Sep 21 07:25:32.448653: FIPS Product: YES Sep 21 07:25:32.448681: FIPS Kernel: NO Sep 21 07:25:32.448683: FIPS Mode: NO Sep 21 07:25:32.448685: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:25:32.448861: Initializing NSS Sep 21 07:25:32.448866: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:25:32.483804: NSS initialized Sep 21 07:25:32.483821: NSS crypto library initialized Sep 21 07:25:32.483824: FIPS HMAC integrity support [enabled] Sep 21 07:25:32.483826: FIPS mode disabled for pluto daemon Sep 21 07:25:32.533420: FIPS HMAC integrity verification self-test FAILED Sep 21 07:25:32.533507: libcap-ng support [enabled] Sep 21 07:25:32.533516: Linux audit support [enabled] Sep 21 07:25:32.533541: Linux audit activated Sep 21 07:25:32.533544: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:10572 Sep 21 07:25:32.533545: core dump dir: /tmp Sep 21 07:25:32.533547: secrets file: /etc/ipsec.secrets Sep 21 07:25:32.533548: leak-detective disabled Sep 21 07:25:32.533549: NSS crypto [enabled] Sep 21 07:25:32.533550: XAUTH PAM support [enabled] Sep 21 07:25:32.533606: | libevent is using pluto's memory allocator Sep 21 07:25:32.533611: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:25:32.533623: | libevent_malloc: new ptr-libevent@0x561ea75c50d0 size 40 Sep 21 07:25:32.533625: | libevent_malloc: new ptr-libevent@0x561ea75c6380 size 40 Sep 21 07:25:32.533627: | libevent_malloc: new ptr-libevent@0x561ea75c63b0 size 40 Sep 21 07:25:32.533629: | creating event base Sep 21 07:25:32.533630: | libevent_malloc: new ptr-libevent@0x561ea75c6340 size 56 Sep 21 07:25:32.533632: | libevent_malloc: new ptr-libevent@0x561ea75c63e0 size 664 Sep 21 07:25:32.533641: | libevent_malloc: new ptr-libevent@0x561ea75c6680 size 24 Sep 21 07:25:32.533643: | libevent_malloc: new ptr-libevent@0x561ea75b7dd0 size 384 Sep 21 07:25:32.533651: | libevent_malloc: new ptr-libevent@0x561ea75c66a0 size 16 Sep 21 07:25:32.533653: | libevent_malloc: new ptr-libevent@0x561ea75c66c0 size 40 Sep 21 07:25:32.533654: | libevent_malloc: new ptr-libevent@0x561ea75c66f0 size 48 Sep 21 07:25:32.533659: | libevent_realloc: new ptr-libevent@0x561ea7548370 size 256 Sep 21 07:25:32.533661: | libevent_malloc: new ptr-libevent@0x561ea75c6730 size 16 Sep 21 07:25:32.533665: | libevent_free: release ptr-libevent@0x561ea75c6340 Sep 21 07:25:32.533667: | libevent initialized Sep 21 07:25:32.533670: | libevent_realloc: new ptr-libevent@0x561ea75c6750 size 64 Sep 21 07:25:32.533672: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:25:32.533683: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:25:32.533685: NAT-Traversal support [enabled] Sep 21 07:25:32.533687: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:25:32.533691: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:25:32.533696: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:25:32.533724: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:25:32.533726: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:25:32.533728: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:25:32.533760: Encryption algorithms: Sep 21 07:25:32.533767: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:25:32.533770: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:25:32.533772: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:25:32.533774: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:25:32.533776: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:25:32.533787: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:25:32.533792: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:25:32.533794: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:25:32.533796: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:25:32.533798: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:25:32.533800: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:25:32.533803: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:25:32.533805: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:25:32.533807: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:25:32.533809: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:25:32.533811: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:25:32.533813: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:25:32.533818: Hash algorithms: Sep 21 07:25:32.533819: MD5 IKEv1: IKE IKEv2: Sep 21 07:25:32.533821: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:25:32.533823: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:25:32.533825: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:25:32.533827: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:25:32.533835: PRF algorithms: Sep 21 07:25:32.533837: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:25:32.533839: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:25:32.533841: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:25:32.533843: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:25:32.533844: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:25:32.533846: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:25:32.533861: Integrity algorithms: Sep 21 07:25:32.533863: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:25:32.533865: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:25:32.533868: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:25:32.533870: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:25:32.533872: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:25:32.533874: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:25:32.533876: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:25:32.533878: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:25:32.533880: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:25:32.533887: DH algorithms: Sep 21 07:25:32.533889: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:25:32.533891: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:25:32.533892: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:25:32.533896: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:25:32.533898: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:25:32.533899: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:25:32.533901: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:25:32.533903: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:25:32.533905: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:25:32.533907: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:25:32.533908: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:25:32.533910: testing CAMELLIA_CBC: Sep 21 07:25:32.533912: Camellia: 16 bytes with 128-bit key Sep 21 07:25:32.533999: Camellia: 16 bytes with 128-bit key Sep 21 07:25:32.534017: Camellia: 16 bytes with 256-bit key Sep 21 07:25:32.534034: Camellia: 16 bytes with 256-bit key Sep 21 07:25:32.534051: testing AES_GCM_16: Sep 21 07:25:32.534054: empty string Sep 21 07:25:32.534071: one block Sep 21 07:25:32.534086: two blocks Sep 21 07:25:32.534101: two blocks with associated data Sep 21 07:25:32.534117: testing AES_CTR: Sep 21 07:25:32.534119: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:25:32.534135: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:25:32.534151: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:25:32.534168: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:25:32.534183: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:25:32.534199: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:25:32.534214: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:25:32.534231: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:25:32.534247: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:25:32.534263: testing AES_CBC: Sep 21 07:25:32.534264: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:25:32.534280: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:25:32.534313: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:25:32.534332: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:25:32.534355: testing AES_XCBC: Sep 21 07:25:32.534357: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:25:32.534431: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:25:32.534510: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:25:32.534583: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:25:32.534658: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:25:32.534735: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:25:32.534819: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:25:32.534993: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:25:32.535068: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:25:32.535149: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:25:32.535291: testing HMAC_MD5: Sep 21 07:25:32.535293: RFC 2104: MD5_HMAC test 1 Sep 21 07:25:32.535401: RFC 2104: MD5_HMAC test 2 Sep 21 07:25:32.535494: RFC 2104: MD5_HMAC test 3 Sep 21 07:25:32.535607: 8 CPU cores online Sep 21 07:25:32.535610: starting up 7 crypto helpers Sep 21 07:25:32.535634: started thread for crypto helper 0 Sep 21 07:25:32.535656: started thread for crypto helper 1 Sep 21 07:25:32.535663: | starting up helper thread 1 Sep 21 07:25:32.535676: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:25:32.535679: | crypto helper 1 waiting (nothing to do) Sep 21 07:25:32.535688: | starting up helper thread 0 Sep 21 07:25:32.535682: started thread for crypto helper 2 Sep 21 07:25:32.535698: | starting up helper thread 2 Sep 21 07:25:32.535694: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:25:32.535707: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:25:32.535711: | crypto helper 0 waiting (nothing to do) Sep 21 07:25:32.535718: | crypto helper 2 waiting (nothing to do) Sep 21 07:25:32.535725: | starting up helper thread 3 Sep 21 07:25:32.535724: started thread for crypto helper 3 Sep 21 07:25:32.535730: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:25:32.535738: | crypto helper 3 waiting (nothing to do) Sep 21 07:25:32.535751: started thread for crypto helper 4 Sep 21 07:25:32.535771: started thread for crypto helper 5 Sep 21 07:25:32.535791: started thread for crypto helper 6 Sep 21 07:25:32.535798: | checking IKEv1 state table Sep 21 07:25:32.535806: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:32.535808: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:25:32.535811: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:32.535813: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:25:32.535816: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:25:32.535818: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:25:32.535820: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:32.535830: | starting up helper thread 6 Sep 21 07:25:32.535841: | starting up helper thread 5 Sep 21 07:25:32.535820: | starting up helper thread 4 Sep 21 07:25:32.535831: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:32.535860: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:25:32.535863: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:25:32.535849: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:25:32.535854: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:25:32.535844: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:25:32.535865: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:32.535884: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:32.535870: | crypto helper 5 waiting (nothing to do) Sep 21 07:25:32.535887: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:25:32.535895: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:32.535895: | crypto helper 4 waiting (nothing to do) Sep 21 07:25:32.535899: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:32.535905: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:25:32.535906: | crypto helper 6 waiting (nothing to do) Sep 21 07:25:32.535908: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:25:32.535914: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:32.535916: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:32.535917: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:25:32.535919: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:25:32.535920: | -> UNDEFINED EVENT_NULL Sep 21 07:25:32.535922: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:25:32.535923: | -> UNDEFINED EVENT_NULL Sep 21 07:25:32.535925: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:32.535926: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:25:32.535928: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:32.535929: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:25:32.535930: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:25:32.535932: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:25:32.535933: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:25:32.535935: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:25:32.535936: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:25:32.535938: | -> UNDEFINED EVENT_NULL Sep 21 07:25:32.535939: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:25:32.535941: | -> UNDEFINED EVENT_NULL Sep 21 07:25:32.535942: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:25:32.535946: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:25:32.535947: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:25:32.535949: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:25:32.535950: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:25:32.535952: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:25:32.535953: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:25:32.535955: | -> UNDEFINED EVENT_NULL Sep 21 07:25:32.535956: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:25:32.535957: | -> UNDEFINED EVENT_NULL Sep 21 07:25:32.535959: | INFO: category: informational flags: 0: Sep 21 07:25:32.535960: | -> UNDEFINED EVENT_NULL Sep 21 07:25:32.535962: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:25:32.535963: | -> UNDEFINED EVENT_NULL Sep 21 07:25:32.535965: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:25:32.535966: | -> XAUTH_R1 EVENT_NULL Sep 21 07:25:32.535968: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:25:32.535969: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:32.535971: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:25:32.535972: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:25:32.535974: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:25:32.535975: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:25:32.535977: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:25:32.535978: | -> UNDEFINED EVENT_NULL Sep 21 07:25:32.535980: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:25:32.535981: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:32.535982: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:25:32.535984: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:25:32.535985: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:25:32.535987: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:25:32.535991: | checking IKEv2 state table Sep 21 07:25:32.535996: | PARENT_I0: category: ignore flags: 0: Sep 21 07:25:32.535997: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:25:32.535999: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:32.536001: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:25:32.536003: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:25:32.536004: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:25:32.536006: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:25:32.536007: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:25:32.536009: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:25:32.536011: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:25:32.536012: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:25:32.536014: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:25:32.536016: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:25:32.536017: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:25:32.536019: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:25:32.536020: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:25:32.536022: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:32.536023: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:25:32.536025: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:25:32.536026: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:25:32.536028: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:25:32.536030: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:25:32.536032: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:25:32.536034: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:25:32.536035: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:25:32.536037: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:25:32.536039: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:25:32.536040: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:25:32.536042: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:25:32.536043: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:25:32.536045: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:25:32.536047: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:25:32.536048: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:25:32.536050: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:25:32.536052: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:25:32.536053: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:25:32.536055: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:25:32.536057: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:25:32.536058: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:25:32.536060: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:25:32.536062: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:25:32.536063: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:25:32.536065: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:25:32.536067: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:25:32.536068: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:25:32.536070: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:25:32.536071: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:25:32.536134: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:25:32.536186: | Hard-wiring algorithms Sep 21 07:25:32.536189: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:25:32.536191: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:25:32.536193: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:25:32.536194: | adding 3DES_CBC to kernel algorithm db Sep 21 07:25:32.536196: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:25:32.536197: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:25:32.536198: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:25:32.536200: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:25:32.536201: | adding AES_CTR to kernel algorithm db Sep 21 07:25:32.536203: | adding AES_CBC to kernel algorithm db Sep 21 07:25:32.536204: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:25:32.536205: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:25:32.536207: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:25:32.536208: | adding NULL to kernel algorithm db Sep 21 07:25:32.536210: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:25:32.536211: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:25:32.536213: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:25:32.536214: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:25:32.536216: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:25:32.536217: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:25:32.536219: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:25:32.536220: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:25:32.536222: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:25:32.536223: | adding NONE to kernel algorithm db Sep 21 07:25:32.536240: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:25:32.536243: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:25:32.536245: | setup kernel fd callback Sep 21 07:25:32.536247: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x561ea75cbd60 Sep 21 07:25:32.536249: | libevent_malloc: new ptr-libevent@0x561ea75d7e80 size 128 Sep 21 07:25:32.536251: | libevent_malloc: new ptr-libevent@0x561ea75cb040 size 16 Sep 21 07:25:32.536255: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x561ea75cbd20 Sep 21 07:25:32.536256: | libevent_malloc: new ptr-libevent@0x561ea75d7f10 size 128 Sep 21 07:25:32.536258: | libevent_malloc: new ptr-libevent@0x561ea75cb060 size 16 Sep 21 07:25:32.536403: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:25:32.536409: selinux support is enabled. Sep 21 07:25:32.536471: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:25:32.536596: | unbound context created - setting debug level to 5 Sep 21 07:25:32.536618: | /etc/hosts lookups activated Sep 21 07:25:32.536629: | /etc/resolv.conf usage activated Sep 21 07:25:32.536661: | outgoing-port-avoid set 0-65535 Sep 21 07:25:32.536676: | outgoing-port-permit set 32768-60999 Sep 21 07:25:32.536678: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:25:32.536680: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:25:32.536682: | Setting up events, loop start Sep 21 07:25:32.536684: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x561ea75c6340 Sep 21 07:25:32.536686: | libevent_malloc: new ptr-libevent@0x561ea75e2480 size 128 Sep 21 07:25:32.536688: | libevent_malloc: new ptr-libevent@0x561ea75e2510 size 16 Sep 21 07:25:32.536691: | libevent_realloc: new ptr-libevent@0x561ea75465b0 size 256 Sep 21 07:25:32.536693: | libevent_malloc: new ptr-libevent@0x561ea75e2530 size 8 Sep 21 07:25:32.536695: | libevent_realloc: new ptr-libevent@0x561ea75d7280 size 144 Sep 21 07:25:32.536697: | libevent_malloc: new ptr-libevent@0x561ea75e2550 size 152 Sep 21 07:25:32.536699: | libevent_malloc: new ptr-libevent@0x561ea75e25f0 size 16 Sep 21 07:25:32.536701: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:25:32.536703: | libevent_malloc: new ptr-libevent@0x561ea75e2610 size 8 Sep 21 07:25:32.536704: | libevent_malloc: new ptr-libevent@0x561ea75e2630 size 152 Sep 21 07:25:32.536706: | signal event handler PLUTO_SIGTERM installed Sep 21 07:25:32.536708: | libevent_malloc: new ptr-libevent@0x561ea75e26d0 size 8 Sep 21 07:25:32.536709: | libevent_malloc: new ptr-libevent@0x561ea75e26f0 size 152 Sep 21 07:25:32.536711: | signal event handler PLUTO_SIGHUP installed Sep 21 07:25:32.536713: | libevent_malloc: new ptr-libevent@0x561ea75e2790 size 8 Sep 21 07:25:32.536714: | libevent_realloc: release ptr-libevent@0x561ea75d7280 Sep 21 07:25:32.536716: | libevent_realloc: new ptr-libevent@0x561ea75e27b0 size 256 Sep 21 07:25:32.536718: | libevent_malloc: new ptr-libevent@0x561ea75d7280 size 152 Sep 21 07:25:32.536720: | signal event handler PLUTO_SIGSYS installed Sep 21 07:25:32.536976: | created addconn helper (pid:10622) using fork+execve Sep 21 07:25:32.536988: | forked child 10622 Sep 21 07:25:32.537017: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:32.537030: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:25:32.537034: listening for IKE messages Sep 21 07:25:32.537068: | Inspecting interface lo Sep 21 07:25:32.537073: | found lo with address 127.0.0.1 Sep 21 07:25:32.537075: | Inspecting interface eth0 Sep 21 07:25:32.537077: | found eth0 with address 192.0.3.254 Sep 21 07:25:32.537079: | Inspecting interface eth1 Sep 21 07:25:32.537081: | found eth1 with address 192.1.3.33 Sep 21 07:25:32.537119: Kernel supports NIC esp-hw-offload Sep 21 07:25:32.537128: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Sep 21 07:25:32.537149: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:32.537155: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:32.537157: adding interface eth1/eth1 192.1.3.33:4500 Sep 21 07:25:32.537180: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Sep 21 07:25:32.537198: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:32.537201: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:32.537204: adding interface eth0/eth0 192.0.3.254:4500 Sep 21 07:25:32.537225: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:25:32.537244: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:32.537247: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:32.537249: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:25:32.537310: | no interfaces to sort Sep 21 07:25:32.537313: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:25:32.537319: | add_fd_read_event_handler: new ethX-pe@0x561ea75e2b20 Sep 21 07:25:32.537321: | libevent_malloc: new ptr-libevent@0x561ea75e2b60 size 128 Sep 21 07:25:32.537323: | libevent_malloc: new ptr-libevent@0x561ea75e2bf0 size 16 Sep 21 07:25:32.537329: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:25:32.537330: | add_fd_read_event_handler: new ethX-pe@0x561ea75e2c10 Sep 21 07:25:32.537332: | libevent_malloc: new ptr-libevent@0x561ea75e2c50 size 128 Sep 21 07:25:32.537334: | libevent_malloc: new ptr-libevent@0x561ea75e2ce0 size 16 Sep 21 07:25:32.537337: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:25:32.537338: | add_fd_read_event_handler: new ethX-pe@0x561ea75e2d00 Sep 21 07:25:32.537340: | libevent_malloc: new ptr-libevent@0x561ea75e2d40 size 128 Sep 21 07:25:32.537342: | libevent_malloc: new ptr-libevent@0x561ea75e2dd0 size 16 Sep 21 07:25:32.537344: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Sep 21 07:25:32.537346: | add_fd_read_event_handler: new ethX-pe@0x561ea75e2df0 Sep 21 07:25:32.537347: | libevent_malloc: new ptr-libevent@0x561ea75e2e30 size 128 Sep 21 07:25:32.537349: | libevent_malloc: new ptr-libevent@0x561ea75e2ec0 size 16 Sep 21 07:25:32.537352: | setup callback for interface eth0 192.0.3.254:500 fd 19 Sep 21 07:25:32.537354: | add_fd_read_event_handler: new ethX-pe@0x561ea75e2ee0 Sep 21 07:25:32.537355: | libevent_malloc: new ptr-libevent@0x561ea75e2f20 size 128 Sep 21 07:25:32.537357: | libevent_malloc: new ptr-libevent@0x561ea75e2fb0 size 16 Sep 21 07:25:32.537360: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Sep 21 07:25:32.537361: | add_fd_read_event_handler: new ethX-pe@0x561ea75e2fd0 Sep 21 07:25:32.537363: | libevent_malloc: new ptr-libevent@0x561ea75e3010 size 128 Sep 21 07:25:32.537364: | libevent_malloc: new ptr-libevent@0x561ea75e30a0 size 16 Sep 21 07:25:32.537367: | setup callback for interface eth1 192.1.3.33:500 fd 17 Sep 21 07:25:32.537370: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:32.537372: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:32.537390: loading secrets from "/etc/ipsec.secrets" Sep 21 07:25:32.537405: | saving Modulus Sep 21 07:25:32.537409: | saving PublicExponent Sep 21 07:25:32.537411: | ignoring PrivateExponent Sep 21 07:25:32.537413: | ignoring Prime1 Sep 21 07:25:32.537415: | ignoring Prime2 Sep 21 07:25:32.537417: | ignoring Exponent1 Sep 21 07:25:32.537418: | ignoring Exponent2 Sep 21 07:25:32.537420: | ignoring Coefficient Sep 21 07:25:32.537422: | ignoring CKAIDNSS Sep 21 07:25:32.537442: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:25:32.537444: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:25:32.537446: loaded private key for keyid: PKK_RSA:AQPl33O2P Sep 21 07:25:32.537451: | certs and keys locked by 'process_secret' Sep 21 07:25:32.537455: | certs and keys unlocked by 'process_secret' Sep 21 07:25:32.537459: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:25:32.537465: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:32.537475: | spent 0.464 milliseconds in whack Sep 21 07:25:32.579977: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:32.579992: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:32.579995: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:32.579996: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:32.579998: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:32.580000: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:32.580005: | Added new connection north-east with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:32.580007: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:25:32.580044: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:25:32.580047: | from whack: got --esp= Sep 21 07:25:32.580068: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:25:32.580071: | counting wild cards for @north is 0 Sep 21 07:25:32.580073: | counting wild cards for @east is 0 Sep 21 07:25:32.580079: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:25:32.580082: | new hp@0x561ea75af5c0 Sep 21 07:25:32.580085: added connection description "north-east" Sep 21 07:25:32.580093: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:32.580236: | 192.0.3.254/32===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Sep 21 07:25:32.580248: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:32.580253: | spent 0.155 milliseconds in whack Sep 21 07:25:32.581315: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:32.581333: add keyid @north Sep 21 07:25:32.581337: | add pubkey 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Sep 21 07:25:32.581340: | add pubkey 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Sep 21 07:25:32.581342: | add pubkey 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Sep 21 07:25:32.581344: | add pubkey 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Sep 21 07:25:32.581347: | add pubkey 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Sep 21 07:25:32.581349: | add pubkey f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Sep 21 07:25:32.581351: | add pubkey 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Sep 21 07:25:32.581354: | add pubkey c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Sep 21 07:25:32.581356: | add pubkey cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Sep 21 07:25:32.581358: | add pubkey 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Sep 21 07:25:32.581361: | add pubkey 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Sep 21 07:25:32.581363: | add pubkey 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Sep 21 07:25:32.581365: | add pubkey ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Sep 21 07:25:32.581367: | add pubkey 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Sep 21 07:25:32.581370: | add pubkey 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Sep 21 07:25:32.581372: | add pubkey 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Sep 21 07:25:32.581374: | add pubkey f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Sep 21 07:25:32.581376: | add pubkey c7 5e a5 99 Sep 21 07:25:32.581394: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:25:32.581401: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:25:32.581407: | keyid: *AQPl33O2P Sep 21 07:25:32.581409: | n e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab 7f ec Sep 21 07:25:32.581412: | n 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 93 9e Sep 21 07:25:32.581414: | n 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 01 03 Sep 21 07:25:32.581417: | n 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 10 84 Sep 21 07:25:32.581419: | n b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 f4 6b Sep 21 07:25:32.581421: | n 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f 25 b4 Sep 21 07:25:32.581423: | n 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e c8 16 Sep 21 07:25:32.581426: | n 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 cc 92 Sep 21 07:25:32.581428: | n 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 13 0f Sep 21 07:25:32.581430: | n 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 39 f9 Sep 21 07:25:32.581433: | n 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d 9e ca Sep 21 07:25:32.581435: | n 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 ba 64 Sep 21 07:25:32.581437: | n 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 9c 85 Sep 21 07:25:32.581439: | n 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 61 eb Sep 21 07:25:32.581442: | n 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 83 c2 Sep 21 07:25:32.581444: | n d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca f5 38 Sep 21 07:25:32.581446: | n 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 c7 5e Sep 21 07:25:32.581448: | n a5 99 Sep 21 07:25:32.581450: | e 03 Sep 21 07:25:32.581453: | CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:25:32.581455: | CKAID 88 aa 7c 5d Sep 21 07:25:32.581462: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:32.581467: | spent 0.158 milliseconds in whack Sep 21 07:25:32.581520: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:32.581534: add keyid @east Sep 21 07:25:32.581539: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Sep 21 07:25:32.581541: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Sep 21 07:25:32.581544: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Sep 21 07:25:32.581546: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Sep 21 07:25:32.581548: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Sep 21 07:25:32.581550: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Sep 21 07:25:32.581553: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Sep 21 07:25:32.581555: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Sep 21 07:25:32.581557: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Sep 21 07:25:32.581560: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Sep 21 07:25:32.581562: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Sep 21 07:25:32.581564: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Sep 21 07:25:32.581566: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Sep 21 07:25:32.581569: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Sep 21 07:25:32.581571: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Sep 21 07:25:32.581573: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Sep 21 07:25:32.581575: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Sep 21 07:25:32.581578: | add pubkey 51 51 48 ef Sep 21 07:25:32.581593: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:32.581596: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:25:32.581600: | keyid: *AQO9bJbr3 Sep 21 07:25:32.581603: | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Sep 21 07:25:32.581605: | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Sep 21 07:25:32.581607: | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Sep 21 07:25:32.581610: | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Sep 21 07:25:32.581616: | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Sep 21 07:25:32.581618: | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Sep 21 07:25:32.581620: | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Sep 21 07:25:32.581622: | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Sep 21 07:25:32.581625: | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Sep 21 07:25:32.581627: | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Sep 21 07:25:32.581629: | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Sep 21 07:25:32.581631: | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Sep 21 07:25:32.581634: | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Sep 21 07:25:32.581636: | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Sep 21 07:25:32.581638: | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Sep 21 07:25:32.581640: | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Sep 21 07:25:32.581643: | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Sep 21 07:25:32.581645: | n 48 ef Sep 21 07:25:32.581647: | e 03 Sep 21 07:25:32.581649: | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:25:32.581651: | CKAID 8a 82 25 f1 Sep 21 07:25:32.581661: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:32.581666: | spent 0.152 milliseconds in whack Sep 21 07:25:32.581699: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:32.581709: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:25:32.581714: listening for IKE messages Sep 21 07:25:32.581749: | Inspecting interface lo Sep 21 07:25:32.581755: | found lo with address 127.0.0.1 Sep 21 07:25:32.581757: | Inspecting interface eth0 Sep 21 07:25:32.581761: | found eth0 with address 192.0.3.254 Sep 21 07:25:32.581764: | Inspecting interface eth1 Sep 21 07:25:32.581767: | found eth1 with address 192.1.3.33 Sep 21 07:25:32.581933: | no interfaces to sort Sep 21 07:25:32.581945: | libevent_free: release ptr-libevent@0x561ea75e2b60 Sep 21 07:25:32.581949: | free_event_entry: release EVENT_NULL-pe@0x561ea75e2b20 Sep 21 07:25:32.581952: | add_fd_read_event_handler: new ethX-pe@0x561ea75e2b20 Sep 21 07:25:32.581955: | libevent_malloc: new ptr-libevent@0x561ea75e2b60 size 128 Sep 21 07:25:32.581962: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:25:32.581966: | libevent_free: release ptr-libevent@0x561ea75e2c50 Sep 21 07:25:32.581968: | free_event_entry: release EVENT_NULL-pe@0x561ea75e2c10 Sep 21 07:25:32.581971: | add_fd_read_event_handler: new ethX-pe@0x561ea75e2c10 Sep 21 07:25:32.581973: | libevent_malloc: new ptr-libevent@0x561ea75e2c50 size 128 Sep 21 07:25:32.581978: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:25:32.581981: | libevent_free: release ptr-libevent@0x561ea75e2d40 Sep 21 07:25:32.581984: | free_event_entry: release EVENT_NULL-pe@0x561ea75e2d00 Sep 21 07:25:32.581987: | add_fd_read_event_handler: new ethX-pe@0x561ea75e2d00 Sep 21 07:25:32.581989: | libevent_malloc: new ptr-libevent@0x561ea75e2d40 size 128 Sep 21 07:25:32.581994: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Sep 21 07:25:32.581997: | libevent_free: release ptr-libevent@0x561ea75e2e30 Sep 21 07:25:32.581999: | free_event_entry: release EVENT_NULL-pe@0x561ea75e2df0 Sep 21 07:25:32.582002: | add_fd_read_event_handler: new ethX-pe@0x561ea75e2df0 Sep 21 07:25:32.582004: | libevent_malloc: new ptr-libevent@0x561ea75e2e30 size 128 Sep 21 07:25:32.582009: | setup callback for interface eth0 192.0.3.254:500 fd 19 Sep 21 07:25:32.582012: | libevent_free: release ptr-libevent@0x561ea75e2f20 Sep 21 07:25:32.582015: | free_event_entry: release EVENT_NULL-pe@0x561ea75e2ee0 Sep 21 07:25:32.582017: | add_fd_read_event_handler: new ethX-pe@0x561ea75e2ee0 Sep 21 07:25:32.582020: | libevent_malloc: new ptr-libevent@0x561ea75e2f20 size 128 Sep 21 07:25:32.582024: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Sep 21 07:25:32.582031: | libevent_free: release ptr-libevent@0x561ea75e3010 Sep 21 07:25:32.582034: | free_event_entry: release EVENT_NULL-pe@0x561ea75e2fd0 Sep 21 07:25:32.582036: | add_fd_read_event_handler: new ethX-pe@0x561ea75e2fd0 Sep 21 07:25:32.582039: | libevent_malloc: new ptr-libevent@0x561ea75e3010 size 128 Sep 21 07:25:32.582044: | setup callback for interface eth1 192.1.3.33:500 fd 17 Sep 21 07:25:32.582047: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:32.582049: forgetting secrets Sep 21 07:25:32.582058: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:32.582073: loading secrets from "/etc/ipsec.secrets" Sep 21 07:25:32.582089: | saving Modulus Sep 21 07:25:32.582092: | saving PublicExponent Sep 21 07:25:32.582095: | ignoring PrivateExponent Sep 21 07:25:32.582098: | ignoring Prime1 Sep 21 07:25:32.582101: | ignoring Prime2 Sep 21 07:25:32.582104: | ignoring Exponent1 Sep 21 07:25:32.582107: | ignoring Exponent2 Sep 21 07:25:32.582110: | ignoring Coefficient Sep 21 07:25:32.582113: | ignoring CKAIDNSS Sep 21 07:25:32.582124: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:25:32.582127: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:25:32.582130: loaded private key for keyid: PKK_RSA:AQPl33O2P Sep 21 07:25:32.582136: | certs and keys locked by 'process_secret' Sep 21 07:25:32.582139: | certs and keys unlocked by 'process_secret' Sep 21 07:25:32.582144: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:25:32.582151: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:32.582156: | spent 0.457 milliseconds in whack Sep 21 07:25:32.582182: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:32.582194: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:32.582198: | start processing: connection "north-east" (in whack_route_connection() at rcv_whack.c:106) Sep 21 07:25:32.582201: | could_route called for north-east (kind=CK_PERMANENT) Sep 21 07:25:32.582203: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:32.582206: | conn north-east mark 0/00000000, 0/00000000 vs Sep 21 07:25:32.582209: | conn north-east mark 0/00000000, 0/00000000 Sep 21 07:25:32.582215: | route owner of "north-east" unrouted: NULL; eroute owner: NULL Sep 21 07:25:32.582218: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:25:32.582220: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:32.582223: | conn north-east mark 0/00000000, 0/00000000 vs Sep 21 07:25:32.582225: | conn north-east mark 0/00000000, 0/00000000 Sep 21 07:25:32.582229: | route owner of "north-east" unrouted: NULL; eroute owner: NULL Sep 21 07:25:32.582232: | route_and_eroute with c: north-east (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #0 Sep 21 07:25:32.582239: | shunt_eroute() called for connection 'north-east' to 'add' for rt_kind 'prospective erouted' using protoports 192.0.3.254/32:0 --0->- 192.0.2.0/24:0 Sep 21 07:25:32.582244: | netlink_shunt_eroute for proto 0, and source 192.0.3.254/32:0 dest 192.0.2.0/24:0 Sep 21 07:25:32.582247: | priority calculation of connection "north-east" is 0xfdfe7 Sep 21 07:25:32.582255: | IPsec Sa SPD priority set to 1040359 Sep 21 07:25:32.582310: | priority calculation of connection "north-east" is 0xfdfe7 Sep 21 07:25:32.582313: | route_and_eroute: firewall_notified: true Sep 21 07:25:32.582316: | running updown command "ipsec _updown" for verb prepare Sep 21 07:25:32.582319: | command executing prepare-client Sep 21 07:25:32.582345: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_ Sep 21 07:25:32.582352: | popen cmd is 1028 chars long Sep 21 07:25:32.582355: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PL: Sep 21 07:25:32.582358: | cmd( 80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_: Sep 21 07:25:32.582360: | cmd( 160):ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' P: Sep 21 07:25:32.582363: | cmd( 240):LUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL: Sep 21 07:25:32.582365: | cmd( 320):UTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=: Sep 21 07:25:32.582368: | cmd( 400):'@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO: Sep 21 07:25:32.582370: | cmd( 480):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Sep 21 07:25:32.582373: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+: Sep 21 07:25:32.582375: | cmd( 640):ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIN: Sep 21 07:25:32.582378: | cmd( 720):D='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO: Sep 21 07:25:32.582381: | cmd( 800):='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO: Sep 21 07:25:32.582383: | cmd( 880):_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_RO: Sep 21 07:25:32.582386: | cmd( 960):UTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:25:32.592838: | running updown command "ipsec _updown" for verb route Sep 21 07:25:32.592852: | command executing route-client Sep 21 07:25:32.592882: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0 Sep 21 07:25:32.592886: | popen cmd is 1026 chars long Sep 21 07:25:32.592889: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUT: Sep 21 07:25:32.592892: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID: Sep 21 07:25:32.592894: | cmd( 160):='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLU: Sep 21 07:25:32.592897: | cmd( 240):TO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUT: Sep 21 07:25:32.592900: | cmd( 320):O_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@: Sep 21 07:25:32.592902: | cmd( 400):east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_P: Sep 21 07:25:32.592910: | cmd( 480):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Sep 21 07:25:32.592913: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+EN: Sep 21 07:25:32.592915: | cmd( 640):CRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND=: Sep 21 07:25:32.592918: | cmd( 720):'CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO=': Sep 21 07:25:32.592920: | cmd( 800):0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_C: Sep 21 07:25:32.592923: | cmd( 880):FG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUT: Sep 21 07:25:32.592925: | cmd( 960):ING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:25:32.602776: | stop processing: connection "north-east" (in whack_route_connection() at rcv_whack.c:116) Sep 21 07:25:32.602800: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:32.602823: | spent 0.476 milliseconds in whack Sep 21 07:25:32.602849: | processing signal PLUTO_SIGCHLD Sep 21 07:25:32.602854: | waitpid returned nothing left to do (all child processes are busy) Sep 21 07:25:32.602858: | spent 0.00504 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:32.602860: | processing signal PLUTO_SIGCHLD Sep 21 07:25:32.602864: | waitpid returned nothing left to do (all child processes are busy) Sep 21 07:25:32.602867: | spent 0.00339 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:32.603300: | processing signal PLUTO_SIGCHLD Sep 21 07:25:32.603308: | waitpid returned pid 10622 (exited with status 0) Sep 21 07:25:32.603311: | reaped addconn helper child (status 0) Sep 21 07:25:32.603314: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:32.603317: | spent 0.0114 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:32.781422: | kernel_process_msg_cb process netlink message Sep 21 07:25:32.781438: | netlink_get: XFRM_MSG_ACQUIRE message Sep 21 07:25:32.781440: | xfrm netlink msg len 376 Sep 21 07:25:32.781442: | xfrm acquire rtattribute type 5 Sep 21 07:25:32.781443: | xfrm acquire rtattribute type 16 Sep 21 07:25:32.781453: | add bare shunt 0x561ea75e3120 192.0.3.254/32:8 --1--> 192.0.2.254/32:0 => %hold 0 %acquire-netlink Sep 21 07:25:32.781457: initiate on demand from 192.0.3.254:8 to 192.0.2.254:0 proto=1 because: acquire Sep 21 07:25:32.781461: | find_connection: looking for policy for connection: 192.0.3.254:1/8 -> 192.0.2.254:1/0 Sep 21 07:25:32.781463: | FOR_EACH_CONNECTION_... in find_connection_for_clients Sep 21 07:25:32.781466: | find_connection: conn "north-east" has compatible peers: 192.0.3.254/32:0 -> 192.0.2.0/24:0 [pri: 33603594] Sep 21 07:25:32.781468: | find_connection: first OK "north-east" [pri:33603594]{0x561ea75e38a0} (child none) Sep 21 07:25:32.781470: | find_connection: concluding with "north-east" [pri:33603594]{0x561ea75e38a0} kind=CK_PERMANENT Sep 21 07:25:32.781473: | assign hold, routing was prospective erouted, needs to be erouted HOLD Sep 21 07:25:32.781474: | assign_holdpass() need broad(er) shunt Sep 21 07:25:32.781476: | priority calculation of connection "north-east" is 0xfdfe7 Sep 21 07:25:32.781480: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.3.254/32:0 --0-> 192.0.2.0/24:0 => %hold>%hold (raw_eroute) Sep 21 07:25:32.781482: | netlink_raw_eroute: SPI_HOLD implemented as no-op Sep 21 07:25:32.781483: | raw_eroute result=success Sep 21 07:25:32.781485: | assign_holdpass() eroute_connection() done Sep 21 07:25:32.781486: | fiddle_bare_shunt called Sep 21 07:25:32.781488: | fiddle_bare_shunt with transport_proto 1 Sep 21 07:25:32.781489: | removing specific host-to-host bare shunt Sep 21 07:25:32.781492: | delete narrow %hold eroute 192.0.3.254/32:8 --1-> 192.0.2.254/32:0 => %hold (raw_eroute) Sep 21 07:25:32.781494: | netlink_raw_eroute: SPI_PASS Sep 21 07:25:32.781506: | raw_eroute result=success Sep 21 07:25:32.781509: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Sep 21 07:25:32.781516: | delete bare shunt 0x561ea75e3120 192.0.3.254/32:8 --1--> 192.0.2.254/32:0 => %hold 0 %acquire-netlink Sep 21 07:25:32.781517: assign_holdpass() delete_bare_shunt() failed Sep 21 07:25:32.781519: initiate_ondemand_body() failed to install negotiation_shunt, Sep 21 07:25:32.781521: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:32.781537: | creating state object #1 at 0x561ea75e4cb0 Sep 21 07:25:32.781539: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:25:32.781545: | pstats #1 ikev2.ike started Sep 21 07:25:32.781547: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:25:32.781550: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:25:32.781554: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:32.781560: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:25:32.781562: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:25:32.781565: | Queuing pending IPsec SA negotiating with 192.1.2.23 "north-east" IKE SA #1 "north-east" Sep 21 07:25:32.781568: "north-east" #1: initiating v2 parent SA Sep 21 07:25:32.781570: | constructing local IKE proposals for north-east (IKE SA initiator selecting KE) Sep 21 07:25:32.781575: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:32.781580: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:32.781583: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:32.781586: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:32.781588: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:32.781592: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:32.781594: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:32.781597: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:32.781603: "north-east": constructed local IKE proposals for north-east (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:32.781607: | adding ikev2_outI1 KE work-order 1 for state #1 Sep 21 07:25:32.781610: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x561ea75e5b20 Sep 21 07:25:32.781612: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:25:32.781614: | libevent_malloc: new ptr-libevent@0x561ea75e5b60 size 128 Sep 21 07:25:32.781625: | #1 spent 0.168 milliseconds in ikev2_parent_outI1() Sep 21 07:25:32.781645: | RESET processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:32.781648: | initiate on demand using RSASIG from 192.0.3.254 to 192.0.2.254 Sep 21 07:25:32.781652: | spent 0.217 milliseconds in kernel message Sep 21 07:25:32.781653: | crypto helper 1 resuming Sep 21 07:25:32.781661: | crypto helper 1 starting work-order 1 for state #1 Sep 21 07:25:32.781665: | crypto helper 1 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Sep 21 07:25:32.782271: | crypto helper 1 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000606 seconds Sep 21 07:25:32.782279: | (#1) spent 0.609 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Sep 21 07:25:32.782281: | crypto helper 1 sending results from work-order 1 for state #1 to event queue Sep 21 07:25:32.782283: | scheduling resume sending helper answer for #1 Sep 21 07:25:32.782305: | libevent_malloc: new ptr-libevent@0x7f6458006900 size 128 Sep 21 07:25:32.782312: | crypto helper 1 waiting (nothing to do) Sep 21 07:25:32.782350: | processing resume sending helper answer for #1 Sep 21 07:25:32.782358: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:32.782361: | crypto helper 1 replies to request ID 1 Sep 21 07:25:32.782363: | calling continuation function 0x561ea6c4a630 Sep 21 07:25:32.782365: | ikev2_parent_outI1_continue for #1 Sep 21 07:25:32.782391: | **emit ISAKMP Message: Sep 21 07:25:32.782393: | initiator cookie: Sep 21 07:25:32.782394: | 03 21 a5 e1 75 03 63 18 Sep 21 07:25:32.782396: | responder cookie: Sep 21 07:25:32.782397: | 00 00 00 00 00 00 00 00 Sep 21 07:25:32.782399: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:32.782401: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:32.782402: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:32.782404: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:32.782406: | Message ID: 0 (0x0) Sep 21 07:25:32.782408: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:32.782418: | using existing local IKE proposals for connection north-east (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:32.782420: | Emitting ikev2_proposals ... Sep 21 07:25:32.782421: | ***emit IKEv2 Security Association Payload: Sep 21 07:25:32.782423: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.782425: | flags: none (0x0) Sep 21 07:25:32.782427: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:32.782428: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:32.782430: | discarding INTEG=NONE Sep 21 07:25:32.782432: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:32.782433: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:32.782435: | prop #: 1 (0x1) Sep 21 07:25:32.782436: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:32.782438: | spi size: 0 (0x0) Sep 21 07:25:32.782439: | # transforms: 11 (0xb) Sep 21 07:25:32.782441: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:32.782447: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782448: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782450: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:32.782451: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:32.782453: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782455: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:32.782456: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:32.782458: | length/value: 256 (0x100) Sep 21 07:25:32.782460: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:32.782461: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782462: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782464: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:32.782465: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:32.782467: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782469: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782470: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782472: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782473: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782475: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:32.782476: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:32.782478: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782479: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782481: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782482: | discarding INTEG=NONE Sep 21 07:25:32.782484: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782485: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782486: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.782488: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:32.782490: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782491: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782493: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782494: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782495: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782497: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.782498: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:32.782500: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782501: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782503: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782504: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782506: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782507: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.782508: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:32.782510: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782513: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782514: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782516: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782517: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782518: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.782520: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:32.782521: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782523: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782525: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782526: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782527: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782529: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.782530: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:32.782532: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782533: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782535: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782536: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782538: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782539: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.782540: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:32.782542: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782544: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782545: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782546: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782548: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782549: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.782551: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:32.782552: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782554: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782555: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782557: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782558: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:32.782560: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.782561: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:32.782563: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782564: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782566: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782567: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:25:32.782569: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:32.782570: | discarding INTEG=NONE Sep 21 07:25:32.782573: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:32.782574: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:32.782575: | prop #: 2 (0x2) Sep 21 07:25:32.782577: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:32.782578: | spi size: 0 (0x0) Sep 21 07:25:32.782580: | # transforms: 11 (0xb) Sep 21 07:25:32.782581: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:32.782583: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:32.782585: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782586: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782587: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:32.782589: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:32.782590: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782592: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:32.782593: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:32.782595: | length/value: 128 (0x80) Sep 21 07:25:32.782596: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:32.782598: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782599: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782600: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:32.782602: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:32.782604: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782605: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782607: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782608: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782609: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782611: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:32.782612: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:32.782614: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782615: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782617: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782618: | discarding INTEG=NONE Sep 21 07:25:32.782620: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782621: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782622: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.782624: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:32.782625: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782627: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782628: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782630: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782631: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782633: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.782634: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:32.782636: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782637: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782639: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782641: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782642: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782644: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.782645: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:32.782647: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782648: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782650: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782651: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782653: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782654: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.782655: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:32.782657: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782659: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782660: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782661: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782663: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782664: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.782666: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:32.782667: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782669: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782670: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782672: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782673: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782675: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.782676: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:32.782678: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782679: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782681: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782682: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782684: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782685: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.782686: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:32.782688: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782690: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782691: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782692: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782694: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:32.782695: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.782697: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:32.782698: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782701: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782702: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782704: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:25:32.782705: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:32.782707: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:32.782708: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:32.782710: | prop #: 3 (0x3) Sep 21 07:25:32.782711: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:32.782712: | spi size: 0 (0x0) Sep 21 07:25:32.782714: | # transforms: 13 (0xd) Sep 21 07:25:32.782716: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:32.782717: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:32.782719: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782720: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782721: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:32.782723: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:32.782724: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782726: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:32.782727: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:32.782729: | length/value: 256 (0x100) Sep 21 07:25:32.782730: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:32.782731: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782733: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782734: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:32.782736: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:32.782737: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782739: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782740: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782742: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782743: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782745: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:32.782746: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:32.782748: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782749: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782751: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782752: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782753: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782755: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:32.782756: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:32.782758: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782760: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782762: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782763: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782765: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782766: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:32.782767: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:32.782769: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782771: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782772: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782774: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782775: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782776: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.782778: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:32.782779: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782781: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782786: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782809: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782813: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782816: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.782818: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:32.782822: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782824: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782828: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782829: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782831: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782832: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.782834: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:32.782835: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782837: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782839: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782840: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782841: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782856: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.782857: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:32.782859: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782861: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782862: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782863: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782865: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782866: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.782868: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:32.782869: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782873: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782874: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782876: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782877: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782879: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.782880: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:32.782882: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782883: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782885: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782886: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782888: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782889: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.782891: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:32.782892: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782894: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782895: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782897: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782898: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:32.782900: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.782901: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:32.782903: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782904: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782906: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782907: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:25:32.782909: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:32.782911: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:32.782912: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:32.782913: | prop #: 4 (0x4) Sep 21 07:25:32.782915: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:32.782916: | spi size: 0 (0x0) Sep 21 07:25:32.782918: | # transforms: 13 (0xd) Sep 21 07:25:32.782919: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:32.782921: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:32.782923: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782924: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782926: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:32.782927: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:32.782929: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782930: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:32.782932: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:32.782933: | length/value: 128 (0x80) Sep 21 07:25:32.782935: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:32.782936: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782938: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782940: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:32.782941: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:32.782943: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782944: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782946: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782947: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782949: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782950: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:32.782951: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:32.782953: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782955: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782956: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782958: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782959: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782961: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:32.782962: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:32.782964: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782965: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782967: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782968: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782970: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782971: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:32.782972: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:32.782974: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782976: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782977: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782979: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782980: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782981: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.782983: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:32.782985: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782986: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782988: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.782989: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.782990: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782992: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.782993: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:32.782995: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.782997: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.782999: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.783001: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.783002: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.783003: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.783005: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:32.783006: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.783008: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.783010: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.783011: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.783012: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.783014: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.783015: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:32.783017: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.783019: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.783020: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.783021: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.783023: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.783024: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.783026: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:32.783027: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.783029: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.783030: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.783032: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.783033: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.783035: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.783036: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:32.783038: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.783039: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.783041: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.783042: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.783044: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.783045: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.783046: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:32.783048: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.783050: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.783051: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.783053: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.783054: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:32.783055: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.783057: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:32.783059: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.783062: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.783064: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.783065: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:25:32.783067: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:32.783068: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:25:32.783070: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:32.783071: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:25:32.783073: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.783075: | flags: none (0x0) Sep 21 07:25:32.783076: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:32.783078: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:25:32.783080: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:25:32.783082: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:25:32.783083: | ikev2 g^x c7 06 4a c8 52 35 14 07 9a 3a 1c 3b 19 23 58 5f Sep 21 07:25:32.783085: | ikev2 g^x f1 9d ab 37 e1 5f b4 16 26 ae 92 17 ba cd 1d f1 Sep 21 07:25:32.783086: | ikev2 g^x 2a 01 4b 6b 08 ad 99 49 8c 1a 83 03 f2 19 79 40 Sep 21 07:25:32.783088: | ikev2 g^x 08 30 19 e3 c8 e2 dc ab ee 16 21 24 a8 7d bc 79 Sep 21 07:25:32.783089: | ikev2 g^x 61 30 a2 15 3d 45 c7 f1 db eb 48 da 01 9e ae b6 Sep 21 07:25:32.783090: | ikev2 g^x e1 10 56 dd 56 6f 60 05 22 7b 15 5f c1 66 1f ee Sep 21 07:25:32.783092: | ikev2 g^x b8 be 8d f3 15 0b 15 7b e4 95 99 91 47 67 29 d1 Sep 21 07:25:32.783093: | ikev2 g^x 98 5a c9 b2 e5 87 10 8b 52 af 81 5b f0 05 58 78 Sep 21 07:25:32.783094: | ikev2 g^x 08 9d d9 61 15 31 0b d1 bc bb 02 a4 b0 4c 58 5d Sep 21 07:25:32.783096: | ikev2 g^x 10 46 40 a5 ea 9e 96 b9 e1 01 50 c2 4e a1 c0 5d Sep 21 07:25:32.783097: | ikev2 g^x fe 33 40 45 93 11 04 d0 62 ea 9d a0 b0 5b 7b 0d Sep 21 07:25:32.783098: | ikev2 g^x d5 f4 e6 db dd e4 ba 3a 42 fa 28 e0 9d 42 1e 45 Sep 21 07:25:32.783100: | ikev2 g^x 26 67 dc 43 9d 63 39 b2 de 9b 2e 5a b4 01 44 87 Sep 21 07:25:32.783101: | ikev2 g^x 2d c1 ba 23 01 39 53 03 a2 b2 e8 cd 8b 6d ac 82 Sep 21 07:25:32.783102: | ikev2 g^x 7f 12 c9 b0 81 35 25 c4 82 71 22 9d ea a5 e4 4b Sep 21 07:25:32.783104: | ikev2 g^x 6a ce 95 9f 9b 20 a8 88 05 18 b8 de 36 16 31 57 Sep 21 07:25:32.783105: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:25:32.783107: | ***emit IKEv2 Nonce Payload: Sep 21 07:25:32.783108: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:32.783110: | flags: none (0x0) Sep 21 07:25:32.783111: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:25:32.783113: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:25:32.783115: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:25:32.783117: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:25:32.783118: | IKEv2 nonce 1d 8e 08 64 12 a6 bc f5 db fe 10 d5 d7 62 cd 16 Sep 21 07:25:32.783119: | IKEv2 nonce 95 29 b5 37 b7 93 79 9f e4 bf 93 dd cc a8 c8 19 Sep 21 07:25:32.783121: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:25:32.783123: | Adding a v2N Payload Sep 21 07:25:32.783124: | ***emit IKEv2 Notify Payload: Sep 21 07:25:32.783126: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.783127: | flags: none (0x0) Sep 21 07:25:32.783130: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:32.783131: | SPI size: 0 (0x0) Sep 21 07:25:32.783133: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:32.783135: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:32.783136: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:32.783138: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:25:32.783140: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:25:32.783141: | natd_hash: rcookie is zero Sep 21 07:25:32.783149: | natd_hash: hasher=0x561ea6d207a0(20) Sep 21 07:25:32.783151: | natd_hash: icookie= 03 21 a5 e1 75 03 63 18 Sep 21 07:25:32.783152: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:32.783153: | natd_hash: ip= c0 01 03 21 Sep 21 07:25:32.783155: | natd_hash: port= 01 f4 Sep 21 07:25:32.783156: | natd_hash: hash= 54 03 a0 9a 08 6e 3e c9 31 3d 77 ec ea 62 5e 9c Sep 21 07:25:32.783158: | natd_hash: hash= b3 d7 b3 e9 Sep 21 07:25:32.783159: | Adding a v2N Payload Sep 21 07:25:32.783160: | ***emit IKEv2 Notify Payload: Sep 21 07:25:32.783162: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.783163: | flags: none (0x0) Sep 21 07:25:32.783165: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:32.783166: | SPI size: 0 (0x0) Sep 21 07:25:32.783168: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:32.783169: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:32.783171: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:32.783173: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:32.783174: | Notify data 54 03 a0 9a 08 6e 3e c9 31 3d 77 ec ea 62 5e 9c Sep 21 07:25:32.783176: | Notify data b3 d7 b3 e9 Sep 21 07:25:32.783177: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:32.783178: | natd_hash: rcookie is zero Sep 21 07:25:32.783182: | natd_hash: hasher=0x561ea6d207a0(20) Sep 21 07:25:32.783183: | natd_hash: icookie= 03 21 a5 e1 75 03 63 18 Sep 21 07:25:32.783185: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:32.783186: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:32.783187: | natd_hash: port= 01 f4 Sep 21 07:25:32.783189: | natd_hash: hash= ea 35 bb 81 ef 53 e2 f6 9f a6 a5 99 62 8f a0 a3 Sep 21 07:25:32.783190: | natd_hash: hash= fe 49 3c 1a Sep 21 07:25:32.783191: | Adding a v2N Payload Sep 21 07:25:32.783193: | ***emit IKEv2 Notify Payload: Sep 21 07:25:32.783194: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.783195: | flags: none (0x0) Sep 21 07:25:32.783197: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:32.783198: | SPI size: 0 (0x0) Sep 21 07:25:32.783200: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:32.783201: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:32.783203: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:32.783205: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:32.783206: | Notify data ea 35 bb 81 ef 53 e2 f6 9f a6 a5 99 62 8f a0 a3 Sep 21 07:25:32.783207: | Notify data fe 49 3c 1a Sep 21 07:25:32.783209: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:32.783210: | emitting length of ISAKMP Message: 828 Sep 21 07:25:32.783215: | stop processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:25:32.783223: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:32.783226: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:25:32.783229: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:25:32.783231: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:25:32.783233: | Message ID: updating counters for #1 to 4294967295 after switching state Sep 21 07:25:32.783235: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:25:32.783238: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:25:32.783240: "north-east" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:25:32.783243: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:25:32.783248: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:32.783250: | 03 21 a5 e1 75 03 63 18 00 00 00 00 00 00 00 00 Sep 21 07:25:32.783251: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:25:32.783253: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:25:32.783254: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:25:32.783255: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:25:32.783257: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:25:32.783258: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:25:32.783259: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:25:32.783261: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:25:32.783262: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:25:32.783263: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:25:32.783265: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:25:32.783266: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:25:32.783267: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:25:32.783269: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:25:32.783270: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:25:32.783271: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:32.783273: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:25:32.783274: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:25:32.783275: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:25:32.783277: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:25:32.783278: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:25:32.783279: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:25:32.783281: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:25:32.783282: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:25:32.783283: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:25:32.783285: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:25:32.783286: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:25:32.783287: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:25:32.783289: | 28 00 01 08 00 0e 00 00 c7 06 4a c8 52 35 14 07 Sep 21 07:25:32.783290: | 9a 3a 1c 3b 19 23 58 5f f1 9d ab 37 e1 5f b4 16 Sep 21 07:25:32.783291: | 26 ae 92 17 ba cd 1d f1 2a 01 4b 6b 08 ad 99 49 Sep 21 07:25:32.783293: | 8c 1a 83 03 f2 19 79 40 08 30 19 e3 c8 e2 dc ab Sep 21 07:25:32.783294: | ee 16 21 24 a8 7d bc 79 61 30 a2 15 3d 45 c7 f1 Sep 21 07:25:32.783295: | db eb 48 da 01 9e ae b6 e1 10 56 dd 56 6f 60 05 Sep 21 07:25:32.783297: | 22 7b 15 5f c1 66 1f ee b8 be 8d f3 15 0b 15 7b Sep 21 07:25:32.783298: | e4 95 99 91 47 67 29 d1 98 5a c9 b2 e5 87 10 8b Sep 21 07:25:32.783299: | 52 af 81 5b f0 05 58 78 08 9d d9 61 15 31 0b d1 Sep 21 07:25:32.783301: | bc bb 02 a4 b0 4c 58 5d 10 46 40 a5 ea 9e 96 b9 Sep 21 07:25:32.783302: | e1 01 50 c2 4e a1 c0 5d fe 33 40 45 93 11 04 d0 Sep 21 07:25:32.783303: | 62 ea 9d a0 b0 5b 7b 0d d5 f4 e6 db dd e4 ba 3a Sep 21 07:25:32.783306: | 42 fa 28 e0 9d 42 1e 45 26 67 dc 43 9d 63 39 b2 Sep 21 07:25:32.783307: | de 9b 2e 5a b4 01 44 87 2d c1 ba 23 01 39 53 03 Sep 21 07:25:32.783308: | a2 b2 e8 cd 8b 6d ac 82 7f 12 c9 b0 81 35 25 c4 Sep 21 07:25:32.783310: | 82 71 22 9d ea a5 e4 4b 6a ce 95 9f 9b 20 a8 88 Sep 21 07:25:32.783311: | 05 18 b8 de 36 16 31 57 29 00 00 24 1d 8e 08 64 Sep 21 07:25:32.783312: | 12 a6 bc f5 db fe 10 d5 d7 62 cd 16 95 29 b5 37 Sep 21 07:25:32.783314: | b7 93 79 9f e4 bf 93 dd cc a8 c8 19 29 00 00 08 Sep 21 07:25:32.783315: | 00 00 40 2e 29 00 00 1c 00 00 40 04 54 03 a0 9a Sep 21 07:25:32.783316: | 08 6e 3e c9 31 3d 77 ec ea 62 5e 9c b3 d7 b3 e9 Sep 21 07:25:32.783318: | 00 00 00 1c 00 00 40 05 ea 35 bb 81 ef 53 e2 f6 Sep 21 07:25:32.783319: | 9f a6 a5 99 62 8f a0 a3 fe 49 3c 1a Sep 21 07:25:32.783389: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:32.783408: | libevent_free: release ptr-libevent@0x561ea75e5b60 Sep 21 07:25:32.783410: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x561ea75e5b20 Sep 21 07:25:32.783412: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:25:32.783415: | event_schedule: new EVENT_RETRANSMIT-pe@0x561ea75e5b20 Sep 21 07:25:32.783417: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Sep 21 07:25:32.783419: | libevent_malloc: new ptr-libevent@0x561ea75e5770 size 128 Sep 21 07:25:32.783422: | #1 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49379.151679 Sep 21 07:25:32.783425: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Sep 21 07:25:32.783429: | #1 spent 1.01 milliseconds in resume sending helper answer Sep 21 07:25:32.783432: | stop processing: state #1 connection "north-east" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:32.783434: | libevent_free: release ptr-libevent@0x7f6458006900 Sep 21 07:25:32.786111: | spent 0.00273 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:32.786129: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:32.786131: | 03 21 a5 e1 75 03 63 18 86 9b be cc 2d bd 0c ec Sep 21 07:25:32.786133: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Sep 21 07:25:32.786134: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:25:32.786136: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:25:32.786137: | 04 00 00 0e 28 00 01 08 00 0e 00 00 db 91 ea 4d Sep 21 07:25:32.786138: | d2 3d 08 1f ce b4 44 a7 37 30 63 32 6c dc b8 0c Sep 21 07:25:32.786140: | f7 55 0a 19 b2 a8 6d f4 3a 06 87 db 7d 89 c5 1f Sep 21 07:25:32.786141: | 21 48 52 59 32 5f 01 c7 bf 9a 61 5e ed 44 26 ac Sep 21 07:25:32.786143: | 7c fd c4 4a 93 f3 17 33 04 ce 1f fd c8 56 5e a1 Sep 21 07:25:32.786144: | 14 1a 2d 5d 36 de 03 a2 bf 93 91 d0 bd 25 7e 61 Sep 21 07:25:32.786145: | cf 58 11 93 5f fc 24 71 cb c8 ca 14 94 73 9f 94 Sep 21 07:25:32.786147: | 2c 70 1d 64 4b 15 83 f6 86 eb 86 d0 9e f0 d8 9f Sep 21 07:25:32.786148: | 1b 58 ed 2f 26 ab 54 8c 3d 67 a6 ce 2c 82 0f ff Sep 21 07:25:32.786149: | dc 51 a5 7d 59 2f bc d7 08 6e 84 ee e2 3c ea c1 Sep 21 07:25:32.786151: | 45 65 5d a3 56 48 a1 4c 06 27 8f 52 6d 74 14 3e Sep 21 07:25:32.786152: | b1 c6 cc 4b ff e6 fa b0 fd f8 2e 52 42 e9 3a 33 Sep 21 07:25:32.786153: | d7 e0 6b 07 d2 45 c6 97 b0 42 03 a8 85 9f 03 26 Sep 21 07:25:32.786155: | 59 3c 74 8f d3 2d 1d 3a 2f 19 54 d1 a0 44 5f cc Sep 21 07:25:32.786156: | f7 c4 db 0c 86 f7 2b 8d 7b 94 c2 38 68 8f 67 6d Sep 21 07:25:32.786158: | a5 10 b4 cf 4a e2 3f d6 1c d6 fe c5 aa d1 e2 fe Sep 21 07:25:32.786159: | 5e a5 21 a3 78 4f 69 db a4 dc 55 ca 29 00 00 24 Sep 21 07:25:32.786160: | 5d 85 dc c8 3b f4 78 69 d4 0c ec 0e 59 45 62 b6 Sep 21 07:25:32.786162: | 80 77 5c b5 9d 74 29 7c b1 44 f7 e6 fb de c0 aa Sep 21 07:25:32.786165: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:25:32.786166: | af f1 94 38 88 72 35 7a 91 36 fc 71 f7 c9 3a 05 Sep 21 07:25:32.786167: | 95 62 81 6b 00 00 00 1c 00 00 40 05 36 a4 cb 75 Sep 21 07:25:32.786169: | 85 ce ff b7 e4 53 b8 d3 0d b0 6d bf 27 e6 de 16 Sep 21 07:25:32.786172: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:32.786174: | **parse ISAKMP Message: Sep 21 07:25:32.786176: | initiator cookie: Sep 21 07:25:32.786177: | 03 21 a5 e1 75 03 63 18 Sep 21 07:25:32.786179: | responder cookie: Sep 21 07:25:32.786180: | 86 9b be cc 2d bd 0c ec Sep 21 07:25:32.786182: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:32.786183: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:32.786185: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:32.786187: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:32.786188: | Message ID: 0 (0x0) Sep 21 07:25:32.786190: | length: 432 (0x1b0) Sep 21 07:25:32.786192: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:25:32.786194: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Sep 21 07:25:32.786196: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Sep 21 07:25:32.786200: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:32.786203: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:32.786204: | #1 is idle Sep 21 07:25:32.786206: | #1 idle Sep 21 07:25:32.786207: | unpacking clear payload Sep 21 07:25:32.786209: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:32.786210: | ***parse IKEv2 Security Association Payload: Sep 21 07:25:32.786212: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:25:32.786213: | flags: none (0x0) Sep 21 07:25:32.786215: | length: 40 (0x28) Sep 21 07:25:32.786217: | processing payload: ISAKMP_NEXT_v2SA (len=36) Sep 21 07:25:32.786218: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:25:32.786220: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:25:32.786221: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:25:32.786223: | flags: none (0x0) Sep 21 07:25:32.786224: | length: 264 (0x108) Sep 21 07:25:32.786226: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:32.786227: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:25:32.786229: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:25:32.786230: | ***parse IKEv2 Nonce Payload: Sep 21 07:25:32.786232: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:32.786233: | flags: none (0x0) Sep 21 07:25:32.786234: | length: 36 (0x24) Sep 21 07:25:32.786236: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:25:32.786237: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:32.786239: | ***parse IKEv2 Notify Payload: Sep 21 07:25:32.786240: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:32.786242: | flags: none (0x0) Sep 21 07:25:32.786243: | length: 8 (0x8) Sep 21 07:25:32.786245: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:32.786246: | SPI size: 0 (0x0) Sep 21 07:25:32.786248: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:32.786249: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:25:32.786251: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:32.786252: | ***parse IKEv2 Notify Payload: Sep 21 07:25:32.786254: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:32.786255: | flags: none (0x0) Sep 21 07:25:32.786256: | length: 28 (0x1c) Sep 21 07:25:32.786258: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:32.786259: | SPI size: 0 (0x0) Sep 21 07:25:32.786261: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:32.786262: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:25:32.786265: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:32.786266: | ***parse IKEv2 Notify Payload: Sep 21 07:25:32.786268: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.786269: | flags: none (0x0) Sep 21 07:25:32.786270: | length: 28 (0x1c) Sep 21 07:25:32.786272: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:32.786273: | SPI size: 0 (0x0) Sep 21 07:25:32.786275: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:32.786276: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:25:32.786278: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Sep 21 07:25:32.786282: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:25:32.786284: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:25:32.786286: | Now let's proceed with state specific processing Sep 21 07:25:32.786287: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:25:32.786290: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Sep 21 07:25:32.786300: | using existing local IKE proposals for connection north-east (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:32.786303: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Sep 21 07:25:32.786305: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:32.786307: | local proposal 1 type PRF has 2 transforms Sep 21 07:25:32.786308: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:32.786310: | local proposal 1 type DH has 8 transforms Sep 21 07:25:32.786311: | local proposal 1 type ESN has 0 transforms Sep 21 07:25:32.786314: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:25:32.786315: | local proposal 2 type ENCR has 1 transforms Sep 21 07:25:32.786316: | local proposal 2 type PRF has 2 transforms Sep 21 07:25:32.786318: | local proposal 2 type INTEG has 1 transforms Sep 21 07:25:32.786319: | local proposal 2 type DH has 8 transforms Sep 21 07:25:32.786321: | local proposal 2 type ESN has 0 transforms Sep 21 07:25:32.786323: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:25:32.786324: | local proposal 3 type ENCR has 1 transforms Sep 21 07:25:32.786325: | local proposal 3 type PRF has 2 transforms Sep 21 07:25:32.786327: | local proposal 3 type INTEG has 2 transforms Sep 21 07:25:32.786328: | local proposal 3 type DH has 8 transforms Sep 21 07:25:32.786330: | local proposal 3 type ESN has 0 transforms Sep 21 07:25:32.786344: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:25:32.786346: | local proposal 4 type ENCR has 1 transforms Sep 21 07:25:32.786347: | local proposal 4 type PRF has 2 transforms Sep 21 07:25:32.786349: | local proposal 4 type INTEG has 2 transforms Sep 21 07:25:32.786350: | local proposal 4 type DH has 8 transforms Sep 21 07:25:32.786351: | local proposal 4 type ESN has 0 transforms Sep 21 07:25:32.786353: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:25:32.786355: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:32.786356: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:32.786358: | length: 36 (0x24) Sep 21 07:25:32.786359: | prop #: 1 (0x1) Sep 21 07:25:32.786361: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:32.786362: | spi size: 0 (0x0) Sep 21 07:25:32.786364: | # transforms: 3 (0x3) Sep 21 07:25:32.786366: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:25:32.786368: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:32.786370: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.786371: | length: 12 (0xc) Sep 21 07:25:32.786372: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:32.786374: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:32.786376: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:32.786377: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:32.786379: | length/value: 256 (0x100) Sep 21 07:25:32.786381: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:32.786383: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:32.786384: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.786386: | length: 8 (0x8) Sep 21 07:25:32.786387: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:32.786388: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:32.786390: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:25:32.786392: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:32.786393: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:32.786395: | length: 8 (0x8) Sep 21 07:25:32.786396: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:32.786398: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:32.786400: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:25:32.786402: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:25:32.786404: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:25:32.786406: | remote proposal 1 matches local proposal 1 Sep 21 07:25:32.786407: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Sep 21 07:25:32.786409: | converting proposal to internal trans attrs Sep 21 07:25:32.786419: | natd_hash: hasher=0x561ea6d207a0(20) Sep 21 07:25:32.786421: | natd_hash: icookie= 03 21 a5 e1 75 03 63 18 Sep 21 07:25:32.786422: | natd_hash: rcookie= 86 9b be cc 2d bd 0c ec Sep 21 07:25:32.786423: | natd_hash: ip= c0 01 03 21 Sep 21 07:25:32.786425: | natd_hash: port= 01 f4 Sep 21 07:25:32.786426: | natd_hash: hash= 36 a4 cb 75 85 ce ff b7 e4 53 b8 d3 0d b0 6d bf Sep 21 07:25:32.786428: | natd_hash: hash= 27 e6 de 16 Sep 21 07:25:32.786431: | natd_hash: hasher=0x561ea6d207a0(20) Sep 21 07:25:32.786432: | natd_hash: icookie= 03 21 a5 e1 75 03 63 18 Sep 21 07:25:32.786434: | natd_hash: rcookie= 86 9b be cc 2d bd 0c ec Sep 21 07:25:32.786435: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:32.786436: | natd_hash: port= 01 f4 Sep 21 07:25:32.786438: | natd_hash: hash= af f1 94 38 88 72 35 7a 91 36 fc 71 f7 c9 3a 05 Sep 21 07:25:32.786439: | natd_hash: hash= 95 62 81 6b Sep 21 07:25:32.786441: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:25:32.786442: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:25:32.786443: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:25:32.786445: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:25:32.786447: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:25:32.786450: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Sep 21 07:25:32.786451: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:25:32.786453: | #1 STATE_PARENT_I1: retransmits: cleared Sep 21 07:25:32.786455: | libevent_free: release ptr-libevent@0x561ea75e5770 Sep 21 07:25:32.786457: | free_event_entry: release EVENT_RETRANSMIT-pe@0x561ea75e5b20 Sep 21 07:25:32.786459: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x561ea75e5b20 Sep 21 07:25:32.786463: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:25:32.786465: | libevent_malloc: new ptr-libevent@0x561ea75e5770 size 128 Sep 21 07:25:32.786472: | #1 spent 0.181 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Sep 21 07:25:32.786475: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:32.786477: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Sep 21 07:25:32.786479: | suspending state #1 and saving MD Sep 21 07:25:32.786480: | #1 is busy; has a suspended MD Sep 21 07:25:32.786479: | crypto helper 0 resuming Sep 21 07:25:32.786492: | crypto helper 0 starting work-order 2 for state #1 Sep 21 07:25:32.786484: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:32.786496: | crypto helper 0 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Sep 21 07:25:32.786499: | "north-east" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:32.786502: | stop processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:32.786505: | #1 spent 0.381 milliseconds in ikev2_process_packet() Sep 21 07:25:32.786508: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:32.786509: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:32.786511: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:32.786513: | spent 0.389 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:32.787466: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:25:32.787917: | crypto helper 0 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001421 seconds Sep 21 07:25:32.787925: | (#1) spent 1.42 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Sep 21 07:25:32.787928: | crypto helper 0 sending results from work-order 2 for state #1 to event queue Sep 21 07:25:32.787931: | scheduling resume sending helper answer for #1 Sep 21 07:25:32.787934: | libevent_malloc: new ptr-libevent@0x7f6450006b90 size 128 Sep 21 07:25:32.787940: | crypto helper 0 waiting (nothing to do) Sep 21 07:25:32.787975: | processing resume sending helper answer for #1 Sep 21 07:25:32.787983: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:32.787987: | crypto helper 0 replies to request ID 2 Sep 21 07:25:32.787988: | calling continuation function 0x561ea6c4a630 Sep 21 07:25:32.787990: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Sep 21 07:25:32.787996: | creating state object #2 at 0x561ea75e9e20 Sep 21 07:25:32.787998: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:25:32.788000: | pstats #2 ikev2.child started Sep 21 07:25:32.788002: | duplicating state object #1 "north-east" as #2 for IPSEC SA Sep 21 07:25:32.788005: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:25:32.788009: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:32.788012: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Sep 21 07:25:32.788014: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Sep 21 07:25:32.788016: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:32.788018: | libevent_free: release ptr-libevent@0x561ea75e5770 Sep 21 07:25:32.788020: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x561ea75e5b20 Sep 21 07:25:32.788023: | event_schedule: new EVENT_SA_REPLACE-pe@0x561ea75e5b20 Sep 21 07:25:32.788026: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Sep 21 07:25:32.788027: | libevent_malloc: new ptr-libevent@0x561ea75e5770 size 128 Sep 21 07:25:32.788030: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Sep 21 07:25:32.788034: | **emit ISAKMP Message: Sep 21 07:25:32.788035: | initiator cookie: Sep 21 07:25:32.788037: | 03 21 a5 e1 75 03 63 18 Sep 21 07:25:32.788038: | responder cookie: Sep 21 07:25:32.788039: | 86 9b be cc 2d bd 0c ec Sep 21 07:25:32.788041: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:32.788043: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:32.788044: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:32.788046: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:32.788047: | Message ID: 1 (0x1) Sep 21 07:25:32.788049: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:32.788051: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:32.788052: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.788054: | flags: none (0x0) Sep 21 07:25:32.788056: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:32.788057: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:25:32.788059: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:32.788064: | IKEv2 CERT: send a certificate? Sep 21 07:25:32.788066: | IKEv2 CERT: no certificate to send Sep 21 07:25:32.788067: | IDr payload will be sent Sep 21 07:25:32.788079: | ****emit IKEv2 Identification - Initiator - Payload: Sep 21 07:25:32.788081: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.788082: | flags: none (0x0) Sep 21 07:25:32.788084: | ID type: ID_FQDN (0x2) Sep 21 07:25:32.788086: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Sep 21 07:25:32.788088: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:32.788090: | emitting 5 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Sep 21 07:25:32.788091: | my identity 6e 6f 72 74 68 Sep 21 07:25:32.788093: | emitting length of IKEv2 Identification - Initiator - Payload: 13 Sep 21 07:25:32.788098: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:25:32.788100: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:25:32.788101: | flags: none (0x0) Sep 21 07:25:32.788103: | ID type: ID_FQDN (0x2) Sep 21 07:25:32.788105: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Sep 21 07:25:32.788106: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:25:32.788108: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:32.788110: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Sep 21 07:25:32.788111: | IDr 65 61 73 74 Sep 21 07:25:32.788113: | emitting length of IKEv2 Identification - Responder - Payload: 12 Sep 21 07:25:32.788114: | not sending INITIAL_CONTACT Sep 21 07:25:32.788116: | ****emit IKEv2 Authentication Payload: Sep 21 07:25:32.788118: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.788119: | flags: none (0x0) Sep 21 07:25:32.788120: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:25:32.788122: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:25:32.788125: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:25:32.788129: | started looking for secret for @north->@east of kind PKK_RSA Sep 21 07:25:32.788131: | actually looking for secret for @north->@east of kind PKK_RSA Sep 21 07:25:32.788133: | line 1: key type PKK_RSA(@north) to type PKK_RSA Sep 21 07:25:32.788135: | 1: compared key (none) to @north / @east -> 002 Sep 21 07:25:32.788137: | 2: compared key (none) to @north / @east -> 002 Sep 21 07:25:32.788139: | line 1: match=002 Sep 21 07:25:32.788140: | match 002 beats previous best_match 000 match=0x561ea75d8060 (line=1) Sep 21 07:25:32.788142: | concluding with best_match=002 best=0x561ea75d8060 (lineno=1) Sep 21 07:25:32.791074: | #1 spent 2.92 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Sep 21 07:25:32.791081: | emitting 274 raw bytes of rsa signature into IKEv2 Authentication Payload Sep 21 07:25:32.791083: | rsa signature a9 29 55 bf ca 8a b7 99 67 8c 7d ad 63 7e 82 3c Sep 21 07:25:32.791085: | rsa signature f0 6b 86 06 a4 ab 9b 3f af 39 eb e6 48 d1 dc d3 Sep 21 07:25:32.791086: | rsa signature 70 5e 72 63 f8 39 9d 6b 6e d4 9e 44 20 b5 5d b5 Sep 21 07:25:32.791087: | rsa signature fc dd ba 1d f8 ad 9a ff b1 f7 43 61 99 bf 57 0c Sep 21 07:25:32.791089: | rsa signature 07 3a 48 09 b2 5e c7 1e e7 08 7f 2b 3a 2b 7c 7d Sep 21 07:25:32.791090: | rsa signature 19 0e 1f e8 fc 1e a3 79 1f 23 39 45 e9 88 f4 72 Sep 21 07:25:32.791091: | rsa signature b6 92 d4 28 81 9d 75 a3 e9 9e 4e c1 d4 80 54 df Sep 21 07:25:32.791093: | rsa signature 9f c4 9f ec 6f 20 a7 11 86 44 33 2f 6c ec 98 a9 Sep 21 07:25:32.791094: | rsa signature 38 dc b9 fe 09 99 f2 e4 a7 39 38 19 86 54 a6 ba Sep 21 07:25:32.791096: | rsa signature b7 65 3c 35 63 2c ea ea 4a 9a e6 c0 35 ec fa 2d Sep 21 07:25:32.791097: | rsa signature 54 ce 67 b9 49 71 95 db ac 28 6c 92 a2 92 c2 28 Sep 21 07:25:32.791098: | rsa signature 71 a8 5e b7 05 3c 24 b1 10 36 9d 64 b0 af 38 ef Sep 21 07:25:32.791100: | rsa signature cf 49 15 a8 6a f3 ed 83 25 da 5c 5b a9 2b f2 67 Sep 21 07:25:32.791101: | rsa signature 42 3f 05 5f 87 99 20 8a 8f 95 0a f8 8e 46 8d 7f Sep 21 07:25:32.791102: | rsa signature 31 66 13 ba 0b 8f 84 90 c8 b2 87 3e 7a 02 c3 0a Sep 21 07:25:32.791104: | rsa signature 50 74 5c 10 c5 f7 7d 16 af e1 f8 f6 b3 e2 c5 c3 Sep 21 07:25:32.791105: | rsa signature 41 32 7b 54 1d 9e 18 46 ef 81 93 77 89 76 4c 5d Sep 21 07:25:32.791106: | rsa signature 31 80 Sep 21 07:25:32.791109: | #1 spent 2.97 milliseconds in ikev2_calculate_rsa_hash() Sep 21 07:25:32.791111: | emitting length of IKEv2 Authentication Payload: 282 Sep 21 07:25:32.791112: | getting first pending from state #1 Sep 21 07:25:32.791126: | netlink_get_spi: allocated 0x195bba99 for esp.0@192.1.3.33 Sep 21 07:25:32.791129: | constructing ESP/AH proposals with all DH removed for north-east (IKE SA initiator emitting ESP/AH proposals) Sep 21 07:25:32.791132: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:25:32.791136: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:25:32.791137: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:25:32.791140: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:25:32.791141: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:32.791144: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:32.791146: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:32.791148: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:32.791152: "north-east": constructed local ESP/AH proposals for north-east (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:32.791156: | Emitting ikev2_proposals ... Sep 21 07:25:32.791157: | ****emit IKEv2 Security Association Payload: Sep 21 07:25:32.791159: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.791160: | flags: none (0x0) Sep 21 07:25:32.791163: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:32.791164: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:32.791166: | discarding INTEG=NONE Sep 21 07:25:32.791167: | discarding DH=NONE Sep 21 07:25:32.791169: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:32.791170: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:32.791172: | prop #: 1 (0x1) Sep 21 07:25:32.791173: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:32.791175: | spi size: 4 (0x4) Sep 21 07:25:32.791176: | # transforms: 2 (0x2) Sep 21 07:25:32.791178: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:32.791180: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:32.791181: | our spi 19 5b ba 99 Sep 21 07:25:32.791183: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.791184: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.791186: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:32.791187: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:32.791189: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.791190: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:32.791192: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:32.791194: | length/value: 256 (0x100) Sep 21 07:25:32.791195: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:32.791197: | discarding INTEG=NONE Sep 21 07:25:32.791198: | discarding DH=NONE Sep 21 07:25:32.791199: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.791201: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:32.791202: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:32.791204: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:32.791205: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.791207: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.791209: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.791210: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:25:32.791212: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:32.791213: | discarding INTEG=NONE Sep 21 07:25:32.791214: | discarding DH=NONE Sep 21 07:25:32.791216: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:32.791217: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:32.791219: | prop #: 2 (0x2) Sep 21 07:25:32.791220: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:32.791221: | spi size: 4 (0x4) Sep 21 07:25:32.791223: | # transforms: 2 (0x2) Sep 21 07:25:32.791225: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:32.791226: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:32.791229: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:32.791230: | our spi 19 5b ba 99 Sep 21 07:25:32.791231: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.791233: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.791234: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:32.791236: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:32.791237: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.791239: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:32.791240: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:32.791242: | length/value: 128 (0x80) Sep 21 07:25:32.791243: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:32.791245: | discarding INTEG=NONE Sep 21 07:25:32.791246: | discarding DH=NONE Sep 21 07:25:32.791247: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.791249: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:32.791250: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:32.791251: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:32.791253: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.791255: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.791256: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.791258: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:25:32.791259: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:32.791260: | discarding DH=NONE Sep 21 07:25:32.791262: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:32.791263: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:32.791265: | prop #: 3 (0x3) Sep 21 07:25:32.791266: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:32.791267: | spi size: 4 (0x4) Sep 21 07:25:32.791269: | # transforms: 4 (0x4) Sep 21 07:25:32.791270: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:32.791272: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:32.791274: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:32.791275: | our spi 19 5b ba 99 Sep 21 07:25:32.791276: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.791278: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.791279: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:32.791281: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:32.791282: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.791284: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:32.791285: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:32.791286: | length/value: 256 (0x100) Sep 21 07:25:32.791288: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:32.791289: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.791291: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.791292: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:32.791294: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:32.791295: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.791297: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.791299: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.791300: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.791302: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.791303: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:32.791305: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:32.791306: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.791308: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.791309: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.791311: | discarding DH=NONE Sep 21 07:25:32.791312: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.791314: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:32.791315: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:32.791316: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:32.791318: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.791320: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.791321: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.791322: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:25:32.791324: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:32.791325: | discarding DH=NONE Sep 21 07:25:32.791327: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:32.791328: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:32.791329: | prop #: 4 (0x4) Sep 21 07:25:32.791331: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:32.791332: | spi size: 4 (0x4) Sep 21 07:25:32.791334: | # transforms: 4 (0x4) Sep 21 07:25:32.791335: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:32.791337: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:32.791339: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:32.791340: | our spi 19 5b ba 99 Sep 21 07:25:32.791341: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.791343: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.791344: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:32.791345: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:32.791347: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.791348: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:32.791350: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:32.791351: | length/value: 128 (0x80) Sep 21 07:25:32.791353: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:32.791354: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.791356: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.791357: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:32.791358: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:32.791360: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.791362: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.791363: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.791365: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.791367: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.791368: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:32.791369: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:32.791371: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.791373: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.791374: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.791376: | discarding DH=NONE Sep 21 07:25:32.791377: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:32.791378: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:32.791380: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:32.791381: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:32.791383: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.791384: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:32.791386: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:32.791387: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:25:32.791389: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:32.791390: | emitting length of IKEv2 Security Association Payload: 164 Sep 21 07:25:32.791392: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:32.791394: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:32.791396: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.791397: | flags: none (0x0) Sep 21 07:25:32.791399: | number of TS: 1 (0x1) Sep 21 07:25:32.791401: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:25:32.791402: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:32.791404: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:32.791406: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:32.791407: | IP Protocol ID: 0 (0x0) Sep 21 07:25:32.791408: | start port: 0 (0x0) Sep 21 07:25:32.791410: | end port: 65535 (0xffff) Sep 21 07:25:32.791412: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:32.791413: | IP start c0 00 03 fe Sep 21 07:25:32.791415: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:32.791416: | IP end c0 00 03 fe Sep 21 07:25:32.791417: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:32.791419: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:25:32.791420: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:32.791422: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.791423: | flags: none (0x0) Sep 21 07:25:32.791425: | number of TS: 1 (0x1) Sep 21 07:25:32.791427: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:25:32.791428: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:32.791430: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:32.791431: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:32.791433: | IP Protocol ID: 0 (0x0) Sep 21 07:25:32.791434: | start port: 0 (0x0) Sep 21 07:25:32.791436: | end port: 65535 (0xffff) Sep 21 07:25:32.791438: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:32.791439: | IP start c0 00 02 00 Sep 21 07:25:32.791440: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:32.791442: | IP end c0 00 02 ff Sep 21 07:25:32.791443: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:32.791445: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:25:32.791446: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:25:32.791448: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:25:32.791449: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:32.791451: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:32.791453: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:32.791455: | emitting length of IKEv2 Encryption Payload: 548 Sep 21 07:25:32.791456: | emitting length of ISAKMP Message: 576 Sep 21 07:25:32.791458: | **parse ISAKMP Message: Sep 21 07:25:32.791460: | initiator cookie: Sep 21 07:25:32.791461: | 03 21 a5 e1 75 03 63 18 Sep 21 07:25:32.791462: | responder cookie: Sep 21 07:25:32.791464: | 86 9b be cc 2d bd 0c ec Sep 21 07:25:32.791465: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:32.791467: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:32.791468: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:32.791470: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:32.791471: | Message ID: 1 (0x1) Sep 21 07:25:32.791473: | length: 576 (0x240) Sep 21 07:25:32.791474: | **parse IKEv2 Encryption Payload: Sep 21 07:25:32.791476: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:25:32.791477: | flags: none (0x0) Sep 21 07:25:32.791478: | length: 548 (0x224) Sep 21 07:25:32.791480: | **emit ISAKMP Message: Sep 21 07:25:32.791481: | initiator cookie: Sep 21 07:25:32.791482: | 03 21 a5 e1 75 03 63 18 Sep 21 07:25:32.791484: | responder cookie: Sep 21 07:25:32.791485: | 86 9b be cc 2d bd 0c ec Sep 21 07:25:32.791486: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:32.791488: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:32.791489: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:32.791491: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:32.791492: | Message ID: 1 (0x1) Sep 21 07:25:32.791494: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:32.791495: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:25:32.791497: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:25:32.791498: | flags: none (0x0) Sep 21 07:25:32.791500: | fragment number: 1 (0x1) Sep 21 07:25:32.791501: | total fragments: 2 (0x2) Sep 21 07:25:32.791503: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi Sep 21 07:25:32.791505: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:25:32.791506: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:25:32.791508: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:25:32.791511: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:25:32.791512: | cleartext fragment 24 00 00 0d 02 00 00 00 6e 6f 72 74 68 27 00 00 Sep 21 07:25:32.791514: | cleartext fragment 0c 02 00 00 00 65 61 73 74 21 00 01 1a 01 00 00 Sep 21 07:25:32.791515: | cleartext fragment 00 a9 29 55 bf ca 8a b7 99 67 8c 7d ad 63 7e 82 Sep 21 07:25:32.791516: | cleartext fragment 3c f0 6b 86 06 a4 ab 9b 3f af 39 eb e6 48 d1 dc Sep 21 07:25:32.791518: | cleartext fragment d3 70 5e 72 63 f8 39 9d 6b 6e d4 9e 44 20 b5 5d Sep 21 07:25:32.791520: | cleartext fragment b5 fc dd ba 1d f8 ad 9a ff b1 f7 43 61 99 bf 57 Sep 21 07:25:32.791521: | cleartext fragment 0c 07 3a 48 09 b2 5e c7 1e e7 08 7f 2b 3a 2b 7c Sep 21 07:25:32.791523: | cleartext fragment 7d 19 0e 1f e8 fc 1e a3 79 1f 23 39 45 e9 88 f4 Sep 21 07:25:32.791524: | cleartext fragment 72 b6 92 d4 28 81 9d 75 a3 e9 9e 4e c1 d4 80 54 Sep 21 07:25:32.791526: | cleartext fragment df 9f c4 9f ec 6f 20 a7 11 86 44 33 2f 6c ec 98 Sep 21 07:25:32.791527: | cleartext fragment a9 38 dc b9 fe 09 99 f2 e4 a7 39 38 19 86 54 a6 Sep 21 07:25:32.791528: | cleartext fragment ba b7 65 3c 35 63 2c ea ea 4a 9a e6 c0 35 ec fa Sep 21 07:25:32.791530: | cleartext fragment 2d 54 ce 67 b9 49 71 95 db ac 28 6c 92 a2 92 c2 Sep 21 07:25:32.791531: | cleartext fragment 28 71 a8 5e b7 05 3c 24 b1 10 36 9d 64 b0 af 38 Sep 21 07:25:32.791532: | cleartext fragment ef cf 49 15 a8 6a f3 ed 83 25 da 5c 5b a9 2b f2 Sep 21 07:25:32.791534: | cleartext fragment 67 42 3f 05 5f 87 99 20 8a 8f 95 0a f8 8e 46 8d Sep 21 07:25:32.791535: | cleartext fragment 7f 31 66 13 ba 0b 8f 84 90 c8 b2 87 3e 7a 02 c3 Sep 21 07:25:32.791536: | cleartext fragment 0a 50 74 5c 10 c5 f7 7d 16 af e1 f8 f6 b3 e2 c5 Sep 21 07:25:32.791538: | cleartext fragment c3 41 32 7b 54 1d 9e 18 46 ef 81 93 77 89 76 4c Sep 21 07:25:32.791539: | cleartext fragment 5d 31 80 2c 00 00 a4 02 00 00 20 01 03 04 02 19 Sep 21 07:25:32.791541: | cleartext fragment 5b ba 99 03 00 00 0c 01 00 00 14 80 0e 01 00 00 Sep 21 07:25:32.791542: | cleartext fragment 00 00 08 05 00 00 00 02 00 00 20 02 03 04 02 19 Sep 21 07:25:32.791543: | cleartext fragment 5b ba 99 03 00 00 0c 01 00 00 14 80 0e 00 80 00 Sep 21 07:25:32.791545: | cleartext fragment 00 00 08 05 00 00 00 02 00 00 30 03 03 04 04 19 Sep 21 07:25:32.791546: | cleartext fragment 5b ba 99 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 Sep 21 07:25:32.791547: | cleartext fragment 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00 Sep 21 07:25:32.791549: | cleartext fragment 00 00 08 05 00 00 00 00 00 00 30 04 03 04 04 19 Sep 21 07:25:32.791550: | cleartext fragment 5b ba 99 03 00 00 0c 01 00 00 0c 80 0e 00 80 03 Sep 21 07:25:32.791551: | cleartext fragment 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00 Sep 21 07:25:32.791553: | cleartext fragment 00 00 08 05 00 00 00 2d 00 00 18 01 00 00 Sep 21 07:25:32.791554: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:32.791556: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:25:32.791558: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:25:32.791559: | emitting length of IKEv2 Encrypted Fragment: 511 Sep 21 07:25:32.791561: | emitting length of ISAKMP Message: 539 Sep 21 07:25:32.791567: | **emit ISAKMP Message: Sep 21 07:25:32.791568: | initiator cookie: Sep 21 07:25:32.791570: | 03 21 a5 e1 75 03 63 18 Sep 21 07:25:32.791571: | responder cookie: Sep 21 07:25:32.791572: | 86 9b be cc 2d bd 0c ec Sep 21 07:25:32.791574: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:32.791575: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:32.791577: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:32.791578: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:32.791580: | Message ID: 1 (0x1) Sep 21 07:25:32.791581: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:32.791583: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:25:32.791584: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.791585: | flags: none (0x0) Sep 21 07:25:32.791587: | fragment number: 2 (0x2) Sep 21 07:25:32.791588: | total fragments: 2 (0x2) Sep 21 07:25:32.791590: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Sep 21 07:25:32.791592: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:25:32.791594: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:25:32.791596: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:25:32.791599: | emitting 41 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:25:32.791601: | cleartext fragment 00 07 00 00 10 00 00 ff ff c0 00 03 fe c0 00 03 Sep 21 07:25:32.791602: | cleartext fragment fe 00 00 00 18 01 00 00 00 07 00 00 10 00 00 ff Sep 21 07:25:32.791603: | cleartext fragment ff c0 00 02 00 c0 00 02 ff Sep 21 07:25:32.791605: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:32.791606: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:25:32.791608: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:25:32.791609: | emitting length of IKEv2 Encrypted Fragment: 74 Sep 21 07:25:32.791611: | emitting length of ISAKMP Message: 102 Sep 21 07:25:32.791616: | suspend processing: state #1 connection "north-east" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:32.791619: | start processing: state #2 connection "north-east" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:32.791621: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Sep 21 07:25:32.791623: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Sep 21 07:25:32.791625: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Sep 21 07:25:32.791627: | Message ID: updating counters for #2 to 0 after switching state Sep 21 07:25:32.791630: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Sep 21 07:25:32.791633: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Sep 21 07:25:32.791636: "north-east" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:25:32.791639: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:25:32.791640: | sending fragments ... Sep 21 07:25:32.791643: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:32.791645: | 03 21 a5 e1 75 03 63 18 86 9b be cc 2d bd 0c ec Sep 21 07:25:32.791646: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Sep 21 07:25:32.791648: | 00 01 00 02 70 bd cb 77 46 fa f2 02 d2 1e 71 32 Sep 21 07:25:32.791649: | 3a 64 52 80 07 3a da 36 20 95 df 7b 1f 9d b3 39 Sep 21 07:25:32.791650: | c9 0d a2 c2 7c 82 fe 79 06 25 65 09 e5 3c d7 34 Sep 21 07:25:32.791652: | 91 a1 c0 3b b0 07 25 cc 78 63 17 54 c8 a7 60 ad Sep 21 07:25:32.791653: | a4 2a b5 ef a6 67 60 a3 3f ba ef ff e8 56 f7 e2 Sep 21 07:25:32.791654: | ba 87 e0 99 fd 63 3e 62 91 90 86 76 ff 01 50 71 Sep 21 07:25:32.791655: | 9b 4b 0c 7c a1 da 32 9b 0e 97 a5 17 15 a4 1e 2c Sep 21 07:25:32.791657: | 0a f0 9e 64 1d 8b 28 90 42 57 0c e5 1f 2b 27 51 Sep 21 07:25:32.791658: | 0d a8 44 24 a1 e0 24 08 b4 f3 ea 37 b8 2d d8 e3 Sep 21 07:25:32.791659: | 61 84 73 3f 42 81 bd 79 f2 97 24 20 8b 48 3f e2 Sep 21 07:25:32.791661: | 93 69 30 0f 50 44 af 98 8c c7 8d a4 f5 e8 ab 21 Sep 21 07:25:32.791662: | d7 53 32 2e 08 e7 ae 59 ef 63 91 ba 7f 2f 52 57 Sep 21 07:25:32.791663: | f5 65 50 0c 48 22 35 7f 81 89 7c 71 ce 5a f5 92 Sep 21 07:25:32.791665: | 4b b0 bc 2a 5c 22 03 07 ed cf de 18 ac c6 87 3e Sep 21 07:25:32.791666: | 11 00 a3 d0 30 c6 c3 8c e1 11 11 ec d1 93 75 72 Sep 21 07:25:32.791667: | 4b 4b 42 7e 2f aa dc db c3 4c cb d7 6b 3f 2a 10 Sep 21 07:25:32.791669: | d4 89 3a e0 1f 34 3e 73 39 80 b4 5b 68 33 22 e5 Sep 21 07:25:32.791671: | de 67 0a 4e f6 65 09 45 bb 85 f1 35 01 29 e1 90 Sep 21 07:25:32.791672: | 2a 34 4f 1f 4b 6b 41 14 02 5a 7e 70 65 90 df 40 Sep 21 07:25:32.791673: | cb fc cc c5 e2 a0 dd b3 f8 f8 88 ae b0 ff c7 62 Sep 21 07:25:32.791675: | ce ed b5 4f 49 f5 c8 63 94 b8 15 43 a0 2e c5 62 Sep 21 07:25:32.791676: | 21 04 06 fc d8 2a da 17 64 81 48 c9 a5 87 99 2c Sep 21 07:25:32.791677: | 72 7a 3e bd fa 24 57 e7 1c 23 dd 12 8b b3 3b 44 Sep 21 07:25:32.791679: | 66 d7 26 76 86 2f 9c 54 b2 f8 52 af 60 c6 33 bf Sep 21 07:25:32.791680: | 46 23 3a 9e 30 18 57 97 73 19 07 e5 80 83 bf 01 Sep 21 07:25:32.791681: | 34 32 7e 29 7e 7c 06 ac 3d e8 d5 f6 55 07 58 4d Sep 21 07:25:32.791683: | a0 53 be 07 8e d5 97 b4 e0 54 91 25 fc 4e df 8f Sep 21 07:25:32.791684: | 6f 02 e3 5b 30 6d d1 32 41 cd 29 dc 5f 39 11 42 Sep 21 07:25:32.791685: | ce b5 f6 72 ea 0f 65 14 14 aa 2f 87 a1 4d f5 a0 Sep 21 07:25:32.791687: | 83 44 9c 25 a1 5e b2 3b 6a 35 ba b8 15 cb 6e 5b Sep 21 07:25:32.791688: | d1 d1 98 10 a2 9f 8e fe 89 48 af 5d aa 97 d9 5b Sep 21 07:25:32.791689: | 55 a5 4a 66 95 9e af 57 60 ae 27 Sep 21 07:25:32.791717: | sending 102 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:32.791735: | 03 21 a5 e1 75 03 63 18 86 9b be cc 2d bd 0c ec Sep 21 07:25:32.791736: | 35 20 23 08 00 00 00 01 00 00 00 66 00 00 00 4a Sep 21 07:25:32.791738: | 00 02 00 02 ca b0 3a 60 c0 1f 5d 77 ab ca 3f 23 Sep 21 07:25:32.791739: | ce 9a 83 1c 43 1a 7e 7e 53 1f 5c 14 3c b1 03 56 Sep 21 07:25:32.791740: | 62 e1 8c 31 5e b0 7c 4a d2 33 fb 73 56 a2 a7 df Sep 21 07:25:32.791742: | af ba be 02 c5 1a d2 cb b8 27 db 1a 81 96 08 e1 Sep 21 07:25:32.791743: | a3 66 72 cc dc c0 Sep 21 07:25:32.791751: | sent 2 fragments Sep 21 07:25:32.791754: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:25:32.791756: | event_schedule: new EVENT_RETRANSMIT-pe@0x561ea75e73b0 Sep 21 07:25:32.791758: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Sep 21 07:25:32.791760: | libevent_malloc: new ptr-libevent@0x7f6458006900 size 128 Sep 21 07:25:32.791764: | #2 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49379.16002 Sep 21 07:25:32.791766: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:25:32.791770: | #1 spent 3.76 milliseconds in resume sending helper answer Sep 21 07:25:32.791773: | stop processing: state #2 connection "north-east" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:32.791775: | libevent_free: release ptr-libevent@0x7f6450006b90 Sep 21 07:25:32.805770: | spent 0.00366 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:32.805795: | *received 435 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:32.805800: | 03 21 a5 e1 75 03 63 18 86 9b be cc 2d bd 0c ec Sep 21 07:25:32.805803: | 2e 20 23 20 00 00 00 01 00 00 01 b3 24 00 01 97 Sep 21 07:25:32.805806: | f5 04 23 1b 70 23 56 b0 d4 06 01 48 31 a2 59 e0 Sep 21 07:25:32.805808: | 56 69 1d 03 72 55 0e 85 e1 23 13 31 7c 18 b4 b7 Sep 21 07:25:32.805811: | 44 e9 bc 01 04 a6 26 8f 8f 18 4e e2 f1 bc 96 3f Sep 21 07:25:32.805813: | 41 a6 13 f3 26 aa 3a 5f 02 90 4d b4 b3 6a 20 a5 Sep 21 07:25:32.805815: | 11 88 49 3c b5 a4 c3 59 dd 14 c8 2e e1 ab 67 4b Sep 21 07:25:32.805818: | 2e 14 5b 21 3b 42 1b a4 f7 8f 66 c8 61 5f f2 4b Sep 21 07:25:32.805820: | 03 cb fb d1 8a 6f ad 27 60 fe 59 dd f8 7e bf 14 Sep 21 07:25:32.805822: | 8e 45 cf 84 4b d8 b0 cb a7 ed 63 97 8a 7d ff 63 Sep 21 07:25:32.805825: | 55 21 4e 43 bb da 24 e2 13 ef 86 82 b1 06 c8 fd Sep 21 07:25:32.805827: | 29 17 aa 51 d3 e3 69 64 e2 9e ee 5b b4 43 bc 0d Sep 21 07:25:32.805830: | d7 cd 7c 3e 9b 1f 3a 79 d1 af fd d1 f9 f8 b4 e3 Sep 21 07:25:32.805832: | e8 e6 ab 69 be 13 13 e0 96 db ab 96 9c 4b cd 57 Sep 21 07:25:32.805837: | 37 43 62 cd ad 8a 89 37 c4 0e f5 7b dd d4 46 bd Sep 21 07:25:32.805838: | 03 c6 1c 57 26 54 9f f1 78 3d 6d b8 f4 b4 31 31 Sep 21 07:25:32.805840: | 0b 1b d3 87 53 5a c2 77 85 ea da 20 77 0f 32 ef Sep 21 07:25:32.805841: | eb a4 8d 63 6c f7 14 4b 04 84 47 ce 0e 3f 8d 85 Sep 21 07:25:32.805843: | 19 87 df 68 ce 7b 06 dc a8 38 8f d4 b0 0c e4 24 Sep 21 07:25:32.805844: | bc 17 49 30 98 c5 47 54 b5 82 19 af 47 59 32 1c Sep 21 07:25:32.805845: | 91 70 a2 17 23 fe 6b 70 26 e3 58 64 46 ec 80 97 Sep 21 07:25:32.805847: | 01 0b 4b a4 8e c6 03 ee 91 25 27 04 29 c0 ef e5 Sep 21 07:25:32.805848: | 4b dd 5a 3d 1c 12 8d df 97 a6 18 35 f1 f9 7e 93 Sep 21 07:25:32.805849: | 86 f3 d7 be c2 c9 f6 0d 0e 9e 55 1e e7 7c 85 93 Sep 21 07:25:32.805851: | b1 70 2d 68 81 62 88 6a 57 45 30 b4 94 53 90 38 Sep 21 07:25:32.805852: | 58 eb 4b 52 65 f9 bc 4f c1 f5 c9 df d2 84 41 05 Sep 21 07:25:32.805854: | 6a 4f 97 0f 29 1e a5 63 3f 02 14 6b 33 5c 6f 89 Sep 21 07:25:32.805855: | 18 1e cf Sep 21 07:25:32.805858: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:32.805861: | **parse ISAKMP Message: Sep 21 07:25:32.805862: | initiator cookie: Sep 21 07:25:32.805864: | 03 21 a5 e1 75 03 63 18 Sep 21 07:25:32.805865: | responder cookie: Sep 21 07:25:32.805866: | 86 9b be cc 2d bd 0c ec Sep 21 07:25:32.805868: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:32.805870: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:32.805872: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:32.805874: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:32.805875: | Message ID: 1 (0x1) Sep 21 07:25:32.805877: | length: 435 (0x1b3) Sep 21 07:25:32.805879: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:25:32.805881: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:25:32.805884: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:25:32.805888: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:32.805891: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:25:32.805893: | suspend processing: state #1 connection "north-east" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:32.805896: | start processing: state #2 connection "north-east" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:32.805897: | #2 is idle Sep 21 07:25:32.805899: | #2 idle Sep 21 07:25:32.805900: | unpacking clear payload Sep 21 07:25:32.805902: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:32.805904: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:32.805905: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:25:32.805907: | flags: none (0x0) Sep 21 07:25:32.805908: | length: 407 (0x197) Sep 21 07:25:32.805910: | processing payload: ISAKMP_NEXT_v2SK (len=403) Sep 21 07:25:32.805911: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:25:32.805923: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:25:32.805925: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:25:32.805927: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:25:32.805928: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:25:32.805930: | flags: none (0x0) Sep 21 07:25:32.805931: | length: 12 (0xc) Sep 21 07:25:32.805933: | ID type: ID_FQDN (0x2) Sep 21 07:25:32.805934: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Sep 21 07:25:32.805936: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:25:32.805938: | **parse IKEv2 Authentication Payload: Sep 21 07:25:32.805939: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:32.805940: | flags: none (0x0) Sep 21 07:25:32.805942: | length: 282 (0x11a) Sep 21 07:25:32.805943: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:25:32.805946: | processing payload: ISAKMP_NEXT_v2AUTH (len=274) Sep 21 07:25:32.805948: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:32.805949: | **parse IKEv2 Security Association Payload: Sep 21 07:25:32.805951: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:25:32.805952: | flags: none (0x0) Sep 21 07:25:32.805954: | length: 36 (0x24) Sep 21 07:25:32.805955: | processing payload: ISAKMP_NEXT_v2SA (len=32) Sep 21 07:25:32.805956: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:25:32.805958: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:32.805959: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:25:32.805961: | flags: none (0x0) Sep 21 07:25:32.805962: | length: 24 (0x18) Sep 21 07:25:32.805964: | number of TS: 1 (0x1) Sep 21 07:25:32.805965: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:25:32.805967: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:25:32.805968: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:32.805969: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:32.805971: | flags: none (0x0) Sep 21 07:25:32.805972: | length: 24 (0x18) Sep 21 07:25:32.805974: | number of TS: 1 (0x1) Sep 21 07:25:32.805975: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:25:32.805977: | selected state microcode Initiator: process IKE_AUTH response Sep 21 07:25:32.805979: | Now let's proceed with state specific processing Sep 21 07:25:32.805980: | calling processor Initiator: process IKE_AUTH response Sep 21 07:25:32.805984: | offered CA: '%none' Sep 21 07:25:32.805987: "north-east" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Sep 21 07:25:32.806009: | verifying AUTH payload Sep 21 07:25:32.806019: | required RSA CA is '%any' Sep 21 07:25:32.806022: | checking RSA keyid '@east' for match with '@east' Sep 21 07:25:32.806024: | RSA key issuer CA is '%any' Sep 21 07:25:32.806068: | an RSA Sig check passed with *AQO9bJbr3 [preloaded keys] Sep 21 07:25:32.806072: | #1 spent 0.045 milliseconds in try_all_keys() trying a pubkey Sep 21 07:25:32.806074: "north-east" #2: Authenticated using RSA Sep 21 07:25:32.806077: | #1 spent 0.0647 milliseconds in ikev2_verify_rsa_hash() Sep 21 07:25:32.806079: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Sep 21 07:25:32.806082: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Sep 21 07:25:32.806084: | state #1 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:25:32.806087: | libevent_free: release ptr-libevent@0x561ea75e5770 Sep 21 07:25:32.806089: | free_event_entry: release EVENT_SA_REPLACE-pe@0x561ea75e5b20 Sep 21 07:25:32.806090: | event_schedule: new EVENT_SA_REKEY-pe@0x561ea75e5b20 Sep 21 07:25:32.806093: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Sep 21 07:25:32.806094: | libevent_malloc: new ptr-libevent@0x561ea75e5770 size 128 Sep 21 07:25:32.806171: | pstats #1 ikev2.ike established Sep 21 07:25:32.806177: | TSi: parsing 1 traffic selectors Sep 21 07:25:32.806181: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:32.806184: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:32.806187: | IP Protocol ID: 0 (0x0) Sep 21 07:25:32.806190: | length: 16 (0x10) Sep 21 07:25:32.806192: | start port: 0 (0x0) Sep 21 07:25:32.806195: | end port: 65535 (0xffff) Sep 21 07:25:32.806198: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:32.806201: | TS low c0 00 03 fe Sep 21 07:25:32.806204: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:32.806206: | TS high c0 00 03 fe Sep 21 07:25:32.806209: | TSi: parsed 1 traffic selectors Sep 21 07:25:32.806212: | TSr: parsing 1 traffic selectors Sep 21 07:25:32.806215: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:32.806218: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:32.806220: | IP Protocol ID: 0 (0x0) Sep 21 07:25:32.806223: | length: 16 (0x10) Sep 21 07:25:32.806225: | start port: 0 (0x0) Sep 21 07:25:32.806230: | end port: 65535 (0xffff) Sep 21 07:25:32.806234: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:32.806236: | TS low c0 00 02 00 Sep 21 07:25:32.806239: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:32.806241: | TS high c0 00 02 ff Sep 21 07:25:32.806244: | TSr: parsed 1 traffic selectors Sep 21 07:25:32.806250: | evaluating our conn="north-east" I=192.0.3.254/32:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:25:32.806256: | TSi[0] .net=192.0.3.254-192.0.3.254 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:32.806263: | match address end->client=192.0.3.254/32 == TSi[0]net=192.0.3.254-192.0.3.254: YES fitness 32 Sep 21 07:25:32.806267: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:32.806269: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:32.806272: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:32.806274: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:32.806277: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:32.806280: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:25:32.806282: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:25:32.806283: | TSr[0] port match: YES fitness 65536 Sep 21 07:25:32.806293: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:25:32.806300: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:32.806303: | best fit so far: TSi[0] TSr[0] Sep 21 07:25:32.806305: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:25:32.806307: | printing contents struct traffic_selector Sep 21 07:25:32.806309: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:25:32.806312: | ipprotoid: 0 Sep 21 07:25:32.806314: | port range: 0-65535 Sep 21 07:25:32.806319: | ip range: 192.0.3.254-192.0.3.254 Sep 21 07:25:32.806321: | printing contents struct traffic_selector Sep 21 07:25:32.806322: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:25:32.806324: | ipprotoid: 0 Sep 21 07:25:32.806325: | port range: 0-65535 Sep 21 07:25:32.806327: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:25:32.806336: | using existing local ESP/AH proposals for north-east (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:32.806338: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Sep 21 07:25:32.806341: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:32.806343: | local proposal 1 type PRF has 0 transforms Sep 21 07:25:32.806345: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:32.806346: | local proposal 1 type DH has 1 transforms Sep 21 07:25:32.806348: | local proposal 1 type ESN has 1 transforms Sep 21 07:25:32.806350: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:25:32.806351: | local proposal 2 type ENCR has 1 transforms Sep 21 07:25:32.806353: | local proposal 2 type PRF has 0 transforms Sep 21 07:25:32.806354: | local proposal 2 type INTEG has 1 transforms Sep 21 07:25:32.806356: | local proposal 2 type DH has 1 transforms Sep 21 07:25:32.806357: | local proposal 2 type ESN has 1 transforms Sep 21 07:25:32.806359: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:25:32.806360: | local proposal 3 type ENCR has 1 transforms Sep 21 07:25:32.806362: | local proposal 3 type PRF has 0 transforms Sep 21 07:25:32.806363: | local proposal 3 type INTEG has 2 transforms Sep 21 07:25:32.806365: | local proposal 3 type DH has 1 transforms Sep 21 07:25:32.806366: | local proposal 3 type ESN has 1 transforms Sep 21 07:25:32.806368: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:25:32.806372: | local proposal 4 type ENCR has 1 transforms Sep 21 07:25:32.806373: | local proposal 4 type PRF has 0 transforms Sep 21 07:25:32.806375: | local proposal 4 type INTEG has 2 transforms Sep 21 07:25:32.806376: | local proposal 4 type DH has 1 transforms Sep 21 07:25:32.806377: | local proposal 4 type ESN has 1 transforms Sep 21 07:25:32.806379: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:25:32.806381: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:32.806383: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:32.806384: | length: 32 (0x20) Sep 21 07:25:32.806386: | prop #: 1 (0x1) Sep 21 07:25:32.806387: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:32.806389: | spi size: 4 (0x4) Sep 21 07:25:32.806390: | # transforms: 2 (0x2) Sep 21 07:25:32.806392: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:32.806394: | remote SPI fd 64 10 40 Sep 21 07:25:32.806396: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:25:32.806398: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:32.806399: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:32.806401: | length: 12 (0xc) Sep 21 07:25:32.806402: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:32.806404: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:32.806406: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:32.806407: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:32.806409: | length/value: 256 (0x100) Sep 21 07:25:32.806412: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:32.806413: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:32.806415: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:32.806416: | length: 8 (0x8) Sep 21 07:25:32.806418: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:32.806419: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:32.806421: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:25:32.806423: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Sep 21 07:25:32.806426: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Sep 21 07:25:32.806428: | remote proposal 1 matches local proposal 1 Sep 21 07:25:32.806429: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Sep 21 07:25:32.806432: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=fd641040;ENCR=AES_GCM_C_256;ESN=DISABLED Sep 21 07:25:32.806434: | converting proposal to internal trans attrs Sep 21 07:25:32.806438: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:25:32.806538: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:25:32.806541: | could_route called for north-east (kind=CK_PERMANENT) Sep 21 07:25:32.806543: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:32.806545: | conn north-east mark 0/00000000, 0/00000000 vs Sep 21 07:25:32.806546: | conn north-east mark 0/00000000, 0/00000000 Sep 21 07:25:32.806549: | route owner of "north-east" prospective erouted: self; eroute owner: self Sep 21 07:25:32.806551: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:25:32.806554: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:25:32.806556: | AES_GCM_16 requires 4 salt bytes Sep 21 07:25:32.806557: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:25:32.806560: | setting IPsec SA replay-window to 32 Sep 21 07:25:32.806562: | NIC esp-hw-offload not for connection 'north-east' not available on interface eth1 Sep 21 07:25:32.806564: | netlink: enabling tunnel mode Sep 21 07:25:32.806568: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:32.806569: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:32.806645: | netlink response for Add SA esp.fd641040@192.1.2.23 included non-error error Sep 21 07:25:32.806651: | set up outgoing SA, ref=0/0 Sep 21 07:25:32.806656: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:25:32.806659: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:25:32.806662: | AES_GCM_16 requires 4 salt bytes Sep 21 07:25:32.806665: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:25:32.806669: | setting IPsec SA replay-window to 32 Sep 21 07:25:32.806673: | NIC esp-hw-offload not for connection 'north-east' not available on interface eth1 Sep 21 07:25:32.806676: | netlink: enabling tunnel mode Sep 21 07:25:32.806679: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:32.806682: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:32.806728: | netlink response for Add SA esp.195bba99@192.1.3.33 included non-error error Sep 21 07:25:32.806733: | priority calculation of connection "north-east" is 0xfdfe7 Sep 21 07:25:32.806741: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.254/32:0 => tun.10000@192.1.3.33 (raw_eroute) Sep 21 07:25:32.806745: | IPsec Sa SPD priority set to 1040359 Sep 21 07:25:32.806823: | raw_eroute result=success Sep 21 07:25:32.806830: | set up incoming SA, ref=0/0 Sep 21 07:25:32.806834: | sr for #2: prospective erouted Sep 21 07:25:32.806837: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:25:32.806840: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:32.806844: | conn north-east mark 0/00000000, 0/00000000 vs Sep 21 07:25:32.806847: | conn north-east mark 0/00000000, 0/00000000 Sep 21 07:25:32.806852: | route owner of "north-east" prospective erouted: self; eroute owner: self Sep 21 07:25:32.806856: | route_and_eroute with c: north-east (next: none) ero:north-east esr:{(nil)} ro:north-east rosr:{(nil)} and state: #2 Sep 21 07:25:32.806860: | priority calculation of connection "north-east" is 0xfdfe7 Sep 21 07:25:32.806866: | eroute_connection replace eroute 192.0.3.254/32:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23>tun.0@192.1.2.23 (raw_eroute) Sep 21 07:25:32.806868: | IPsec Sa SPD priority set to 1040359 Sep 21 07:25:32.806890: | raw_eroute result=success Sep 21 07:25:32.806892: | running updown command "ipsec _updown" for verb up Sep 21 07:25:32.806895: | command executing up-client Sep 21 07:25:32.806928: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xfd6410 Sep 21 07:25:32.806933: | popen cmd is 1036 chars long Sep 21 07:25:32.806936: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_I: Sep 21 07:25:32.806940: | cmd( 80):NTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@: Sep 21 07:25:32.806943: | cmd( 160):north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_: Sep 21 07:25:32.806945: | cmd( 240):MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_S: Sep 21 07:25:32.806950: | cmd( 320):A_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east: Sep 21 07:25:32.806952: | cmd( 400):' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_: Sep 21 07:25:32.806953: | cmd( 480):CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PE: Sep 21 07:25:32.806955: | cmd( 560):ER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYP: Sep 21 07:25:32.806956: | cmd( 640):T+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_: Sep 21 07:25:32.806958: | cmd( 720):PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' P: Sep 21 07:25:32.806959: | cmd( 800):LUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_S: Sep 21 07:25:32.806961: | cmd( 880):ERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING=: Sep 21 07:25:32.806962: | cmd( 960):'no' VTI_SHARED='no' SPI_IN=0xfd641040 SPI_OUT=0x195bba99 ipsec _updown 2>&1: Sep 21 07:25:32.815339: | route_and_eroute: firewall_notified: true Sep 21 07:25:32.815353: | route_and_eroute: instance "north-east", setting eroute_owner {spd=0x561ea75e39f0,sr=0x561ea75e39f0} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:25:32.815508: | #1 spent 0.555 milliseconds in install_ipsec_sa() Sep 21 07:25:32.815518: | inR2: instance north-east[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:25:32.815522: | state #2 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:25:32.815525: | #2 STATE_PARENT_I2: retransmits: cleared Sep 21 07:25:32.815531: | libevent_free: release ptr-libevent@0x7f6458006900 Sep 21 07:25:32.815534: | free_event_entry: release EVENT_RETRANSMIT-pe@0x561ea75e73b0 Sep 21 07:25:32.815541: | #2 spent 1.13 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Sep 21 07:25:32.815551: | [RE]START processing: state #2 connection "north-east" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:32.815556: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Sep 21 07:25:32.815559: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Sep 21 07:25:32.815563: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:25:32.815566: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:25:32.815571: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Sep 21 07:25:32.815576: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:32.815580: | pstats #2 ikev2.child established Sep 21 07:25:32.815588: "north-east" #2: negotiated connection [192.0.3.254-192.0.3.254:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Sep 21 07:25:32.815592: | NAT-T: encaps is 'auto' Sep 21 07:25:32.815596: "north-east" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xfd641040 <0x195bba99 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Sep 21 07:25:32.815598: | releasing whack for #2 (sock=fd@-1) Sep 21 07:25:32.815600: | releasing whack and unpending for parent #1 Sep 21 07:25:32.815603: | unpending state #1 connection "north-east" Sep 21 07:25:32.815607: | delete from pending Child SA with 192.1.2.23 "north-east" Sep 21 07:25:32.815610: | removing pending policy for no connection {0x561ea7546f50} Sep 21 07:25:32.815614: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Sep 21 07:25:32.815617: | event_schedule: new EVENT_SA_REKEY-pe@0x561ea75ecb10 Sep 21 07:25:32.815620: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Sep 21 07:25:32.815623: | libevent_malloc: new ptr-libevent@0x7f6458006900 size 128 Sep 21 07:25:32.815633: | stop processing: state #2 connection "north-east" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:32.815638: | #1 spent 1.43 milliseconds in ikev2_process_packet() Sep 21 07:25:32.815642: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:32.815645: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:32.815648: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:32.815652: | spent 1.44 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:32.815664: | processing signal PLUTO_SIGCHLD Sep 21 07:25:32.815669: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:32.815673: | spent 0.00494 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:33.841689: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:33.841710: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:25:33.841713: | FOR_EACH_STATE_... in sort_states Sep 21 07:25:33.841718: | get_sa_info esp.195bba99@192.1.3.33 Sep 21 07:25:33.841729: | get_sa_info esp.fd641040@192.1.2.23 Sep 21 07:25:33.841743: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:33.841749: | spent 0.067 milliseconds in whack Sep 21 07:25:37.180290: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:37.180316: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:25:37.180321: | FOR_EACH_STATE_... in sort_states Sep 21 07:25:37.180329: | get_sa_info esp.195bba99@192.1.3.33 Sep 21 07:25:37.180346: | get_sa_info esp.fd641040@192.1.2.23 Sep 21 07:25:37.180368: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:37.180376: | spent 0.0951 milliseconds in whack Sep 21 07:25:40.250596: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:40.250812: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:40.250821: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:40.250888: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:25:40.250892: | FOR_EACH_STATE_... in sort_states Sep 21 07:25:40.250906: | get_sa_info esp.195bba99@192.1.3.33 Sep 21 07:25:40.250923: | get_sa_info esp.fd641040@192.1.2.23 Sep 21 07:25:40.250946: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:40.250954: | spent 0.363 milliseconds in whack Sep 21 07:25:41.585814: | spent 0.00275 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:41.585836: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:41.585840: | 03 21 a5 e1 75 03 63 18 86 9b be cc 2d bd 0c ec Sep 21 07:25:41.585843: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:25:41.585846: | 6a fa 59 89 53 55 ba 21 1a 15 e4 98 1b 05 c9 b8 Sep 21 07:25:41.585848: | 33 ef 52 56 84 d3 d1 40 70 c4 2f 54 b9 22 58 f2 Sep 21 07:25:41.585851: | de 5c 8e cc 74 Sep 21 07:25:41.585856: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:41.585860: | **parse ISAKMP Message: Sep 21 07:25:41.585863: | initiator cookie: Sep 21 07:25:41.585865: | 03 21 a5 e1 75 03 63 18 Sep 21 07:25:41.585868: | responder cookie: Sep 21 07:25:41.585870: | 86 9b be cc 2d bd 0c ec Sep 21 07:25:41.585873: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:41.585876: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:41.585879: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:41.585882: | flags: none (0x0) Sep 21 07:25:41.585885: | Message ID: 0 (0x0) Sep 21 07:25:41.585888: | length: 69 (0x45) Sep 21 07:25:41.585892: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:25:41.585896: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:25:41.585903: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:25:41.585911: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:41.585915: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:41.585921: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:41.585925: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:25:41.585930: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 Sep 21 07:25:41.585933: | unpacking clear payload Sep 21 07:25:41.585939: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:41.585942: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:41.585945: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:25:41.585948: | flags: none (0x0) Sep 21 07:25:41.585951: | length: 41 (0x29) Sep 21 07:25:41.585953: | processing payload: ISAKMP_NEXT_v2SK (len=37) Sep 21 07:25:41.585958: | Message ID: start-responder #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:25:41.585962: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:25:41.585978: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:25:41.585982: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:25:41.585985: | **parse IKEv2 Delete Payload: Sep 21 07:25:41.585988: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:41.585991: | flags: none (0x0) Sep 21 07:25:41.585993: | length: 12 (0xc) Sep 21 07:25:41.585996: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:41.585998: | SPI size: 4 (0x4) Sep 21 07:25:41.586001: | number of SPIs: 1 (0x1) Sep 21 07:25:41.586004: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:25:41.586007: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:25:41.586010: | Now let's proceed with state specific processing Sep 21 07:25:41.586013: | calling processor I3: INFORMATIONAL Request Sep 21 07:25:41.586017: | an informational request should send a response Sep 21 07:25:41.586023: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:25:41.586026: | **emit ISAKMP Message: Sep 21 07:25:41.586029: | initiator cookie: Sep 21 07:25:41.586031: | 03 21 a5 e1 75 03 63 18 Sep 21 07:25:41.586034: | responder cookie: Sep 21 07:25:41.586036: | 86 9b be cc 2d bd 0c ec Sep 21 07:25:41.586038: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:41.586041: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:41.586043: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:41.586047: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:25:41.586049: | Message ID: 0 (0x0) Sep 21 07:25:41.586052: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:41.586055: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:41.586058: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:41.586060: | flags: none (0x0) Sep 21 07:25:41.586064: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:41.586067: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:41.586070: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:41.586076: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:25:41.586078: | SPI fd 64 10 40 Sep 21 07:25:41.586081: | delete PROTO_v2_ESP SA(0xfd641040) Sep 21 07:25:41.586084: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Sep 21 07:25:41.586087: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Sep 21 07:25:41.586092: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xfd641040) Sep 21 07:25:41.586095: "north-east" #1: received Delete SA payload: delete IPsec State #2 now Sep 21 07:25:41.586097: | pstats #2 ikev2.child deleted completed Sep 21 07:25:41.586100: | #2 spent 1.13 milliseconds in total Sep 21 07:25:41.586105: | suspend processing: state #1 connection "north-east" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:41.586108: | start processing: state #2 connection "north-east" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:41.586111: "north-east" #2: deleting other state #2 (STATE_V2_IPSEC_I) aged 8.798s and NOT sending notification Sep 21 07:25:41.586114: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Sep 21 07:25:41.586117: | get_sa_info esp.fd641040@192.1.2.23 Sep 21 07:25:41.586129: | get_sa_info esp.195bba99@192.1.3.33 Sep 21 07:25:41.586135: "north-east" #2: ESP traffic information: in=336B out=336B Sep 21 07:25:41.586139: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:25:41.586142: | state #2 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:41.586146: | libevent_free: release ptr-libevent@0x7f6458006900 Sep 21 07:25:41.586149: | free_event_entry: release EVENT_SA_REKEY-pe@0x561ea75ecb10 Sep 21 07:25:41.586392: | running updown command "ipsec _updown" for verb down Sep 21 07:25:41.586398: | command executing down-client Sep 21 07:25:41.586425: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050732' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP Sep 21 07:25:41.586429: | popen cmd is 1047 chars long Sep 21 07:25:41.586432: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO: Sep 21 07:25:41.586435: | cmd( 80):_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID=: Sep 21 07:25:41.586437: | cmd( 160):'@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUT: Sep 21 07:25:41.586439: | cmd( 240):O_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO: Sep 21 07:25:41.586441: | cmd( 320):_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@ea: Sep 21 07:25:41.586444: | cmd( 400):st' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEE: Sep 21 07:25:41.586446: | cmd( 480):R_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_: Sep 21 07:25:41.586449: | cmd( 560):PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050732' PLUTO_CONN_POLICY='RS: Sep 21 07:25:41.586451: | cmd( 640):ASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CON: Sep 21 07:25:41.586454: | cmd( 720):N_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_: Sep 21 07:25:41.586456: | cmd( 800):CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' : Sep 21 07:25:41.586459: | cmd( 880):PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' V: Sep 21 07:25:41.586461: | cmd( 960):TI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xfd641040 SPI_OUT=0x195bba99 ipsec _updo: Sep 21 07:25:41.586467: | cmd(1040):wn 2>&1: Sep 21 07:25:41.693457: | shunt_eroute() called for connection 'north-east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.254/32:0 --0->- 192.0.2.0/24:0 Sep 21 07:25:41.693471: | netlink_shunt_eroute for proto 0, and source 192.0.3.254/32:0 dest 192.0.2.0/24:0 Sep 21 07:25:41.693474: | priority calculation of connection "north-east" is 0xfdfe7 Sep 21 07:25:41.693478: | IPsec Sa SPD priority set to 1040359 Sep 21 07:25:41.693641: | delete esp.fd641040@192.1.2.23 Sep 21 07:25:41.693770: | netlink response for Del SA esp.fd641040@192.1.2.23 included non-error error Sep 21 07:25:41.693777: | priority calculation of connection "north-east" is 0xfdfe7 Sep 21 07:25:41.693792: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.254/32:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:25:41.694032: | raw_eroute result=success Sep 21 07:25:41.694039: | delete esp.195bba99@192.1.3.33 Sep 21 07:25:41.694160: | netlink response for Del SA esp.195bba99@192.1.3.33 included non-error error Sep 21 07:25:41.694167: | in connection_discard for connection north-east Sep 21 07:25:41.694171: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Sep 21 07:25:41.694176: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:25:41.694182: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:41.694187: | resume processing: state #1 connection "north-east" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:41.694193: | ****emit IKEv2 Delete Payload: Sep 21 07:25:41.694196: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:41.694199: | flags: none (0x0) Sep 21 07:25:41.694202: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:41.694204: | SPI size: 4 (0x4) Sep 21 07:25:41.694207: | number of SPIs: 1 (0x1) Sep 21 07:25:41.694210: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:25:41.694214: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:41.694217: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:25:41.694220: | local SPIs 19 5b ba 99 Sep 21 07:25:41.694222: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:25:41.694225: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:41.694228: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:41.694231: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:41.694234: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:25:41.694237: | emitting length of ISAKMP Message: 69 Sep 21 07:25:41.694256: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:41.694259: | 03 21 a5 e1 75 03 63 18 86 9b be cc 2d bd 0c ec Sep 21 07:25:41.694261: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:25:41.694264: | 9e 7b 8d da a4 79 dc 6f 7f 24 2f 55 1d 7e d4 96 Sep 21 07:25:41.694266: | ea 96 14 16 40 6a 54 da ce 15 54 b5 ac 38 c7 64 Sep 21 07:25:41.694269: | 28 0c 17 56 b8 Sep 21 07:25:41.694303: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:25:41.694309: | Message ID: sent #1 response 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:25:41.694316: | #1 spent 0.693 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:25:41.694322: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:41.694329: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:25:41.694332: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:25:41.694337: | Message ID: recv #1 request 0; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:25:41.694341: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:41.694345: "north-east" #1: STATE_PARENT_I3: PARENT SA established Sep 21 07:25:41.694350: | stop processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:41.694355: | #1 spent 0.924 milliseconds in ikev2_process_packet() Sep 21 07:25:41.694359: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:41.694362: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:41.694365: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:41.694369: | spent 0.939 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:41.694382: | spent 0.00155 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:41.694393: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:41.694396: | 03 21 a5 e1 75 03 63 18 86 9b be cc 2d bd 0c ec Sep 21 07:25:41.694398: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Sep 21 07:25:41.694400: | 92 fb 33 6b 9a eb 49 cb 4b d1 e3 0e 89 04 d3 16 Sep 21 07:25:41.694403: | 42 9f 30 83 ec 1c 8b a1 e5 8f f5 ef eb 04 c9 45 Sep 21 07:25:41.694405: | 4b Sep 21 07:25:41.694409: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:41.694413: | **parse ISAKMP Message: Sep 21 07:25:41.694415: | initiator cookie: Sep 21 07:25:41.694417: | 03 21 a5 e1 75 03 63 18 Sep 21 07:25:41.694420: | responder cookie: Sep 21 07:25:41.694422: | 86 9b be cc 2d bd 0c ec Sep 21 07:25:41.694425: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:41.694428: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:41.694430: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:41.694433: | flags: none (0x0) Sep 21 07:25:41.694435: | Message ID: 1 (0x1) Sep 21 07:25:41.694438: | length: 65 (0x41) Sep 21 07:25:41.694441: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:25:41.694444: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:25:41.694448: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:25:41.694453: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:41.694456: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:41.694461: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:41.694464: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:25:41.694468: | Message ID: #1 not a duplicate - message is new; initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 Sep 21 07:25:41.694470: | unpacking clear payload Sep 21 07:25:41.694473: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:41.694476: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:41.694478: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:25:41.694481: | flags: none (0x0) Sep 21 07:25:41.694483: | length: 37 (0x25) Sep 21 07:25:41.694486: | processing payload: ISAKMP_NEXT_v2SK (len=33) Sep 21 07:25:41.694490: | Message ID: start-responder #1 request 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:25:41.694493: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:25:41.694504: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:25:41.694508: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:25:41.694511: | **parse IKEv2 Delete Payload: Sep 21 07:25:41.694514: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:41.694516: | flags: none (0x0) Sep 21 07:25:41.694519: | length: 8 (0x8) Sep 21 07:25:41.694521: | protocol ID: PROTO_v2_IKE (0x1) Sep 21 07:25:41.694524: | SPI size: 0 (0x0) Sep 21 07:25:41.694526: | number of SPIs: 0 (0x0) Sep 21 07:25:41.694528: | processing payload: ISAKMP_NEXT_v2D (len=0) Sep 21 07:25:41.694531: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:25:41.694533: | Now let's proceed with state specific processing Sep 21 07:25:41.694536: | calling processor I3: INFORMATIONAL Request Sep 21 07:25:41.694539: | an informational request should send a response Sep 21 07:25:41.694544: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:25:41.694547: | **emit ISAKMP Message: Sep 21 07:25:41.694549: | initiator cookie: Sep 21 07:25:41.694552: | 03 21 a5 e1 75 03 63 18 Sep 21 07:25:41.694554: | responder cookie: Sep 21 07:25:41.694556: | 86 9b be cc 2d bd 0c ec Sep 21 07:25:41.694559: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:41.694561: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:41.694564: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:41.694567: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:25:41.694569: | Message ID: 1 (0x1) Sep 21 07:25:41.694572: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:41.694575: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:41.694578: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:41.694580: | flags: none (0x0) Sep 21 07:25:41.694583: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:41.694586: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:41.694589: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:41.694595: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:41.694598: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:41.694601: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:41.694604: | emitting length of IKEv2 Encryption Payload: 29 Sep 21 07:25:41.694606: | emitting length of ISAKMP Message: 57 Sep 21 07:25:41.694617: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:41.694620: | 03 21 a5 e1 75 03 63 18 86 9b be cc 2d bd 0c ec Sep 21 07:25:41.694622: | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d Sep 21 07:25:41.694625: | 09 c3 6f b2 2f 95 25 ac b5 3e 84 3e 19 90 68 c9 Sep 21 07:25:41.694627: | f1 42 80 09 ea 55 c8 e3 d9 Sep 21 07:25:41.694645: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=1 initiator.recv=1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:25:41.694650: | Message ID: sent #1 response 1; ike: initiator.sent=1 initiator.recv=1 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:25:41.694653: | State DB: IKEv2 state not found (delete_my_family) Sep 21 07:25:41.694656: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Sep 21 07:25:41.694659: | pstats #1 ikev2.ike deleted completed Sep 21 07:25:41.694663: | #1 spent 9.7 milliseconds in total Sep 21 07:25:41.694668: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:41.694672: "north-east" #1: deleting state (STATE_IKESA_DEL) aged 8.913s and NOT sending notification Sep 21 07:25:41.694676: | parent state #1: IKESA_DEL(established IKE SA) => delete Sep 21 07:25:41.697120: | state #1 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:41.697131: | libevent_free: release ptr-libevent@0x561ea75e5770 Sep 21 07:25:41.697135: | free_event_entry: release EVENT_SA_REKEY-pe@0x561ea75e5b20 Sep 21 07:25:41.697138: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:25:41.697142: | in connection_discard for connection north-east Sep 21 07:25:41.697145: | State DB: deleting IKEv2 state #1 in IKESA_DEL Sep 21 07:25:41.697149: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Sep 21 07:25:41.697153: | unreference key: 0x561ea75466c0 @east cnt 2-- Sep 21 07:25:41.697171: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:41.697185: | in statetime_stop() and could not find #1 Sep 21 07:25:41.697188: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:41.697192: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Sep 21 07:25:41.697195: | STF_OK but no state object remains Sep 21 07:25:41.697198: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:41.697200: | in statetime_stop() and could not find #1 Sep 21 07:25:41.697205: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:41.697208: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:41.697210: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:41.697216: | spent 0.443 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:41.697225: | processing signal PLUTO_SIGCHLD Sep 21 07:25:41.697229: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:41.697233: | spent 0.00453 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:42.406104: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:42.406124: shutting down Sep 21 07:25:42.406132: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:25:42.406136: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:25:42.406142: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:42.406145: forgetting secrets Sep 21 07:25:42.406150: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:42.406154: | unreference key: 0x561ea75466c0 @east cnt 1-- Sep 21 07:25:42.406158: | unreference key: 0x561ea753d8f0 @north cnt 1-- Sep 21 07:25:42.406162: | start processing: connection "north-east" (in delete_connection() at connections.c:189) Sep 21 07:25:42.406165: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:25:42.406168: | pass 0 Sep 21 07:25:42.406170: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:42.406173: | pass 1 Sep 21 07:25:42.406175: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:42.406183: | shunt_eroute() called for connection 'north-east' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.254/32:0 --0->- 192.0.2.0/24:0 Sep 21 07:25:42.406189: | netlink_shunt_eroute for proto 0, and source 192.0.3.254/32:0 dest 192.0.2.0/24:0 Sep 21 07:25:42.406192: | priority calculation of connection "north-east" is 0xfdfe7 Sep 21 07:25:42.406428: | priority calculation of connection "north-east" is 0xfdfe7 Sep 21 07:25:42.406444: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:42.406448: | conn north-east mark 0/00000000, 0/00000000 vs Sep 21 07:25:42.406451: | conn north-east mark 0/00000000, 0/00000000 Sep 21 07:25:42.406456: | route owner of "north-east" unrouted: NULL Sep 21 07:25:42.406459: | running updown command "ipsec _updown" for verb unroute Sep 21 07:25:42.406462: | command executing unroute-client Sep 21 07:25:42.406494: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_ Sep 21 07:25:42.406498: | popen cmd is 1028 chars long Sep 21 07:25:42.406500: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PL: Sep 21 07:25:42.406503: | cmd( 80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_: Sep 21 07:25:42.406506: | cmd( 160):ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' P: Sep 21 07:25:42.406508: | cmd( 240):LUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL: Sep 21 07:25:42.406511: | cmd( 320):UTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=: Sep 21 07:25:42.406513: | cmd( 400):'@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO: Sep 21 07:25:42.406516: | cmd( 480):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Sep 21 07:25:42.406519: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+: Sep 21 07:25:42.406521: | cmd( 640):ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIN: Sep 21 07:25:42.406524: | cmd( 720):D='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO: Sep 21 07:25:42.406527: | cmd( 800):='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO: Sep 21 07:25:42.406529: | cmd( 880):_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_RO: Sep 21 07:25:42.406532: | cmd( 960):UTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:25:42.430116: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.430161: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.430191: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.430219: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.430249: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.430278: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.430352: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.430390: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.430422: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.430453: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.430483: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.430519: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.430553: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.430585: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.430617: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.430652: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.430684: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.430715: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.430745: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431098: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431136: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431171: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431202: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431234: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431264: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431294: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431326: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431356: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431386: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431414: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431443: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431476: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431505: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431532: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431557: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431583: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431612: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431644: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431674: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431704: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431736: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431769: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431803: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431838: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431868: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431899: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431934: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431965: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.431996: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.432025: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.432057: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.432089: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.432120: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.432150: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.432179: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.432216: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.432251: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.432280: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.432308: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.432336: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.432366: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.432398: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.432431: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.432462: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.432496: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.432526: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.432558: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.432589: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.432619: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.432652: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.432683: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.432717: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.432750: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.432782: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.436050: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.436083: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.436115: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.436144: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.436174: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.436202: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.436230: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.436261: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.436289: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.436318: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.436346: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.436374: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.436404: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.436432: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.436462: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.436489: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.436517: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.436547: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.436576: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.436604: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.436632: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.436660: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.436694: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.436722: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.436750: "north-east": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:42.454362: | free hp@0x561ea75af5c0 Sep 21 07:25:42.454380: | flush revival: connection 'north-east' wasn't on the list Sep 21 07:25:42.454389: | stop processing: connection "north-east" (in discard_connection() at connections.c:249) Sep 21 07:25:42.454397: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:25:42.454400: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:25:42.454412: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:25:42.454415: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:25:42.454419: shutting down interface eth0/eth0 192.0.3.254:4500 Sep 21 07:25:42.454422: shutting down interface eth0/eth0 192.0.3.254:500 Sep 21 07:25:42.454425: shutting down interface eth1/eth1 192.1.3.33:4500 Sep 21 07:25:42.454428: shutting down interface eth1/eth1 192.1.3.33:500 Sep 21 07:25:42.454433: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:25:42.454439: | libevent_free: release ptr-libevent@0x561ea75e2b60 Sep 21 07:25:42.454442: | free_event_entry: release EVENT_NULL-pe@0x561ea75e2b20 Sep 21 07:25:42.454452: | libevent_free: release ptr-libevent@0x561ea75e2c50 Sep 21 07:25:42.454455: | free_event_entry: release EVENT_NULL-pe@0x561ea75e2c10 Sep 21 07:25:42.454461: | libevent_free: release ptr-libevent@0x561ea75e2d40 Sep 21 07:25:42.454464: | free_event_entry: release EVENT_NULL-pe@0x561ea75e2d00 Sep 21 07:25:42.454469: | libevent_free: release ptr-libevent@0x561ea75e2e30 Sep 21 07:25:42.454472: | free_event_entry: release EVENT_NULL-pe@0x561ea75e2df0 Sep 21 07:25:42.454478: | libevent_free: release ptr-libevent@0x561ea75e2f20 Sep 21 07:25:42.454481: | free_event_entry: release EVENT_NULL-pe@0x561ea75e2ee0 Sep 21 07:25:42.454487: | libevent_free: release ptr-libevent@0x561ea75e3010 Sep 21 07:25:42.454489: | free_event_entry: release EVENT_NULL-pe@0x561ea75e2fd0 Sep 21 07:25:42.454494: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:25:42.455026: | libevent_free: release ptr-libevent@0x561ea75e2480 Sep 21 07:25:42.455035: | free_event_entry: release EVENT_NULL-pe@0x561ea75c6340 Sep 21 07:25:42.455039: | libevent_free: release ptr-libevent@0x561ea75d7f10 Sep 21 07:25:42.455042: | free_event_entry: release EVENT_NULL-pe@0x561ea75cbd20 Sep 21 07:25:42.455046: | libevent_free: release ptr-libevent@0x561ea75d7e80 Sep 21 07:25:42.455048: | free_event_entry: release EVENT_NULL-pe@0x561ea75cbd60 Sep 21 07:25:42.455051: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:25:42.455054: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:25:42.455056: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:25:42.455058: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:25:42.455061: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:25:42.455063: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:25:42.455065: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:25:42.455067: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:25:42.455069: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:25:42.455074: | libevent_free: release ptr-libevent@0x561ea75e2550 Sep 21 07:25:42.455076: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:25:42.455079: | libevent_free: release ptr-libevent@0x561ea75e2630 Sep 21 07:25:42.455082: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:25:42.455085: | libevent_free: release ptr-libevent@0x561ea75e26f0 Sep 21 07:25:42.455087: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:25:42.455089: | libevent_free: release ptr-libevent@0x561ea75d7280 Sep 21 07:25:42.455091: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:25:42.455094: | releasing event base Sep 21 07:25:42.455107: | libevent_free: release ptr-libevent@0x561ea75e27b0 Sep 21 07:25:42.455113: | libevent_free: release ptr-libevent@0x561ea75b7dd0 Sep 21 07:25:42.455117: | libevent_free: release ptr-libevent@0x561ea75c6680 Sep 21 07:25:42.455119: | libevent_free: release ptr-libevent@0x561ea75c6750 Sep 21 07:25:42.455121: | libevent_free: release ptr-libevent@0x561ea75c66a0 Sep 21 07:25:42.455124: | libevent_free: release ptr-libevent@0x561ea75e2510 Sep 21 07:25:42.455126: | libevent_free: release ptr-libevent@0x561ea75e25f0 Sep 21 07:25:42.455128: | libevent_free: release ptr-libevent@0x561ea75c6730 Sep 21 07:25:42.455130: | libevent_free: release ptr-libevent@0x561ea75cb040 Sep 21 07:25:42.455133: | libevent_free: release ptr-libevent@0x561ea75cb060 Sep 21 07:25:42.455135: | libevent_free: release ptr-libevent@0x561ea75e30a0 Sep 21 07:25:42.455137: | libevent_free: release ptr-libevent@0x561ea75e2fb0 Sep 21 07:25:42.455139: | libevent_free: release ptr-libevent@0x561ea75e2ec0 Sep 21 07:25:42.455142: | libevent_free: release ptr-libevent@0x561ea75e2dd0 Sep 21 07:25:42.455144: | libevent_free: release ptr-libevent@0x561ea75e2ce0 Sep 21 07:25:42.455146: | libevent_free: release ptr-libevent@0x561ea75e2bf0 Sep 21 07:25:42.455149: | libevent_free: release ptr-libevent@0x561ea7548370 Sep 21 07:25:42.455151: | libevent_free: release ptr-libevent@0x561ea75e26d0 Sep 21 07:25:42.455153: | libevent_free: release ptr-libevent@0x561ea75e2610 Sep 21 07:25:42.455155: | libevent_free: release ptr-libevent@0x561ea75e2530 Sep 21 07:25:42.455158: | libevent_free: release ptr-libevent@0x561ea75e2790 Sep 21 07:25:42.455160: | libevent_free: release ptr-libevent@0x561ea75465b0 Sep 21 07:25:42.455163: | libevent_free: release ptr-libevent@0x561ea75c66c0 Sep 21 07:25:42.455166: | libevent_free: release ptr-libevent@0x561ea75c66f0 Sep 21 07:25:42.455168: | libevent_free: release ptr-libevent@0x561ea75c63e0 Sep 21 07:25:42.455170: | releasing global libevent data Sep 21 07:25:42.455173: | libevent_free: release ptr-libevent@0x561ea75c50d0 Sep 21 07:25:42.455176: | libevent_free: release ptr-libevent@0x561ea75c6380 Sep 21 07:25:42.455178: | libevent_free: release ptr-libevent@0x561ea75c63b0