Sep 21 07:25:36.636068: FIPS Product: YES Sep 21 07:25:36.636111: FIPS Kernel: NO Sep 21 07:25:36.636115: FIPS Mode: NO Sep 21 07:25:36.636117: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:25:36.636290: Initializing NSS Sep 21 07:25:36.636295: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:25:36.730309: NSS initialized Sep 21 07:25:36.730326: NSS crypto library initialized Sep 21 07:25:36.730330: FIPS HMAC integrity support [enabled] Sep 21 07:25:36.730332: FIPS mode disabled for pluto daemon Sep 21 07:25:36.842413: FIPS HMAC integrity verification self-test FAILED Sep 21 07:25:36.842527: libcap-ng support [enabled] Sep 21 07:25:36.842541: Linux audit support [enabled] Sep 21 07:25:36.842569: Linux audit activated Sep 21 07:25:36.842578: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:13455 Sep 21 07:25:36.842581: core dump dir: /tmp Sep 21 07:25:36.842584: secrets file: /etc/ipsec.secrets Sep 21 07:25:36.842586: leak-detective disabled Sep 21 07:25:36.842588: NSS crypto [enabled] Sep 21 07:25:36.842590: XAUTH PAM support [enabled] Sep 21 07:25:36.842668: | libevent is using pluto's memory allocator Sep 21 07:25:36.842675: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:25:36.842692: | libevent_malloc: new ptr-libevent@0x55d6a932f3c0 size 40 Sep 21 07:25:36.842696: | libevent_malloc: new ptr-libevent@0x55d6a9330670 size 40 Sep 21 07:25:36.842700: | libevent_malloc: new ptr-libevent@0x55d6a93306a0 size 40 Sep 21 07:25:36.842702: | creating event base Sep 21 07:25:36.842705: | libevent_malloc: new ptr-libevent@0x55d6a9330630 size 56 Sep 21 07:25:36.842708: | libevent_malloc: new ptr-libevent@0x55d6a93306d0 size 664 Sep 21 07:25:36.842719: | libevent_malloc: new ptr-libevent@0x55d6a9330970 size 24 Sep 21 07:25:36.842724: | libevent_malloc: new ptr-libevent@0x55d6a93220e0 size 384 Sep 21 07:25:36.842735: | libevent_malloc: new ptr-libevent@0x55d6a9330990 size 16 Sep 21 07:25:36.842738: | libevent_malloc: new ptr-libevent@0x55d6a93309b0 size 40 Sep 21 07:25:36.842741: | libevent_malloc: new ptr-libevent@0x55d6a93309e0 size 48 Sep 21 07:25:36.842749: | libevent_realloc: new ptr-libevent@0x55d6a92b2370 size 256 Sep 21 07:25:36.842752: | libevent_malloc: new ptr-libevent@0x55d6a9330a20 size 16 Sep 21 07:25:36.842758: | libevent_free: release ptr-libevent@0x55d6a9330630 Sep 21 07:25:36.842762: | libevent initialized Sep 21 07:25:36.842766: | libevent_realloc: new ptr-libevent@0x55d6a9330a40 size 64 Sep 21 07:25:36.842770: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:25:36.842794: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:25:36.842800: NAT-Traversal support [enabled] Sep 21 07:25:36.842803: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:25:36.842809: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:25:36.842812: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:25:36.842850: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:25:36.842854: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:25:36.842857: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:25:36.842910: Encryption algorithms: Sep 21 07:25:36.842920: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:25:36.842924: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:25:36.842927: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:25:36.842930: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:25:36.842933: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:25:36.842944: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:25:36.842948: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:25:36.842952: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:25:36.842955: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:25:36.842959: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:25:36.842962: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:25:36.842966: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:25:36.842969: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:25:36.842973: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:25:36.842977: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:25:36.842980: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:25:36.842983: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:25:36.842990: Hash algorithms: Sep 21 07:25:36.842993: MD5 IKEv1: IKE IKEv2: Sep 21 07:25:36.842996: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:25:36.842999: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:25:36.843002: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:25:36.843005: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:25:36.843018: PRF algorithms: Sep 21 07:25:36.843022: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:25:36.843025: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:25:36.843029: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:25:36.843032: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:25:36.843035: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:25:36.843038: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:25:36.843064: Integrity algorithms: Sep 21 07:25:36.843068: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:25:36.843072: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:25:36.843076: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:25:36.843080: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:25:36.843084: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:25:36.843087: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:25:36.843091: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:25:36.843094: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:25:36.843097: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:25:36.843109: DH algorithms: Sep 21 07:25:36.843113: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:25:36.843116: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:25:36.843119: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:25:36.843125: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:25:36.843128: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:25:36.843131: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:25:36.843134: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:25:36.843137: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:25:36.843140: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:25:36.843143: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:25:36.843146: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:25:36.843149: testing CAMELLIA_CBC: Sep 21 07:25:36.843151: Camellia: 16 bytes with 128-bit key Sep 21 07:25:36.843282: Camellia: 16 bytes with 128-bit key Sep 21 07:25:36.843316: Camellia: 16 bytes with 256-bit key Sep 21 07:25:36.843348: Camellia: 16 bytes with 256-bit key Sep 21 07:25:36.843379: testing AES_GCM_16: Sep 21 07:25:36.843383: empty string Sep 21 07:25:36.843414: one block Sep 21 07:25:36.843442: two blocks Sep 21 07:25:36.843470: two blocks with associated data Sep 21 07:25:36.843499: testing AES_CTR: Sep 21 07:25:36.843503: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:25:36.843532: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:25:36.843562: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:25:36.843592: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:25:36.843621: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:25:36.843650: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:25:36.843682: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:25:36.843710: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:25:36.843740: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:25:36.843771: testing AES_CBC: Sep 21 07:25:36.843775: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:25:36.843808: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:25:36.843843: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:25:36.843876: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:25:36.843913: testing AES_XCBC: Sep 21 07:25:36.843917: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:25:36.844044: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:25:36.844184: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:25:36.844317: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:25:36.844453: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:25:36.844591: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:25:36.844731: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:25:36.845038: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:25:36.845178: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:25:36.845323: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:25:36.845576: testing HMAC_MD5: Sep 21 07:25:36.845580: RFC 2104: MD5_HMAC test 1 Sep 21 07:25:36.845763: RFC 2104: MD5_HMAC test 2 Sep 21 07:25:36.853970: RFC 2104: MD5_HMAC test 3 Sep 21 07:25:36.854179: 8 CPU cores online Sep 21 07:25:36.854184: starting up 7 crypto helpers Sep 21 07:25:36.854219: started thread for crypto helper 0 Sep 21 07:25:36.854243: started thread for crypto helper 1 Sep 21 07:25:36.854276: started thread for crypto helper 2 Sep 21 07:25:36.854299: started thread for crypto helper 3 Sep 21 07:25:36.854322: started thread for crypto helper 4 Sep 21 07:25:36.854343: started thread for crypto helper 5 Sep 21 07:25:36.854373: started thread for crypto helper 6 Sep 21 07:25:36.854378: | checking IKEv1 state table Sep 21 07:25:36.854385: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:36.854389: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:25:36.854392: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:36.854394: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:25:36.854397: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:25:36.854399: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:25:36.854401: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:36.854403: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:36.854406: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:25:36.854408: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:25:36.854410: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:36.854413: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:36.854415: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:25:36.854418: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:36.854420: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:36.854422: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:25:36.854425: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:25:36.854427: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:36.854429: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:36.854432: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:25:36.854434: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:25:36.854436: | -> UNDEFINED EVENT_NULL Sep 21 07:25:36.854439: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:25:36.854441: | -> UNDEFINED EVENT_NULL Sep 21 07:25:36.854444: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:36.854446: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:25:36.854449: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:36.854451: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:25:36.854453: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:25:36.854456: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:25:36.854459: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:25:36.854461: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:25:36.854463: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:25:36.854466: | -> UNDEFINED EVENT_NULL Sep 21 07:25:36.854468: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:25:36.854471: | -> UNDEFINED EVENT_NULL Sep 21 07:25:36.854473: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:25:36.854475: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:25:36.854478: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:25:36.854481: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:25:36.854483: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:25:36.854486: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:25:36.854488: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:25:36.854491: | -> UNDEFINED EVENT_NULL Sep 21 07:25:36.854494: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:25:36.854496: | -> UNDEFINED EVENT_NULL Sep 21 07:25:36.854498: | INFO: category: informational flags: 0: Sep 21 07:25:36.854501: | -> UNDEFINED EVENT_NULL Sep 21 07:25:36.854503: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:25:36.854505: | -> UNDEFINED EVENT_NULL Sep 21 07:25:36.854508: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:25:36.854510: | -> XAUTH_R1 EVENT_NULL Sep 21 07:25:36.854513: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:25:36.854515: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:36.854518: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:25:36.854520: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:25:36.854523: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:25:36.854526: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:25:36.854528: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:25:36.854530: | -> UNDEFINED EVENT_NULL Sep 21 07:25:36.854533: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:25:36.854538: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:36.854541: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:25:36.854543: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:25:36.854546: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:25:36.854548: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:25:36.854555: | checking IKEv2 state table Sep 21 07:25:36.854561: | PARENT_I0: category: ignore flags: 0: Sep 21 07:25:36.854564: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:25:36.854567: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:36.854570: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:25:36.854573: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:25:36.854576: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:25:36.854578: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:25:36.854581: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:25:36.854584: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:25:36.854586: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:25:36.854589: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:25:36.854592: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:25:36.854595: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:25:36.854597: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:25:36.854600: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:25:36.854602: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:25:36.854605: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:36.854607: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:25:36.854610: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:25:36.854612: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:25:36.854615: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:25:36.854618: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:25:36.854621: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:25:36.854623: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:25:36.854626: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:25:36.854628: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:25:36.854631: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:25:36.854633: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:25:36.854636: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:25:36.854639: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:25:36.854641: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:25:36.854644: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:25:36.854647: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:25:36.854649: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:25:36.854652: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:25:36.854655: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:25:36.854658: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:25:36.854661: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:25:36.854663: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:25:36.854668: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:25:36.854671: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:25:36.854674: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:25:36.854677: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:25:36.854679: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:25:36.854682: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:25:36.854685: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:25:36.854687: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:25:36.854767: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:25:36.854837: | Hard-wiring algorithms Sep 21 07:25:36.854844: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:25:36.854848: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:25:36.854851: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:25:36.854854: | adding 3DES_CBC to kernel algorithm db Sep 21 07:25:36.854856: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:25:36.854858: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:25:36.854861: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:25:36.854863: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:25:36.854865: | adding AES_CTR to kernel algorithm db Sep 21 07:25:36.854868: | adding AES_CBC to kernel algorithm db Sep 21 07:25:36.854870: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:25:36.854873: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:25:36.854875: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:25:36.854877: | adding NULL to kernel algorithm db Sep 21 07:25:36.854880: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:25:36.854882: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:25:36.854885: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:25:36.854887: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:25:36.854890: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:25:36.854892: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:25:36.854895: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:25:36.854897: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:25:36.854900: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:25:36.854902: | adding NONE to kernel algorithm db Sep 21 07:25:36.854923: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:25:36.854930: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:25:36.854932: | setup kernel fd callback Sep 21 07:25:36.854935: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55d6a9336050 Sep 21 07:25:36.854938: | libevent_malloc: new ptr-libevent@0x55d6a9342170 size 128 Sep 21 07:25:36.854942: | libevent_malloc: new ptr-libevent@0x55d6a9335330 size 16 Sep 21 07:25:36.854948: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55d6a9336010 Sep 21 07:25:36.854951: | libevent_malloc: new ptr-libevent@0x55d6a9342200 size 128 Sep 21 07:25:36.854954: | libevent_malloc: new ptr-libevent@0x55d6a9335350 size 16 Sep 21 07:25:36.855185: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:25:36.855194: selinux support is enabled. Sep 21 07:25:36.855275: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:25:36.855451: | unbound context created - setting debug level to 5 Sep 21 07:25:36.855484: | /etc/hosts lookups activated Sep 21 07:25:36.855503: | /etc/resolv.conf usage activated Sep 21 07:25:36.855557: | outgoing-port-avoid set 0-65535 Sep 21 07:25:36.855587: | outgoing-port-permit set 32768-60999 Sep 21 07:25:36.855591: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:25:36.855594: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:25:36.855597: | Setting up events, loop start Sep 21 07:25:36.855600: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55d6a9330630 Sep 21 07:25:36.855607: | libevent_malloc: new ptr-libevent@0x55d6a934c6f0 size 128 Sep 21 07:25:36.855611: | libevent_malloc: new ptr-libevent@0x55d6a934c780 size 16 Sep 21 07:25:36.855616: | libevent_realloc: new ptr-libevent@0x55d6a92b06c0 size 256 Sep 21 07:25:36.855619: | libevent_malloc: new ptr-libevent@0x55d6a934c7a0 size 8 Sep 21 07:25:36.855623: | libevent_realloc: new ptr-libevent@0x55d6a9341570 size 144 Sep 21 07:25:36.855626: | libevent_malloc: new ptr-libevent@0x55d6a934c7c0 size 152 Sep 21 07:25:36.855630: | libevent_malloc: new ptr-libevent@0x55d6a934c860 size 16 Sep 21 07:25:36.855634: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:25:36.855637: | libevent_malloc: new ptr-libevent@0x55d6a934c880 size 8 Sep 21 07:25:36.855640: | libevent_malloc: new ptr-libevent@0x55d6a934c8a0 size 152 Sep 21 07:25:36.855643: | signal event handler PLUTO_SIGTERM installed Sep 21 07:25:36.855645: | libevent_malloc: new ptr-libevent@0x55d6a934c940 size 8 Sep 21 07:25:36.855648: | libevent_malloc: new ptr-libevent@0x55d6a934c960 size 152 Sep 21 07:25:36.855651: | signal event handler PLUTO_SIGHUP installed Sep 21 07:25:36.855653: | libevent_malloc: new ptr-libevent@0x55d6a934ca00 size 8 Sep 21 07:25:36.855656: | libevent_realloc: release ptr-libevent@0x55d6a9341570 Sep 21 07:25:36.855659: | libevent_realloc: new ptr-libevent@0x55d6a934ca20 size 256 Sep 21 07:25:36.855662: | libevent_malloc: new ptr-libevent@0x55d6a9341570 size 152 Sep 21 07:25:36.855664: | signal event handler PLUTO_SIGSYS installed Sep 21 07:25:36.883384: | starting up helper thread 2 Sep 21 07:25:36.883434: | starting up helper thread 6 Sep 21 07:25:36.883447: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:25:36.883459: | crypto helper 6 waiting (nothing to do) Sep 21 07:25:36.883399: | starting up helper thread 0 Sep 21 07:25:36.883482: | starting up helper thread 5 Sep 21 07:25:36.883421: | starting up helper thread 1 Sep 21 07:25:36.883490: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:25:36.883493: | crypto helper 5 waiting (nothing to do) Sep 21 07:25:36.883495: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:25:36.883471: | starting up helper thread 3 Sep 21 07:25:36.883484: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:25:36.883412: | created addconn helper (pid:13560) using fork+execve Sep 21 07:25:36.883498: | crypto helper 1 waiting (nothing to do) Sep 21 07:25:36.883521: | crypto helper 0 waiting (nothing to do) Sep 21 07:25:36.883439: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:25:36.883505: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:25:36.883513: | forked child 13560 Sep 21 07:25:36.883552: | crypto helper 2 waiting (nothing to do) Sep 21 07:25:36.883450: | starting up helper thread 4 Sep 21 07:25:36.883610: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:36.883611: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:25:36.883622: | crypto helper 4 waiting (nothing to do) Sep 21 07:25:36.883631: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:25:36.883640: listening for IKE messages Sep 21 07:25:36.883771: | Inspecting interface lo Sep 21 07:25:36.883779: | found lo with address 127.0.0.1 Sep 21 07:25:36.883786: | Inspecting interface eth0 Sep 21 07:25:36.883794: | found eth0 with address 192.0.3.254 Sep 21 07:25:36.883797: | Inspecting interface eth1 Sep 21 07:25:36.883801: | found eth1 with address 192.1.3.33 Sep 21 07:25:36.883856: Kernel supports NIC esp-hw-offload Sep 21 07:25:36.883867: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Sep 21 07:25:36.883925: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:36.883931: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:36.883941: adding interface eth1/eth1 192.1.3.33:4500 Sep 21 07:25:36.883970: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Sep 21 07:25:36.883993: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:36.883998: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:36.884002: adding interface eth0/eth0 192.0.3.254:4500 Sep 21 07:25:36.884028: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:25:36.884052: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:36.884057: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:36.884060: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:25:36.884145: | no interfaces to sort Sep 21 07:25:36.884151: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:25:36.884160: | add_fd_read_event_handler: new ethX-pe@0x55d6a934cd90 Sep 21 07:25:36.884165: | libevent_malloc: new ptr-libevent@0x55d6a934cdd0 size 128 Sep 21 07:25:36.884169: | libevent_malloc: new ptr-libevent@0x55d6a934ce60 size 16 Sep 21 07:25:36.884180: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:25:36.884184: | add_fd_read_event_handler: new ethX-pe@0x55d6a934ce80 Sep 21 07:25:36.884186: | libevent_malloc: new ptr-libevent@0x55d6a934cec0 size 128 Sep 21 07:25:36.884189: | libevent_malloc: new ptr-libevent@0x55d6a934cf50 size 16 Sep 21 07:25:36.884194: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:25:36.884197: | add_fd_read_event_handler: new ethX-pe@0x55d6a934cf70 Sep 21 07:25:36.884200: | libevent_malloc: new ptr-libevent@0x55d6a934cfb0 size 128 Sep 21 07:25:36.884202: | libevent_malloc: new ptr-libevent@0x55d6a934d040 size 16 Sep 21 07:25:36.884207: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Sep 21 07:25:36.884210: | add_fd_read_event_handler: new ethX-pe@0x55d6a934d060 Sep 21 07:25:36.884213: | libevent_malloc: new ptr-libevent@0x55d6a934d0a0 size 128 Sep 21 07:25:36.884215: | libevent_malloc: new ptr-libevent@0x55d6a934d130 size 16 Sep 21 07:25:36.884220: | setup callback for interface eth0 192.0.3.254:500 fd 19 Sep 21 07:25:36.884223: | add_fd_read_event_handler: new ethX-pe@0x55d6a934d150 Sep 21 07:25:36.884225: | libevent_malloc: new ptr-libevent@0x55d6a934d190 size 128 Sep 21 07:25:36.884228: | libevent_malloc: new ptr-libevent@0x55d6a934d220 size 16 Sep 21 07:25:36.884233: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Sep 21 07:25:36.884236: | add_fd_read_event_handler: new ethX-pe@0x55d6a934d240 Sep 21 07:25:36.884238: | libevent_malloc: new ptr-libevent@0x55d6a934d280 size 128 Sep 21 07:25:36.884241: | libevent_malloc: new ptr-libevent@0x55d6a934d310 size 16 Sep 21 07:25:36.884246: | setup callback for interface eth1 192.1.3.33:500 fd 17 Sep 21 07:25:36.884253: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:36.884256: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:36.884279: loading secrets from "/etc/ipsec.secrets" Sep 21 07:25:36.884298: | saving Modulus Sep 21 07:25:36.884302: | saving PublicExponent Sep 21 07:25:36.884306: | ignoring PrivateExponent Sep 21 07:25:36.884309: | ignoring Prime1 Sep 21 07:25:36.884312: | ignoring Prime2 Sep 21 07:25:36.884316: | ignoring Exponent1 Sep 21 07:25:36.884319: | ignoring Exponent2 Sep 21 07:25:36.884322: | ignoring Coefficient Sep 21 07:25:36.884325: | ignoring CKAIDNSS Sep 21 07:25:36.884373: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:25:36.884377: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:25:36.884382: loaded private key for keyid: PKK_RSA:AQPl33O2P Sep 21 07:25:36.884387: | certs and keys locked by 'process_secret' Sep 21 07:25:36.884390: | certs and keys unlocked by 'process_secret' Sep 21 07:25:36.884395: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:25:36.884402: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:36.884409: | spent 0.81 milliseconds in whack Sep 21 07:25:36.884524: | crypto helper 3 waiting (nothing to do) Sep 21 07:25:36.980581: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:36.980601: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:36.980606: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:36.980609: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:36.980611: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:36.980615: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:36.980622: | Added new connection north-east with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:36.980625: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:25:36.980683: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:25:36.980688: | from whack: got --esp= Sep 21 07:25:36.980728: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:25:36.980735: | counting wild cards for @north is 0 Sep 21 07:25:36.980739: | counting wild cards for @east is 0 Sep 21 07:25:36.980750: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:25:36.980755: | new hp@0x55d6a93198e0 Sep 21 07:25:36.980760: added connection description "north-east" Sep 21 07:25:36.980770: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:36.980786: | 192.0.3.254/32===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Sep 21 07:25:36.980797: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:36.980802: | spent 0.227 milliseconds in whack Sep 21 07:25:36.980836: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:36.980847: add keyid @north Sep 21 07:25:36.980852: | add pubkey 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Sep 21 07:25:36.980854: | add pubkey 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Sep 21 07:25:36.980856: | add pubkey 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Sep 21 07:25:36.980858: | add pubkey 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Sep 21 07:25:36.980861: | add pubkey 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Sep 21 07:25:36.980863: | add pubkey f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Sep 21 07:25:36.980865: | add pubkey 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Sep 21 07:25:36.980867: | add pubkey c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Sep 21 07:25:36.980870: | add pubkey cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Sep 21 07:25:36.980872: | add pubkey 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Sep 21 07:25:36.980874: | add pubkey 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Sep 21 07:25:36.980876: | add pubkey 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Sep 21 07:25:36.980879: | add pubkey ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Sep 21 07:25:36.980881: | add pubkey 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Sep 21 07:25:36.980883: | add pubkey 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Sep 21 07:25:36.980885: | add pubkey 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Sep 21 07:25:36.980887: | add pubkey f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Sep 21 07:25:36.980889: | add pubkey c7 5e a5 99 Sep 21 07:25:36.980910: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:25:36.980919: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:25:36.980926: | keyid: *AQPl33O2P Sep 21 07:25:36.980929: | n e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab 7f ec Sep 21 07:25:36.980931: | n 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 93 9e Sep 21 07:25:36.980933: | n 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 01 03 Sep 21 07:25:36.980935: | n 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 10 84 Sep 21 07:25:36.980938: | n b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 f4 6b Sep 21 07:25:36.980940: | n 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f 25 b4 Sep 21 07:25:36.980942: | n 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e c8 16 Sep 21 07:25:36.980944: | n 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 cc 92 Sep 21 07:25:36.980946: | n 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 13 0f Sep 21 07:25:36.980949: | n 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 39 f9 Sep 21 07:25:36.980951: | n 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d 9e ca Sep 21 07:25:36.980953: | n 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 ba 64 Sep 21 07:25:36.980955: | n 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 9c 85 Sep 21 07:25:36.980957: | n 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 61 eb Sep 21 07:25:36.980959: | n 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 83 c2 Sep 21 07:25:36.980962: | n d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca f5 38 Sep 21 07:25:36.980964: | n 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 c7 5e Sep 21 07:25:36.980966: | n a5 99 Sep 21 07:25:36.980968: | e 03 Sep 21 07:25:36.980970: | CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:25:36.980972: | CKAID 88 aa 7c 5d Sep 21 07:25:36.980979: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:36.980984: | spent 0.152 milliseconds in whack Sep 21 07:25:36.982399: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:36.982422: add keyid @east Sep 21 07:25:36.982427: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Sep 21 07:25:36.982430: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Sep 21 07:25:36.982433: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Sep 21 07:25:36.982435: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Sep 21 07:25:36.982437: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Sep 21 07:25:36.982440: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Sep 21 07:25:36.982442: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Sep 21 07:25:36.982444: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Sep 21 07:25:36.982446: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Sep 21 07:25:36.982449: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Sep 21 07:25:36.982451: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Sep 21 07:25:36.982454: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Sep 21 07:25:36.982456: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Sep 21 07:25:36.982458: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Sep 21 07:25:36.982460: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Sep 21 07:25:36.982463: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Sep 21 07:25:36.982465: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Sep 21 07:25:36.982467: | add pubkey 51 51 48 ef Sep 21 07:25:36.982483: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:36.982487: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:25:36.982492: | keyid: *AQO9bJbr3 Sep 21 07:25:36.982494: | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Sep 21 07:25:36.982497: | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Sep 21 07:25:36.982499: | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Sep 21 07:25:36.982501: | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Sep 21 07:25:36.982507: | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Sep 21 07:25:36.982510: | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Sep 21 07:25:36.982512: | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Sep 21 07:25:36.982514: | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Sep 21 07:25:36.982517: | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Sep 21 07:25:36.982519: | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Sep 21 07:25:36.982521: | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Sep 21 07:25:36.982523: | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Sep 21 07:25:36.982526: | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Sep 21 07:25:36.982528: | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Sep 21 07:25:36.982530: | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Sep 21 07:25:36.982532: | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Sep 21 07:25:36.982535: | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Sep 21 07:25:36.982537: | n 48 ef Sep 21 07:25:36.982539: | e 03 Sep 21 07:25:36.982541: | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:36.982543: | CKAID 8a 82 25 f1 Sep 21 07:25:36.982550: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:36.982556: | spent 0.157 milliseconds in whack Sep 21 07:25:36.982600: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:36.982617: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:25:36.982622: listening for IKE messages Sep 21 07:25:36.982656: | Inspecting interface lo Sep 21 07:25:36.982664: | found lo with address 127.0.0.1 Sep 21 07:25:36.982667: | Inspecting interface eth0 Sep 21 07:25:36.982671: | found eth0 with address 192.0.3.254 Sep 21 07:25:36.982673: | Inspecting interface eth1 Sep 21 07:25:36.982677: | found eth1 with address 192.1.3.33 Sep 21 07:25:36.982749: | no interfaces to sort Sep 21 07:25:36.982758: | libevent_free: release ptr-libevent@0x55d6a934cdd0 Sep 21 07:25:36.982762: | free_event_entry: release EVENT_NULL-pe@0x55d6a934cd90 Sep 21 07:25:36.982765: | add_fd_read_event_handler: new ethX-pe@0x55d6a934cd90 Sep 21 07:25:36.982768: | libevent_malloc: new ptr-libevent@0x55d6a934cdd0 size 128 Sep 21 07:25:36.982776: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:25:36.982781: | libevent_free: release ptr-libevent@0x55d6a934cec0 Sep 21 07:25:36.982787: | free_event_entry: release EVENT_NULL-pe@0x55d6a934ce80 Sep 21 07:25:36.982793: | add_fd_read_event_handler: new ethX-pe@0x55d6a934ce80 Sep 21 07:25:36.982796: | libevent_malloc: new ptr-libevent@0x55d6a934cec0 size 128 Sep 21 07:25:36.982801: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:25:36.982805: | libevent_free: release ptr-libevent@0x55d6a934cfb0 Sep 21 07:25:36.982808: | free_event_entry: release EVENT_NULL-pe@0x55d6a934cf70 Sep 21 07:25:36.982811: | add_fd_read_event_handler: new ethX-pe@0x55d6a934cf70 Sep 21 07:25:36.982814: | libevent_malloc: new ptr-libevent@0x55d6a934cfb0 size 128 Sep 21 07:25:36.982819: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Sep 21 07:25:36.982823: | libevent_free: release ptr-libevent@0x55d6a934d0a0 Sep 21 07:25:36.982826: | free_event_entry: release EVENT_NULL-pe@0x55d6a934d060 Sep 21 07:25:36.982828: | add_fd_read_event_handler: new ethX-pe@0x55d6a934d060 Sep 21 07:25:36.982831: | libevent_malloc: new ptr-libevent@0x55d6a934d0a0 size 128 Sep 21 07:25:36.982836: | setup callback for interface eth0 192.0.3.254:500 fd 19 Sep 21 07:25:36.982840: | libevent_free: release ptr-libevent@0x55d6a934d190 Sep 21 07:25:36.982843: | free_event_entry: release EVENT_NULL-pe@0x55d6a934d150 Sep 21 07:25:36.982845: | add_fd_read_event_handler: new ethX-pe@0x55d6a934d150 Sep 21 07:25:36.982848: | libevent_malloc: new ptr-libevent@0x55d6a934d190 size 128 Sep 21 07:25:36.982853: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Sep 21 07:25:36.982860: | libevent_free: release ptr-libevent@0x55d6a934d280 Sep 21 07:25:36.982864: | free_event_entry: release EVENT_NULL-pe@0x55d6a934d240 Sep 21 07:25:36.982866: | add_fd_read_event_handler: new ethX-pe@0x55d6a934d240 Sep 21 07:25:36.982869: | libevent_malloc: new ptr-libevent@0x55d6a934d280 size 128 Sep 21 07:25:36.982874: | setup callback for interface eth1 192.1.3.33:500 fd 17 Sep 21 07:25:36.982877: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:36.982879: forgetting secrets Sep 21 07:25:36.982886: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:36.982902: loading secrets from "/etc/ipsec.secrets" Sep 21 07:25:36.982917: | saving Modulus Sep 21 07:25:36.982921: | saving PublicExponent Sep 21 07:25:36.982924: | ignoring PrivateExponent Sep 21 07:25:36.982927: | ignoring Prime1 Sep 21 07:25:36.982931: | ignoring Prime2 Sep 21 07:25:36.982934: | ignoring Exponent1 Sep 21 07:25:36.982937: | ignoring Exponent2 Sep 21 07:25:36.982940: | ignoring Coefficient Sep 21 07:25:36.982943: | ignoring CKAIDNSS Sep 21 07:25:36.982955: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:25:36.982958: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:25:36.982962: loaded private key for keyid: PKK_RSA:AQPl33O2P Sep 21 07:25:36.982967: | certs and keys locked by 'process_secret' Sep 21 07:25:36.982969: | certs and keys unlocked by 'process_secret' Sep 21 07:25:36.982975: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:25:36.982981: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:36.982986: | spent 0.382 milliseconds in whack Sep 21 07:25:36.983033: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:36.983047: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:36.983052: | start processing: connection "north-east" (in whack_route_connection() at rcv_whack.c:106) Sep 21 07:25:36.983056: | could_route called for north-east (kind=CK_PERMANENT) Sep 21 07:25:36.983058: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:36.983062: | conn north-east mark 0/00000000, 0/00000000 vs Sep 21 07:25:36.983065: | conn north-east mark 0/00000000, 0/00000000 Sep 21 07:25:36.983070: | route owner of "north-east" unrouted: NULL; eroute owner: NULL Sep 21 07:25:36.983073: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:25:36.983075: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:36.983078: | conn north-east mark 0/00000000, 0/00000000 vs Sep 21 07:25:36.983080: | conn north-east mark 0/00000000, 0/00000000 Sep 21 07:25:36.983084: | route owner of "north-east" unrouted: NULL; eroute owner: NULL Sep 21 07:25:36.983087: | route_and_eroute with c: north-east (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #0 Sep 21 07:25:36.983094: | shunt_eroute() called for connection 'north-east' to 'add' for rt_kind 'prospective erouted' using protoports 192.0.3.254/32:0 --0->- 192.0.2.0/24:0 Sep 21 07:25:36.983100: | netlink_shunt_eroute for proto 0, and source 192.0.3.254/32:0 dest 192.0.2.0/24:0 Sep 21 07:25:36.983103: | priority calculation of connection "north-east" is 0xfdfe7 Sep 21 07:25:36.983111: | IPsec Sa SPD priority set to 1040359 Sep 21 07:25:36.983339: | priority calculation of connection "north-east" is 0xfdfe7 Sep 21 07:25:36.983345: | route_and_eroute: firewall_notified: true Sep 21 07:25:36.983348: | running updown command "ipsec _updown" for verb prepare Sep 21 07:25:36.983351: | command executing prepare-client Sep 21 07:25:36.983379: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_ Sep 21 07:25:36.983388: | popen cmd is 1028 chars long Sep 21 07:25:36.983392: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PL: Sep 21 07:25:36.983394: | cmd( 80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_: Sep 21 07:25:36.983397: | cmd( 160):ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' P: Sep 21 07:25:36.983400: | cmd( 240):LUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL: Sep 21 07:25:36.983402: | cmd( 320):UTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=: Sep 21 07:25:36.983405: | cmd( 400):'@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO: Sep 21 07:25:36.983408: | cmd( 480):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Sep 21 07:25:36.983410: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+: Sep 21 07:25:36.983413: | cmd( 640):ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIN: Sep 21 07:25:36.983416: | cmd( 720):D='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO: Sep 21 07:25:36.983418: | cmd( 800):='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO: Sep 21 07:25:36.983421: | cmd( 880):_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_RO: Sep 21 07:25:36.983424: | cmd( 960):UTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:25:37.005374: | running updown command "ipsec _updown" for verb route Sep 21 07:25:37.005387: | command executing route-client Sep 21 07:25:37.005416: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0 Sep 21 07:25:37.005421: | popen cmd is 1026 chars long Sep 21 07:25:37.005424: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUT: Sep 21 07:25:37.005427: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID: Sep 21 07:25:37.005429: | cmd( 160):='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLU: Sep 21 07:25:37.005432: | cmd( 240):TO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUT: Sep 21 07:25:37.005434: | cmd( 320):O_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@: Sep 21 07:25:37.005437: | cmd( 400):east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_P: Sep 21 07:25:37.005443: | cmd( 480):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Sep 21 07:25:37.005446: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+EN: Sep 21 07:25:37.005449: | cmd( 640):CRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND=: Sep 21 07:25:37.005451: | cmd( 720):'CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO=': Sep 21 07:25:37.005454: | cmd( 800):0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_C: Sep 21 07:25:37.005456: | cmd( 880):FG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUT: Sep 21 07:25:37.005459: | cmd( 960):ING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:25:37.087509: | stop processing: connection "north-east" (in whack_route_connection() at rcv_whack.c:116) Sep 21 07:25:37.087533: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:37.087542: | spent 0.49 milliseconds in whack Sep 21 07:25:37.087555: | processing signal PLUTO_SIGCHLD Sep 21 07:25:37.087561: | waitpid returned nothing left to do (all child processes are busy) Sep 21 07:25:37.087566: | spent 0.00591 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:37.087568: | processing signal PLUTO_SIGCHLD Sep 21 07:25:37.087572: | waitpid returned nothing left to do (all child processes are busy) Sep 21 07:25:37.087575: | spent 0.00345 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:37.088239: | processing signal PLUTO_SIGCHLD Sep 21 07:25:37.088255: | waitpid returned pid 13560 (exited with status 0) Sep 21 07:25:37.088259: | reaped addconn helper child (status 0) Sep 21 07:25:37.088263: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:37.088268: | spent 0.0167 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:37.181014: | kernel_process_msg_cb process netlink message Sep 21 07:25:37.181031: | netlink_get: XFRM_MSG_ACQUIRE message Sep 21 07:25:37.181035: | xfrm netlink msg len 376 Sep 21 07:25:37.181038: | xfrm acquire rtattribute type 5 Sep 21 07:25:37.181040: | xfrm acquire rtattribute type 16 Sep 21 07:25:37.181053: | add bare shunt 0x55d6a934d390 192.0.3.254/32:8 --1--> 192.0.2.254/32:0 => %hold 0 %acquire-netlink Sep 21 07:25:37.181061: initiate on demand from 192.0.3.254:8 to 192.0.2.254:0 proto=1 because: acquire Sep 21 07:25:37.181067: | find_connection: looking for policy for connection: 192.0.3.254:1/8 -> 192.0.2.254:1/0 Sep 21 07:25:37.181070: | FOR_EACH_CONNECTION_... in find_connection_for_clients Sep 21 07:25:37.181076: | find_connection: conn "north-east" has compatible peers: 192.0.3.254/32:0 -> 192.0.2.0/24:0 [pri: 33603594] Sep 21 07:25:37.181080: | find_connection: first OK "north-east" [pri:33603594]{0x55d6a934db10} (child none) Sep 21 07:25:37.181083: | find_connection: concluding with "north-east" [pri:33603594]{0x55d6a934db10} kind=CK_PERMANENT Sep 21 07:25:37.181086: | assign hold, routing was prospective erouted, needs to be erouted HOLD Sep 21 07:25:37.181088: | assign_holdpass() need broad(er) shunt Sep 21 07:25:37.181091: | priority calculation of connection "north-east" is 0xfdfe7 Sep 21 07:25:37.181098: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.3.254/32:0 --0-> 192.0.2.0/24:0 => %hold>%hold (raw_eroute) Sep 21 07:25:37.181105: | netlink_raw_eroute: SPI_HOLD implemented as no-op Sep 21 07:25:37.181108: | raw_eroute result=success Sep 21 07:25:37.181110: | assign_holdpass() eroute_connection() done Sep 21 07:25:37.181112: | fiddle_bare_shunt called Sep 21 07:25:37.181115: | fiddle_bare_shunt with transport_proto 1 Sep 21 07:25:37.181117: | removing specific host-to-host bare shunt Sep 21 07:25:37.181122: | delete narrow %hold eroute 192.0.3.254/32:8 --1-> 192.0.2.254/32:0 => %hold (raw_eroute) Sep 21 07:25:37.181125: | netlink_raw_eroute: SPI_PASS Sep 21 07:25:37.181138: | raw_eroute result=success Sep 21 07:25:37.181143: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Sep 21 07:25:37.181155: | delete bare shunt 0x55d6a934d390 192.0.3.254/32:8 --1--> 192.0.2.254/32:0 => %hold 0 %acquire-netlink Sep 21 07:25:37.181158: assign_holdpass() delete_bare_shunt() failed Sep 21 07:25:37.181161: initiate_ondemand_body() failed to install negotiation_shunt, Sep 21 07:25:37.181164: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:37.181184: | creating state object #1 at 0x55d6a934efe0 Sep 21 07:25:37.181189: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:25:37.181197: | pstats #1 ikev2.ike started Sep 21 07:25:37.181200: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:25:37.181204: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:25:37.181210: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:37.181220: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:25:37.181224: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:25:37.181228: | Queuing pending IPsec SA negotiating with 192.1.2.23 "north-east" IKE SA #1 "north-east" Sep 21 07:25:37.181232: "north-east" #1: initiating v2 parent SA Sep 21 07:25:37.181236: | constructing local IKE proposals for north-east (IKE SA initiator selecting KE) Sep 21 07:25:37.181242: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:37.181251: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:37.181255: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:37.181261: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:37.181265: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:37.181271: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:37.181274: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:37.181280: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:37.181291: "north-east": constructed local IKE proposals for north-east (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:37.181299: | adding ikev2_outI1 KE work-order 1 for state #1 Sep 21 07:25:37.181303: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55d6a934fe50 Sep 21 07:25:37.181307: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:25:37.181311: | libevent_malloc: new ptr-libevent@0x55d6a934fe90 size 128 Sep 21 07:25:37.181324: | #1 spent 0.263 milliseconds in ikev2_parent_outI1() Sep 21 07:25:37.181333: | RESET processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:37.181338: | initiate on demand using RSASIG from 192.0.3.254 to 192.0.2.254 Sep 21 07:25:37.181338: | crypto helper 6 resuming Sep 21 07:25:37.181344: | spent 0.315 milliseconds in kernel message Sep 21 07:25:37.181353: | crypto helper 6 starting work-order 1 for state #1 Sep 21 07:25:37.181367: | crypto helper 6 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Sep 21 07:25:37.182341: | crypto helper 6 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000973 seconds Sep 21 07:25:37.182354: | (#1) spent 0.982 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Sep 21 07:25:37.182358: | crypto helper 6 sending results from work-order 1 for state #1 to event queue Sep 21 07:25:37.182361: | scheduling resume sending helper answer for #1 Sep 21 07:25:37.182364: | libevent_malloc: new ptr-libevent@0x7f9bdc006900 size 128 Sep 21 07:25:37.182373: | crypto helper 6 waiting (nothing to do) Sep 21 07:25:37.182384: | processing resume sending helper answer for #1 Sep 21 07:25:37.182393: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:37.182398: | crypto helper 6 replies to request ID 1 Sep 21 07:25:37.182401: | calling continuation function 0x55d6a7608630 Sep 21 07:25:37.182404: | ikev2_parent_outI1_continue for #1 Sep 21 07:25:37.182437: | **emit ISAKMP Message: Sep 21 07:25:37.182441: | initiator cookie: Sep 21 07:25:37.182443: | d8 2e 48 1a 96 e0 84 09 Sep 21 07:25:37.182446: | responder cookie: Sep 21 07:25:37.182448: | 00 00 00 00 00 00 00 00 Sep 21 07:25:37.182451: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:37.182454: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:37.182456: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:37.182460: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:37.182462: | Message ID: 0 (0x0) Sep 21 07:25:37.182465: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:37.182480: | using existing local IKE proposals for connection north-east (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:37.182484: | Emitting ikev2_proposals ... Sep 21 07:25:37.182487: | ***emit IKEv2 Security Association Payload: Sep 21 07:25:37.182490: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.182493: | flags: none (0x0) Sep 21 07:25:37.182496: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:37.182499: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.182502: | discarding INTEG=NONE Sep 21 07:25:37.182504: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.182507: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:37.182510: | prop #: 1 (0x1) Sep 21 07:25:37.182512: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:37.182514: | spi size: 0 (0x0) Sep 21 07:25:37.182517: | # transforms: 11 (0xb) Sep 21 07:25:37.182520: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:37.182528: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.182531: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182533: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.182536: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:37.182539: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.182542: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.182544: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.182547: | length/value: 256 (0x100) Sep 21 07:25:37.182550: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:37.182552: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.182555: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182557: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:37.182559: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:37.182562: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182565: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.182568: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.182570: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.182573: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182575: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:37.182577: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:37.182580: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182583: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.182586: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.182588: | discarding INTEG=NONE Sep 21 07:25:37.182590: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.182593: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182595: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.182598: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:37.182600: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182603: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.182606: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.182608: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.182611: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182613: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.182615: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:37.182618: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182621: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.182624: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.182626: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.182628: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182631: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.182633: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:37.182636: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182641: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.182643: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.182646: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.182648: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182651: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.182653: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:37.182656: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182659: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.182661: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.182664: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.182666: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182668: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.182671: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:37.182674: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182677: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.182679: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.182681: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.182684: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182686: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.182689: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:37.182692: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182694: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.182697: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.182699: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.182702: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182704: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.182706: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:37.182709: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182712: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.182715: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.182717: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.182720: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.182722: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.182725: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:37.182727: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182730: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.182733: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.182735: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:25:37.182738: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:37.182740: | discarding INTEG=NONE Sep 21 07:25:37.182745: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.182748: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:37.182750: | prop #: 2 (0x2) Sep 21 07:25:37.182752: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:37.182755: | spi size: 0 (0x0) Sep 21 07:25:37.182757: | # transforms: 11 (0xb) Sep 21 07:25:37.182760: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:37.182763: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:37.182765: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.182768: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182770: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.182772: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:37.182775: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.182778: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.182780: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.182786: | length/value: 128 (0x80) Sep 21 07:25:37.182792: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:37.182794: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.182797: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182799: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:37.182801: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:37.182804: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182807: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.182809: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.182812: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.182814: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182816: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:37.182819: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:37.182822: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182824: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.182827: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.182829: | discarding INTEG=NONE Sep 21 07:25:37.182832: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.182834: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182836: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.182839: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:37.182841: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182844: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.182847: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.182849: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.182851: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182854: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.182856: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:37.182859: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182862: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.182866: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.182869: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.182871: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182873: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.182876: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:37.182878: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182881: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.182884: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.182886: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.182889: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182891: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.182893: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:37.182896: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182899: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.182902: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.182904: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.182906: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182908: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.182911: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:37.182914: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182916: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.182919: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.182921: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.182924: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182926: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.182929: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:37.182932: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182934: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.182937: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.182939: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.182942: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182944: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.182946: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:37.182949: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182952: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.182955: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.182957: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.182959: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.182962: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.182964: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:37.182967: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.182973: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.182976: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.182978: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:25:37.182981: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:37.182983: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.182986: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:37.182988: | prop #: 3 (0x3) Sep 21 07:25:37.182990: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:37.182993: | spi size: 0 (0x0) Sep 21 07:25:37.182995: | # transforms: 13 (0xd) Sep 21 07:25:37.182998: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:37.183001: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:37.183003: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.183006: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183008: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.183010: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:37.183013: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.183016: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.183018: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.183021: | length/value: 256 (0x100) Sep 21 07:25:37.183023: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:37.183026: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.183028: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183031: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:37.183033: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:37.183036: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183039: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.183041: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.183043: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.183046: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183048: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:37.183051: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:37.183054: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183056: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.183059: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.183062: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.183064: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183067: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:37.183069: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:37.183072: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183075: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.183079: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.183081: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.183084: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183086: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:37.183088: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:37.183091: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183094: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.183097: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.183099: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.183102: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183104: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.183106: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:37.183109: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183112: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.183114: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.183117: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.183119: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183121: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.183124: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:37.183127: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183130: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.183132: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.183134: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.183137: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183139: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.183141: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:37.183144: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183147: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.183149: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.183152: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.183154: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183157: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.183159: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:37.183162: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183165: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.183167: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.183170: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.183172: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183174: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.183177: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:37.183179: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183184: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.183187: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.183189: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.183191: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183194: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.183196: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:37.183199: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183202: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.183204: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.183207: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.183209: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183211: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.183213: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:37.183216: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183219: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.183222: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.183224: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.183226: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.183229: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.183231: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:37.183234: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183237: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.183240: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.183242: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:25:37.183245: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:37.183247: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.183250: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:37.183252: | prop #: 4 (0x4) Sep 21 07:25:37.183254: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:37.183257: | spi size: 0 (0x0) Sep 21 07:25:37.183259: | # transforms: 13 (0xd) Sep 21 07:25:37.183262: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:37.183265: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:37.183267: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.183270: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183272: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.183275: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:37.183277: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.183280: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.183282: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.183285: | length/value: 128 (0x80) Sep 21 07:25:37.183287: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:37.183289: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.183293: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183296: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:37.183299: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:37.183301: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183304: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.183307: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.183309: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.183311: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183313: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:37.183316: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:37.183319: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183321: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.183324: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.183326: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.183329: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183331: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:37.183334: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:37.183336: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183339: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.183342: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.183344: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.183346: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183349: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:37.183351: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:37.183354: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183357: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.183359: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.183361: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.183364: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183366: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.183369: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:37.183372: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183374: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.183377: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.183379: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.183381: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183384: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.183386: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:37.183389: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183392: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.183396: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.183399: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.183401: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183403: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.183406: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:37.183409: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183411: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.183414: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.183416: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.183419: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183421: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.183423: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:37.183426: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183429: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.183432: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.183434: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.183436: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183439: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.183441: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:37.183444: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183447: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.183449: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.183452: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.183454: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183456: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.183459: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:37.183461: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183464: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.183467: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.183469: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.183472: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183474: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.183477: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:37.183479: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183482: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.183485: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.183487: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.183489: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.183492: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.183494: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:37.183497: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.183502: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.183505: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.183507: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:25:37.183510: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:37.183512: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:25:37.183515: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:37.183517: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:25:37.183520: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.183522: | flags: none (0x0) Sep 21 07:25:37.183525: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:37.183528: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:25:37.183531: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.183534: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:25:37.183537: | ikev2 g^x b9 39 81 8c 03 90 5f 86 c3 d3 43 13 b1 e7 c1 95 Sep 21 07:25:37.183539: | ikev2 g^x 93 2e 85 f6 58 b6 6f 6a cf ac 8f 28 84 d8 0a 05 Sep 21 07:25:37.183542: | ikev2 g^x 27 0b 79 93 ce a1 5a 3a 70 27 b7 33 e3 91 4f 3a Sep 21 07:25:37.183544: | ikev2 g^x 39 05 9f b1 9b 2c a4 12 1b 18 ac f0 2f c9 9c d0 Sep 21 07:25:37.183546: | ikev2 g^x fa 5d b8 ae b6 42 c3 b7 d2 49 da ff 88 f2 f1 a8 Sep 21 07:25:37.183548: | ikev2 g^x bf e9 d9 95 0d ef 79 84 4f db fe 01 5b f7 e2 fa Sep 21 07:25:37.183550: | ikev2 g^x ed fb 69 ca 47 70 99 a6 97 4f 8a ce 1e e1 74 ec Sep 21 07:25:37.183553: | ikev2 g^x f1 09 0c 55 0f 76 a8 a8 fb 8e bf 9f f6 bc 50 05 Sep 21 07:25:37.183555: | ikev2 g^x ef ad 52 81 4d bb 7b c5 d0 29 48 66 71 af 25 88 Sep 21 07:25:37.183557: | ikev2 g^x ff 9c db ee 69 3d 2a 81 ca 0c 47 d0 ef 04 51 db Sep 21 07:25:37.183559: | ikev2 g^x b7 2b a4 c7 fb c8 ef 62 f1 37 3f f5 55 e6 ce ed Sep 21 07:25:37.183562: | ikev2 g^x 1c 8d 85 7e b1 4b b6 ca 24 59 5a 2e b3 1f 9b f8 Sep 21 07:25:37.183564: | ikev2 g^x 6a ea 45 91 1e 14 81 34 82 a2 da 93 0f 89 5b 58 Sep 21 07:25:37.183566: | ikev2 g^x 51 f6 3a e2 3b 1a f8 8c 4f 0a 26 18 5a 73 17 0a Sep 21 07:25:37.183569: | ikev2 g^x eb 1f 18 5c 91 4c 10 34 87 e3 1c 55 81 8b 4b a8 Sep 21 07:25:37.183571: | ikev2 g^x 00 67 d4 2e 28 2e bb 35 8e c7 ad 08 15 97 3d dd Sep 21 07:25:37.183573: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:25:37.183576: | ***emit IKEv2 Nonce Payload: Sep 21 07:25:37.183578: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:37.183581: | flags: none (0x0) Sep 21 07:25:37.183583: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:25:37.183586: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:25:37.183589: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.183592: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:25:37.183595: | IKEv2 nonce 6e 64 46 8c 48 76 d0 e7 7d 9b 79 c9 ca 39 43 db Sep 21 07:25:37.183597: | IKEv2 nonce aa 0c 37 9d af 61 8d 9e 50 5b 79 7d 34 92 e6 88 Sep 21 07:25:37.183599: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:25:37.183602: | Adding a v2N Payload Sep 21 07:25:37.183604: | ***emit IKEv2 Notify Payload: Sep 21 07:25:37.183607: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.183609: | flags: none (0x0) Sep 21 07:25:37.183614: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:37.183616: | SPI size: 0 (0x0) Sep 21 07:25:37.183618: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:37.183621: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:37.183624: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.183627: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:25:37.183630: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:25:37.183633: | natd_hash: rcookie is zero Sep 21 07:25:37.183644: | natd_hash: hasher=0x55d6a76de7a0(20) Sep 21 07:25:37.183648: | natd_hash: icookie= d8 2e 48 1a 96 e0 84 09 Sep 21 07:25:37.183650: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:37.183652: | natd_hash: ip= c0 01 03 21 Sep 21 07:25:37.183654: | natd_hash: port= 01 f4 Sep 21 07:25:37.183656: | natd_hash: hash= 80 19 10 a7 78 14 6f 22 ba 5a d6 59 fb 51 64 f0 Sep 21 07:25:37.183659: | natd_hash: hash= 5a 1a 1b 0e Sep 21 07:25:37.183661: | Adding a v2N Payload Sep 21 07:25:37.183663: | ***emit IKEv2 Notify Payload: Sep 21 07:25:37.183666: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.183668: | flags: none (0x0) Sep 21 07:25:37.183671: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:37.183673: | SPI size: 0 (0x0) Sep 21 07:25:37.183675: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:37.183678: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:37.183681: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.183684: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:37.183686: | Notify data 80 19 10 a7 78 14 6f 22 ba 5a d6 59 fb 51 64 f0 Sep 21 07:25:37.183689: | Notify data 5a 1a 1b 0e Sep 21 07:25:37.183691: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:37.183693: | natd_hash: rcookie is zero Sep 21 07:25:37.183700: | natd_hash: hasher=0x55d6a76de7a0(20) Sep 21 07:25:37.183703: | natd_hash: icookie= d8 2e 48 1a 96 e0 84 09 Sep 21 07:25:37.183705: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:37.183707: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:37.183709: | natd_hash: port= 01 f4 Sep 21 07:25:37.183712: | natd_hash: hash= 4d 2f b6 d6 2b 39 4f ce 8f 45 5c 15 ca 4b ac 32 Sep 21 07:25:37.183714: | natd_hash: hash= 79 c3 2f 84 Sep 21 07:25:37.183716: | Adding a v2N Payload Sep 21 07:25:37.183718: | ***emit IKEv2 Notify Payload: Sep 21 07:25:37.183721: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.183723: | flags: none (0x0) Sep 21 07:25:37.183725: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:37.183728: | SPI size: 0 (0x0) Sep 21 07:25:37.183730: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:37.183733: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:37.183736: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.183739: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:37.183741: | Notify data 4d 2f b6 d6 2b 39 4f ce 8f 45 5c 15 ca 4b ac 32 Sep 21 07:25:37.183743: | Notify data 79 c3 2f 84 Sep 21 07:25:37.183746: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:37.183748: | emitting length of ISAKMP Message: 828 Sep 21 07:25:37.183758: | stop processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:25:37.183768: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:37.183773: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:25:37.183777: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:25:37.183781: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:25:37.183787: | Message ID: updating counters for #1 to 4294967295 after switching state Sep 21 07:25:37.183791: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:25:37.183796: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:25:37.183800: "north-east" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:25:37.183805: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:25:37.183816: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:37.183819: | d8 2e 48 1a 96 e0 84 09 00 00 00 00 00 00 00 00 Sep 21 07:25:37.183821: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:25:37.183823: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:25:37.183825: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:25:37.183828: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:25:37.183830: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:25:37.183832: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:25:37.183834: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:25:37.183836: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:25:37.183838: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:25:37.183840: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:25:37.183843: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:25:37.183845: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:25:37.183847: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:25:37.183849: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:25:37.183852: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:25:37.183854: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:37.183856: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:25:37.183858: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:25:37.183860: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:25:37.183862: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:25:37.183865: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:25:37.183867: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:25:37.183869: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:25:37.183871: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:25:37.183873: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:25:37.183876: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:25:37.183878: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:25:37.183880: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:25:37.183882: | 28 00 01 08 00 0e 00 00 b9 39 81 8c 03 90 5f 86 Sep 21 07:25:37.183884: | c3 d3 43 13 b1 e7 c1 95 93 2e 85 f6 58 b6 6f 6a Sep 21 07:25:37.183887: | cf ac 8f 28 84 d8 0a 05 27 0b 79 93 ce a1 5a 3a Sep 21 07:25:37.183889: | 70 27 b7 33 e3 91 4f 3a 39 05 9f b1 9b 2c a4 12 Sep 21 07:25:37.183891: | 1b 18 ac f0 2f c9 9c d0 fa 5d b8 ae b6 42 c3 b7 Sep 21 07:25:37.183893: | d2 49 da ff 88 f2 f1 a8 bf e9 d9 95 0d ef 79 84 Sep 21 07:25:37.183895: | 4f db fe 01 5b f7 e2 fa ed fb 69 ca 47 70 99 a6 Sep 21 07:25:37.183898: | 97 4f 8a ce 1e e1 74 ec f1 09 0c 55 0f 76 a8 a8 Sep 21 07:25:37.183900: | fb 8e bf 9f f6 bc 50 05 ef ad 52 81 4d bb 7b c5 Sep 21 07:25:37.183902: | d0 29 48 66 71 af 25 88 ff 9c db ee 69 3d 2a 81 Sep 21 07:25:37.183904: | ca 0c 47 d0 ef 04 51 db b7 2b a4 c7 fb c8 ef 62 Sep 21 07:25:37.183906: | f1 37 3f f5 55 e6 ce ed 1c 8d 85 7e b1 4b b6 ca Sep 21 07:25:37.183911: | 24 59 5a 2e b3 1f 9b f8 6a ea 45 91 1e 14 81 34 Sep 21 07:25:37.183913: | 82 a2 da 93 0f 89 5b 58 51 f6 3a e2 3b 1a f8 8c Sep 21 07:25:37.183915: | 4f 0a 26 18 5a 73 17 0a eb 1f 18 5c 91 4c 10 34 Sep 21 07:25:37.183917: | 87 e3 1c 55 81 8b 4b a8 00 67 d4 2e 28 2e bb 35 Sep 21 07:25:37.183919: | 8e c7 ad 08 15 97 3d dd 29 00 00 24 6e 64 46 8c Sep 21 07:25:37.183922: | 48 76 d0 e7 7d 9b 79 c9 ca 39 43 db aa 0c 37 9d Sep 21 07:25:37.183924: | af 61 8d 9e 50 5b 79 7d 34 92 e6 88 29 00 00 08 Sep 21 07:25:37.183926: | 00 00 40 2e 29 00 00 1c 00 00 40 04 80 19 10 a7 Sep 21 07:25:37.183928: | 78 14 6f 22 ba 5a d6 59 fb 51 64 f0 5a 1a 1b 0e Sep 21 07:25:37.183930: | 00 00 00 1c 00 00 40 05 4d 2f b6 d6 2b 39 4f ce Sep 21 07:25:37.183932: | 8f 45 5c 15 ca 4b ac 32 79 c3 2f 84 Sep 21 07:25:37.184013: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:37.184018: | libevent_free: release ptr-libevent@0x55d6a934fe90 Sep 21 07:25:37.184021: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55d6a934fe50 Sep 21 07:25:37.184024: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:25:37.184028: | event_schedule: new EVENT_RETRANSMIT-pe@0x55d6a934fe50 Sep 21 07:25:37.184032: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Sep 21 07:25:37.184035: | libevent_malloc: new ptr-libevent@0x55d6a934faa0 size 128 Sep 21 07:25:37.184041: | #1 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49383.552292 Sep 21 07:25:37.184044: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Sep 21 07:25:37.184050: | #1 spent 1.58 milliseconds in resume sending helper answer Sep 21 07:25:37.184055: | stop processing: state #1 connection "north-east" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:37.184058: | libevent_free: release ptr-libevent@0x7f9bdc006900 Sep 21 07:25:37.187154: | spent 0.00238 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:37.187173: | *received 437 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:37.187177: | d8 2e 48 1a 96 e0 84 09 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:37.187180: | 21 20 22 20 00 00 00 00 00 00 01 b5 22 00 00 28 Sep 21 07:25:37.187182: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:25:37.187184: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:25:37.187186: | 04 00 00 0e 28 00 01 08 00 0e 00 00 b4 54 21 0c Sep 21 07:25:37.187188: | 4e f3 a4 a2 2f 9b 97 74 63 62 1d de 29 60 19 41 Sep 21 07:25:37.187191: | 73 d5 2b d5 ca 41 ad 6b 08 db d6 24 0a e3 7a 7b Sep 21 07:25:37.187193: | 42 64 1a fe 5f 3b f7 4d 62 80 7f 4f 6d 80 c8 39 Sep 21 07:25:37.187195: | 13 bc 65 64 22 0d 8c ca 21 48 9a 9c 3c c6 e9 a4 Sep 21 07:25:37.187198: | 33 37 1c e3 0b 58 eb 28 6d f9 b9 b5 8a f7 92 24 Sep 21 07:25:37.187200: | b7 be ca 67 88 b0 3b 52 0d 88 99 3b c9 05 0b 2b Sep 21 07:25:37.187202: | 85 c8 85 9d 51 2f 48 10 4f 76 df 62 0d 1c d3 41 Sep 21 07:25:37.187204: | 13 07 81 2b 67 7a 44 31 3a fb 7f 94 f2 33 56 7e Sep 21 07:25:37.187206: | 55 5f 74 44 0c 10 a5 90 88 a2 28 87 75 e8 a7 de Sep 21 07:25:37.187209: | d4 bf 23 cd 51 1b 56 ab db 29 10 48 c4 f4 dc b2 Sep 21 07:25:37.187211: | 68 b8 7d 6e e4 8e 9a 9a c8 6e 5d af 04 18 09 ef Sep 21 07:25:37.187213: | 27 f4 ab 8b 65 de b0 88 70 ea b3 ca 46 f0 92 a4 Sep 21 07:25:37.187215: | e9 39 81 8e 18 b8 9f e3 9d ca 8f b3 b5 8e 5e 01 Sep 21 07:25:37.187217: | 7f c5 f1 9a 96 c8 d1 c7 3d 3d 8c 4f 9c cc 9e 1e Sep 21 07:25:37.187220: | b6 fb bb 0b 8c ae ff 29 43 33 0d b4 14 f2 5a b9 Sep 21 07:25:37.187222: | e3 85 6e 56 ea c5 da a7 7c f5 14 74 29 00 00 24 Sep 21 07:25:37.187224: | c5 a5 e6 06 2c 27 b1 a5 e7 58 e6 c4 c8 ca b8 a6 Sep 21 07:25:37.187227: | 4f a8 d3 c4 75 1e 3b 69 e1 88 a1 96 d4 4e 35 fe Sep 21 07:25:37.187231: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:25:37.187233: | 48 9f d3 72 1b 2a c6 ce 8f e6 37 aa 5c c3 95 85 Sep 21 07:25:37.187236: | f8 58 78 31 26 00 00 1c 00 00 40 05 9a d6 3e 5a Sep 21 07:25:37.187238: | 71 8e d0 9a 10 39 b5 bb 30 be c0 7b 8a b6 91 a2 Sep 21 07:25:37.187240: | 00 00 00 05 04 Sep 21 07:25:37.187244: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:37.187248: | **parse ISAKMP Message: Sep 21 07:25:37.187250: | initiator cookie: Sep 21 07:25:37.187253: | d8 2e 48 1a 96 e0 84 09 Sep 21 07:25:37.187255: | responder cookie: Sep 21 07:25:37.187257: | 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:37.187260: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:37.187263: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:37.187265: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:37.187268: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:37.187270: | Message ID: 0 (0x0) Sep 21 07:25:37.187273: | length: 437 (0x1b5) Sep 21 07:25:37.187276: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:25:37.187279: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Sep 21 07:25:37.187282: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Sep 21 07:25:37.187288: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:37.187293: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:37.187296: | #1 is idle Sep 21 07:25:37.187298: | #1 idle Sep 21 07:25:37.187300: | unpacking clear payload Sep 21 07:25:37.187303: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:37.187306: | ***parse IKEv2 Security Association Payload: Sep 21 07:25:37.187308: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:25:37.187310: | flags: none (0x0) Sep 21 07:25:37.187313: | length: 40 (0x28) Sep 21 07:25:37.187315: | processing payload: ISAKMP_NEXT_v2SA (len=36) Sep 21 07:25:37.187318: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:25:37.187320: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:25:37.187323: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:25:37.187326: | flags: none (0x0) Sep 21 07:25:37.187328: | length: 264 (0x108) Sep 21 07:25:37.187330: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:37.187333: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:25:37.187335: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:25:37.187338: | ***parse IKEv2 Nonce Payload: Sep 21 07:25:37.187340: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:37.187343: | flags: none (0x0) Sep 21 07:25:37.187345: | length: 36 (0x24) Sep 21 07:25:37.187347: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:25:37.187350: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:37.187352: | ***parse IKEv2 Notify Payload: Sep 21 07:25:37.187355: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:37.187357: | flags: none (0x0) Sep 21 07:25:37.187360: | length: 8 (0x8) Sep 21 07:25:37.187362: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:37.187364: | SPI size: 0 (0x0) Sep 21 07:25:37.187367: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:37.187369: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:25:37.187372: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:37.187374: | ***parse IKEv2 Notify Payload: Sep 21 07:25:37.187376: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:37.187379: | flags: none (0x0) Sep 21 07:25:37.187381: | length: 28 (0x1c) Sep 21 07:25:37.187383: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:37.187386: | SPI size: 0 (0x0) Sep 21 07:25:37.187388: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:37.187393: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:25:37.187396: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:37.187398: | ***parse IKEv2 Notify Payload: Sep 21 07:25:37.187401: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) Sep 21 07:25:37.187403: | flags: none (0x0) Sep 21 07:25:37.187405: | length: 28 (0x1c) Sep 21 07:25:37.187408: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:37.187410: | SPI size: 0 (0x0) Sep 21 07:25:37.187412: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:37.187415: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:25:37.187417: | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) Sep 21 07:25:37.187420: | ***parse IKEv2 Certificate Request Payload: Sep 21 07:25:37.187422: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.187425: | flags: none (0x0) Sep 21 07:25:37.187427: | length: 5 (0x5) Sep 21 07:25:37.187430: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:25:37.187432: | processing payload: ISAKMP_NEXT_v2CERTREQ (len=0) Sep 21 07:25:37.187435: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Sep 21 07:25:37.187438: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:25:37.187441: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:25:37.187443: | Now let's proceed with state specific processing Sep 21 07:25:37.187445: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:25:37.187450: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Sep 21 07:25:37.187465: | using existing local IKE proposals for connection north-east (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:37.187469: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Sep 21 07:25:37.187475: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:37.187478: | local proposal 1 type PRF has 2 transforms Sep 21 07:25:37.187480: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:37.187483: | local proposal 1 type DH has 8 transforms Sep 21 07:25:37.187485: | local proposal 1 type ESN has 0 transforms Sep 21 07:25:37.187489: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:25:37.187491: | local proposal 2 type ENCR has 1 transforms Sep 21 07:25:37.187494: | local proposal 2 type PRF has 2 transforms Sep 21 07:25:37.187496: | local proposal 2 type INTEG has 1 transforms Sep 21 07:25:37.187498: | local proposal 2 type DH has 8 transforms Sep 21 07:25:37.187501: | local proposal 2 type ESN has 0 transforms Sep 21 07:25:37.187504: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:25:37.187506: | local proposal 3 type ENCR has 1 transforms Sep 21 07:25:37.187508: | local proposal 3 type PRF has 2 transforms Sep 21 07:25:37.187511: | local proposal 3 type INTEG has 2 transforms Sep 21 07:25:37.187513: | local proposal 3 type DH has 8 transforms Sep 21 07:25:37.187516: | local proposal 3 type ESN has 0 transforms Sep 21 07:25:37.187519: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:25:37.187521: | local proposal 4 type ENCR has 1 transforms Sep 21 07:25:37.187524: | local proposal 4 type PRF has 2 transforms Sep 21 07:25:37.187526: | local proposal 4 type INTEG has 2 transforms Sep 21 07:25:37.187529: | local proposal 4 type DH has 8 transforms Sep 21 07:25:37.187533: | local proposal 4 type ESN has 0 transforms Sep 21 07:25:37.187536: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:25:37.187539: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.187541: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:37.187543: | length: 36 (0x24) Sep 21 07:25:37.187546: | prop #: 1 (0x1) Sep 21 07:25:37.187548: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:37.187551: | spi size: 0 (0x0) Sep 21 07:25:37.187553: | # transforms: 3 (0x3) Sep 21 07:25:37.187556: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:25:37.187560: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.187562: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.187564: | length: 12 (0xc) Sep 21 07:25:37.187567: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.187569: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:37.187572: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.187574: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.187577: | length/value: 256 (0x100) Sep 21 07:25:37.187581: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:37.187584: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.187586: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.187589: | length: 8 (0x8) Sep 21 07:25:37.187591: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:37.187594: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:37.187597: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:25:37.187600: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.187603: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.187605: | length: 8 (0x8) Sep 21 07:25:37.187607: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.187610: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:37.187613: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:25:37.187617: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:25:37.187621: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:25:37.187624: | remote proposal 1 matches local proposal 1 Sep 21 07:25:37.187627: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Sep 21 07:25:37.187629: | converting proposal to internal trans attrs Sep 21 07:25:37.187642: | natd_hash: hasher=0x55d6a76de7a0(20) Sep 21 07:25:37.187646: | natd_hash: icookie= d8 2e 48 1a 96 e0 84 09 Sep 21 07:25:37.187648: | natd_hash: rcookie= 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:37.187650: | natd_hash: ip= c0 01 03 21 Sep 21 07:25:37.187652: | natd_hash: port= 01 f4 Sep 21 07:25:37.187655: | natd_hash: hash= 9a d6 3e 5a 71 8e d0 9a 10 39 b5 bb 30 be c0 7b Sep 21 07:25:37.187657: | natd_hash: hash= 8a b6 91 a2 Sep 21 07:25:37.187664: | natd_hash: hasher=0x55d6a76de7a0(20) Sep 21 07:25:37.187667: | natd_hash: icookie= d8 2e 48 1a 96 e0 84 09 Sep 21 07:25:37.187669: | natd_hash: rcookie= 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:37.187671: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:37.187673: | natd_hash: port= 01 f4 Sep 21 07:25:37.187675: | natd_hash: hash= 48 9f d3 72 1b 2a c6 ce 8f e6 37 aa 5c c3 95 85 Sep 21 07:25:37.187677: | natd_hash: hash= f8 58 78 31 Sep 21 07:25:37.187679: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:25:37.187682: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:25:37.187684: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:25:37.187687: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:25:37.187693: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:25:37.187699: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Sep 21 07:25:37.187702: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:25:37.187704: | #1 STATE_PARENT_I1: retransmits: cleared Sep 21 07:25:37.187708: | libevent_free: release ptr-libevent@0x55d6a934faa0 Sep 21 07:25:37.187710: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55d6a934fe50 Sep 21 07:25:37.187713: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55d6a934fe50 Sep 21 07:25:37.187717: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:25:37.187720: | libevent_malloc: new ptr-libevent@0x55d6a934faa0 size 128 Sep 21 07:25:37.187730: | #1 spent 0.279 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Sep 21 07:25:37.187731: | crypto helper 5 resuming Sep 21 07:25:37.187736: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:37.187742: | crypto helper 5 starting work-order 2 for state #1 Sep 21 07:25:37.187748: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Sep 21 07:25:37.187754: | crypto helper 5 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Sep 21 07:25:37.187758: | suspending state #1 and saving MD Sep 21 07:25:37.187766: | #1 is busy; has a suspended MD Sep 21 07:25:37.187771: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:37.187775: | "north-east" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:37.187779: | stop processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:37.187787: | #1 spent 0.615 milliseconds in ikev2_process_packet() Sep 21 07:25:37.187793: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:37.187797: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:37.187799: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:37.187804: | spent 0.632 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:37.188700: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:25:37.189143: | crypto helper 5 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001389 seconds Sep 21 07:25:37.189155: | (#1) spent 1.38 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Sep 21 07:25:37.189159: | crypto helper 5 sending results from work-order 2 for state #1 to event queue Sep 21 07:25:37.189162: | scheduling resume sending helper answer for #1 Sep 21 07:25:37.189165: | libevent_malloc: new ptr-libevent@0x7f9bd4006b90 size 128 Sep 21 07:25:37.189172: | crypto helper 5 waiting (nothing to do) Sep 21 07:25:37.189181: | processing resume sending helper answer for #1 Sep 21 07:25:37.189191: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:37.189196: | crypto helper 5 replies to request ID 2 Sep 21 07:25:37.189199: | calling continuation function 0x55d6a7608630 Sep 21 07:25:37.189207: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Sep 21 07:25:37.189213: | creating state object #2 at 0x55d6a9354150 Sep 21 07:25:37.189216: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:25:37.189220: | pstats #2 ikev2.child started Sep 21 07:25:37.189223: | duplicating state object #1 "north-east" as #2 for IPSEC SA Sep 21 07:25:37.189228: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:25:37.189234: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:37.189240: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Sep 21 07:25:37.189250: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Sep 21 07:25:37.189254: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:37.189257: | libevent_free: release ptr-libevent@0x55d6a934faa0 Sep 21 07:25:37.189260: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55d6a934fe50 Sep 21 07:25:37.189264: | event_schedule: new EVENT_SA_REPLACE-pe@0x55d6a934fe50 Sep 21 07:25:37.189267: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Sep 21 07:25:37.189270: | libevent_malloc: new ptr-libevent@0x55d6a934faa0 size 128 Sep 21 07:25:37.189274: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Sep 21 07:25:37.189280: | **emit ISAKMP Message: Sep 21 07:25:37.189283: | initiator cookie: Sep 21 07:25:37.189285: | d8 2e 48 1a 96 e0 84 09 Sep 21 07:25:37.189288: | responder cookie: Sep 21 07:25:37.189290: | 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:37.189293: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:37.189296: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:37.189298: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:37.189301: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:37.189304: | Message ID: 1 (0x1) Sep 21 07:25:37.189307: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:37.189310: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:37.189313: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.189315: | flags: none (0x0) Sep 21 07:25:37.189318: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:37.189321: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.189325: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:37.189333: | IKEv2 CERT: send a certificate? Sep 21 07:25:37.189336: | IKEv2 CERT: no certificate to send Sep 21 07:25:37.189339: | IDr payload will be sent Sep 21 07:25:37.189356: | ****emit IKEv2 Identification - Initiator - Payload: Sep 21 07:25:37.189360: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.189362: | flags: none (0x0) Sep 21 07:25:37.189365: | ID type: ID_FQDN (0x2) Sep 21 07:25:37.189369: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Sep 21 07:25:37.189372: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.189375: | emitting 5 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Sep 21 07:25:37.189378: | my identity 6e 6f 72 74 68 Sep 21 07:25:37.189380: | emitting length of IKEv2 Identification - Initiator - Payload: 13 Sep 21 07:25:37.189390: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:25:37.189393: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:25:37.189396: | flags: none (0x0) Sep 21 07:25:37.189398: | ID type: ID_FQDN (0x2) Sep 21 07:25:37.189401: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Sep 21 07:25:37.189405: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:25:37.189408: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.189411: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Sep 21 07:25:37.189413: | IDr 65 61 73 74 Sep 21 07:25:37.189418: | emitting length of IKEv2 Identification - Responder - Payload: 12 Sep 21 07:25:37.189421: | not sending INITIAL_CONTACT Sep 21 07:25:37.189424: | ****emit IKEv2 Authentication Payload: Sep 21 07:25:37.189427: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.189429: | flags: none (0x0) Sep 21 07:25:37.189432: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:25:37.189435: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:25:37.189438: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.189444: | started looking for secret for @north->@east of kind PKK_RSA Sep 21 07:25:37.189447: | actually looking for secret for @north->@east of kind PKK_RSA Sep 21 07:25:37.189451: | line 1: key type PKK_RSA(@north) to type PKK_RSA Sep 21 07:25:37.189455: | 1: compared key (none) to @north / @east -> 002 Sep 21 07:25:37.189459: | 2: compared key (none) to @north / @east -> 002 Sep 21 07:25:37.189461: | line 1: match=002 Sep 21 07:25:37.189464: | match 002 beats previous best_match 000 match=0x55d6a9342330 (line=1) Sep 21 07:25:37.189467: | concluding with best_match=002 best=0x55d6a9342330 (lineno=1) Sep 21 07:25:37.205792: | #1 spent 4.92 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Sep 21 07:25:37.205808: | emitting 274 raw bytes of rsa signature into IKEv2 Authentication Payload Sep 21 07:25:37.205813: | rsa signature 09 34 a0 b9 18 a5 27 27 4e 11 c6 61 48 34 54 02 Sep 21 07:25:37.205815: | rsa signature 3f e9 8d e2 92 54 43 ca a5 b2 4f dc f9 83 4e 87 Sep 21 07:25:37.205817: | rsa signature d8 c0 53 86 c3 ec 13 be d8 87 77 10 81 15 07 0b Sep 21 07:25:37.205820: | rsa signature 94 5d 03 2b 71 d3 a9 26 bc fb 4c 4a e6 f0 19 f5 Sep 21 07:25:37.205822: | rsa signature 50 b0 0e 70 f8 5f 0c 0b 95 6f cc 7d 52 70 e2 3e Sep 21 07:25:37.205824: | rsa signature 5d 37 1f 68 91 a5 0b 0e 3b 3d c8 d1 3d 2f ec 38 Sep 21 07:25:37.205827: | rsa signature ce d2 46 6f 3b a6 56 3b 10 1b 41 91 1b 92 af d1 Sep 21 07:25:37.205829: | rsa signature 13 cf 5e dd f7 43 a2 f2 1b 6c 33 fb 0e db 86 5c Sep 21 07:25:37.205831: | rsa signature a8 3a eb a9 18 7d f5 f7 53 24 17 0c a6 07 36 27 Sep 21 07:25:37.205833: | rsa signature e0 fd e6 c9 83 bc d9 b8 1d 60 aa 97 09 e1 3b 5b Sep 21 07:25:37.205836: | rsa signature 60 0d 81 ca 37 7a 0f 89 e1 89 16 7a bf 19 8c fb Sep 21 07:25:37.205838: | rsa signature 78 38 74 11 ca fb 57 5a 49 c4 81 97 31 df 1b b6 Sep 21 07:25:37.205840: | rsa signature cd c2 65 1d 58 14 1f 91 cf b2 29 d0 d9 a5 15 76 Sep 21 07:25:37.205842: | rsa signature 64 de 59 08 39 0a c5 a3 90 c8 2e 23 ea 4c 3a 89 Sep 21 07:25:37.205845: | rsa signature ed 94 04 f9 2d 48 ba d0 21 79 d5 d1 e9 be 38 10 Sep 21 07:25:37.205847: | rsa signature 46 3a 6a 01 0e f8 56 5d 09 fd f4 7a b9 60 2f 0f Sep 21 07:25:37.205849: | rsa signature 9f 13 b1 c4 9d 70 6b 1e b3 c3 05 bd 25 79 72 08 Sep 21 07:25:37.205851: | rsa signature d4 a4 Sep 21 07:25:37.205856: | #1 spent 5.03 milliseconds in ikev2_calculate_rsa_hash() Sep 21 07:25:37.205859: | emitting length of IKEv2 Authentication Payload: 282 Sep 21 07:25:37.205862: | getting first pending from state #1 Sep 21 07:25:37.205882: | netlink_get_spi: allocated 0x5bc2db8c for esp.0@192.1.3.33 Sep 21 07:25:37.205887: | constructing ESP/AH proposals with all DH removed for north-east (IKE SA initiator emitting ESP/AH proposals) Sep 21 07:25:37.205894: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:25:37.205901: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:25:37.205905: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:25:37.205909: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:25:37.205912: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:37.205916: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:37.205924: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:37.205928: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:37.205937: "north-east": constructed local ESP/AH proposals for north-east (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:37.205941: | Emitting ikev2_proposals ... Sep 21 07:25:37.205944: | ****emit IKEv2 Security Association Payload: Sep 21 07:25:37.205947: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.205950: | flags: none (0x0) Sep 21 07:25:37.205954: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:37.205957: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.205960: | discarding INTEG=NONE Sep 21 07:25:37.205962: | discarding DH=NONE Sep 21 07:25:37.205964: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.205966: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:37.205969: | prop #: 1 (0x1) Sep 21 07:25:37.205971: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:37.205973: | spi size: 4 (0x4) Sep 21 07:25:37.205975: | # transforms: 2 (0x2) Sep 21 07:25:37.205979: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:37.205982: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:37.205984: | our spi 5b c2 db 8c Sep 21 07:25:37.205987: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.205989: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.205992: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.205994: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:37.205997: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.206000: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.206002: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.206005: | length/value: 256 (0x100) Sep 21 07:25:37.206008: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:37.206010: | discarding INTEG=NONE Sep 21 07:25:37.206012: | discarding DH=NONE Sep 21 07:25:37.206014: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.206017: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.206019: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:37.206021: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:37.206024: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.206027: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.206030: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.206032: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:25:37.206035: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:37.206037: | discarding INTEG=NONE Sep 21 07:25:37.206039: | discarding DH=NONE Sep 21 07:25:37.206042: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.206044: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:37.206047: | prop #: 2 (0x2) Sep 21 07:25:37.206051: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:37.206054: | spi size: 4 (0x4) Sep 21 07:25:37.206056: | # transforms: 2 (0x2) Sep 21 07:25:37.206059: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:37.206062: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:37.206065: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:37.206067: | our spi 5b c2 db 8c Sep 21 07:25:37.206070: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.206072: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.206075: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.206077: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:37.206080: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.206082: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.206085: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.206087: | length/value: 128 (0x80) Sep 21 07:25:37.206090: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:37.206092: | discarding INTEG=NONE Sep 21 07:25:37.206094: | discarding DH=NONE Sep 21 07:25:37.206096: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.206099: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.206101: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:37.206104: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:37.206106: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.206109: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.206112: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.206114: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:25:37.206117: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:37.206119: | discarding DH=NONE Sep 21 07:25:37.206122: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.206124: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:37.206126: | prop #: 3 (0x3) Sep 21 07:25:37.206129: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:37.206131: | spi size: 4 (0x4) Sep 21 07:25:37.206133: | # transforms: 4 (0x4) Sep 21 07:25:37.206136: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:37.206139: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:37.206142: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:37.206144: | our spi 5b c2 db 8c Sep 21 07:25:37.206146: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.206149: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.206151: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.206153: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:37.206156: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.206159: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.206161: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.206164: | length/value: 256 (0x100) Sep 21 07:25:37.206166: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:37.206169: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.206173: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.206176: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:37.206178: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:37.206181: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.206184: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.206186: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.206189: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.206191: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.206193: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:37.206196: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:37.206199: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.206201: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.206204: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.206206: | discarding DH=NONE Sep 21 07:25:37.206208: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.206211: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.206213: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:37.206216: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:37.206219: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.206221: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.206223: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.206225: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:25:37.206228: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:37.206230: | discarding DH=NONE Sep 21 07:25:37.206232: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.206234: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:37.206236: | prop #: 4 (0x4) Sep 21 07:25:37.206239: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:37.206241: | spi size: 4 (0x4) Sep 21 07:25:37.206243: | # transforms: 4 (0x4) Sep 21 07:25:37.206246: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:37.206248: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:37.206250: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:37.206252: | our spi 5b c2 db 8c Sep 21 07:25:37.206253: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.206255: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.206257: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.206259: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:37.206261: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.206263: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.206265: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.206266: | length/value: 128 (0x80) Sep 21 07:25:37.206268: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:37.206270: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.206272: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.206274: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:37.206278: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:37.206281: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.206283: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.206286: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.206288: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.206290: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.206293: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:37.206295: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:37.206298: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.206300: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.206303: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.206305: | discarding DH=NONE Sep 21 07:25:37.206307: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.206310: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.206312: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:37.206314: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:37.206317: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.206320: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.206322: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.206325: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:25:37.206327: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:37.206330: | emitting length of IKEv2 Security Association Payload: 164 Sep 21 07:25:37.206332: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:37.206336: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:37.206339: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.206341: | flags: none (0x0) Sep 21 07:25:37.206344: | number of TS: 1 (0x1) Sep 21 07:25:37.206347: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:25:37.206350: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.206352: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:37.206355: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:37.206357: | IP Protocol ID: 0 (0x0) Sep 21 07:25:37.206360: | start port: 0 (0x0) Sep 21 07:25:37.206362: | end port: 65535 (0xffff) Sep 21 07:25:37.206365: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:37.206367: | IP start c0 00 03 fe Sep 21 07:25:37.206370: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:37.206372: | IP end c0 00 03 fe Sep 21 07:25:37.206374: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:37.206377: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:25:37.206380: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:37.206382: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.206385: | flags: none (0x0) Sep 21 07:25:37.206387: | number of TS: 1 (0x1) Sep 21 07:25:37.206390: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:25:37.206398: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.206401: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:37.206403: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:37.206406: | IP Protocol ID: 0 (0x0) Sep 21 07:25:37.206408: | start port: 0 (0x0) Sep 21 07:25:37.206410: | end port: 65535 (0xffff) Sep 21 07:25:37.206413: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:37.206415: | IP start c0 00 02 00 Sep 21 07:25:37.206418: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:37.206420: | IP end c0 00 02 ff Sep 21 07:25:37.206422: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:37.206425: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:25:37.206427: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:25:37.206430: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:25:37.206433: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:37.206437: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:37.206440: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:37.206442: | emitting length of IKEv2 Encryption Payload: 548 Sep 21 07:25:37.206445: | emitting length of ISAKMP Message: 576 Sep 21 07:25:37.206449: | **parse ISAKMP Message: Sep 21 07:25:37.206452: | initiator cookie: Sep 21 07:25:37.206454: | d8 2e 48 1a 96 e0 84 09 Sep 21 07:25:37.206456: | responder cookie: Sep 21 07:25:37.206458: | 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:37.206461: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:37.206463: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:37.206466: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:37.206468: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:37.206471: | Message ID: 1 (0x1) Sep 21 07:25:37.206473: | length: 576 (0x240) Sep 21 07:25:37.206475: | **parse IKEv2 Encryption Payload: Sep 21 07:25:37.206478: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:25:37.206481: | flags: none (0x0) Sep 21 07:25:37.206483: | length: 548 (0x224) Sep 21 07:25:37.206485: | **emit ISAKMP Message: Sep 21 07:25:37.206487: | initiator cookie: Sep 21 07:25:37.206490: | d8 2e 48 1a 96 e0 84 09 Sep 21 07:25:37.206492: | responder cookie: Sep 21 07:25:37.206494: | 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:37.206496: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:37.206499: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:37.206501: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:37.206504: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:37.206506: | Message ID: 1 (0x1) Sep 21 07:25:37.206509: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:37.206511: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:25:37.206514: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:25:37.206516: | flags: none (0x0) Sep 21 07:25:37.206519: | fragment number: 1 (0x1) Sep 21 07:25:37.206521: | total fragments: 2 (0x2) Sep 21 07:25:37.206524: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi Sep 21 07:25:37.206527: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:25:37.206530: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:25:37.206533: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:25:37.206542: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:25:37.206548: | cleartext fragment 24 00 00 0d 02 00 00 00 6e 6f 72 74 68 27 00 00 Sep 21 07:25:37.206551: | cleartext fragment 0c 02 00 00 00 65 61 73 74 21 00 01 1a 01 00 00 Sep 21 07:25:37.206553: | cleartext fragment 00 09 34 a0 b9 18 a5 27 27 4e 11 c6 61 48 34 54 Sep 21 07:25:37.206555: | cleartext fragment 02 3f e9 8d e2 92 54 43 ca a5 b2 4f dc f9 83 4e Sep 21 07:25:37.206557: | cleartext fragment 87 d8 c0 53 86 c3 ec 13 be d8 87 77 10 81 15 07 Sep 21 07:25:37.206560: | cleartext fragment 0b 94 5d 03 2b 71 d3 a9 26 bc fb 4c 4a e6 f0 19 Sep 21 07:25:37.206562: | cleartext fragment f5 50 b0 0e 70 f8 5f 0c 0b 95 6f cc 7d 52 70 e2 Sep 21 07:25:37.206564: | cleartext fragment 3e 5d 37 1f 68 91 a5 0b 0e 3b 3d c8 d1 3d 2f ec Sep 21 07:25:37.206567: | cleartext fragment 38 ce d2 46 6f 3b a6 56 3b 10 1b 41 91 1b 92 af Sep 21 07:25:37.206569: | cleartext fragment d1 13 cf 5e dd f7 43 a2 f2 1b 6c 33 fb 0e db 86 Sep 21 07:25:37.206571: | cleartext fragment 5c a8 3a eb a9 18 7d f5 f7 53 24 17 0c a6 07 36 Sep 21 07:25:37.206573: | cleartext fragment 27 e0 fd e6 c9 83 bc d9 b8 1d 60 aa 97 09 e1 3b Sep 21 07:25:37.206576: | cleartext fragment 5b 60 0d 81 ca 37 7a 0f 89 e1 89 16 7a bf 19 8c Sep 21 07:25:37.206578: | cleartext fragment fb 78 38 74 11 ca fb 57 5a 49 c4 81 97 31 df 1b Sep 21 07:25:37.206580: | cleartext fragment b6 cd c2 65 1d 58 14 1f 91 cf b2 29 d0 d9 a5 15 Sep 21 07:25:37.206583: | cleartext fragment 76 64 de 59 08 39 0a c5 a3 90 c8 2e 23 ea 4c 3a Sep 21 07:25:37.206585: | cleartext fragment 89 ed 94 04 f9 2d 48 ba d0 21 79 d5 d1 e9 be 38 Sep 21 07:25:37.206587: | cleartext fragment 10 46 3a 6a 01 0e f8 56 5d 09 fd f4 7a b9 60 2f Sep 21 07:25:37.206590: | cleartext fragment 0f 9f 13 b1 c4 9d 70 6b 1e b3 c3 05 bd 25 79 72 Sep 21 07:25:37.206592: | cleartext fragment 08 d4 a4 2c 00 00 a4 02 00 00 20 01 03 04 02 5b Sep 21 07:25:37.206594: | cleartext fragment c2 db 8c 03 00 00 0c 01 00 00 14 80 0e 01 00 00 Sep 21 07:25:37.206596: | cleartext fragment 00 00 08 05 00 00 00 02 00 00 20 02 03 04 02 5b Sep 21 07:25:37.206599: | cleartext fragment c2 db 8c 03 00 00 0c 01 00 00 14 80 0e 00 80 00 Sep 21 07:25:37.206601: | cleartext fragment 00 00 08 05 00 00 00 02 00 00 30 03 03 04 04 5b Sep 21 07:25:37.206603: | cleartext fragment c2 db 8c 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 Sep 21 07:25:37.206605: | cleartext fragment 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00 Sep 21 07:25:37.206608: | cleartext fragment 00 00 08 05 00 00 00 00 00 00 30 04 03 04 04 5b Sep 21 07:25:37.206610: | cleartext fragment c2 db 8c 03 00 00 0c 01 00 00 0c 80 0e 00 80 03 Sep 21 07:25:37.206613: | cleartext fragment 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00 Sep 21 07:25:37.206615: | cleartext fragment 00 00 08 05 00 00 00 2d 00 00 18 01 00 00 Sep 21 07:25:37.206617: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:37.206620: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:25:37.206623: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:25:37.206625: | emitting length of IKEv2 Encrypted Fragment: 511 Sep 21 07:25:37.206628: | emitting length of ISAKMP Message: 539 Sep 21 07:25:37.206644: | **emit ISAKMP Message: Sep 21 07:25:37.206648: | initiator cookie: Sep 21 07:25:37.206650: | d8 2e 48 1a 96 e0 84 09 Sep 21 07:25:37.206652: | responder cookie: Sep 21 07:25:37.206654: | 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:37.206657: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:37.206659: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:37.206662: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:37.206664: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:37.206666: | Message ID: 1 (0x1) Sep 21 07:25:37.206669: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:37.206673: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:25:37.206676: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.206679: | flags: none (0x0) Sep 21 07:25:37.206681: | fragment number: 2 (0x2) Sep 21 07:25:37.206683: | total fragments: 2 (0x2) Sep 21 07:25:37.206686: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Sep 21 07:25:37.206689: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:25:37.206692: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:25:37.206694: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:25:37.206703: | emitting 41 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:25:37.206705: | cleartext fragment 00 07 00 00 10 00 00 ff ff c0 00 03 fe c0 00 03 Sep 21 07:25:37.206708: | cleartext fragment fe 00 00 00 18 01 00 00 00 07 00 00 10 00 00 ff Sep 21 07:25:37.206710: | cleartext fragment ff c0 00 02 00 c0 00 02 ff Sep 21 07:25:37.206713: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:37.206716: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:25:37.206718: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:25:37.206721: | emitting length of IKEv2 Encrypted Fragment: 74 Sep 21 07:25:37.206723: | emitting length of ISAKMP Message: 102 Sep 21 07:25:37.206735: | suspend processing: state #1 connection "north-east" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:37.206741: | start processing: state #2 connection "north-east" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:37.206746: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Sep 21 07:25:37.206749: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Sep 21 07:25:37.206752: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Sep 21 07:25:37.206755: | Message ID: updating counters for #2 to 0 after switching state Sep 21 07:25:37.206760: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Sep 21 07:25:37.206766: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Sep 21 07:25:37.206771: "north-east" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:25:37.206776: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:25:37.206779: | sending fragments ... Sep 21 07:25:37.206789: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:37.206795: | d8 2e 48 1a 96 e0 84 09 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:37.206797: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Sep 21 07:25:37.206799: | 00 01 00 02 b9 d5 21 1e 31 4d 00 68 54 19 52 74 Sep 21 07:25:37.206801: | b7 e9 37 c0 37 4b 2a a9 45 f5 37 1a bc 85 c0 80 Sep 21 07:25:37.206803: | c6 e0 5f 0b af 02 83 65 54 9b c1 83 8b 7a 46 c0 Sep 21 07:25:37.206805: | bd eb d5 3d 6c bd 13 26 e2 8c 90 57 c3 8c c7 57 Sep 21 07:25:37.206807: | 13 10 d8 03 d1 83 31 42 dc f7 84 6a d3 6a 51 e5 Sep 21 07:25:37.206809: | 11 83 42 87 70 6b 7c 40 f7 0e 04 1c e8 77 fd 53 Sep 21 07:25:37.206811: | 86 b7 dc eb d4 f1 7b 5e 9b 4d 25 1b 6b 2f 90 23 Sep 21 07:25:37.206813: | 43 10 6b 3d 3a 1d 4a a8 fd ca 43 51 f5 24 ce 36 Sep 21 07:25:37.206815: | 17 88 2e 41 d3 f8 ce 36 78 91 25 86 20 8f 1a a3 Sep 21 07:25:37.206817: | fc fd c8 07 31 dd e0 8f fd 5d 63 55 1e 9d 4b d4 Sep 21 07:25:37.206821: | be 1b b9 b3 29 b6 90 0c d2 48 b6 ce cb 34 86 fa Sep 21 07:25:37.206824: | 53 46 98 3e f9 47 2f d2 ca 77 dc 13 0c 1a 42 0d Sep 21 07:25:37.206826: | b3 2d bb f3 51 a4 c9 21 52 dc 3d f8 01 e9 44 fa Sep 21 07:25:37.206828: | da 67 63 cd 92 53 35 2c 59 76 17 e3 0d 1c 85 63 Sep 21 07:25:37.206830: | b7 f5 bb e4 11 81 d7 3b 54 df 38 b7 58 46 f7 d1 Sep 21 07:25:37.206832: | d1 d8 16 3b d3 98 2a 41 9b 36 59 4b a3 5f b4 a0 Sep 21 07:25:37.206834: | ce 56 a0 62 7d fc d1 d5 d6 f5 23 65 d5 57 07 e4 Sep 21 07:25:37.206836: | 5e 41 58 75 d3 4e d0 3b a1 53 72 d4 70 2d ed 5f Sep 21 07:25:37.206838: | a9 36 6a 90 5f 4f 74 c9 ad 62 96 a4 39 20 e5 b5 Sep 21 07:25:37.206840: | 43 2d 9b f2 62 7a 86 33 1c 9d 57 71 70 90 58 6c Sep 21 07:25:37.206842: | e0 8c df 7a 51 07 4d 93 27 08 22 43 1d 89 7f 4e Sep 21 07:25:37.206845: | 2c 07 bb 6d 94 e5 ee 84 11 1c c6 47 9f ea 19 fa Sep 21 07:25:37.206847: | 20 cf 1d d4 49 18 0b 8e 08 39 58 e8 61 2e 63 d1 Sep 21 07:25:37.206849: | 7e 72 8b 1d 3d 16 9a c5 5f 7d c7 91 98 1e de 40 Sep 21 07:25:37.206851: | c9 ce 68 f3 bf 70 55 4a 5c 83 bf 20 60 23 73 e1 Sep 21 07:25:37.206853: | 7d 18 d7 94 3a ea a9 1a ca 33 62 53 b3 fe a4 41 Sep 21 07:25:37.206855: | 03 77 5d 56 eb 76 43 f4 da f2 c2 df 9a 70 91 b1 Sep 21 07:25:37.206857: | fa db 0e a7 96 07 c5 e1 7e 41 86 c8 30 05 45 c7 Sep 21 07:25:37.206859: | 9c f6 a8 fb 71 6f 65 94 b9 e7 35 00 89 ee 70 e9 Sep 21 07:25:37.206861: | 5c c8 0a ab 38 1a 35 7f 07 c8 a9 32 87 da 8b ca Sep 21 07:25:37.206863: | 08 c7 b0 df a4 07 8a a3 d1 9e 77 a5 54 ae 6d 7d Sep 21 07:25:37.206865: | 39 fc 01 23 23 fe 5b ce 48 4d 8a Sep 21 07:25:37.207172: | sending 102 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:37.207177: | d8 2e 48 1a 96 e0 84 09 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:37.207180: | 35 20 23 08 00 00 00 01 00 00 00 66 00 00 00 4a Sep 21 07:25:37.207183: | 00 02 00 02 7b 88 8f a3 8a 48 d7 54 67 8f 67 40 Sep 21 07:25:37.207186: | b3 df 6c 6f 31 81 9a cb 5a 25 55 c2 4e 02 90 5b Sep 21 07:25:37.207188: | eb 32 c1 61 6c d0 bb 90 e7 02 51 4a cb 4b 2f cf Sep 21 07:25:37.207191: | c0 ea 7d 3e 55 c4 49 79 53 ec 17 56 9a 61 85 80 Sep 21 07:25:37.207193: | 1b 7e 63 c6 41 77 Sep 21 07:25:37.218258: | sent 2 fragments Sep 21 07:25:37.218270: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:25:37.218275: | event_schedule: new EVENT_RETRANSMIT-pe@0x55d6a9351480 Sep 21 07:25:37.218279: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Sep 21 07:25:37.218283: | libevent_malloc: new ptr-libevent@0x7f9bdc006900 size 128 Sep 21 07:25:37.218290: | #2 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49383.586538 Sep 21 07:25:37.218295: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:25:37.218300: | #1 spent 1.14 milliseconds Sep 21 07:25:37.218303: | #1 spent 6.42 milliseconds in resume sending helper answer Sep 21 07:25:37.218309: | stop processing: state #2 connection "north-east" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:37.218313: | libevent_free: release ptr-libevent@0x7f9bd4006b90 Sep 21 07:25:37.239657: | spent 0.00313 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:37.239679: | *received 435 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:37.239683: | d8 2e 48 1a 96 e0 84 09 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:37.239686: | 2e 20 23 20 00 00 00 01 00 00 01 b3 24 00 01 97 Sep 21 07:25:37.239688: | be 1a 85 17 77 92 38 25 7a 9d 5d fc 65 e4 e0 ba Sep 21 07:25:37.239691: | 5d 13 cf 57 12 ec f7 a8 98 25 28 b3 7e c5 5a 0c Sep 21 07:25:37.239694: | 21 2b 22 cc 2c 3d f5 0e b9 cb 2c b7 5f 25 bc 06 Sep 21 07:25:37.239696: | df bf b6 e4 e3 a7 b2 1e 83 d8 dd ce 7a c1 a0 5b Sep 21 07:25:37.239698: | d1 ee e3 cc 2f 33 67 91 84 33 50 fe a9 39 84 d7 Sep 21 07:25:37.239704: | 34 44 4b ca a5 bd 59 6f 58 d0 f8 15 0e 4e fe 53 Sep 21 07:25:37.239707: | cd 70 b5 1c 11 11 0c 33 2c b3 7d 86 ce 1b 8d 5c Sep 21 07:25:37.239709: | 79 7f 46 9a ee b2 2b f8 ee 6b 32 42 a4 fe 8a 16 Sep 21 07:25:37.239711: | e2 69 47 a3 4f 30 06 64 0f de 78 ee b7 77 46 da Sep 21 07:25:37.239714: | fa 47 80 97 c6 9d 7c 2d 85 08 0b 32 69 fa cd f3 Sep 21 07:25:37.239716: | ee 33 32 22 1c 8b ea 40 29 fa 3f 93 de 41 68 47 Sep 21 07:25:37.239719: | aa 21 97 86 c9 3b f3 06 3a 3c f7 a4 dc 6c fd 89 Sep 21 07:25:37.239721: | f4 bb 69 f0 8f a7 65 a2 2d ce 29 bf 69 18 dd a1 Sep 21 07:25:37.239723: | a4 c2 48 04 de 67 db da 15 8a 13 12 0b c5 25 0c Sep 21 07:25:37.239726: | ca ca b0 bc 1f b9 7d 57 78 9f 53 78 30 05 59 37 Sep 21 07:25:37.239728: | 93 f4 8f 8f 11 62 4a 2d 21 eb 36 47 30 ae a1 de Sep 21 07:25:37.239731: | da 9a 71 3a 6d e8 cf dc c4 d0 15 88 0c 3e 41 21 Sep 21 07:25:37.239733: | 06 52 d0 c3 d6 21 b5 f5 05 81 d3 25 64 c6 d9 d8 Sep 21 07:25:37.239735: | 9c 19 10 d0 56 94 1b 34 30 71 e9 fc 4e c4 c5 21 Sep 21 07:25:37.239738: | 16 9a c5 4b 28 35 d1 b9 2a 7c 92 61 10 fd 91 06 Sep 21 07:25:37.239740: | 4e 44 eb 11 9a 3b 9a ae d4 67 a8 32 87 1e 06 4a Sep 21 07:25:37.239742: | 6f b9 dd 3b b4 0e 68 65 b8 34 ae 3a 24 a1 13 10 Sep 21 07:25:37.239745: | 17 76 f5 ae f0 c1 1e 1a 1d df 9c f0 26 f6 51 31 Sep 21 07:25:37.239747: | 55 1d ba c6 8b d6 6a 23 02 03 be 78 16 f4 ff e7 Sep 21 07:25:37.239750: | d1 da 54 1d d0 19 55 87 51 d7 1c 4b 61 5f fa 27 Sep 21 07:25:37.239752: | 79 f8 02 Sep 21 07:25:37.239757: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:37.239761: | **parse ISAKMP Message: Sep 21 07:25:37.239764: | initiator cookie: Sep 21 07:25:37.239766: | d8 2e 48 1a 96 e0 84 09 Sep 21 07:25:37.239769: | responder cookie: Sep 21 07:25:37.239771: | 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:37.239774: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:37.239776: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:37.239779: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:37.239782: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:37.239793: | Message ID: 1 (0x1) Sep 21 07:25:37.239796: | length: 435 (0x1b3) Sep 21 07:25:37.239799: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:25:37.239802: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:25:37.239807: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:25:37.239814: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:37.239817: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:25:37.239822: | suspend processing: state #1 connection "north-east" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:37.239827: | start processing: state #2 connection "north-east" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:37.239830: | #2 is idle Sep 21 07:25:37.239832: | #2 idle Sep 21 07:25:37.239835: | unpacking clear payload Sep 21 07:25:37.239838: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:37.239840: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:37.239843: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:25:37.239846: | flags: none (0x0) Sep 21 07:25:37.239849: | length: 407 (0x197) Sep 21 07:25:37.239851: | processing payload: ISAKMP_NEXT_v2SK (len=403) Sep 21 07:25:37.239854: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:25:37.239871: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:25:37.239874: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:25:37.239877: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:25:37.239880: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:25:37.239885: | flags: none (0x0) Sep 21 07:25:37.239888: | length: 12 (0xc) Sep 21 07:25:37.239891: | ID type: ID_FQDN (0x2) Sep 21 07:25:37.239893: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Sep 21 07:25:37.239896: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:25:37.239899: | **parse IKEv2 Authentication Payload: Sep 21 07:25:37.239901: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:37.239904: | flags: none (0x0) Sep 21 07:25:37.239906: | length: 282 (0x11a) Sep 21 07:25:37.239909: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:25:37.239911: | processing payload: ISAKMP_NEXT_v2AUTH (len=274) Sep 21 07:25:37.239914: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:37.239916: | **parse IKEv2 Security Association Payload: Sep 21 07:25:37.239919: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:25:37.239921: | flags: none (0x0) Sep 21 07:25:37.239924: | length: 36 (0x24) Sep 21 07:25:37.239926: | processing payload: ISAKMP_NEXT_v2SA (len=32) Sep 21 07:25:37.239929: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:25:37.239932: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:37.239934: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:25:37.239936: | flags: none (0x0) Sep 21 07:25:37.239939: | length: 24 (0x18) Sep 21 07:25:37.239942: | number of TS: 1 (0x1) Sep 21 07:25:37.239944: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:25:37.239947: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:25:37.239949: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:37.239952: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.239954: | flags: none (0x0) Sep 21 07:25:37.239956: | length: 24 (0x18) Sep 21 07:25:37.239959: | number of TS: 1 (0x1) Sep 21 07:25:37.239961: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:25:37.239964: | selected state microcode Initiator: process IKE_AUTH response Sep 21 07:25:37.239967: | Now let's proceed with state specific processing Sep 21 07:25:37.239969: | calling processor Initiator: process IKE_AUTH response Sep 21 07:25:37.239975: | offered CA: '%none' Sep 21 07:25:37.239980: "north-east" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Sep 21 07:25:37.240009: | verifying AUTH payload Sep 21 07:25:37.240026: | required RSA CA is '%any' Sep 21 07:25:37.240031: | checking RSA keyid '@east' for match with '@east' Sep 21 07:25:37.240034: | RSA key issuer CA is '%any' Sep 21 07:25:37.240097: | an RSA Sig check passed with *AQO9bJbr3 [preloaded keys] Sep 21 07:25:37.240104: | #1 spent 0.0652 milliseconds in try_all_keys() trying a pubkey Sep 21 07:25:37.240108: "north-east" #2: Authenticated using RSA Sep 21 07:25:37.240112: | #1 spent 0.0972 milliseconds in ikev2_verify_rsa_hash() Sep 21 07:25:37.240116: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Sep 21 07:25:37.240120: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Sep 21 07:25:37.240123: | state #1 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:25:37.240127: | libevent_free: release ptr-libevent@0x55d6a934faa0 Sep 21 07:25:37.240130: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55d6a934fe50 Sep 21 07:25:37.240133: | event_schedule: new EVENT_SA_REKEY-pe@0x55d6a934fe50 Sep 21 07:25:37.240136: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Sep 21 07:25:37.240139: | libevent_malloc: new ptr-libevent@0x55d6a934faa0 size 128 Sep 21 07:25:37.240226: | pstats #1 ikev2.ike established Sep 21 07:25:37.240231: | TSi: parsing 1 traffic selectors Sep 21 07:25:37.240235: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:37.240237: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:37.240240: | IP Protocol ID: 0 (0x0) Sep 21 07:25:37.240243: | length: 16 (0x10) Sep 21 07:25:37.240245: | start port: 0 (0x0) Sep 21 07:25:37.240247: | end port: 65535 (0xffff) Sep 21 07:25:37.240250: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:37.240255: | TS low c0 00 03 fe Sep 21 07:25:37.240258: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:37.240260: | TS high c0 00 03 fe Sep 21 07:25:37.240263: | TSi: parsed 1 traffic selectors Sep 21 07:25:37.240265: | TSr: parsing 1 traffic selectors Sep 21 07:25:37.240268: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:37.240270: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:37.240273: | IP Protocol ID: 0 (0x0) Sep 21 07:25:37.240275: | length: 16 (0x10) Sep 21 07:25:37.240277: | start port: 0 (0x0) Sep 21 07:25:37.240280: | end port: 65535 (0xffff) Sep 21 07:25:37.240282: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:37.240284: | TS low c0 00 02 00 Sep 21 07:25:37.240287: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:37.240289: | TS high c0 00 02 ff Sep 21 07:25:37.240291: | TSr: parsed 1 traffic selectors Sep 21 07:25:37.240298: | evaluating our conn="north-east" I=192.0.3.254/32:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:25:37.240303: | TSi[0] .net=192.0.3.254-192.0.3.254 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:37.240310: | match address end->client=192.0.3.254/32 == TSi[0]net=192.0.3.254-192.0.3.254: YES fitness 32 Sep 21 07:25:37.240314: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:37.240316: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:37.240319: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:37.240322: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:37.240327: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:37.240333: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:25:37.240336: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:25:37.240338: | TSr[0] port match: YES fitness 65536 Sep 21 07:25:37.240341: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:25:37.240344: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:37.240347: | best fit so far: TSi[0] TSr[0] Sep 21 07:25:37.240349: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:25:37.240351: | printing contents struct traffic_selector Sep 21 07:25:37.240354: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:25:37.240356: | ipprotoid: 0 Sep 21 07:25:37.240358: | port range: 0-65535 Sep 21 07:25:37.240362: | ip range: 192.0.3.254-192.0.3.254 Sep 21 07:25:37.240364: | printing contents struct traffic_selector Sep 21 07:25:37.240366: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:25:37.240368: | ipprotoid: 0 Sep 21 07:25:37.240371: | port range: 0-65535 Sep 21 07:25:37.240375: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:25:37.240388: | using existing local ESP/AH proposals for north-east (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:37.240392: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Sep 21 07:25:37.240396: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:37.240399: | local proposal 1 type PRF has 0 transforms Sep 21 07:25:37.240402: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:37.240404: | local proposal 1 type DH has 1 transforms Sep 21 07:25:37.240406: | local proposal 1 type ESN has 1 transforms Sep 21 07:25:37.240410: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:25:37.240413: | local proposal 2 type ENCR has 1 transforms Sep 21 07:25:37.240415: | local proposal 2 type PRF has 0 transforms Sep 21 07:25:37.240417: | local proposal 2 type INTEG has 1 transforms Sep 21 07:25:37.240420: | local proposal 2 type DH has 1 transforms Sep 21 07:25:37.240427: | local proposal 2 type ESN has 1 transforms Sep 21 07:25:37.240430: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:25:37.240433: | local proposal 3 type ENCR has 1 transforms Sep 21 07:25:37.240435: | local proposal 3 type PRF has 0 transforms Sep 21 07:25:37.240437: | local proposal 3 type INTEG has 2 transforms Sep 21 07:25:37.240440: | local proposal 3 type DH has 1 transforms Sep 21 07:25:37.240443: | local proposal 3 type ESN has 1 transforms Sep 21 07:25:37.240445: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:25:37.240448: | local proposal 4 type ENCR has 1 transforms Sep 21 07:25:37.240450: | local proposal 4 type PRF has 0 transforms Sep 21 07:25:37.240452: | local proposal 4 type INTEG has 2 transforms Sep 21 07:25:37.240455: | local proposal 4 type DH has 1 transforms Sep 21 07:25:37.240457: | local proposal 4 type ESN has 1 transforms Sep 21 07:25:37.240460: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:25:37.240463: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.240466: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:37.240468: | length: 32 (0x20) Sep 21 07:25:37.240471: | prop #: 1 (0x1) Sep 21 07:25:37.240473: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:37.240476: | spi size: 4 (0x4) Sep 21 07:25:37.240478: | # transforms: 2 (0x2) Sep 21 07:25:37.240481: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:37.240484: | remote SPI 52 23 54 f2 Sep 21 07:25:37.240487: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:25:37.240490: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.240492: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.240495: | length: 12 (0xc) Sep 21 07:25:37.240497: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.240500: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:37.240503: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.240505: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.240508: | length/value: 256 (0x100) Sep 21 07:25:37.240513: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:37.240515: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.240518: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.240520: | length: 8 (0x8) Sep 21 07:25:37.240523: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:37.240525: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:37.240529: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:25:37.240532: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Sep 21 07:25:37.240537: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Sep 21 07:25:37.240539: | remote proposal 1 matches local proposal 1 Sep 21 07:25:37.240542: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Sep 21 07:25:37.240547: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=522354f2;ENCR=AES_GCM_C_256;ESN=DISABLED Sep 21 07:25:37.240550: | converting proposal to internal trans attrs Sep 21 07:25:37.240555: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:25:37.240720: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:25:37.240725: | could_route called for north-east (kind=CK_PERMANENT) Sep 21 07:25:37.240728: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:37.240732: | conn north-east mark 0/00000000, 0/00000000 vs Sep 21 07:25:37.240734: | conn north-east mark 0/00000000, 0/00000000 Sep 21 07:25:37.240738: | route owner of "north-east" prospective erouted: self; eroute owner: self Sep 21 07:25:37.240744: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:25:37.240748: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:25:37.240751: | AES_GCM_16 requires 4 salt bytes Sep 21 07:25:37.240754: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:25:37.240758: | setting IPsec SA replay-window to 32 Sep 21 07:25:37.240761: | NIC esp-hw-offload not for connection 'north-east' not available on interface eth1 Sep 21 07:25:37.240764: | netlink: enabling tunnel mode Sep 21 07:25:37.240767: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:37.240769: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:37.240857: | netlink response for Add SA esp.522354f2@192.1.2.23 included non-error error Sep 21 07:25:37.240864: | set up outgoing SA, ref=0/0 Sep 21 07:25:37.240867: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:25:37.240870: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:25:37.240873: | AES_GCM_16 requires 4 salt bytes Sep 21 07:25:37.240876: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:25:37.240879: | setting IPsec SA replay-window to 32 Sep 21 07:25:37.240882: | NIC esp-hw-offload not for connection 'north-east' not available on interface eth1 Sep 21 07:25:37.240885: | netlink: enabling tunnel mode Sep 21 07:25:37.240887: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:37.240890: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:37.240940: | netlink response for Add SA esp.5bc2db8c@192.1.3.33 included non-error error Sep 21 07:25:37.240945: | priority calculation of connection "north-east" is 0xfdfe7 Sep 21 07:25:37.240952: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.254/32:0 => tun.10000@192.1.3.33 (raw_eroute) Sep 21 07:25:37.240956: | IPsec Sa SPD priority set to 1040359 Sep 21 07:25:37.241013: | raw_eroute result=success Sep 21 07:25:37.241018: | set up incoming SA, ref=0/0 Sep 21 07:25:37.241020: | sr for #2: prospective erouted Sep 21 07:25:37.241023: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:25:37.241025: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:37.241028: | conn north-east mark 0/00000000, 0/00000000 vs Sep 21 07:25:37.241031: | conn north-east mark 0/00000000, 0/00000000 Sep 21 07:25:37.241034: | route owner of "north-east" prospective erouted: self; eroute owner: self Sep 21 07:25:37.241038: | route_and_eroute with c: north-east (next: none) ero:north-east esr:{(nil)} ro:north-east rosr:{(nil)} and state: #2 Sep 21 07:25:37.241041: | priority calculation of connection "north-east" is 0xfdfe7 Sep 21 07:25:37.241050: | eroute_connection replace eroute 192.0.3.254/32:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23>tun.0@192.1.2.23 (raw_eroute) Sep 21 07:25:37.241053: | IPsec Sa SPD priority set to 1040359 Sep 21 07:25:37.241079: | raw_eroute result=success Sep 21 07:25:37.241083: | running updown command "ipsec _updown" for verb up Sep 21 07:25:37.241086: | command executing up-client Sep 21 07:25:37.241113: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x522354 Sep 21 07:25:37.241122: | popen cmd is 1036 chars long Sep 21 07:25:37.241125: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_I: Sep 21 07:25:37.241128: | cmd( 80):NTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@: Sep 21 07:25:37.241131: | cmd( 160):north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_: Sep 21 07:25:37.241133: | cmd( 240):MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_S: Sep 21 07:25:37.241136: | cmd( 320):A_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east: Sep 21 07:25:37.241139: | cmd( 400):' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_: Sep 21 07:25:37.241141: | cmd( 480):CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PE: Sep 21 07:25:37.241144: | cmd( 560):ER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYP: Sep 21 07:25:37.241146: | cmd( 640):T+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_: Sep 21 07:25:37.241149: | cmd( 720):PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' P: Sep 21 07:25:37.241151: | cmd( 800):LUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_S: Sep 21 07:25:37.241154: | cmd( 880):ERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING=: Sep 21 07:25:37.241156: | cmd( 960):'no' VTI_SHARED='no' SPI_IN=0x522354f2 SPI_OUT=0x5bc2db8c ipsec _updown 2>&1: Sep 21 07:25:37.252214: | route_and_eroute: firewall_notified: true Sep 21 07:25:37.252233: | route_and_eroute: instance "north-east", setting eroute_owner {spd=0x55d6a934dc60,sr=0x55d6a934dc60} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:25:37.252316: | #1 spent 0.587 milliseconds in install_ipsec_sa() Sep 21 07:25:37.252324: | inR2: instance north-east[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:25:37.252327: | state #2 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:25:37.252331: | #2 STATE_PARENT_I2: retransmits: cleared Sep 21 07:25:37.252336: | libevent_free: release ptr-libevent@0x7f9bdc006900 Sep 21 07:25:37.252340: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55d6a9351480 Sep 21 07:25:37.252345: | #2 spent 1.36 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Sep 21 07:25:37.252353: | [RE]START processing: state #2 connection "north-east" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:37.252357: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Sep 21 07:25:37.252360: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Sep 21 07:25:37.252364: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:25:37.252367: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:25:37.252373: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Sep 21 07:25:37.252378: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:37.252381: | pstats #2 ikev2.child established Sep 21 07:25:37.252389: "north-east" #2: negotiated connection [192.0.3.254-192.0.3.254:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Sep 21 07:25:37.252393: | NAT-T: encaps is 'auto' Sep 21 07:25:37.252399: "north-east" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x522354f2 <0x5bc2db8c xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Sep 21 07:25:37.252402: | releasing whack for #2 (sock=fd@-1) Sep 21 07:25:37.252405: | releasing whack and unpending for parent #1 Sep 21 07:25:37.252407: | unpending state #1 connection "north-east" Sep 21 07:25:37.252416: | delete from pending Child SA with 192.1.2.23 "north-east" Sep 21 07:25:37.252419: | removing pending policy for no connection {0x55d6a92d4af0} Sep 21 07:25:37.252424: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Sep 21 07:25:37.252428: | event_schedule: new EVENT_SA_REKEY-pe@0x55d6a9351480 Sep 21 07:25:37.252431: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Sep 21 07:25:37.252435: | libevent_malloc: new ptr-libevent@0x7f9bdc006900 size 128 Sep 21 07:25:37.252441: | stop processing: state #2 connection "north-east" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:37.252446: | #1 spent 1.76 milliseconds in ikev2_process_packet() Sep 21 07:25:37.252451: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:37.252455: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:37.252458: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:37.252462: | spent 1.78 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:37.252474: | processing signal PLUTO_SIGCHLD Sep 21 07:25:37.252480: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:37.252484: | spent 0.00518 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:38.332120: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:38.332144: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:25:38.332149: | FOR_EACH_STATE_... in sort_states Sep 21 07:25:38.332157: | get_sa_info esp.5bc2db8c@192.1.3.33 Sep 21 07:25:38.332172: | get_sa_info esp.522354f2@192.1.2.23 Sep 21 07:25:38.332190: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:38.332198: | spent 0.0858 milliseconds in whack Sep 21 07:25:41.985264: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:41.985286: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:25:41.985290: | FOR_EACH_STATE_... in sort_states Sep 21 07:25:41.985298: | get_sa_info esp.5bc2db8c@192.1.3.33 Sep 21 07:25:41.985313: | get_sa_info esp.522354f2@192.1.2.23 Sep 21 07:25:41.985330: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:41.985337: | spent 0.0796 milliseconds in whack Sep 21 07:25:43.783790: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:43.783988: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:43.783993: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:43.784057: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:25:43.784060: | FOR_EACH_STATE_... in sort_states Sep 21 07:25:43.784074: | get_sa_info esp.5bc2db8c@192.1.3.33 Sep 21 07:25:43.784088: | get_sa_info esp.522354f2@192.1.2.23 Sep 21 07:25:43.784109: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:43.784116: | spent 0.335 milliseconds in whack Sep 21 07:25:44.665147: | spent 0.00305 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:44.665166: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:44.665170: | d8 2e 48 1a 96 e0 84 09 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:44.665173: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:25:44.665175: | 90 b4 84 a8 3d a1 3d 85 c9 1a 82 34 37 47 29 c7 Sep 21 07:25:44.665177: | 75 99 c0 63 ef 0a 4b 25 76 d5 74 b0 45 c0 5b d0 Sep 21 07:25:44.665179: | 82 84 05 60 f7 Sep 21 07:25:44.665184: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:44.665187: | **parse ISAKMP Message: Sep 21 07:25:44.665189: | initiator cookie: Sep 21 07:25:44.665191: | d8 2e 48 1a 96 e0 84 09 Sep 21 07:25:44.665194: | responder cookie: Sep 21 07:25:44.665196: | 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:44.665200: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:44.665204: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:44.665206: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:44.665209: | flags: none (0x0) Sep 21 07:25:44.665211: | Message ID: 0 (0x0) Sep 21 07:25:44.665213: | length: 69 (0x45) Sep 21 07:25:44.665214: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:25:44.665218: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:25:44.665226: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:25:44.665233: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:44.665236: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:44.665242: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:44.665245: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:25:44.665250: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 Sep 21 07:25:44.665253: | unpacking clear payload Sep 21 07:25:44.665256: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:44.665259: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:44.665262: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:25:44.665265: | flags: none (0x0) Sep 21 07:25:44.665268: | length: 41 (0x29) Sep 21 07:25:44.665271: | processing payload: ISAKMP_NEXT_v2SK (len=37) Sep 21 07:25:44.665276: | Message ID: start-responder #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:25:44.665279: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:25:44.665296: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:25:44.665299: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:25:44.665303: | **parse IKEv2 Delete Payload: Sep 21 07:25:44.665305: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:44.665308: | flags: none (0x0) Sep 21 07:25:44.665310: | length: 12 (0xc) Sep 21 07:25:44.665313: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:44.665316: | SPI size: 4 (0x4) Sep 21 07:25:44.665318: | number of SPIs: 1 (0x1) Sep 21 07:25:44.665321: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:25:44.665324: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:25:44.665327: | Now let's proceed with state specific processing Sep 21 07:25:44.665329: | calling processor I3: INFORMATIONAL Request Sep 21 07:25:44.665333: | an informational request should send a response Sep 21 07:25:44.665339: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:25:44.665342: | **emit ISAKMP Message: Sep 21 07:25:44.665345: | initiator cookie: Sep 21 07:25:44.665347: | d8 2e 48 1a 96 e0 84 09 Sep 21 07:25:44.665350: | responder cookie: Sep 21 07:25:44.665352: | 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:44.665356: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:44.665362: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:44.665365: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:44.665368: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:25:44.665371: | Message ID: 0 (0x0) Sep 21 07:25:44.665374: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:44.665378: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:44.665380: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:44.665383: | flags: none (0x0) Sep 21 07:25:44.665387: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:44.665391: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:44.665398: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:44.665404: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:25:44.665407: | SPI 52 23 54 f2 Sep 21 07:25:44.665410: | delete PROTO_v2_ESP SA(0x522354f2) Sep 21 07:25:44.665414: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Sep 21 07:25:44.665418: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Sep 21 07:25:44.665423: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x522354f2) Sep 21 07:25:44.665427: "north-east" #1: received Delete SA payload: delete IPsec State #2 now Sep 21 07:25:44.665430: | pstats #2 ikev2.child deleted completed Sep 21 07:25:44.665433: | #2 spent 1.36 milliseconds in total Sep 21 07:25:44.665438: | suspend processing: state #1 connection "north-east" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:44.665443: | start processing: state #2 connection "north-east" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:44.665447: "north-east" #2: deleting other state #2 (STATE_V2_IPSEC_I) aged 7.476s and NOT sending notification Sep 21 07:25:44.665450: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Sep 21 07:25:44.665454: | get_sa_info esp.522354f2@192.1.2.23 Sep 21 07:25:44.665468: | get_sa_info esp.5bc2db8c@192.1.3.33 Sep 21 07:25:44.665476: "north-east" #2: ESP traffic information: in=336B out=336B Sep 21 07:25:44.665480: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:25:44.665483: | state #2 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:44.665487: | libevent_free: release ptr-libevent@0x7f9bdc006900 Sep 21 07:25:44.665490: | free_event_entry: release EVENT_SA_REKEY-pe@0x55d6a9351480 Sep 21 07:25:44.665553: | running updown command "ipsec _updown" for verb down Sep 21 07:25:44.665560: | command executing down-client Sep 21 07:25:44.665593: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050737' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP Sep 21 07:25:44.665597: | popen cmd is 1047 chars long Sep 21 07:25:44.665601: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO: Sep 21 07:25:44.665606: | cmd( 80):_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID=: Sep 21 07:25:44.665610: | cmd( 160):'@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUT: Sep 21 07:25:44.665614: | cmd( 240):O_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO: Sep 21 07:25:44.665617: | cmd( 320):_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@ea: Sep 21 07:25:44.665621: | cmd( 400):st' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEE: Sep 21 07:25:44.665624: | cmd( 480):R_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_: Sep 21 07:25:44.665627: | cmd( 560):PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050737' PLUTO_CONN_POLICY='RS: Sep 21 07:25:44.665633: | cmd( 640):ASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CON: Sep 21 07:25:44.665636: | cmd( 720):N_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_: Sep 21 07:25:44.665640: | cmd( 800):CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' : Sep 21 07:25:44.665643: | cmd( 880):PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' V: Sep 21 07:25:44.665646: | cmd( 960):TI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x522354f2 SPI_OUT=0x5bc2db8c ipsec _updo: Sep 21 07:25:44.665649: | cmd(1040):wn 2>&1: Sep 21 07:25:44.683843: | shunt_eroute() called for connection 'north-east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.254/32:0 --0->- 192.0.2.0/24:0 Sep 21 07:25:44.683863: | netlink_shunt_eroute for proto 0, and source 192.0.3.254/32:0 dest 192.0.2.0/24:0 Sep 21 07:25:44.683868: | priority calculation of connection "north-east" is 0xfdfe7 Sep 21 07:25:44.683872: | IPsec Sa SPD priority set to 1040359 Sep 21 07:25:44.683917: | delete esp.522354f2@192.1.2.23 Sep 21 07:25:44.683946: | netlink response for Del SA esp.522354f2@192.1.2.23 included non-error error Sep 21 07:25:44.683950: | priority calculation of connection "north-east" is 0xfdfe7 Sep 21 07:25:44.683957: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.254/32:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:25:44.684031: | raw_eroute result=success Sep 21 07:25:44.684037: | delete esp.5bc2db8c@192.1.3.33 Sep 21 07:25:44.684058: | netlink response for Del SA esp.5bc2db8c@192.1.3.33 included non-error error Sep 21 07:25:44.684064: | in connection_discard for connection north-east Sep 21 07:25:44.684067: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Sep 21 07:25:44.684072: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:25:44.684078: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:44.684084: | resume processing: state #1 connection "north-east" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:44.684090: | ****emit IKEv2 Delete Payload: Sep 21 07:25:44.684093: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:44.684096: | flags: none (0x0) Sep 21 07:25:44.684099: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:44.684101: | SPI size: 4 (0x4) Sep 21 07:25:44.684103: | number of SPIs: 1 (0x1) Sep 21 07:25:44.684107: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:25:44.684110: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:44.684114: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:25:44.684117: | local SPIs 5b c2 db 8c Sep 21 07:25:44.684119: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:25:44.684122: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:44.684125: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:44.684128: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:44.684131: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:25:44.684133: | emitting length of ISAKMP Message: 69 Sep 21 07:25:44.684156: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:44.684159: | d8 2e 48 1a 96 e0 84 09 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:44.684162: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:25:44.684164: | 94 03 46 f2 44 2a 8a 54 7d d7 b5 71 7f 13 1d 5d Sep 21 07:25:44.684166: | 15 38 dc 57 5b cf 8d ea 61 3d cb 84 8b 11 51 61 Sep 21 07:25:44.684168: | b6 20 0a 49 5e Sep 21 07:25:44.684224: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:25:44.684234: | Message ID: sent #1 response 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:25:44.684243: | #1 spent 0.71 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:25:44.684250: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:44.684254: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:25:44.684257: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:25:44.684262: | Message ID: recv #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:25:44.684266: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:44.684270: "north-east" #1: STATE_PARENT_I3: PARENT SA established Sep 21 07:25:44.684275: | stop processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:44.684280: | #1 spent 0.926 milliseconds in ikev2_process_packet() Sep 21 07:25:44.684284: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:44.684288: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:44.684291: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:44.684296: | spent 0.941 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:44.684310: | spent 0.00223 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:44.684322: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:44.684325: | d8 2e 48 1a 96 e0 84 09 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:44.684327: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Sep 21 07:25:44.684330: | 90 9f 4a b9 61 74 46 26 99 09 96 4f de 9c 6e 56 Sep 21 07:25:44.684332: | 89 21 5f 90 56 af 0d 6a 07 a7 95 53 ed 78 10 6e Sep 21 07:25:44.684334: | 1e Sep 21 07:25:44.684338: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:44.684342: | **parse ISAKMP Message: Sep 21 07:25:44.684344: | initiator cookie: Sep 21 07:25:44.684346: | d8 2e 48 1a 96 e0 84 09 Sep 21 07:25:44.684349: | responder cookie: Sep 21 07:25:44.684351: | 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:44.684354: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:44.684356: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:44.684359: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:44.684362: | flags: none (0x0) Sep 21 07:25:44.684364: | Message ID: 1 (0x1) Sep 21 07:25:44.684367: | length: 65 (0x41) Sep 21 07:25:44.684370: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:25:44.684373: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:25:44.684377: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:25:44.684382: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:44.684385: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:44.684390: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:44.684392: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:25:44.684396: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 Sep 21 07:25:44.684399: | unpacking clear payload Sep 21 07:25:44.684401: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:44.684409: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:44.684412: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:25:44.684414: | flags: none (0x0) Sep 21 07:25:44.684416: | length: 37 (0x25) Sep 21 07:25:44.684419: | processing payload: ISAKMP_NEXT_v2SK (len=33) Sep 21 07:25:44.684423: | Message ID: start-responder #1 request 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:25:44.684426: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:25:44.684441: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:25:44.684444: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:25:44.684447: | **parse IKEv2 Delete Payload: Sep 21 07:25:44.684449: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:44.684452: | flags: none (0x0) Sep 21 07:25:44.684454: | length: 8 (0x8) Sep 21 07:25:44.684457: | protocol ID: PROTO_v2_IKE (0x1) Sep 21 07:25:44.684460: | SPI size: 0 (0x0) Sep 21 07:25:44.684462: | number of SPIs: 0 (0x0) Sep 21 07:25:44.684464: | processing payload: ISAKMP_NEXT_v2D (len=0) Sep 21 07:25:44.684466: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:25:44.684469: | Now let's proceed with state specific processing Sep 21 07:25:44.684471: | calling processor I3: INFORMATIONAL Request Sep 21 07:25:44.684474: | an informational request should send a response Sep 21 07:25:44.684479: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:25:44.684482: | **emit ISAKMP Message: Sep 21 07:25:44.684484: | initiator cookie: Sep 21 07:25:44.684486: | d8 2e 48 1a 96 e0 84 09 Sep 21 07:25:44.684488: | responder cookie: Sep 21 07:25:44.684490: | 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:44.684492: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:44.684494: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:44.684497: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:44.684500: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:25:44.684502: | Message ID: 1 (0x1) Sep 21 07:25:44.684505: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:44.684508: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:44.684510: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:44.684512: | flags: none (0x0) Sep 21 07:25:44.684515: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:44.684518: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:44.684521: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:44.684528: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:44.684531: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:44.684534: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:44.684536: | emitting length of IKEv2 Encryption Payload: 29 Sep 21 07:25:44.684539: | emitting length of ISAKMP Message: 57 Sep 21 07:25:44.684550: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:44.684553: | d8 2e 48 1a 96 e0 84 09 7f 64 00 26 8d 4a c4 bf Sep 21 07:25:44.684555: | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d Sep 21 07:25:44.684557: | 4d d5 84 5a f5 8d 34 00 7f 14 53 5e d9 5d ba 35 Sep 21 07:25:44.684559: | c9 ef 00 48 a6 c0 ae c2 00 Sep 21 07:25:44.684592: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:25:44.684599: | Message ID: sent #1 response 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:25:44.684605: | State DB: IKEv2 state not found (delete_my_family) Sep 21 07:25:44.684608: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Sep 21 07:25:44.684611: | pstats #1 ikev2.ike deleted completed Sep 21 07:25:44.684615: | #1 spent 13.9 milliseconds in total Sep 21 07:25:44.684620: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:44.684624: "north-east" #1: deleting state (STATE_IKESA_DEL) aged 7.503s and NOT sending notification Sep 21 07:25:44.684628: | parent state #1: IKESA_DEL(established IKE SA) => delete Sep 21 07:25:44.684695: | state #1 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:44.684703: | libevent_free: release ptr-libevent@0x55d6a934faa0 Sep 21 07:25:44.684707: | free_event_entry: release EVENT_SA_REKEY-pe@0x55d6a934fe50 Sep 21 07:25:44.684710: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:25:44.684714: | in connection_discard for connection north-east Sep 21 07:25:44.684717: | State DB: deleting IKEv2 state #1 in IKESA_DEL Sep 21 07:25:44.684721: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Sep 21 07:25:44.684726: | unreference key: 0x55d6a934ec80 @east cnt 2-- Sep 21 07:25:44.684743: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:44.684761: | in statetime_stop() and could not find #1 Sep 21 07:25:44.684766: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:44.684770: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Sep 21 07:25:44.684773: | STF_OK but no state object remains Sep 21 07:25:44.684775: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:44.684778: | in statetime_stop() and could not find #1 Sep 21 07:25:44.684787: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:44.684794: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:44.684796: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:44.684801: | spent 0.462 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:44.684809: | processing signal PLUTO_SIGCHLD Sep 21 07:25:44.684814: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:44.684818: | spent 0.00527 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:45.152241: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:45.152270: shutting down Sep 21 07:25:45.152281: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:25:45.152286: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:25:45.152292: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:45.152294: forgetting secrets Sep 21 07:25:45.152300: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:45.152304: | unreference key: 0x55d6a934ec80 @east cnt 1-- Sep 21 07:25:45.152308: | unreference key: 0x55d6a92a78f0 @north cnt 1-- Sep 21 07:25:45.152313: | start processing: connection "north-east" (in delete_connection() at connections.c:189) Sep 21 07:25:45.152317: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:25:45.152320: | pass 0 Sep 21 07:25:45.152323: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:45.152326: | pass 1 Sep 21 07:25:45.152328: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:45.152337: | shunt_eroute() called for connection 'north-east' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.254/32:0 --0->- 192.0.2.0/24:0 Sep 21 07:25:45.152344: | netlink_shunt_eroute for proto 0, and source 192.0.3.254/32:0 dest 192.0.2.0/24:0 Sep 21 07:25:45.152353: | priority calculation of connection "north-east" is 0xfdfe7 Sep 21 07:25:45.152401: | priority calculation of connection "north-east" is 0xfdfe7 Sep 21 07:25:45.152416: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:45.152420: | conn north-east mark 0/00000000, 0/00000000 vs Sep 21 07:25:45.152423: | conn north-east mark 0/00000000, 0/00000000 Sep 21 07:25:45.152427: | route owner of "north-east" unrouted: NULL Sep 21 07:25:45.152431: | running updown command "ipsec _updown" for verb unroute Sep 21 07:25:45.152434: | command executing unroute-client Sep 21 07:25:45.152463: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_ Sep 21 07:25:45.152468: | popen cmd is 1028 chars long Sep 21 07:25:45.152471: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PL: Sep 21 07:25:45.152475: | cmd( 80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_: Sep 21 07:25:45.152478: | cmd( 160):ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' P: Sep 21 07:25:45.152481: | cmd( 240):LUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL: Sep 21 07:25:45.152484: | cmd( 320):UTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=: Sep 21 07:25:45.152487: | cmd( 400):'@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO: Sep 21 07:25:45.152490: | cmd( 480):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Sep 21 07:25:45.152493: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+: Sep 21 07:25:45.152496: | cmd( 640):ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIN: Sep 21 07:25:45.152499: | cmd( 720):D='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO: Sep 21 07:25:45.152502: | cmd( 800):='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO: Sep 21 07:25:45.152505: | cmd( 880):_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_RO: Sep 21 07:25:45.152508: | cmd( 960):UTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:25:45.166612: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.166627: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.166632: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.166645: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.166667: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.166702: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.166713: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.166726: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.166738: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.166750: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.166761: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.166776: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.166801: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.166807: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.166826: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.166854: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.166884: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.166905: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167216: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167224: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167237: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167251: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167262: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167274: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167285: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167297: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167322: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167344: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167356: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167367: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167379: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167392: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167404: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167416: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167429: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167442: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167455: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167466: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167478: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167490: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167502: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167516: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167527: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167540: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167551: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167563: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167576: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167588: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167600: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167612: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167633: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167644: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167656: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167668: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167680: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167693: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167706: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167718: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167730: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167743: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167755: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167768: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167779: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167814: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167826: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167838: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167852: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167864: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167876: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167888: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167900: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167915: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167927: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167948: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167971: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167982: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.167996: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.168007: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.168019: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.168031: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.168043: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.168056: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.168068: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.168080: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.168091: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.168104: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.168120: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.168132: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.168144: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.168156: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.168168: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.168182: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.168194: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.168205: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.168217: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.168229: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.168243: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.168254: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:45.177506: | free hp@0x55d6a93198e0 Sep 21 07:25:45.177520: | flush revival: connection 'north-east' wasn't on the list Sep 21 07:25:45.177524: | stop processing: connection "north-east" (in discard_connection() at connections.c:249) Sep 21 07:25:45.177532: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:25:45.177535: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:25:45.177546: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:25:45.177550: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:25:45.177553: shutting down interface eth0/eth0 192.0.3.254:4500 Sep 21 07:25:45.177556: shutting down interface eth0/eth0 192.0.3.254:500 Sep 21 07:25:45.177560: shutting down interface eth1/eth1 192.1.3.33:4500 Sep 21 07:25:45.177563: shutting down interface eth1/eth1 192.1.3.33:500 Sep 21 07:25:45.177567: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:25:45.177575: | libevent_free: release ptr-libevent@0x55d6a934cdd0 Sep 21 07:25:45.177579: | free_event_entry: release EVENT_NULL-pe@0x55d6a934cd90 Sep 21 07:25:45.177588: | libevent_free: release ptr-libevent@0x55d6a934cec0 Sep 21 07:25:45.177591: | free_event_entry: release EVENT_NULL-pe@0x55d6a934ce80 Sep 21 07:25:45.177598: | libevent_free: release ptr-libevent@0x55d6a934cfb0 Sep 21 07:25:45.177600: | free_event_entry: release EVENT_NULL-pe@0x55d6a934cf70 Sep 21 07:25:45.177606: | libevent_free: release ptr-libevent@0x55d6a934d0a0 Sep 21 07:25:45.177608: | free_event_entry: release EVENT_NULL-pe@0x55d6a934d060 Sep 21 07:25:45.177614: | libevent_free: release ptr-libevent@0x55d6a934d190 Sep 21 07:25:45.177617: | free_event_entry: release EVENT_NULL-pe@0x55d6a934d150 Sep 21 07:25:45.177622: | libevent_free: release ptr-libevent@0x55d6a934d280 Sep 21 07:25:45.177625: | free_event_entry: release EVENT_NULL-pe@0x55d6a934d240 Sep 21 07:25:45.177630: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:25:45.178047: | libevent_free: release ptr-libevent@0x55d6a934c6f0 Sep 21 07:25:45.178054: | free_event_entry: release EVENT_NULL-pe@0x55d6a9330630 Sep 21 07:25:45.178058: | libevent_free: release ptr-libevent@0x55d6a9342200 Sep 21 07:25:45.178062: | free_event_entry: release EVENT_NULL-pe@0x55d6a9336010 Sep 21 07:25:45.178065: | libevent_free: release ptr-libevent@0x55d6a9342170 Sep 21 07:25:45.178068: | free_event_entry: release EVENT_NULL-pe@0x55d6a9336050 Sep 21 07:25:45.178071: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:25:45.178073: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:25:45.178076: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:25:45.178078: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:25:45.178080: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:25:45.178083: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:25:45.178085: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:25:45.178088: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:25:45.178090: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:25:45.178095: | libevent_free: release ptr-libevent@0x55d6a934c7c0 Sep 21 07:25:45.178097: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:25:45.178100: | libevent_free: release ptr-libevent@0x55d6a934c8a0 Sep 21 07:25:45.178106: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:25:45.178109: | libevent_free: release ptr-libevent@0x55d6a934c960 Sep 21 07:25:45.178111: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:25:45.178115: | libevent_free: release ptr-libevent@0x55d6a9341570 Sep 21 07:25:45.178117: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:25:45.178119: | releasing event base Sep 21 07:25:45.178132: | libevent_free: release ptr-libevent@0x55d6a934ca20 Sep 21 07:25:45.178134: | libevent_free: release ptr-libevent@0x55d6a93220e0 Sep 21 07:25:45.178138: | libevent_free: release ptr-libevent@0x55d6a9330970 Sep 21 07:25:45.178140: | libevent_free: release ptr-libevent@0x55d6a9330a40 Sep 21 07:25:45.178143: | libevent_free: release ptr-libevent@0x55d6a9330990 Sep 21 07:25:45.178145: | libevent_free: release ptr-libevent@0x55d6a934c780 Sep 21 07:25:45.178148: | libevent_free: release ptr-libevent@0x55d6a934c860 Sep 21 07:25:45.178150: | libevent_free: release ptr-libevent@0x55d6a9330a20 Sep 21 07:25:45.178152: | libevent_free: release ptr-libevent@0x55d6a9335330 Sep 21 07:25:45.178154: | libevent_free: release ptr-libevent@0x55d6a9335350 Sep 21 07:25:45.178157: | libevent_free: release ptr-libevent@0x55d6a934d310 Sep 21 07:25:45.178159: | libevent_free: release ptr-libevent@0x55d6a934d220 Sep 21 07:25:45.178161: | libevent_free: release ptr-libevent@0x55d6a934d130 Sep 21 07:25:45.178164: | libevent_free: release ptr-libevent@0x55d6a934d040 Sep 21 07:25:45.178166: | libevent_free: release ptr-libevent@0x55d6a934cf50 Sep 21 07:25:45.178168: | libevent_free: release ptr-libevent@0x55d6a934ce60 Sep 21 07:25:45.178170: | libevent_free: release ptr-libevent@0x55d6a92b2370 Sep 21 07:25:45.178173: | libevent_free: release ptr-libevent@0x55d6a934c940 Sep 21 07:25:45.178176: | libevent_free: release ptr-libevent@0x55d6a934c880 Sep 21 07:25:45.178178: | libevent_free: release ptr-libevent@0x55d6a934c7a0 Sep 21 07:25:45.178180: | libevent_free: release ptr-libevent@0x55d6a934ca00 Sep 21 07:25:45.178182: | libevent_free: release ptr-libevent@0x55d6a92b06c0 Sep 21 07:25:45.178185: | libevent_free: release ptr-libevent@0x55d6a93309b0 Sep 21 07:25:45.178187: | libevent_free: release ptr-libevent@0x55d6a93309e0 Sep 21 07:25:45.178190: | libevent_free: release ptr-libevent@0x55d6a93306d0 Sep 21 07:25:45.178192: | releasing global libevent data Sep 21 07:25:45.178195: | libevent_free: release ptr-libevent@0x55d6a932f3c0 Sep 21 07:25:45.178197: | libevent_free: release ptr-libevent@0x55d6a9330670 Sep 21 07:25:45.178200: | libevent_free: release ptr-libevent@0x55d6a93306a0