: send a certificate? Sep 21 07:25:37.209640: | IKEv2 CERT: no certificate to send Sep 21 07:25:37.209642: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:37.209645: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.209647: | flags: none (0x0) Sep 21 07:25:37.209651: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:37.209654: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.209657: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:37.209666: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:25:37.209682: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:25:37.209686: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.209689: | flags: none (0x0) Sep 21 07:25:37.209691: | ID type: ID_FQDN (0x2) Sep 21 07:25:37.209694: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:25:37.209697: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.209700: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload Sep 21 07:25:37.209703: | my identity 65 61 73 74 Sep 21 07:25:37.209705: | emitting length of IKEv2 Identification - Responder - Payload: 12 Sep 21 07:25:37.209714: | assembled IDr payload Sep 21 07:25:37.209717: | CHILD SA proposals received Sep 21 07:25:37.209719: | going to assemble AUTH payload Sep 21 07:25:37.209722: | ****emit IKEv2 Authentication Payload: Sep 21 07:25:37.209724: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:37.209727: | flags: none (0x0) Sep 21 07:25:37.209729: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:25:37.209732: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Sep 21 07:25:37.209735: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:25:37.209738: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.209743: | started looking for secret for @east->@north of kind PKK_RSA Sep 21 07:25:37.209747: | actually looking for secret for @east->@north of kind PKK_RSA Sep 21 07:25:37.209750: | line 1: key type PKK_RSA(@east) to type PKK_RSA Sep 21 07:25:37.209754: | 1: compared key (none) to @east / @north -> 002 Sep 21 07:25:37.209757: | 2: compared key (none) to @east / @north -> 002 Sep 21 07:25:37.209759: | line 1: match=002 Sep 21 07:25:37.209762: | match 002 beats previous best_match 000 match=0x55ed0ff27320 (line=1) Sep 21 07:25:37.209764: | concluding with best_match=002 best=0x55ed0ff27320 (lineno=1) Sep 21 07:25:37.215517: | #1 spent 4.88 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Sep 21 07:25:37.215529: | emitting 274 raw bytes of rsa signature into IKEv2 Authentication Payload Sep 21 07:25:37.215533: | rsa signature 82 78 37 ab 16 e0 f2 82 e0 e9 3a c7 53 9a 03 d4 Sep 21 07:25:37.215536: | rsa signature a3 5d b5 4b c5 dd a5 54 a7 ce 7c a5 0f 18 43 93 Sep 21 07:25:37.215538: | rsa signature dd 92 e0 0c 3b 5f e4 c5 11 8c 88 14 c2 70 33 40 Sep 21 07:25:37.215847: | rsa signature b1 a9 55 48 31 85 25 ab 71 91 4e b9 8a ca ff f7 Sep 21 07:25:37.215854: | rsa signature c6 60 c8 42 28 1f 6f 2a fa 79 79 5d e2 ba 49 dc Sep 21 07:25:37.215857: | rsa signature 52 c3 a3 67 e0 30 6f 00 61 ec 59 32 a0 a6 7f b9 Sep 21 07:25:37.215859: | rsa signature c2 32 cb b5 9c 65 78 4d 06 d6 57 19 b6 57 27 77 Sep 21 07:25:37.215861: | rsa signature 65 c3 f7 f8 38 54 1d 63 6d 1d 13 ff a2 ed 12 25 Sep 21 07:25:37.215863: | rsa signature c2 f6 42 18 da 40 e3 60 2c bf c6 36 d4 7b e8 70 Sep 21 07:25:37.215865: | rsa signature 66 26 b5 33 4f d1 c8 5f 53 68 0f 41 3c 96 ba f6 Sep 21 07:25:37.215867: | rsa signature a7 ec 70 ae d9 a4 3c 7a a9 84 63 2d f2 2c d2 36 Sep 21 07:25:37.215869: | rsa signature f3 16 75 c5 ce dd 7e 3d 56 c8 6b 9d 2d 9f 88 01 Sep 21 07:25:37.215871: | rsa signature 90 5d 0a 4f 53 11 31 b2 6f 4d be 7b c1 cb 2d d9 Sep 21 07:25:37.215873: | rsa signature 33 14 b7 d4 2c d5 e7 e0 ff f9 89 78 b9 35 ea 1c Sep 21 07:25:37.215875: | rsa signature 8a dd 36 84 ca 2e 19 c8 4c a1 60 cf 87 21 cc 2c Sep 21 07:25:37.215878: | rsa signature be a4 a1 fc e3 17 c8 56 ef 00 70 1f f8 8c 89 e3 Sep 21 07:25:37.215880: | rsa signature 5a 3a ae 60 6e 56 18 36 f1 f0 3d 45 c0 a7 eb 37 Sep 21 07:25:37.215882: | rsa signature d6 70 Sep 21 07:25:37.215887: | #1 spent 4.99 milliseconds in ikev2_calculate_rsa_hash() Sep 21 07:25:37.215890: | emitting length of IKEv2 Authentication Payload: 282 Sep 21 07:25:37.215895: | creating state object #2 at 0x55ed0ff3f8e0 Sep 21 07:25:37.215898: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:25:37.215902: | pstats #2 ikev2.child started Sep 21 07:25:37.215907: | duplicating state object #1 "north-east"[1] 192.1.3.33 as #2 for IPSEC SA Sep 21 07:25:37.215912: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:25:37.215919: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:37.215923: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 Sep 21 07:25:37.215928: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 Sep 21 07:25:37.215930: | Child SA TS Request has ike->sa == md->st; so using parent connection Sep 21 07:25:37.215933: | TSi: parsing 1 traffic selectors Sep 21 07:25:37.215936: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:37.215939: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:37.215941: | IP Protocol ID: 0 (0x0) Sep 21 07:25:37.215944: | length: 16 (0x10) Sep 21 07:25:37.215946: | start port: 0 (0x0) Sep 21 07:25:37.215948: | end port: 65535 (0xffff) Sep 21 07:25:37.215950: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:37.215953: | TS low c0 00 03 fe Sep 21 07:25:37.215955: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:37.215957: | TS high c0 00 03 fe Sep 21 07:25:37.215960: | TSi: parsed 1 traffic selectors Sep 21 07:25:37.215962: | TSr: parsing 1 traffic selectors Sep 21 07:25:37.215964: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:37.215966: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:37.215968: | IP Protocol ID: 0 (0x0) Sep 21 07:25:37.215970: | length: 16 (0x10) Sep 21 07:25:37.215972: | start port: 0 (0x0) Sep 21 07:25:37.215974: | end port: 65535 (0xffff) Sep 21 07:25:37.215977: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:37.215978: | TS low c0 00 02 00 Sep 21 07:25:37.215981: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:37.215983: | TS high c0 00 02 ff Sep 21 07:25:37.215985: | TSr: parsed 1 traffic selectors Sep 21 07:25:37.215987: | looking for best SPD in current connection Sep 21 07:25:37.216451: | evaluating our conn="north-east"[1] 192.1.3.33 I=192.0.3.254/32:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:25:37.216459: | TSi[0] .net=192.0.3.254-192.0.3.254 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:37.216467: | match address end->client=192.0.3.254/32 <= TSi[0]net=192.0.3.254-192.0.3.254: YES fitness 32 Sep 21 07:25:37.216470: | narrow port end=0..65535 <= TSi[0]=0..65535: 0 Sep 21 07:25:37.216473: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:37.216476: | narrow protocol end=*0 <= TSi[0]=*0: 0 Sep 21 07:25:37.216479: | match end->protocol=*0 <= TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:37.216484: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:37.216490: | match address end->client=192.0.2.0/24 <= TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:25:37.216493: | narrow port end=0..65535 <= TSr[0]=0..65535: 0 Sep 21 07:25:37.216495: | TSr[0] port match: YES fitness 65536 Sep 21 07:25:37.216498: | narrow protocol end=*0 <= TSr[0]=*0: 0 Sep 21 07:25:37.216501: | match end->protocol=*0 <= TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:37.216504: | best fit so far: TSi[0] TSr[0] Sep 21 07:25:37.216506: | found better spd route for TSi[0],TSr[0] Sep 21 07:25:37.216509: | looking for better host pair Sep 21 07:25:37.216514: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Sep 21 07:25:37.216519: | checking hostpair 192.0.2.0/24:0 -> 192.0.3.254/32:0 is found Sep 21 07:25:37.216522: | investigating connection "north-east" as a better match Sep 21 07:25:37.216525: | match_id a=@north Sep 21 07:25:37.216528: | b=@north Sep 21 07:25:37.216530: | results matched Sep 21 07:25:37.216537: | evaluating our conn="north-east"[1] 192.1.3.33 I=192.0.3.254/32:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:25:37.216542: | TSi[0] .net=192.0.3.254-192.0.3.254 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:37.216548: | match address end->client=192.0.3.254/32 <= TSi[0]net=192.0.3.254-192.0.3.254: YES fitness 32 Sep 21 07:25:37.216551: | narrow port end=0..65535 <= TSi[0]=0..65535: 0 Sep 21 07:25:37.216553: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:37.216556: | narrow protocol end=*0 <= TSi[0]=*0: 0 Sep 21 07:25:37.216558: | match end->protocol=*0 <= TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:37.216563: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:37.216569: | match address end->client=192.0.2.0/24 <= TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:25:37.216572: | narrow port end=0..65535 <= TSr[0]=0..65535: 0 Sep 21 07:25:37.216574: | TSr[0] port match: YES fitness 65536 Sep 21 07:25:37.216577: | narrow protocol end=*0 <= TSr[0]=*0: 0 Sep 21 07:25:37.216580: | match end->protocol=*0 <= TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:37.216582: | best fit so far: TSi[0] TSr[0] Sep 21 07:25:37.216584: | investigating connection "north-east" as a better match Sep 21 07:25:37.216587: | match_id a=@north Sep 21 07:25:37.216590: | b=@north Sep 21 07:25:37.216592: | results matched Sep 21 07:25:37.216597: | evaluating our conn="north-east" I=192.0.3.254/32:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:25:37.216602: | TSi[0] .net=192.0.3.254-192.0.3.254 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:37.216608: | match address end->client=192.0.3.254/32 <= TSi[0]net=192.0.3.254-192.0.3.254: YES fitness 32 Sep 21 07:25:37.216611: | narrow port end=0..65535 <= TSi[0]=0..65535: 0 Sep 21 07:25:37.216613: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:37.216616: | narrow protocol end=*0 <= TSi[0]=*0: 0 Sep 21 07:25:37.216619: | match end->protocol=*0 <= TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:37.216623: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:37.216632: | match address end->client=192.0.2.0/24 <= TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:25:37.216635: | narrow port end=0..65535 <= TSr[0]=0..65535: 0 Sep 21 07:25:37.216637: | TSr[0] port match: YES fitness 65536 Sep 21 07:25:37.216640: | narrow protocol end=*0 <= TSr[0]=*0: 0 Sep 21 07:25:37.216643: | match end->protocol=*0 <= TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:37.216645: | best fit so far: TSi[0] TSr[0] Sep 21 07:25:37.216648: | did not find a better connection using host pair Sep 21 07:25:37.216651: | printing contents struct traffic_selector Sep 21 07:25:37.216653: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Sep 21 07:25:37.216655: | ipprotoid: 0 Sep 21 07:25:37.216657: | port range: 0-65535 Sep 21 07:25:37.216661: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:25:37.216663: | printing contents struct traffic_selector Sep 21 07:25:37.216666: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Sep 21 07:25:37.216668: | ipprotoid: 0 Sep 21 07:25:37.216670: | port range: 0-65535 Sep 21 07:25:37.216674: | ip range: 192.0.3.254-192.0.3.254 Sep 21 07:25:37.216678: | constructing ESP/AH proposals with all DH removed for north-east (IKE_AUTH responder matching remote ESP/AH proposals) Sep 21 07:25:37.216683: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:25:37.216690: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:25:37.216693: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:25:37.216697: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:25:37.216700: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:37.216705: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:37.216708: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:37.216712: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:37.216721: "north-east"[1] 192.1.3.33: constructed local ESP/AH proposals for north-east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:37.216725: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals Sep 21 07:25:37.216729: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:37.216732: | local proposal 1 type PRF has 0 transforms Sep 21 07:25:37.216734: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:37.216736: | local proposal 1 type DH has 1 transforms Sep 21 07:25:37.216739: | local proposal 1 type ESN has 1 transforms Sep 21 07:25:37.216742: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:25:37.216745: | local proposal 2 type ENCR has 1 transforms Sep 21 07:25:37.216747: | local proposal 2 type PRF has 0 transforms Sep 21 07:25:37.216749: | local proposal 2 type INTEG has 1 transforms Sep 21 07:25:37.216752: | local proposal 2 type DH has 1 transforms Sep 21 07:25:37.216754: | local proposal 2 type ESN has 1 transforms Sep 21 07:25:37.216757: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:25:37.216759: | local proposal 3 type ENCR has 1 transforms Sep 21 07:25:37.216762: | local proposal 3 type PRF has 0 transforms Sep 21 07:25:37.216764: | local proposal 3 type INTEG has 2 transforms Sep 21 07:25:37.216766: | local proposal 3 type DH has 1 transforms Sep 21 07:25:37.216769: | local proposal 3 type ESN has 1 transforms Sep 21 07:25:37.216771: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:25:37.216774: | local proposal 4 type ENCR has 1 transforms Sep 21 07:25:37.216778: | local proposal 4 type PRF has 0 transforms Sep 21 07:25:37.216781: | local proposal 4 type INTEG has 2 transforms Sep 21 07:25:37.216787: | local proposal 4 type DH has 1 transforms Sep 21 07:25:37.216792: | local proposal 4 type ESN has 1 transforms Sep 21 07:25:37.216795: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:25:37.216798: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.216801: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:37.216804: | length: 32 (0x20) Sep 21 07:25:37.216806: | prop #: 1 (0x1) Sep 21 07:25:37.216808: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:37.216810: | spi size: 4 (0x4) Sep 21 07:25:37.216813: | # transforms: 2 (0x2) Sep 21 07:25:37.216816: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:37.216819: | remote SPI 5b c2 db 8c Sep 21 07:25:37.216822: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals Sep 21 07:25:37.216825: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.216828: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.216830: | length: 12 (0xc) Sep 21 07:25:37.216832: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.216835: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:37.216838: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.216840: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.216843: | length/value: 256 (0x100) Sep 21 07:25:37.216847: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:37.216850: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.216853: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.216855: | length: 8 (0x8) Sep 21 07:25:37.216858: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:37.216860: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:37.216863: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:25:37.216866: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Sep 21 07:25:37.216870: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Sep 21 07:25:37.216873: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Sep 21 07:25:37.216876: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Sep 21 07:25:37.216881: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Sep 21 07:25:37.216883: | remote proposal 1 matches local proposal 1 Sep 21 07:25:37.216886: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.216889: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:37.216891: | length: 32 (0x20) Sep 21 07:25:37.216893: | prop #: 2 (0x2) Sep 21 07:25:37.216896: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:37.216898: | spi size: 4 (0x4) Sep 21 07:25:37.216900: | # transforms: 2 (0x2) Sep 21 07:25:37.216903: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:37.216905: | remote SPI 5b c2 db 8c Sep 21 07:25:37.216908: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:37.216911: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.216913: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.216916: | length: 12 (0xc) Sep 21 07:25:37.216918: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.216920: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:37.216923: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.216925: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.216928: | length/value: 128 (0x80) Sep 21 07:25:37.216933: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.216935: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.216938: | length: 8 (0x8) Sep 21 07:25:37.216940: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:37.216942: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:37.216946: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN Sep 21 07:25:37.216949: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN Sep 21 07:25:37.216951: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.216954: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:37.216956: | length: 48 (0x30) Sep 21 07:25:37.216958: | prop #: 3 (0x3) Sep 21 07:25:37.216960: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:37.216963: | spi size: 4 (0x4) Sep 21 07:25:37.216965: | # transforms: 4 (0x4) Sep 21 07:25:37.216967: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:37.216970: | remote SPI 5b c2 db 8c Sep 21 07:25:37.216973: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:37.216975: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.216978: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.216980: | length: 12 (0xc) Sep 21 07:25:37.216982: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.216985: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:37.216987: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.216990: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.216992: | length/value: 256 (0x100) Sep 21 07:25:37.216995: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.216997: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.216999: | length: 8 (0x8) Sep 21 07:25:37.217002: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:37.217004: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:37.217007: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.217010: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.217012: | length: 8 (0x8) Sep 21 07:25:37.217014: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:37.217017: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:37.217019: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.217022: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.217024: | length: 8 (0x8) Sep 21 07:25:37.217026: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:37.217029: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:37.217032: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Sep 21 07:25:37.217035: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN Sep 21 07:25:37.217038: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.217040: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:37.217042: | length: 48 (0x30) Sep 21 07:25:37.217045: | prop #: 4 (0x4) Sep 21 07:25:37.217047: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:37.217049: | spi size: 4 (0x4) Sep 21 07:25:37.217052: | # transforms: 4 (0x4) Sep 21 07:25:37.217054: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:37.217056: | remote SPI 5b c2 db 8c Sep 21 07:25:37.217059: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:37.217062: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.217064: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.217066: | length: 12 (0xc) Sep 21 07:25:37.217069: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.217071: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:37.217074: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.217076: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.217080: | length/value: 128 (0x80) Sep 21 07:25:37.217083: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.217086: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.217088: | length: 8 (0x8) Sep 21 07:25:37.217090: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:37.217093: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:37.217095: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.217098: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.217100: | length: 8 (0x8) Sep 21 07:25:37.217102: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:37.217105: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:37.217107: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.217110: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.217112: | length: 8 (0x8) Sep 21 07:25:37.217114: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:37.217117: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:37.217120: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Sep 21 07:25:37.217123: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN Sep 21 07:25:37.217129: "north-east"[1] 192.1.3.33 #1: proposal 1:ESP:SPI=5bc2db8c;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Sep 21 07:25:37.217134: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=5bc2db8c;ENCR=AES_GCM_C_256;ESN=DISABLED Sep 21 07:25:37.217137: | converting proposal to internal trans attrs Sep 21 07:25:37.217157: | netlink_get_spi: allocated 0x522354f2 for esp.0@192.1.2.23 Sep 21 07:25:37.217160: | Emitting ikev2_proposal ... Sep 21 07:25:37.217163: | ****emit IKEv2 Security Association Payload: Sep 21 07:25:37.217166: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.217168: | flags: none (0x0) Sep 21 07:25:37.217172: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:37.217175: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.217178: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.217181: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:37.217183: | prop #: 1 (0x1) Sep 21 07:25:37.217185: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:37.217188: | spi size: 4 (0x4) Sep 21 07:25:37.217190: | # transforms: 2 (0x2) Sep 21 07:25:37.217193: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:37.217196: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:37.217199: | our spi 52 23 54 f2 Sep 21 07:25:37.217201: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.217203: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.217206: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.217208: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:37.217211: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.217214: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.217217: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.217219: | length/value: 256 (0x100) Sep 21 07:25:37.217222: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:37.217224: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.217227: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.217231: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:37.217234: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:37.217237: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.217239: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.217242: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.217245: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:25:37.217247: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:37.217250: | emitting length of IKEv2 Security Association Payload: 36 Sep 21 07:25:37.217252: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:37.217255: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:37.217258: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.217260: | flags: none (0x0) Sep 21 07:25:37.217263: | number of TS: 1 (0x1) Sep 21 07:25:37.217266: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:25:37.217269: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.217271: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:37.217274: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:37.217277: | IP Protocol ID: 0 (0x0) Sep 21 07:25:37.217279: | start port: 0 (0x0) Sep 21 07:25:37.217281: | end port: 65535 (0xffff) Sep 21 07:25:37.217284: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:37.217287: | IP start c0 00 03 fe Sep 21 07:25:37.217289: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:37.217291: | IP end c0 00 03 fe Sep 21 07:25:37.217294: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:37.217296: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:25:37.217299: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:37.217301: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.217303: | flags: none (0x0) Sep 21 07:25:37.217306: | number of TS: 1 (0x1) Sep 21 07:25:37.217309: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:25:37.217311: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.217314: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:37.217316: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:37.217318: | IP Protocol ID: 0 (0x0) Sep 21 07:25:37.217321: | start port: 0 (0x0) Sep 21 07:25:37.217323: | end port: 65535 (0xffff) Sep 21 07:25:37.217326: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:37.217328: | IP start c0 00 02 00 Sep 21 07:25:37.217330: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:37.217333: | IP end c0 00 02 ff Sep 21 07:25:37.217335: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:37.217337: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:25:37.217340: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:25:37.217344: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:25:37.217520: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Sep 21 07:25:37.217528: | #1 spent 1.19 milliseconds Sep 21 07:25:37.217531: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:25:37.217536: | could_route called for north-east (kind=CK_INSTANCE) Sep 21 07:25:37.217539: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:37.217542: | conn north-east mark 0/00000000, 0/00000000 vs Sep 21 07:25:37.217545: | conn north-east mark 0/00000000, 0/00000000 Sep 21 07:25:37.217548: | conn north-east mark 0/00000000, 0/00000000 vs Sep 21 07:25:37.217550: | conn north-east mark 0/00000000, 0/00000000 Sep 21 07:25:37.217556: | route owner of "north-east"[1] 192.1.3.33 unrouted: "north-east" prospective erouted; eroute owner: "north-east" prospective erouted Sep 21 07:25:37.217560: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:25:37.217563: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:25:37.217566: | AES_GCM_16 requires 4 salt bytes Sep 21 07:25:37.217569: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:25:37.217573: | setting IPsec SA replay-window to 32 Sep 21 07:25:37.217575: | NIC esp-hw-offload not for connection 'north-east' not available on interface eth1 Sep 21 07:25:37.217578: | netlink: enabling tunnel mode Sep 21 07:25:37.217581: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:37.217584: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:37.217737: | netlink response for Add SA esp.5bc2db8c@192.1.3.33 included non-error error Sep 21 07:25:37.217743: | set up outgoing SA, ref=0/0 Sep 21 07:25:37.217746: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:25:37.217749: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:25:37.217752: | AES_GCM_16 requires 4 salt bytes Sep 21 07:25:37.217755: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:25:37.217759: | setting IPsec SA replay-window to 32 Sep 21 07:25:37.217762: | NIC esp-hw-offload not for connection 'north-east' not available on interface eth1 Sep 21 07:25:37.217765: | netlink: enabling tunnel mode Sep 21 07:25:37.217767: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:37.217770: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:37.217871: | netlink response for Add SA esp.522354f2@192.1.2.23 included non-error error Sep 21 07:25:37.217879: | priority calculation of connection "north-east" is 0xfe7df Sep 21 07:25:37.217887: | add inbound eroute 192.0.3.254/32:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Sep 21 07:25:37.217891: | IPsec Sa SPD priority set to 1042399 Sep 21 07:25:37.218020: | raw_eroute result=success Sep 21 07:25:37.218025: | set up incoming SA, ref=0/0 Sep 21 07:25:37.218028: | sr for #2: unrouted Sep 21 07:25:37.218031: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:25:37.218034: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:37.218037: | conn north-east mark 0/00000000, 0/00000000 vs Sep 21 07:25:37.218040: | conn north-east mark 0/00000000, 0/00000000 Sep 21 07:25:37.218043: | conn north-east mark 0/00000000, 0/00000000 vs Sep 21 07:25:37.218045: | conn north-east mark 0/00000000, 0/00000000 Sep 21 07:25:37.218051: | route owner of "north-east"[1] 192.1.3.33 unrouted: "north-east" prospective erouted; eroute owner: "north-east" prospective erouted Sep 21 07:25:37.218055: | route_and_eroute with c: north-east (next: none) ero:north-east esr:{0x55ed0ff32cb0} ro:north-east rosr:{0x55ed0ff32cb0} and state: #2 Sep 21 07:25:37.218058: | priority calculation of connection "north-east" is 0xfe7df Sep 21 07:25:37.218066: | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.3.254/32:0 => tun.0@192.1.3.33>tun.0@192.1.3.33 (raw_eroute) Sep 21 07:25:37.218069: | IPsec Sa SPD priority set to 1042399 Sep 21 07:25:37.218130: | raw_eroute result=success Sep 21 07:25:37.218136: | running updown command "ipsec _updown" for verb up Sep 21 07:25:37.218139: | command executing up-client Sep 21 07:25:37.218167: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.254/32' PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED Sep 21 07:25:37.218174: | popen cmd is 1057 chars long Sep 21 07:25:37.218177: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_I: Sep 21 07:25:37.218180: | cmd( 80):NTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@: Sep 21 07:25:37.218182: | cmd( 160):east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CL: Sep 21 07:25:37.218185: | cmd( 240):IENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID: Sep 21 07:25:37.218187: | cmd( 320):='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUT: Sep 21 07:25:37.218190: | cmd( 400):O_PEER_CLIENT='192.0.3.254/32' PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_PEER_CL: Sep 21 07:25:37.218193: | cmd( 480):IENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PE: Sep 21 07:25:37.218195: | cmd( 560):ER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYP: Sep 21 07:25:37.218198: | cmd( 640):T+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO: Sep 21 07:25:37.218200: | cmd( 720):' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUT: Sep 21 07:25:37.218203: | cmd( 800):O_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_: Sep 21 07:25:37.218206: | cmd( 880):BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_: Sep 21 07:25:37.218208: | cmd( 960):IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x5bc2db8c SPI_OUT=0x522354f2 i: Sep 21 07:25:37.218210: | cmd(1040):psec _updown 2>&1: Sep 21 07:25:37.239296: | route_and_eroute: firewall_notified: true Sep 21 07:25:37.239314: | route_and_eroute: instance "north-east"[1] 192.1.3.33, setting eroute_owner {spd=0x55ed0ff34410,sr=0x55ed0ff34410} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:25:37.239401: | #1 spent 0.624 milliseconds in install_ipsec_sa() Sep 21 07:25:37.239411: | ISAKMP_v2_IKE_AUTH: instance north-east[1], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:25:37.239415: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:37.239419: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:37.239423: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:37.239425: | emitting length of IKEv2 Encryption Payload: 407 Sep 21 07:25:37.239428: | emitting length of ISAKMP Message: 435 Sep 21 07:25:37.239451: | ikev2_parent_inI2outR2_continue_tail returned STF_OK Sep 21 07:25:37.239458: | #1 spent 7.35 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() Sep 21 07:25:37.239467: | suspend processing: state #1 connection "north-east"[1] 192.1.3.33 from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:37.239473: | start processing: state #2 connection "north-east"[1] 192.1.3.33 from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:37.239478: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK Sep 21 07:25:37.239485: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R Sep 21 07:25:37.239489: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) Sep 21 07:25:37.239492: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:25:37.239498: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 Sep 21 07:25:37.239503: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 Sep 21 07:25:37.239506: | pstats #2 ikev2.child established Sep 21 07:25:37.239515: "north-east"[1] 192.1.3.33 #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.3.254-192.0.3.254:0-65535 0] Sep 21 07:25:37.239521: | NAT-T: encaps is 'auto' Sep 21 07:25:37.239526: "north-east"[1] 192.1.3.33 #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x5bc2db8c <0x522354f2 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Sep 21 07:25:37.239531: | sending V2 new request packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:25:37.239538: | sending 435 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:25:37.239540: | d8 2e 48 1a 96 e0 84 09 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:37.239543: | 2e 20 23 20 00 00 00 01 00 00 01 b3 24 00 01 97 Sep 21 07:25:37.239545: | be 1a 85 17 77 92 38 25 7a 9d 5d fc 65 e4 e0 ba Sep 21 07:25:37.239547: | 5d 13 cf 57 12 ec f7 a8 98 25 28 b3 7e c5 5a 0c Sep 21 07:25:37.239550: | 21 2b 22 cc 2c 3d f5 0e b9 cb 2c b7 5f 25 bc 06 Sep 21 07:25:37.239552: | df bf b6 e4 e3 a7 b2 1e 83 d8 dd ce 7a c1 a0 5b Sep 21 07:25:37.239554: | d1 ee e3 cc 2f 33 67 91 84 33 50 fe a9 39 84 d7 Sep 21 07:25:37.239556: | 34 44 4b ca a5 bd 59 6f 58 d0 f8 15 0e 4e fe 53 Sep 21 07:25:37.239558: | cd 70 b5 1c 11 11 0c 33 2c b3 7d 86 ce 1b 8d 5c Sep 21 07:25:37.239561: | 79 7f 46 9a ee b2 2b f8 ee 6b 32 42 a4 fe 8a 16 Sep 21 07:25:37.239563: | e2 69 47 a3 4f 30 06 64 0f de 78 ee b7 77 46 da Sep 21 07:25:37.239565: | fa 47 80 97 c6 9d 7c 2d 85 08 0b 32 69 fa cd f3 Sep 21 07:25:37.239568: | ee 33 32 22 1c 8b ea 40 29 fa 3f 93 de 41 68 47 Sep 21 07:25:37.239570: | aa 21 97 86 c9 3b f3 06 3a 3c f7 a4 dc 6c fd 89 Sep 21 07:25:37.239572: | f4 bb 69 f0 8f a7 65 a2 2d ce 29 bf 69 18 dd a1 Sep 21 07:25:37.239574: | a4 c2 48 04 de 67 db da 15 8a 13 12 0b c5 25 0c Sep 21 07:25:37.239576: | ca ca b0 bc 1f b9 7d 57 78 9f 53 78 30 05 59 37 Sep 21 07:25:37.239578: | 93 f4 8f 8f 11 62 4a 2d 21 eb 36 47 30 ae a1 de Sep 21 07:25:37.239581: | da 9a 71 3a 6d e8 cf dc c4 d0 15 88 0c 3e 41 21 Sep 21 07:25:37.239583: | 06 52 d0 c3 d6 21 b5 f5 05 81 d3 25 64 c6 d9 d8 Sep 21 07:25:37.239585: | 9c 19 10 d0 56 94 1b 34 30 71 e9 fc 4e c4 c5 21 Sep 21 07:25:37.239587: | 16 9a c5 4b 28 35 d1 b9 2a 7c 92 61 10 fd 91 06 Sep 21 07:25:37.239589: | 4e 44 eb 11 9a 3b 9a ae d4 67 a8 32 87 1e 06 4a Sep 21 07:25:37.239592: | 6f b9 dd 3b b4 0e 68 65 b8 34 ae 3a 24 a1 13 10 Sep 21 07:25:37.239594: | 17 76 f5 ae f0 c1 1e 1a 1d df 9c f0 26 f6 51 31 Sep 21 07:25:37.239596: | 55 1d ba c6 8b d6 6a 23 02 03 be 78 16 f4 ff e7 Sep 21 07:25:37.239598: | d1 da 54 1d d0 19 55 87 51 d7 1c 4b 61 5f fa 27 Sep 21 07:25:37.239601: | 79 f8 02 Sep 21 07:25:37.239638: | releasing whack for #2 (sock=fd@-1) Sep 21 07:25:37.239642: | releasing whack and unpending for parent #1 Sep 21 07:25:37.239646: | unpending state #1 connection "north-east"[1] 192.1.3.33 Sep 21 07:25:37.239651: | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Sep 21 07:25:37.239654: | event_schedule: new EVENT_SA_REKEY-pe@0x55ed0ff3b880 Sep 21 07:25:37.239657: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 Sep 21 07:25:37.239663: | libevent_malloc: new ptr-libevent@0x55ed0ff387b0 size 128 Sep 21 07:25:37.239670: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:25:37.239675: | #1 spent 7.69 milliseconds in resume sending helper answer Sep 21 07:25:37.239682: | stop processing: state #2 connection "north-east"[1] 192.1.3.33 from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:25:37.239686: | libevent_free: release ptr-libevent@0x7f9dcc006b90 Sep 21 07:25:37.239697: | processing signal PLUTO_SIGCHLD Sep 21 07:25:37.239702: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:37.239707: | spent 0.00506 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:42.242966: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:42.243165: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:42.243170: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:42.243278: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:25:42.243281: | FOR_EACH_STATE_... in sort_states Sep 21 07:25:42.243296: | get_sa_info esp.522354f2@192.1.2.23 Sep 21 07:25:42.243709: | get_sa_info esp.5bc2db8c@192.1.3.33 Sep 21 07:25:42.243734: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:42.243741: | spent 0.783 milliseconds in whack Sep 21 07:25:44.664861: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:44.664884: shutting down Sep 21 07:25:44.664892: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:25:44.664896: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:25:44.664903: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:44.664905: forgetting secrets Sep 21 07:25:44.664910: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:44.664914: | unreference key: 0x55ed0fe956c0 @east cnt 1-- Sep 21 07:25:44.664917: | unreference key: 0x55ed0fe8c8f0 @north cnt 2-- Sep 21 07:25:44.664923: | start processing: connection "north-east"[1] 192.1.3.33 (in delete_connection() at connections.c:189) Sep 21 07:25:44.664928: "north-east"[1] 192.1.3.33: deleting connection "north-east"[1] 192.1.3.33 instance with peer 192.1.3.33 {isakmp=#1/ipsec=#2} Sep 21 07:25:44.664931: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:25:44.664933: | pass 0 Sep 21 07:25:44.664936: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:44.664938: | state #2 Sep 21 07:25:44.664942: | suspend processing: connection "north-east"[1] 192.1.3.33 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:25:44.664948: | start processing: state #2 connection "north-east"[1] 192.1.3.33 from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:25:44.664951: | pstats #2 ikev2.child deleted completed Sep 21 07:25:44.664956: | [RE]START processing: state #2 connection "north-east"[1] 192.1.3.33 from 192.1.3.33:500 (in delete_state() at state.c:879) Sep 21 07:25:44.664961: "north-east"[1] 192.1.3.33 #2: deleting state (STATE_V2_IPSEC_R) aged 7.449s and sending notification Sep 21 07:25:44.664964: | child state #2: V2_IPSEC_R(established CHILD SA) => delete Sep 21 07:25:44.664967: | get_sa_info esp.5bc2db8c@192.1.3.33 Sep 21 07:25:44.664980: | get_sa_info esp.522354f2@192.1.2.23 Sep 21 07:25:44.664986: "north-east"[1] 192.1.3.33 #2: ESP traffic information: in=336B out=336B Sep 21 07:25:44.664989: | #2 send IKEv2 delete notification for STATE_V2_IPSEC_R Sep 21 07:25:44.664991: | Opening output PBS informational exchange delete request Sep 21 07:25:44.664996: | **emit ISAKMP Message: Sep 21 07:25:44.664998: | initiator cookie: Sep 21 07:25:44.664999: | d8 2e 48 1a 96 e0 84 09 Sep 21 07:25:44.665001: | responder cookie: Sep 21 07:25:44.665002: | 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:44.665004: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:44.665009: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:44.665011: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:44.665013: | flags: none (0x0) Sep 21 07:25:44.665015: | Message ID: 0 (0x0) Sep 21 07:25:44.665016: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:44.665019: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:44.665021: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:44.665022: | flags: none (0x0) Sep 21 07:25:44.665024: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:44.665026: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:25:44.665028: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:44.665035: | ****emit IKEv2 Delete Payload: Sep 21 07:25:44.665037: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:44.665038: | flags: none (0x0) Sep 21 07:25:44.665040: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:44.665041: | SPI size: 4 (0x4) Sep 21 07:25:44.665043: | number of SPIs: 1 (0x1) Sep 21 07:25:44.665045: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:25:44.665047: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:25:44.665049: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Sep 21 07:25:44.665050: | local spis 52 23 54 f2 Sep 21 07:25:44.665052: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:25:44.665053: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:44.665056: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:44.665057: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:44.665059: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:25:44.665060: | emitting length of ISAKMP Message: 69 Sep 21 07:25:44.665080: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Sep 21 07:25:44.665083: | d8 2e 48 1a 96 e0 84 09 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:44.665084: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:25:44.665085: | 90 b4 84 a8 3d a1 3d 85 c9 1a 82 34 37 47 29 c7 Sep 21 07:25:44.665087: | 75 99 c0 63 ef 0a 4b 25 76 d5 74 b0 45 c0 5b d0 Sep 21 07:25:44.665088: | 82 84 05 60 f7 Sep 21 07:25:44.665129: | Message ID: IKE #1 sender #2 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 Sep 21 07:25:44.665133: | Message ID: IKE #1 sender #2 in send_delete hacking around record ' send Sep 21 07:25:44.665137: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:25:44.665140: | state #2 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:44.665144: | libevent_free: release ptr-libevent@0x55ed0ff387b0 Sep 21 07:25:44.665146: | free_event_entry: release EVENT_SA_REKEY-pe@0x55ed0ff3b880 Sep 21 07:25:44.665424: | running updown command "ipsec _updown" for verb down Sep 21 07:25:44.665429: | command executing down-client Sep 21 07:25:44.665459: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.254/32' PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050737' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING= Sep 21 07:25:44.665465: | popen cmd is 1070 chars long Sep 21 07:25:44.665469: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO: Sep 21 07:25:44.665472: | cmd( 80):_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID=: Sep 21 07:25:44.665475: | cmd( 160):'@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_: Sep 21 07:25:44.665477: | cmd( 240):CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQ: Sep 21 07:25:44.665480: | cmd( 320):ID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PL: Sep 21 07:25:44.665483: | cmd( 400):UTO_PEER_CLIENT='192.0.3.254/32' PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_PEER_: Sep 21 07:25:44.665485: | cmd( 480):CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_: Sep 21 07:25:44.665488: | cmd( 560):PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050737' PLUTO_CONN_POLICY='RS: Sep 21 07:25:44.665491: | cmd( 640):ASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_A: Sep 21 07:25:44.665493: | cmd( 720):LLOW+ESN_NO' PLUTO_CONN_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_: Sep 21 07:25:44.665496: | cmd( 800):FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO=': Sep 21 07:25:44.665498: | cmd( 880):' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIG: Sep 21 07:25:44.665501: | cmd( 960):URED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x5bc2db8c SPI_OUT: Sep 21 07:25:44.665503: | cmd(1040):=0x522354f2 ipsec _updown 2>&1: Sep 21 07:25:44.680580: | shunt_eroute() called for connection 'north-east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.3.254/32:0 Sep 21 07:25:44.680597: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.3.254/32:0 Sep 21 07:25:44.680602: | priority calculation of connection "north-east" is 0xfe7df Sep 21 07:25:44.680606: | IPsec Sa SPD priority set to 1042399 Sep 21 07:25:44.680658: | delete esp.5bc2db8c@192.1.3.33 Sep 21 07:25:44.680693: | netlink response for Del SA esp.5bc2db8c@192.1.3.33 included non-error error Sep 21 07:25:44.680698: | priority calculation of connection "north-east" is 0xfe7df Sep 21 07:25:44.680705: | delete inbound eroute 192.0.3.254/32:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Sep 21 07:25:44.680750: | raw_eroute result=success Sep 21 07:25:44.680756: | delete esp.522354f2@192.1.2.23 Sep 21 07:25:44.680788: | netlink response for Del SA esp.522354f2@192.1.2.23 included non-error error Sep 21 07:25:44.680801: | stop processing: connection "north-east"[1] 192.1.3.33 (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:25:44.680805: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:25:44.680808: | in connection_discard for connection north-east Sep 21 07:25:44.680811: | State DB: deleting IKEv2 state #2 in V2_IPSEC_R Sep 21 07:25:44.680815: | child state #2: V2_IPSEC_R(established CHILD SA) => UNDEFINED(ignore) Sep 21 07:25:44.680821: | stop processing: state #2 from 192.1.3.33:500 (in delete_state() at state.c:1143) Sep 21 07:25:44.680827: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:25:44.680830: | state #1 Sep 21 07:25:44.680833: | pass 1 Sep 21 07:25:44.680835: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:44.680837: | state #1 Sep 21 07:25:44.680847: | start processing: state #1 connection "north-east"[1] 192.1.3.33 from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:25:44.680851: | pstats #1 ikev2.ike deleted completed Sep 21 07:25:44.680856: | #1 spent 12.5 milliseconds in total Sep 21 07:25:44.680862: | [RE]START processing: state #1 connection "north-east"[1] 192.1.3.33 from 192.1.3.33:500 (in delete_state() at state.c:879) Sep 21 07:25:44.680868: "north-east"[1] 192.1.3.33 #1: deleting state (STATE_PARENT_R2) aged 7.496s and sending notification Sep 21 07:25:44.680871: | parent state #1: PARENT_R2(established IKE SA) => delete Sep 21 07:25:44.680935: | #1 send IKEv2 delete notification for STATE_PARENT_R2 Sep 21 07:25:44.680940: | Opening output PBS informational exchange delete request Sep 21 07:25:44.680943: | **emit ISAKMP Message: Sep 21 07:25:44.680946: | initiator cookie: Sep 21 07:25:44.680948: | d8 2e 48 1a 96 e0 84 09 Sep 21 07:25:44.680951: | responder cookie: Sep 21 07:25:44.680953: | 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:44.680956: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:44.680959: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:44.680962: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:44.680964: | flags: none (0x0) Sep 21 07:25:44.680967: | Message ID: 1 (0x1) Sep 21 07:25:44.680970: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:44.680973: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:44.680976: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:44.680978: | flags: none (0x0) Sep 21 07:25:44.680981: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:44.680984: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:25:44.680988: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:44.681001: | ****emit IKEv2 Delete Payload: Sep 21 07:25:44.681004: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:44.681006: | flags: none (0x0) Sep 21 07:25:44.681009: | protocol ID: PROTO_v2_IKE (0x1) Sep 21 07:25:44.681011: | SPI size: 0 (0x0) Sep 21 07:25:44.681014: | number of SPIs: 0 (0x0) Sep 21 07:25:44.681017: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:25:44.681019: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:25:44.681022: | emitting length of IKEv2 Delete Payload: 8 Sep 21 07:25:44.681025: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:44.681028: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:44.681031: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:44.681033: | emitting length of IKEv2 Encryption Payload: 37 Sep 21 07:25:44.681036: | emitting length of ISAKMP Message: 65 Sep 21 07:25:44.681058: | sending 65 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:25:44.681062: | d8 2e 48 1a 96 e0 84 09 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:44.681065: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Sep 21 07:25:44.681067: | 90 9f 4a b9 61 74 46 26 99 09 96 4f de 9c 6e 56 Sep 21 07:25:44.681069: | 89 21 5f 90 56 af 0d 6a 07 a7 95 53 ed 78 10 6e Sep 21 07:25:44.681071: | 1e Sep 21 07:25:44.681123: | Message ID: IKE #1 sender #1 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 Sep 21 07:25:44.681128: | Message ID: IKE #1 sender #1 in send_delete hacking around record ' send Sep 21 07:25:44.681134: | Message ID: #1 XXX: expecting sender.wip.initiator 0 == -1 - suspect record'n'send out-of-order?); initiator.sent=1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=1 wip.responder=-1 Sep 21 07:25:44.681143: | Message ID: sent #1 request 1; ike: initiator.sent=0->1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=0->1 wip.responder=-1 Sep 21 07:25:44.681146: | state #1 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:44.681152: | libevent_free: release ptr-libevent@0x55ed0ff34870 Sep 21 07:25:44.681156: | free_event_entry: release EVENT_SA_REKEY-pe@0x55ed0ff34e80 Sep 21 07:25:44.681159: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:25:44.681162: | in connection_discard for connection north-east Sep 21 07:25:44.681165: | State DB: deleting IKEv2 state #1 in PARENT_R2 Sep 21 07:25:44.681168: | parent state #1: PARENT_R2(established IKE SA) => UNDEFINED(ignore) Sep 21 07:25:44.681172: | unreference key: 0x55ed0fe8c8f0 @north cnt 1-- Sep 21 07:25:44.681189: | stop processing: state #1 from 192.1.3.33:500 (in delete_state() at state.c:1143) Sep 21 07:25:44.681203: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:25:44.681211: | shunt_eroute() called for connection 'north-east' to 'delete' for rt_kind 'unrouted' using protoports 192.0.2.0/24:0 --0->- 192.0.3.254/32:0 Sep 21 07:25:44.681216: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.3.254/32:0 Sep 21 07:25:44.681219: | priority calculation of connection "north-east" is 0xfe7df Sep 21 07:25:44.681250: | priority calculation of connection "north-east" is 0xfe7df Sep 21 07:25:44.681261: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:44.681264: | conn north-east mark 0/00000000, 0/00000000 vs Sep 21 07:25:44.681267: | conn north-east mark 0/00000000, 0/00000000 Sep 21 07:25:44.681270: | conn north-east mark 0/00000000, 0/00000000 vs Sep 21 07:25:44.681272: | conn north-east mark 0/00000000, 0/00000000 Sep 21 07:25:44.681276: | route owner of "north-east" unrouted: "north-east" prospective erouted Sep 21 07:25:44.681280: | flush revival: connection 'north-east' wasn't on the list Sep 21 07:25:44.681283: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:25:44.681288: | start processing: connection "north-east" (in delete_connection() at connections.c:189) Sep 21 07:25:44.681291: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:25:44.681293: | pass 0 Sep 21 07:25:44.681296: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:44.681298: | pass 1 Sep 21 07:25:44.681300: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:44.681306: | shunt_eroute() called for connection 'north-east' to 'delete' for rt_kind 'unrouted' using protoports 192.0.2.0/24:0 --0->- 192.0.3.254/32:0 Sep 21 07:25:44.681311: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.3.254/32:0 Sep 21 07:25:44.681313: | priority calculation of connection "north-east" is 0xfe7df Sep 21 07:25:44.681321: "north-east": ERROR: netlink XFRM_MSG_DELPOLICY response for flow eroute_connection delete included errno 2: No such file or directory Sep 21 07:25:44.681325: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:44.681327: | conn north-east mark 0/00000000, 0/00000000 vs Sep 21 07:25:44.681330: | conn north-east mark 0/00000000, 0/00000000 Sep 21 07:25:44.681333: | route owner of "north-east" unrouted: NULL Sep 21 07:25:44.681336: | running updown command "ipsec _updown" for verb unroute Sep 21 07:25:44.681338: | command executing unroute-client Sep 21 07:25:44.681366: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.254/32' PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_TEMPLATE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' Sep 21 07:25:44.681373: | popen cmd is 1049 chars long Sep 21 07:25:44.681376: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PL: Sep 21 07:25:44.681378: | cmd( 80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_: Sep 21 07:25:44.681381: | cmd( 160):ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_: Sep 21 07:25:44.681384: | cmd( 240):MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_: Sep 21 07:25:44.681386: | cmd( 320):REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north: Sep 21 07:25:44.681389: | cmd( 400):' PLUTO_PEER_CLIENT='192.0.3.254/32' PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_P: Sep 21 07:25:44.681391: | cmd( 480):EER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Sep 21 07:25:44.681393: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+: Sep 21 07:25:44.681396: | cmd( 640):ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+: Sep 21 07:25:44.681398: | cmd( 720):ESN_NO' PLUTO_CONN_KIND='CK_TEMPLATE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=: Sep 21 07:25:44.681401: | cmd( 800):0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO: Sep 21 07:25:44.681403: | cmd( 880):_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0: Sep 21 07:25:44.681406: | cmd( 960):' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _up: Sep 21 07:25:44.681408: | cmd(1040):down 2>&1: Sep 21 07:25:44.703326: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.703346: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.703350: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.703352: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.703355: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.703358: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.703362: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.703365: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.703367: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.703370: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.703373: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.703865: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.703877: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.703880: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.703883: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.703885: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.703888: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.703890: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.703892: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.703899: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.703901: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.703904: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.703906: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.703909: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.703911: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.703915: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.703917: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.703920: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.703923: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.703926: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.704570: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.704579: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.704583: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.704586: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.704589: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705665: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705680: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705684: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705686: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705689: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705692: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705695: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705697: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705700: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705703: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705705: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705708: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705711: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705713: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705716: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705718: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705721: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705724: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705726: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705729: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705732: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705734: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705737: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705739: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705742: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705748: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705752: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705754: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705757: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705759: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705762: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705765: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705767: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705770: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705773: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705775: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705778: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705781: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705787: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705879: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705883: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705886: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705889: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705892: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705895: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705898: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705901: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705904: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705907: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705909: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705912: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705915: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705918: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705921: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705924: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705926: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705929: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705932: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705934: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705938: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705941: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705943: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705946: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705949: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.705952: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:44.726225: | free hp@0x55ed0fefe840 Sep 21 07:25:44.726241: | flush revival: connection 'north-east' wasn't on the list Sep 21 07:25:44.726247: | stop processing: connection "north-east" (in discard_connection() at connections.c:249) Sep 21 07:25:44.726254: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:25:44.726256: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:25:44.726268: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:25:44.726273: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:25:44.726276: shutting down interface eth0/eth0 192.0.2.254:4500 Sep 21 07:25:44.726279: shutting down interface eth0/eth0 192.0.2.254:500 Sep 21 07:25:44.726283: shutting down interface eth1/eth1 192.1.2.23:4500 Sep 21 07:25:44.726286: shutting down interface eth1/eth1 192.1.2.23:500 Sep 21 07:25:44.726291: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:25:44.726301: | libevent_free: release ptr-libevent@0x55ed0ff31e20 Sep 21 07:25:44.726304: | free_event_entry: release EVENT_NULL-pe@0x55ed0ff31de0 Sep 21 07:25:44.726315: | libevent_free: release ptr-libevent@0x55ed0ff31f10 Sep 21 07:25:44.726319: | free_event_entry: release EVENT_NULL-pe@0x55ed0ff31ed0 Sep 21 07:25:44.726326: | libevent_free: release ptr-libevent@0x55ed0ff32000 Sep 21 07:25:44.726330: | free_event_entry: release EVENT_NULL-pe@0x55ed0ff31fc0 Sep 21 07:25:44.726336: | libevent_free: release ptr-libevent@0x55ed0ff320f0 Sep 21 07:25:44.726338: | free_event_entry: release EVENT_NULL-pe@0x55ed0ff320b0 Sep 21 07:25:44.726344: | libevent_free: release ptr-libevent@0x55ed0ff321e0 Sep 21 07:25:44.726347: | free_event_entry: release EVENT_NULL-pe@0x55ed0ff321a0 Sep 21 07:25:44.726354: | libevent_free: release ptr-libevent@0x55ed0ff322d0 Sep 21 07:25:44.726357: | free_event_entry: release EVENT_NULL-pe@0x55ed0ff32290 Sep 21 07:25:44.726362: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:25:44.726858: | libevent_free: release ptr-libevent@0x55ed0ff31740 Sep 21 07:25:44.726866: | free_event_entry: release EVENT_NULL-pe@0x55ed0ff15570 Sep 21 07:25:44.726870: | libevent_free: release ptr-libevent@0x55ed0ff271d0 Sep 21 07:25:44.726873: | free_event_entry: release EVENT_NULL-pe@0x55ed0ff1afe0 Sep 21 07:25:44.726876: | libevent_free: release ptr-libevent@0x55ed0ff27140 Sep 21 07:25:44.726880: | free_event_entry: release EVENT_NULL-pe@0x55ed0ff1b020 Sep 21 07:25:44.726883: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:25:44.726886: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:25:44.726888: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:25:44.726891: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:25:44.726908: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:25:44.726910: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:25:44.726912: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:25:44.726915: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:25:44.726917: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:25:44.726922: | libevent_free: release ptr-libevent@0x55ed0ff31810 Sep 21 07:25:44.726925: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:25:44.726928: | libevent_free: release ptr-libevent@0x55ed0ff318f0 Sep 21 07:25:44.726930: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:25:44.726933: | libevent_free: release ptr-libevent@0x55ed0ff319b0 Sep 21 07:25:44.726935: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:25:44.726938: | libevent_free: release ptr-libevent@0x55ed0ff26540 Sep 21 07:25:44.726941: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:25:44.726943: | releasing event base Sep 21 07:25:44.726956: | libevent_free: release ptr-libevent@0x55ed0ff31a70 Sep 21 07:25:44.726959: | libevent_free: release ptr-libevent@0x55ed0ff07020 Sep 21 07:25:44.726962: | libevent_free: release ptr-libevent@0x55ed0ff158b0 Sep 21 07:25:44.726965: | libevent_free: release ptr-libevent@0x55ed0ff15980 Sep 21 07:25:44.726967: | libevent_free: release ptr-libevent@0x55ed0ff158d0 Sep 21 07:25:44.726974: | libevent_free: release ptr-libevent@0x55ed0ff317d0 Sep 21 07:25:44.726976: | libevent_free: release ptr-libevent@0x55ed0ff318b0 Sep 21 07:25:44.726978: | libevent_free: release ptr-libevent@0x55ed0ff15960 Sep 21 07:25:44.726981: | libevent_free: release ptr-libevent@0x55ed0ff1a300 Sep 21 07:25:44.726983: | libevent_free: release ptr-libevent@0x55ed0ff1a320 Sep 21 07:25:44.726986: | libevent_free: release ptr-libevent@0x55ed0ff32360 Sep 21 07:25:44.726988: | libevent_free: release ptr-libevent@0x55ed0ff32270 Sep 21 07:25:44.726990: | libevent_free: release ptr-libevent@0x55ed0ff32180 Sep 21 07:25:44.726993: | libevent_free: release ptr-libevent@0x55ed0ff32090 Sep 21 07:25:44.726995: | libevent_free: release ptr-libevent@0x55ed0ff31fa0 Sep 21 07:25:44.726997: | libevent_free: release ptr-libevent@0x55ed0ff31eb0 Sep 21 07:25:44.727000: | libevent_free: release ptr-libevent@0x55ed0fe97370 Sep 21 07:25:44.727002: | libevent_free: release ptr-libevent@0x55ed0ff31990 Sep 21 07:25:44.727005: | libevent_free: release ptr-libevent@0x55ed0ff318d0 Sep 21 07:25:44.727007: | libevent_free: release ptr-libevent@0x55ed0ff317f0 Sep 21 07:25:44.727009: | libevent_free: release ptr-libevent@0x55ed0ff31a50 Sep 21 07:25:44.727012: | libevent_free: release ptr-libevent@0x55ed0fe955b0 Sep 21 07:25:44.727014: | libevent_free: release ptr-libevent@0x55ed0ff158f0 Sep 21 07:25:44.727017: | libevent_free: release ptr-libevent@0x55ed0ff15920 Sep 21 07:25:44.727019: | libevent_free: release ptr-libevent@0x55ed0ff15610 Sep 21 07:25:44.727021: | releasing global libevent data Sep 21 07:25:44.727024: | libevent_free: release ptr-libevent@0x55ed0ff14300 Sep 21 07:25:44.727027: | libevent_free: release ptr-libevent@0x55ed0ff155b0 Sep 21 07:25:44.727030: | libevent_free: release ptr-libevent@0x55ed0ff155e0