Sep 21 07:25:35.113621: FIPS Product: YES Sep 21 07:25:35.113660: FIPS Kernel: NO Sep 21 07:25:35.113663: FIPS Mode: NO Sep 21 07:25:35.113665: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:25:35.113836: Initializing NSS Sep 21 07:25:35.113845: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:25:35.161096: NSS initialized Sep 21 07:25:35.161109: NSS crypto library initialized Sep 21 07:25:35.161112: FIPS HMAC integrity support [enabled] Sep 21 07:25:35.161114: FIPS mode disabled for pluto daemon Sep 21 07:25:35.241599: FIPS HMAC integrity verification self-test FAILED Sep 21 07:25:35.241704: libcap-ng support [enabled] Sep 21 07:25:35.241717: Linux audit support [enabled] Sep 21 07:25:35.241744: Linux audit activated Sep 21 07:25:35.241748: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:12651 Sep 21 07:25:35.241752: core dump dir: /tmp Sep 21 07:25:35.241754: secrets file: /etc/ipsec.secrets Sep 21 07:25:35.241756: leak-detective disabled Sep 21 07:25:35.241758: NSS crypto [enabled] Sep 21 07:25:35.241760: XAUTH PAM support [enabled] Sep 21 07:25:35.241840: | libevent is using pluto's memory allocator Sep 21 07:25:35.241849: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:25:35.241863: | libevent_malloc: new ptr-libevent@0x55decdab6470 size 40 Sep 21 07:25:35.241869: | libevent_malloc: new ptr-libevent@0x55decdab64a0 size 40 Sep 21 07:25:35.241872: | libevent_malloc: new ptr-libevent@0x55decdab7790 size 40 Sep 21 07:25:35.241875: | creating event base Sep 21 07:25:35.241878: | libevent_malloc: new ptr-libevent@0x55decdab7750 size 56 Sep 21 07:25:35.241881: | libevent_malloc: new ptr-libevent@0x55decdab77c0 size 664 Sep 21 07:25:35.241892: | libevent_malloc: new ptr-libevent@0x55decdab7a60 size 24 Sep 21 07:25:35.241896: | libevent_malloc: new ptr-libevent@0x55decdaa91c0 size 384 Sep 21 07:25:35.241906: | libevent_malloc: new ptr-libevent@0x55decdab7a80 size 16 Sep 21 07:25:35.241909: | libevent_malloc: new ptr-libevent@0x55decdab7aa0 size 40 Sep 21 07:25:35.241912: | libevent_malloc: new ptr-libevent@0x55decdab7ad0 size 48 Sep 21 07:25:35.241918: | libevent_realloc: new ptr-libevent@0x55decda3b370 size 256 Sep 21 07:25:35.241921: | libevent_malloc: new ptr-libevent@0x55decdab7b10 size 16 Sep 21 07:25:35.241927: | libevent_free: release ptr-libevent@0x55decdab7750 Sep 21 07:25:35.241931: | libevent initialized Sep 21 07:25:35.241934: | libevent_realloc: new ptr-libevent@0x55decdab7b30 size 64 Sep 21 07:25:35.241938: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:25:35.241956: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:25:35.241958: NAT-Traversal support [enabled] Sep 21 07:25:35.241961: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:25:35.241967: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:25:35.241971: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:25:35.242009: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:25:35.242012: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:25:35.242015: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:25:35.242065: Encryption algorithms: Sep 21 07:25:35.242075: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:25:35.242079: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:25:35.242083: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:25:35.242086: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:25:35.242090: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:25:35.242098: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:25:35.242103: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:25:35.242106: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:25:35.242110: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:25:35.242114: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:25:35.242117: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:25:35.242121: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:25:35.242125: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:25:35.242129: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:25:35.242132: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:25:35.242135: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:25:35.242139: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:25:35.242146: Hash algorithms: Sep 21 07:25:35.242149: MD5 IKEv1: IKE IKEv2: Sep 21 07:25:35.242152: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:25:35.242155: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:25:35.242158: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:25:35.242161: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:25:35.242175: PRF algorithms: Sep 21 07:25:35.242178: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:25:35.242181: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:25:35.242185: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:25:35.242188: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:25:35.242191: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:25:35.242194: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:25:35.242220: Integrity algorithms: Sep 21 07:25:35.242223: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:25:35.242227: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:25:35.242231: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:25:35.242235: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:25:35.242240: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:25:35.242242: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:25:35.242246: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:25:35.242249: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:25:35.242252: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:25:35.242265: DH algorithms: Sep 21 07:25:35.242268: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:25:35.242271: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:25:35.242274: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:25:35.242279: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:25:35.242282: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:25:35.242285: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:25:35.242288: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:25:35.242291: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:25:35.242294: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:25:35.242297: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:25:35.242300: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:25:35.242303: testing CAMELLIA_CBC: Sep 21 07:25:35.242306: Camellia: 16 bytes with 128-bit key Sep 21 07:25:35.242430: Camellia: 16 bytes with 128-bit key Sep 21 07:25:35.242463: Camellia: 16 bytes with 256-bit key Sep 21 07:25:35.242496: Camellia: 16 bytes with 256-bit key Sep 21 07:25:35.242526: testing AES_GCM_16: Sep 21 07:25:35.242529: empty string Sep 21 07:25:35.242557: one block Sep 21 07:25:35.242584: two blocks Sep 21 07:25:35.242610: two blocks with associated data Sep 21 07:25:35.242638: testing AES_CTR: Sep 21 07:25:35.242640: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:25:35.242668: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:25:35.242697: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:25:35.242726: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:25:35.242753: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:25:35.242782: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:25:35.242820: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:25:35.242848: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:25:35.242877: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:25:35.242906: testing AES_CBC: Sep 21 07:25:35.242909: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:25:35.242937: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:25:35.242967: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:25:35.242998: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:25:35.243033: testing AES_XCBC: Sep 21 07:25:35.243036: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:25:35.243163: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:25:35.243300: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:25:35.243433: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:25:35.243568: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:25:35.243705: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:25:35.243850: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:25:35.244167: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:25:35.244305: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:25:35.244450: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:25:35.244704: testing HMAC_MD5: Sep 21 07:25:35.244708: RFC 2104: MD5_HMAC test 1 Sep 21 07:25:35.244898: RFC 2104: MD5_HMAC test 2 Sep 21 07:25:35.245066: RFC 2104: MD5_HMAC test 3 Sep 21 07:25:35.245256: 8 CPU cores online Sep 21 07:25:35.245260: starting up 7 crypto helpers Sep 21 07:25:35.245292: started thread for crypto helper 0 Sep 21 07:25:35.245299: | starting up helper thread 0 Sep 21 07:25:35.245312: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:25:35.245328: | crypto helper 0 waiting (nothing to do) Sep 21 07:25:35.245313: started thread for crypto helper 1 Sep 21 07:25:35.245366: started thread for crypto helper 2 Sep 21 07:25:35.245369: | starting up helper thread 2 Sep 21 07:25:35.245386: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:25:35.245389: | crypto helper 2 waiting (nothing to do) Sep 21 07:25:35.245398: | starting up helper thread 1 Sep 21 07:25:35.245405: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:25:35.245410: | crypto helper 1 waiting (nothing to do) Sep 21 07:25:35.245405: started thread for crypto helper 3 Sep 21 07:25:35.245414: | starting up helper thread 3 Sep 21 07:25:35.245420: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:25:35.245422: | crypto helper 3 waiting (nothing to do) Sep 21 07:25:35.245439: started thread for crypto helper 4 Sep 21 07:25:35.245482: | starting up helper thread 4 Sep 21 07:25:35.245489: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:25:35.245492: | crypto helper 4 waiting (nothing to do) Sep 21 07:25:35.245484: started thread for crypto helper 5 Sep 21 07:25:35.245498: | starting up helper thread 5 Sep 21 07:25:35.245514: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:25:35.245516: | crypto helper 5 waiting (nothing to do) Sep 21 07:25:35.245521: started thread for crypto helper 6 Sep 21 07:25:35.245524: | starting up helper thread 6 Sep 21 07:25:35.245526: | checking IKEv1 state table Sep 21 07:25:35.245531: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:25:35.245537: | crypto helper 6 waiting (nothing to do) Sep 21 07:25:35.245540: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:35.245543: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:25:35.245545: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:35.245548: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:25:35.245550: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:25:35.245553: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:25:35.245555: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:35.245557: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:35.245560: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:25:35.245562: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:25:35.245564: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:35.245566: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:35.245569: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:25:35.245571: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:35.245573: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:35.245575: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:25:35.245578: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:25:35.245580: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:35.245582: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:35.245584: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:25:35.245587: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:25:35.245589: | -> UNDEFINED EVENT_NULL Sep 21 07:25:35.245592: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:25:35.245594: | -> UNDEFINED EVENT_NULL Sep 21 07:25:35.245597: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:35.245599: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:25:35.245602: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:35.245604: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:25:35.245606: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:25:35.245609: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:25:35.245611: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:25:35.245613: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:25:35.245616: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:25:35.245618: | -> UNDEFINED EVENT_NULL Sep 21 07:25:35.245620: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:25:35.245623: | -> UNDEFINED EVENT_NULL Sep 21 07:25:35.245625: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:25:35.245631: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:25:35.245633: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:25:35.245636: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:25:35.245638: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:25:35.245641: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:25:35.245643: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:25:35.245645: | -> UNDEFINED EVENT_NULL Sep 21 07:25:35.245648: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:25:35.245650: | -> UNDEFINED EVENT_NULL Sep 21 07:25:35.245653: | INFO: category: informational flags: 0: Sep 21 07:25:35.245655: | -> UNDEFINED EVENT_NULL Sep 21 07:25:35.245657: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:25:35.245660: | -> UNDEFINED EVENT_NULL Sep 21 07:25:35.245662: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:25:35.245664: | -> XAUTH_R1 EVENT_NULL Sep 21 07:25:35.245667: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:25:35.245669: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:35.245672: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:25:35.245674: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:25:35.245677: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:25:35.245679: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:25:35.245682: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:25:35.245684: | -> UNDEFINED EVENT_NULL Sep 21 07:25:35.245686: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:25:35.245689: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:35.245691: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:25:35.245693: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:25:35.245696: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:25:35.245698: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:25:35.245705: | checking IKEv2 state table Sep 21 07:25:35.245710: | PARENT_I0: category: ignore flags: 0: Sep 21 07:25:35.245713: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:25:35.245716: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:35.245719: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:25:35.245721: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:25:35.245724: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:25:35.245727: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:25:35.245730: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:25:35.245732: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:25:35.245735: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:25:35.245737: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:25:35.245740: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:25:35.245743: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:25:35.245745: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:25:35.245747: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:25:35.245750: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:25:35.245752: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:35.245755: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:25:35.245758: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:25:35.245761: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:25:35.245763: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:25:35.245766: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:25:35.245770: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:25:35.245773: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:25:35.245775: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:25:35.245778: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:25:35.245780: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:25:35.245787: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:25:35.245793: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:25:35.245795: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:25:35.245798: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:25:35.245801: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:25:35.245803: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:25:35.245806: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:25:35.245809: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:25:35.245811: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:25:35.245814: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:25:35.245817: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:25:35.245820: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:25:35.245822: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:25:35.245825: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:25:35.245828: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:25:35.245831: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:25:35.245834: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:25:35.245836: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:25:35.245839: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:25:35.245841: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:25:35.245912: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:25:35.245967: | Hard-wiring algorithms Sep 21 07:25:35.245970: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:25:35.245974: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:25:35.245977: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:25:35.245979: | adding 3DES_CBC to kernel algorithm db Sep 21 07:25:35.245982: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:25:35.245984: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:25:35.245986: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:25:35.245989: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:25:35.245991: | adding AES_CTR to kernel algorithm db Sep 21 07:25:35.245993: | adding AES_CBC to kernel algorithm db Sep 21 07:25:35.245995: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:25:35.245998: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:25:35.246000: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:25:35.246002: | adding NULL to kernel algorithm db Sep 21 07:25:35.246005: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:25:35.246007: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:25:35.246010: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:25:35.246012: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:25:35.246014: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:25:35.246017: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:25:35.246019: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:25:35.246022: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:25:35.246024: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:25:35.246026: | adding NONE to kernel algorithm db Sep 21 07:25:35.246050: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:25:35.246057: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:25:35.246059: | setup kernel fd callback Sep 21 07:25:35.246062: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55decdac1ee0 Sep 21 07:25:35.246066: | libevent_malloc: new ptr-libevent@0x55decdac93b0 size 128 Sep 21 07:25:35.246069: | libevent_malloc: new ptr-libevent@0x55decdab7c70 size 16 Sep 21 07:25:35.246075: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55decdabc780 Sep 21 07:25:35.246077: | libevent_malloc: new ptr-libevent@0x55decdac9440 size 128 Sep 21 07:25:35.246080: | libevent_malloc: new ptr-libevent@0x55decdabc6d0 size 16 Sep 21 07:25:35.246362: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:25:35.246372: selinux support is enabled. Sep 21 07:25:35.246998: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:25:35.247453: | unbound context created - setting debug level to 5 Sep 21 07:25:35.247489: | /etc/hosts lookups activated Sep 21 07:25:35.247505: | /etc/resolv.conf usage activated Sep 21 07:25:35.247568: | outgoing-port-avoid set 0-65535 Sep 21 07:25:35.247598: | outgoing-port-permit set 32768-60999 Sep 21 07:25:35.247601: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:25:35.247604: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:25:35.247607: | Setting up events, loop start Sep 21 07:25:35.247610: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55decdabc4d0 Sep 21 07:25:35.247614: | libevent_malloc: new ptr-libevent@0x55decdad39b0 size 128 Sep 21 07:25:35.247617: | libevent_malloc: new ptr-libevent@0x55decdad3a40 size 16 Sep 21 07:25:35.247623: | libevent_realloc: new ptr-libevent@0x55decda395b0 size 256 Sep 21 07:25:35.247626: | libevent_malloc: new ptr-libevent@0x55decdad3a60 size 8 Sep 21 07:25:35.247629: | libevent_realloc: new ptr-libevent@0x55decdac86b0 size 144 Sep 21 07:25:35.247632: | libevent_malloc: new ptr-libevent@0x55decdad3a80 size 152 Sep 21 07:25:35.247635: | libevent_malloc: new ptr-libevent@0x55decdad3b20 size 16 Sep 21 07:25:35.247639: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:25:35.247642: | libevent_malloc: new ptr-libevent@0x55decdad3b40 size 8 Sep 21 07:25:35.247644: | libevent_malloc: new ptr-libevent@0x55decdad3b60 size 152 Sep 21 07:25:35.247647: | signal event handler PLUTO_SIGTERM installed Sep 21 07:25:35.247650: | libevent_malloc: new ptr-libevent@0x55decdad3c00 size 8 Sep 21 07:25:35.247652: | libevent_malloc: new ptr-libevent@0x55decdad3c20 size 152 Sep 21 07:25:35.247655: | signal event handler PLUTO_SIGHUP installed Sep 21 07:25:35.247658: | libevent_malloc: new ptr-libevent@0x55decdad3cc0 size 8 Sep 21 07:25:35.247660: | libevent_realloc: release ptr-libevent@0x55decdac86b0 Sep 21 07:25:35.247663: | libevent_realloc: new ptr-libevent@0x55decdad3ce0 size 256 Sep 21 07:25:35.247665: | libevent_malloc: new ptr-libevent@0x55decdac86b0 size 152 Sep 21 07:25:35.247668: | signal event handler PLUTO_SIGSYS installed Sep 21 07:25:35.248180: | created addconn helper (pid:12756) using fork+execve Sep 21 07:25:35.248198: | forked child 12756 Sep 21 07:25:35.248239: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:35.248259: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:25:35.248266: listening for IKE messages Sep 21 07:25:35.248389: | Inspecting interface lo Sep 21 07:25:35.248396: | found lo with address 127.0.0.1 Sep 21 07:25:35.248399: | Inspecting interface eth0 Sep 21 07:25:35.248403: | found eth0 with address 192.0.2.254 Sep 21 07:25:35.248405: | Inspecting interface eth1 Sep 21 07:25:35.248409: | found eth1 with address 192.1.2.23 Sep 21 07:25:35.248510: Kernel supports NIC esp-hw-offload Sep 21 07:25:35.248531: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Sep 21 07:25:35.248592: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:35.248601: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:35.248605: adding interface eth1/eth1 192.1.2.23:4500 Sep 21 07:25:35.248638: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Sep 21 07:25:35.248666: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:35.248670: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:35.248674: adding interface eth0/eth0 192.0.2.254:4500 Sep 21 07:25:35.248703: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:25:35.248726: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:35.248730: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:35.248734: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:25:35.248813: | no interfaces to sort Sep 21 07:25:35.248820: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:25:35.248829: | add_fd_read_event_handler: new ethX-pe@0x55decdabd250 Sep 21 07:25:35.248832: | libevent_malloc: new ptr-libevent@0x55decdad4050 size 128 Sep 21 07:25:35.248835: | libevent_malloc: new ptr-libevent@0x55decdad40e0 size 16 Sep 21 07:25:35.248845: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:25:35.248847: | add_fd_read_event_handler: new ethX-pe@0x55decdad4100 Sep 21 07:25:35.248850: | libevent_malloc: new ptr-libevent@0x55decdad4140 size 128 Sep 21 07:25:35.248853: | libevent_malloc: new ptr-libevent@0x55decdad41d0 size 16 Sep 21 07:25:35.248857: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:25:35.248860: | add_fd_read_event_handler: new ethX-pe@0x55decdad41f0 Sep 21 07:25:35.248862: | libevent_malloc: new ptr-libevent@0x55decdad4230 size 128 Sep 21 07:25:35.248865: | libevent_malloc: new ptr-libevent@0x55decdad42c0 size 16 Sep 21 07:25:35.248869: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Sep 21 07:25:35.248872: | add_fd_read_event_handler: new ethX-pe@0x55decdad42e0 Sep 21 07:25:35.248874: | libevent_malloc: new ptr-libevent@0x55decdad4320 size 128 Sep 21 07:25:35.248877: | libevent_malloc: new ptr-libevent@0x55decdad43b0 size 16 Sep 21 07:25:35.248882: | setup callback for interface eth0 192.0.2.254:500 fd 19 Sep 21 07:25:35.248884: | add_fd_read_event_handler: new ethX-pe@0x55decdad43d0 Sep 21 07:25:35.248887: | libevent_malloc: new ptr-libevent@0x55decdad4410 size 128 Sep 21 07:25:35.248889: | libevent_malloc: new ptr-libevent@0x55decdad44a0 size 16 Sep 21 07:25:35.248893: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:25:35.248896: | add_fd_read_event_handler: new ethX-pe@0x55decdad44c0 Sep 21 07:25:35.248898: | libevent_malloc: new ptr-libevent@0x55decdad4500 size 128 Sep 21 07:25:35.248901: | libevent_malloc: new ptr-libevent@0x55decdad4590 size 16 Sep 21 07:25:35.248905: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:25:35.248911: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:35.248913: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:35.248935: loading secrets from "/etc/ipsec.secrets" Sep 21 07:25:35.248948: | id type added to secret(0x55decdac9590) PKK_PSK: @east Sep 21 07:25:35.248952: | id type added to secret(0x55decdac9590) PKK_PSK: %any Sep 21 07:25:35.248956: | Processing PSK at line 1: passed Sep 21 07:25:35.248958: | certs and keys locked by 'process_secret' Sep 21 07:25:35.248963: | certs and keys unlocked by 'process_secret' Sep 21 07:25:35.248968: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:25:35.248976: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:35.248983: | spent 0.655 milliseconds in whack Sep 21 07:25:35.291339: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:35.291364: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:25:35.291369: listening for IKE messages Sep 21 07:25:35.295391: | Inspecting interface lo Sep 21 07:25:35.295411: | found lo with address 127.0.0.1 Sep 21 07:25:35.295414: | Inspecting interface eth0 Sep 21 07:25:35.295418: | found eth0 with address 192.0.2.254 Sep 21 07:25:35.295421: | Inspecting interface eth1 Sep 21 07:25:35.295425: | found eth1 with address 192.1.2.23 Sep 21 07:25:35.295492: | no interfaces to sort Sep 21 07:25:35.295502: | libevent_free: release ptr-libevent@0x55decdad4050 Sep 21 07:25:35.295505: | free_event_entry: release EVENT_NULL-pe@0x55decdabd250 Sep 21 07:25:35.295508: | add_fd_read_event_handler: new ethX-pe@0x55decdabd250 Sep 21 07:25:35.295511: | libevent_malloc: new ptr-libevent@0x55decdad4050 size 128 Sep 21 07:25:35.295519: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:25:35.295523: | libevent_free: release ptr-libevent@0x55decdad4140 Sep 21 07:25:35.295526: | free_event_entry: release EVENT_NULL-pe@0x55decdad4100 Sep 21 07:25:35.295528: | add_fd_read_event_handler: new ethX-pe@0x55decdad4100 Sep 21 07:25:35.295531: | libevent_malloc: new ptr-libevent@0x55decdad4140 size 128 Sep 21 07:25:35.295535: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:25:35.295539: | libevent_free: release ptr-libevent@0x55decdad4230 Sep 21 07:25:35.295541: | free_event_entry: release EVENT_NULL-pe@0x55decdad41f0 Sep 21 07:25:35.295544: | add_fd_read_event_handler: new ethX-pe@0x55decdad41f0 Sep 21 07:25:35.295546: | libevent_malloc: new ptr-libevent@0x55decdad4230 size 128 Sep 21 07:25:35.295551: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Sep 21 07:25:35.295554: | libevent_free: release ptr-libevent@0x55decdad4320 Sep 21 07:25:35.295557: | free_event_entry: release EVENT_NULL-pe@0x55decdad42e0 Sep 21 07:25:35.295559: | add_fd_read_event_handler: new ethX-pe@0x55decdad42e0 Sep 21 07:25:35.295561: | libevent_malloc: new ptr-libevent@0x55decdad4320 size 128 Sep 21 07:25:35.295566: | setup callback for interface eth0 192.0.2.254:500 fd 19 Sep 21 07:25:35.295570: | libevent_free: release ptr-libevent@0x55decdad4410 Sep 21 07:25:35.295572: | free_event_entry: release EVENT_NULL-pe@0x55decdad43d0 Sep 21 07:25:35.295575: | add_fd_read_event_handler: new ethX-pe@0x55decdad43d0 Sep 21 07:25:35.295577: | libevent_malloc: new ptr-libevent@0x55decdad4410 size 128 Sep 21 07:25:35.295582: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:25:35.295585: | libevent_free: release ptr-libevent@0x55decdad4500 Sep 21 07:25:35.295588: | free_event_entry: release EVENT_NULL-pe@0x55decdad44c0 Sep 21 07:25:35.295590: | add_fd_read_event_handler: new ethX-pe@0x55decdad44c0 Sep 21 07:25:35.295593: | libevent_malloc: new ptr-libevent@0x55decdad4500 size 128 Sep 21 07:25:35.295597: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:25:35.295600: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:35.295602: forgetting secrets Sep 21 07:25:35.295611: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:35.295626: loading secrets from "/etc/ipsec.secrets" Sep 21 07:25:35.295633: | id type added to secret(0x55decdac9590) PKK_PSK: @east Sep 21 07:25:35.295637: | id type added to secret(0x55decdac9590) PKK_PSK: %any Sep 21 07:25:35.295641: | Processing PSK at line 1: passed Sep 21 07:25:35.295643: | certs and keys locked by 'process_secret' Sep 21 07:25:35.295646: | certs and keys unlocked by 'process_secret' Sep 21 07:25:35.295650: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:25:35.295657: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:35.295665: | spent 0.369 milliseconds in whack Sep 21 07:25:35.296144: | processing signal PLUTO_SIGCHLD Sep 21 07:25:35.296156: | waitpid returned pid 12756 (exited with status 0) Sep 21 07:25:35.296160: | reaped addconn helper child (status 0) Sep 21 07:25:35.296164: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:35.296169: | spent 0.0156 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:35.362744: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:35.362771: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:35.362774: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:35.362777: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:35.362779: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:35.362797: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:35.362806: | Added new connection eastnet-any with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:35.362861: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:25:35.362867: | from whack: got --esp= Sep 21 07:25:35.362904: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:25:35.362908: | counting wild cards for (none) is 15 Sep 21 07:25:35.362912: | counting wild cards for @east is 0 Sep 21 07:25:35.362917: | based upon policy, the connection is a template. Sep 21 07:25:35.362924: | connect_to_host_pair: 192.1.2.23:500 0.0.0.0:500 -> hp@(nil): none Sep 21 07:25:35.362928: | new hp@0x55decdaa09b0 Sep 21 07:25:35.362932: added connection description "eastnet-any" Sep 21 07:25:35.362940: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:35.362951: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...%any===192.0.1.0/24 Sep 21 07:25:35.362957: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:35.362964: | spent 0.214 milliseconds in whack Sep 21 07:25:37.611359: | spent 0.0031 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:37.611390: | *received 828 bytes from 192.1.2.254:500 on eth1 (192.1.2.23:500) Sep 21 07:25:37.611395: | 5a 58 e3 67 94 a9 c8 46 00 00 00 00 00 00 00 00 Sep 21 07:25:37.611398: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:25:37.611400: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:25:37.611402: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:25:37.611404: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:25:37.611406: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:25:37.611408: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:25:37.611411: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:25:37.611413: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:25:37.611415: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:25:37.611417: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:25:37.611420: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:25:37.611422: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:25:37.611424: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:25:37.611427: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:25:37.611429: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:25:37.611431: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:37.611433: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:25:37.611435: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:25:37.611438: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:25:37.611440: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:25:37.611442: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:25:37.611444: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:25:37.611447: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:25:37.611453: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:25:37.611455: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:25:37.611457: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:25:37.611460: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:25:37.611462: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:25:37.611464: | 28 00 01 08 00 0e 00 00 42 db 73 0e 16 bd 95 e0 Sep 21 07:25:37.611466: | f8 91 f3 e6 ff 0e e7 39 29 2c ff c9 c9 b3 1c c0 Sep 21 07:25:37.611469: | a2 f8 2e ff 39 9c 60 2e a2 d4 9e 25 61 c8 72 97 Sep 21 07:25:37.611471: | 6d de da 39 e2 b0 05 b4 0c 15 33 71 72 79 46 2c Sep 21 07:25:37.611473: | 53 8c f2 d2 7d 7c 3a d7 fc 01 4b cc 6f 57 57 32 Sep 21 07:25:37.611475: | 62 f3 e2 a2 26 ff 33 c1 ba 0a e7 26 5f a3 87 a5 Sep 21 07:25:37.611477: | 5c 32 2c 44 2e 10 31 5e c1 a4 b6 64 1b 8a 0b 3d Sep 21 07:25:37.611480: | d4 43 4c 92 a1 d6 da fb 14 97 9b d6 ce 53 28 93 Sep 21 07:25:37.611482: | 68 fb 4a a0 8b d1 05 e2 86 2a ad b9 32 f5 71 5b Sep 21 07:25:37.611484: | 0e 85 71 10 85 3a 27 fb f1 f5 f7 d0 1b 6e fa 7c Sep 21 07:25:37.611486: | 4f c8 3f 0f 1b 9f c9 39 b4 19 c1 eb ca 80 74 aa Sep 21 07:25:37.611489: | 83 7d e2 ff ce 3d 4d e9 c7 fa ab 8e 93 05 b8 fa Sep 21 07:25:37.611491: | 47 6d f0 e3 55 2a 14 c8 9f 9a 0f 12 69 9c 72 2c Sep 21 07:25:37.611493: | c7 ed 0c 08 af dd e2 bb 20 ba 27 fd f6 86 d9 86 Sep 21 07:25:37.611496: | ed 2b cd 78 53 8c a1 99 ae 34 8d e3 25 4c b8 c4 Sep 21 07:25:37.611498: | 21 fd bc 9f df fc d6 ae c3 db 89 96 3f 85 69 c1 Sep 21 07:25:37.611500: | 62 63 04 4e 24 e4 fe 32 29 00 00 24 9d d3 65 d3 Sep 21 07:25:37.611502: | 98 00 0f 89 7e f3 9d d9 72 82 9f 2e ed 87 c7 ea Sep 21 07:25:37.611504: | 2e ef 75 70 f5 80 f7 f0 f2 4a 65 7f 29 00 00 08 Sep 21 07:25:37.611507: | 00 00 40 2e 29 00 00 1c 00 00 40 04 28 bc 11 5d Sep 21 07:25:37.611509: | ae dd 63 42 38 71 27 58 ab 6d ea 55 ca 43 4a 90 Sep 21 07:25:37.611511: | 00 00 00 1c 00 00 40 05 71 15 a2 88 30 c1 43 85 Sep 21 07:25:37.611513: | df f8 cc f0 f2 01 fe f7 75 90 15 a0 Sep 21 07:25:37.611521: | start processing: from 192.1.2.254:500 (in process_md() at demux.c:378) Sep 21 07:25:37.611524: | **parse ISAKMP Message: Sep 21 07:25:37.611527: | initiator cookie: Sep 21 07:25:37.611530: | 5a 58 e3 67 94 a9 c8 46 Sep 21 07:25:37.611532: | responder cookie: Sep 21 07:25:37.611534: | 00 00 00 00 00 00 00 00 Sep 21 07:25:37.611537: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:37.611539: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:37.611542: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:37.611544: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:37.611547: | Message ID: 0 (0x0) Sep 21 07:25:37.611549: | length: 828 (0x33c) Sep 21 07:25:37.611552: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:25:37.611559: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Sep 21 07:25:37.611563: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Sep 21 07:25:37.611566: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:37.611569: | ***parse IKEv2 Security Association Payload: Sep 21 07:25:37.611572: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:25:37.611574: | flags: none (0x0) Sep 21 07:25:37.611577: | length: 436 (0x1b4) Sep 21 07:25:37.611579: | processing payload: ISAKMP_NEXT_v2SA (len=432) Sep 21 07:25:37.611581: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:25:37.611584: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:25:37.611587: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:25:37.611589: | flags: none (0x0) Sep 21 07:25:37.611591: | length: 264 (0x108) Sep 21 07:25:37.611594: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:37.611596: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:25:37.611601: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:25:37.611604: | ***parse IKEv2 Nonce Payload: Sep 21 07:25:37.611606: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:37.611609: | flags: none (0x0) Sep 21 07:25:37.611611: | length: 36 (0x24) Sep 21 07:25:37.611613: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:25:37.611615: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:37.611618: | ***parse IKEv2 Notify Payload: Sep 21 07:25:37.611620: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:37.611623: | flags: none (0x0) Sep 21 07:25:37.611625: | length: 8 (0x8) Sep 21 07:25:37.611627: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:37.611630: | SPI size: 0 (0x0) Sep 21 07:25:37.611633: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:37.611635: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:25:37.611637: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:37.611640: | ***parse IKEv2 Notify Payload: Sep 21 07:25:37.611642: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:37.611644: | flags: none (0x0) Sep 21 07:25:37.611647: | length: 28 (0x1c) Sep 21 07:25:37.611649: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:37.611651: | SPI size: 0 (0x0) Sep 21 07:25:37.611654: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:37.611656: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:25:37.611658: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:37.611661: | ***parse IKEv2 Notify Payload: Sep 21 07:25:37.611663: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.611666: | flags: none (0x0) Sep 21 07:25:37.611668: | length: 28 (0x1c) Sep 21 07:25:37.611670: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:37.611672: | SPI size: 0 (0x0) Sep 21 07:25:37.611675: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:37.611677: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:25:37.611680: | DDOS disabled and no cookie sent, continuing Sep 21 07:25:37.611686: | find_host_connection local=192.1.2.23:500 remote=192.1.2.254:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Sep 21 07:25:37.611689: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Sep 21 07:25:37.611692: | find_next_host_connection returns empty Sep 21 07:25:37.611696: | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports Sep 21 07:25:37.611702: | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports Sep 21 07:25:37.611705: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Sep 21 07:25:37.611708: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (eastnet-any) Sep 21 07:25:37.611711: | find_next_host_connection returns empty Sep 21 07:25:37.611715: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW Sep 21 07:25:37.611720: | find_host_connection local=192.1.2.23:500 remote=192.1.2.254:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports Sep 21 07:25:37.611723: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:25:37.611725: | find_next_host_connection returns empty Sep 21 07:25:37.611729: | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports Sep 21 07:25:37.611734: | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports Sep 21 07:25:37.611736: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:25:37.611739: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (eastnet-any) Sep 21 07:25:37.611741: | find_next_host_connection returns empty Sep 21 07:25:37.611745: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW Sep 21 07:25:37.611750: | find_host_connection local=192.1.2.23:500 remote=192.1.2.254:500 policy=PSK+IKEV2_ALLOW but ignoring ports Sep 21 07:25:37.611755: | find_next_host_connection policy=PSK+IKEV2_ALLOW Sep 21 07:25:37.611758: | find_next_host_connection returns empty Sep 21 07:25:37.611761: | find_host_connection local=192.1.2.23:500 remote= policy=PSK+IKEV2_ALLOW but ignoring ports Sep 21 07:25:37.611766: | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports Sep 21 07:25:37.611769: | find_next_host_connection policy=PSK+IKEV2_ALLOW Sep 21 07:25:37.611772: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (eastnet-any) Sep 21 07:25:37.611774: | find_next_host_connection returns eastnet-any Sep 21 07:25:37.611777: | find_next_host_connection policy=PSK+IKEV2_ALLOW Sep 21 07:25:37.611779: | find_next_host_connection returns empty Sep 21 07:25:37.611781: | rw_instantiate Sep 21 07:25:37.611795: | connect_to_host_pair: 192.1.2.23:500 192.1.2.254:500 -> hp@(nil): none Sep 21 07:25:37.611802: | new hp@0x55decda66e20 Sep 21 07:25:37.611809: | rw_instantiate() instantiated "eastnet-any"[1] 192.1.2.254 for 192.1.2.254 Sep 21 07:25:37.611813: | found connection: eastnet-any[1] 192.1.2.254 with policy PSK+IKEV2_ALLOW Sep 21 07:25:37.611817: | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports Sep 21 07:25:37.611843: | creating state object #1 at 0x55decdad7ce0 Sep 21 07:25:37.611847: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:25:37.611855: | pstats #1 ikev2.ike started Sep 21 07:25:37.611858: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:25:37.611861: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Sep 21 07:25:37.611867: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:37.611876: | start processing: state #1 connection "eastnet-any"[1] 192.1.2.254 from 192.1.2.254:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:37.611880: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:37.611885: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.2.254 from 192.1.2.254:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:37.611888: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:25:37.611892: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 Sep 21 07:25:37.611897: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:25:37.611900: | #1 in state PARENT_R0: processing SA_INIT request Sep 21 07:25:37.611903: | selected state microcode Respond to IKE_SA_INIT Sep 21 07:25:37.611905: | Now let's proceed with state specific processing Sep 21 07:25:37.611907: | calling processor Respond to IKE_SA_INIT Sep 21 07:25:37.611914: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:25:37.611917: | constructing local IKE proposals for eastnet-any (IKE SA responder matching remote proposals) Sep 21 07:25:37.611925: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:37.611933: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:37.611937: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:37.611943: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:37.611947: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:37.611964: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:37.611969: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:37.611974: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:37.611987: "eastnet-any"[1] 192.1.2.254: constructed local IKE proposals for eastnet-any (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:37.611991: | Comparing remote proposals against IKE responder 4 local proposals Sep 21 07:25:37.611995: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:37.611998: | local proposal 1 type PRF has 2 transforms Sep 21 07:25:37.612000: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:37.612003: | local proposal 1 type DH has 8 transforms Sep 21 07:25:37.612005: | local proposal 1 type ESN has 0 transforms Sep 21 07:25:37.612008: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:25:37.612011: | local proposal 2 type ENCR has 1 transforms Sep 21 07:25:37.612014: | local proposal 2 type PRF has 2 transforms Sep 21 07:25:37.612016: | local proposal 2 type INTEG has 1 transforms Sep 21 07:25:37.612018: | local proposal 2 type DH has 8 transforms Sep 21 07:25:37.612020: | local proposal 2 type ESN has 0 transforms Sep 21 07:25:37.612023: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:25:37.612026: | local proposal 3 type ENCR has 1 transforms Sep 21 07:25:37.612028: | local proposal 3 type PRF has 2 transforms Sep 21 07:25:37.612030: | local proposal 3 type INTEG has 2 transforms Sep 21 07:25:37.612033: | local proposal 3 type DH has 8 transforms Sep 21 07:25:37.612035: | local proposal 3 type ESN has 0 transforms Sep 21 07:25:37.612038: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:25:37.612041: | local proposal 4 type ENCR has 1 transforms Sep 21 07:25:37.612043: | local proposal 4 type PRF has 2 transforms Sep 21 07:25:37.612046: | local proposal 4 type INTEG has 2 transforms Sep 21 07:25:37.612048: | local proposal 4 type DH has 8 transforms Sep 21 07:25:37.612050: | local proposal 4 type ESN has 0 transforms Sep 21 07:25:37.612053: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:25:37.612056: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.612059: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:37.612061: | length: 100 (0x64) Sep 21 07:25:37.612063: | prop #: 1 (0x1) Sep 21 07:25:37.612066: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:37.612068: | spi size: 0 (0x0) Sep 21 07:25:37.612070: | # transforms: 11 (0xb) Sep 21 07:25:37.612074: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals Sep 21 07:25:37.612077: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612080: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612082: | length: 12 (0xc) Sep 21 07:25:37.612085: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.612087: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:37.612094: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.612097: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.612100: | length/value: 256 (0x100) Sep 21 07:25:37.612104: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:37.612107: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612109: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612112: | length: 8 (0x8) Sep 21 07:25:37.612114: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:37.612116: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:37.612120: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:25:37.612123: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0 Sep 21 07:25:37.612126: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0 Sep 21 07:25:37.612129: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0 Sep 21 07:25:37.612132: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612134: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612136: | length: 8 (0x8) Sep 21 07:25:37.612139: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:37.612141: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:37.612144: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612147: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612149: | length: 8 (0x8) Sep 21 07:25:37.612151: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612154: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:37.612157: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:25:37.612160: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Sep 21 07:25:37.612163: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Sep 21 07:25:37.612166: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Sep 21 07:25:37.612169: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612171: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612173: | length: 8 (0x8) Sep 21 07:25:37.612176: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612178: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:37.612181: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612183: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612186: | length: 8 (0x8) Sep 21 07:25:37.612188: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612190: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:37.612193: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612195: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612198: | length: 8 (0x8) Sep 21 07:25:37.612200: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612202: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:37.612205: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612207: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612210: | length: 8 (0x8) Sep 21 07:25:37.612212: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612215: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:37.612217: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612220: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612222: | length: 8 (0x8) Sep 21 07:25:37.612224: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612226: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:37.612229: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612234: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612236: | length: 8 (0x8) Sep 21 07:25:37.612239: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612241: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:37.612244: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612246: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.612249: | length: 8 (0x8) Sep 21 07:25:37.612251: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612253: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:37.612257: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:25:37.612262: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:25:37.612264: | remote proposal 1 matches local proposal 1 Sep 21 07:25:37.612267: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.612269: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:37.612272: | length: 100 (0x64) Sep 21 07:25:37.612274: | prop #: 2 (0x2) Sep 21 07:25:37.612276: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:37.612278: | spi size: 0 (0x0) Sep 21 07:25:37.612281: | # transforms: 11 (0xb) Sep 21 07:25:37.612284: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:37.612450: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612454: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612456: | length: 12 (0xc) Sep 21 07:25:37.612458: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.612461: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:37.612463: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.612466: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.612468: | length/value: 128 (0x80) Sep 21 07:25:37.612471: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612474: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612476: | length: 8 (0x8) Sep 21 07:25:37.612478: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:37.612481: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:37.612484: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612486: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612488: | length: 8 (0x8) Sep 21 07:25:37.612491: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:37.612493: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:37.612496: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612498: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612500: | length: 8 (0x8) Sep 21 07:25:37.612503: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612505: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:37.612508: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612510: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612513: | length: 8 (0x8) Sep 21 07:25:37.612515: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612517: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:37.612520: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612522: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612524: | length: 8 (0x8) Sep 21 07:25:37.612527: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612529: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:37.612532: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612534: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612537: | length: 8 (0x8) Sep 21 07:25:37.612539: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612541: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:37.612549: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612552: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612554: | length: 8 (0x8) Sep 21 07:25:37.612557: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612559: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:37.612562: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612564: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612566: | length: 8 (0x8) Sep 21 07:25:37.612568: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612571: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:37.612574: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612576: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612578: | length: 8 (0x8) Sep 21 07:25:37.612581: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612583: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:37.612586: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612588: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.612594: | length: 8 (0x8) Sep 21 07:25:37.612597: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612599: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:37.612603: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH Sep 21 07:25:37.612606: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH Sep 21 07:25:37.612609: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.612611: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:37.612613: | length: 116 (0x74) Sep 21 07:25:37.612616: | prop #: 3 (0x3) Sep 21 07:25:37.612618: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:37.612620: | spi size: 0 (0x0) Sep 21 07:25:37.612622: | # transforms: 13 (0xd) Sep 21 07:25:37.612626: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:37.612628: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612631: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612633: | length: 12 (0xc) Sep 21 07:25:37.612635: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.612638: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:37.612640: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.612643: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.612645: | length/value: 256 (0x100) Sep 21 07:25:37.612648: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612650: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612653: | length: 8 (0x8) Sep 21 07:25:37.612655: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:37.612657: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:37.612660: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612662: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612665: | length: 8 (0x8) Sep 21 07:25:37.612667: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:37.612669: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:37.612672: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612674: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612677: | length: 8 (0x8) Sep 21 07:25:37.612679: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:37.612681: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:37.612684: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612687: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612689: | length: 8 (0x8) Sep 21 07:25:37.612691: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:37.612693: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:37.612696: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612700: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612703: | length: 8 (0x8) Sep 21 07:25:37.612705: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612707: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:37.612710: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612712: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612715: | length: 8 (0x8) Sep 21 07:25:37.612717: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612720: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:37.612722: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612725: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612727: | length: 8 (0x8) Sep 21 07:25:37.612729: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612731: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:37.612734: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612736: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612739: | length: 8 (0x8) Sep 21 07:25:37.612741: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612743: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:37.612746: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612748: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612751: | length: 8 (0x8) Sep 21 07:25:37.612753: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612755: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:37.612758: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612760: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612763: | length: 8 (0x8) Sep 21 07:25:37.612765: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612767: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:37.612770: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612772: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612774: | length: 8 (0x8) Sep 21 07:25:37.612777: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612779: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:37.612782: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612790: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.612793: | length: 8 (0x8) Sep 21 07:25:37.612795: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612798: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:37.612801: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Sep 21 07:25:37.612804: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Sep 21 07:25:37.612807: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.612809: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:37.612811: | length: 116 (0x74) Sep 21 07:25:37.612813: | prop #: 4 (0x4) Sep 21 07:25:37.612816: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:37.612818: | spi size: 0 (0x0) Sep 21 07:25:37.612820: | # transforms: 13 (0xd) Sep 21 07:25:37.612823: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:37.612826: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612829: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612831: | length: 12 (0xc) Sep 21 07:25:37.612833: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.612835: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:37.612838: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.612840: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.612842: | length/value: 128 (0x80) Sep 21 07:25:37.612845: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612848: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612852: | length: 8 (0x8) Sep 21 07:25:37.612854: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:37.612856: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:37.612859: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612862: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612864: | length: 8 (0x8) Sep 21 07:25:37.612866: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:37.612869: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:37.612871: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612874: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612876: | length: 8 (0x8) Sep 21 07:25:37.612878: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:37.612880: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:37.612883: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612885: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612888: | length: 8 (0x8) Sep 21 07:25:37.612890: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:37.612892: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:37.612895: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612898: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612900: | length: 8 (0x8) Sep 21 07:25:37.612902: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612905: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:37.612907: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612909: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612912: | length: 8 (0x8) Sep 21 07:25:37.612914: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612916: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:37.612919: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612921: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612923: | length: 8 (0x8) Sep 21 07:25:37.612926: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612928: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:37.612931: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612933: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612936: | length: 8 (0x8) Sep 21 07:25:37.612938: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612940: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:37.612943: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612945: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612948: | length: 8 (0x8) Sep 21 07:25:37.612950: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612952: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:37.612955: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612957: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612960: | length: 8 (0x8) Sep 21 07:25:37.612962: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612964: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:37.612967: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612969: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.612972: | length: 8 (0x8) Sep 21 07:25:37.612974: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612976: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:37.612979: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.612981: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.612983: | length: 8 (0x8) Sep 21 07:25:37.612986: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.612988: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:37.612992: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Sep 21 07:25:37.612995: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Sep 21 07:25:37.613003: "eastnet-any"[1] 192.1.2.254 #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 Sep 21 07:25:37.613008: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 Sep 21 07:25:37.613010: | converting proposal to internal trans attrs Sep 21 07:25:37.613015: | natd_hash: rcookie is zero Sep 21 07:25:37.613030: | natd_hash: hasher=0x55decd46f7a0(20) Sep 21 07:25:37.613034: | natd_hash: icookie= 5a 58 e3 67 94 a9 c8 46 Sep 21 07:25:37.613036: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:37.613039: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:37.613041: | natd_hash: port= 01 f4 Sep 21 07:25:37.613043: | natd_hash: hash= 71 15 a2 88 30 c1 43 85 df f8 cc f0 f2 01 fe f7 Sep 21 07:25:37.613045: | natd_hash: hash= 75 90 15 a0 Sep 21 07:25:37.613047: | natd_hash: rcookie is zero Sep 21 07:25:37.613055: | natd_hash: hasher=0x55decd46f7a0(20) Sep 21 07:25:37.613058: | natd_hash: icookie= 5a 58 e3 67 94 a9 c8 46 Sep 21 07:25:37.613060: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:37.613063: | natd_hash: ip= c0 01 02 fe Sep 21 07:25:37.613065: | natd_hash: port= 01 f4 Sep 21 07:25:37.613067: | natd_hash: hash= fc d9 21 42 4f ce 4c 2c 80 ce 62 12 9c d4 e0 94 Sep 21 07:25:37.613069: | natd_hash: hash= 6f c7 30 d7 Sep 21 07:25:37.613072: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:25:37.613074: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:25:37.613077: | NAT_TRAVERSAL that end is behind NAT 192.1.2.254 Sep 21 07:25:37.613080: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.254 Sep 21 07:25:37.613086: | adding ikev2_inI1outR1 KE work-order 1 for state #1 Sep 21 07:25:37.613090: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55decdad9e50 Sep 21 07:25:37.613093: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:25:37.613097: | libevent_malloc: new ptr-libevent@0x55decdad9e90 size 128 Sep 21 07:25:37.613109: | #1 spent 1.03 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() Sep 21 07:25:37.613114: | crypto helper 0 resuming Sep 21 07:25:37.613117: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.2.254 from 192.1.2.254:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:37.613128: | crypto helper 0 starting work-order 1 for state #1 Sep 21 07:25:37.613135: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Sep 21 07:25:37.613145: | crypto helper 0 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 Sep 21 07:25:37.613147: | suspending state #1 and saving MD Sep 21 07:25:37.613151: | #1 is busy; has a suspended MD Sep 21 07:25:37.613157: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.2.254 from 192.1.2.254:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:37.613162: | "eastnet-any"[1] 192.1.2.254 #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:37.613168: | stop processing: state #1 connection "eastnet-any"[1] 192.1.2.254 from 192.1.2.254:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:37.613173: | #1 spent 1.62 milliseconds in ikev2_process_packet() Sep 21 07:25:37.613180: | stop processing: from 192.1.2.254:500 (in process_md() at demux.c:380) Sep 21 07:25:37.613183: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:37.613186: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:37.613190: | spent 1.64 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:37.614118: | crypto helper 0 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.000974 seconds Sep 21 07:25:37.614130: | (#1) spent 0.98 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) Sep 21 07:25:37.614133: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Sep 21 07:25:37.614136: | scheduling resume sending helper answer for #1 Sep 21 07:25:37.614140: | libevent_malloc: new ptr-libevent@0x7f4064006900 size 128 Sep 21 07:25:37.614147: | crypto helper 0 waiting (nothing to do) Sep 21 07:25:37.614157: | processing resume sending helper answer for #1 Sep 21 07:25:37.614167: | start processing: state #1 connection "eastnet-any"[1] 192.1.2.254 from 192.1.2.254:500 (in resume_handler() at server.c:797) Sep 21 07:25:37.614172: | crypto helper 0 replies to request ID 1 Sep 21 07:25:37.614174: | calling continuation function 0x55decd399630 Sep 21 07:25:37.614177: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 Sep 21 07:25:37.614209: | **emit ISAKMP Message: Sep 21 07:25:37.614212: | initiator cookie: Sep 21 07:25:37.614215: | 5a 58 e3 67 94 a9 c8 46 Sep 21 07:25:37.614217: | responder cookie: Sep 21 07:25:37.614219: | e7 fd 96 9e ef d8 36 47 Sep 21 07:25:37.614222: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:37.614225: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:37.614228: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:37.614230: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:37.614233: | Message ID: 0 (0x0) Sep 21 07:25:37.614235: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:37.614238: | Emitting ikev2_proposal ... Sep 21 07:25:37.614241: | ***emit IKEv2 Security Association Payload: Sep 21 07:25:37.614244: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.614246: | flags: none (0x0) Sep 21 07:25:37.614249: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:37.614252: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.614255: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.614258: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:37.614260: | prop #: 1 (0x1) Sep 21 07:25:37.614263: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:37.614265: | spi size: 0 (0x0) Sep 21 07:25:37.614267: | # transforms: 3 (0x3) Sep 21 07:25:37.614270: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:37.614273: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.614275: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.614278: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.614280: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:37.614283: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.614286: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.614289: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.614298: | length/value: 256 (0x100) Sep 21 07:25:37.614302: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:37.614305: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.614307: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.614309: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:37.614314: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:37.614317: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.614320: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.614323: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.614325: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.614328: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.614330: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:37.614333: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:37.614336: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.614338: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.614341: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.614343: | emitting length of IKEv2 Proposal Substructure Payload: 36 Sep 21 07:25:37.614346: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:37.614351: | emitting length of IKEv2 Security Association Payload: 40 Sep 21 07:25:37.614354: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:37.614357: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:25:37.614360: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.614362: | flags: none (0x0) Sep 21 07:25:37.614365: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:37.614368: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:25:37.614371: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.614374: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:25:37.614377: | ikev2 g^x e8 73 94 38 5c 14 b5 f5 d3 2b 8f 8e 59 a7 be 26 Sep 21 07:25:37.614379: | ikev2 g^x 53 dd 5c 8b 01 d7 db ff b8 4c fb 09 6f 83 6f a0 Sep 21 07:25:37.614381: | ikev2 g^x 60 2f b9 a2 df 02 ae 98 29 79 1e 1b c5 c2 4e ba Sep 21 07:25:37.614384: | ikev2 g^x 2a 23 c6 e8 8b e4 21 c3 00 6e ec 73 32 e9 3d d8 Sep 21 07:25:37.614386: | ikev2 g^x 13 49 01 9e 65 fb 5d d6 c6 6a 8f 0b fb bf 7c f7 Sep 21 07:25:37.614388: | ikev2 g^x 68 96 7e 21 3a b4 ef c8 aa ea 7a c1 3a c1 07 f4 Sep 21 07:25:37.614390: | ikev2 g^x 2d 54 79 37 0e 3b 83 7f 2c 65 30 02 f9 d9 5b b1 Sep 21 07:25:37.614393: | ikev2 g^x 50 16 22 0c 25 95 95 7c c7 47 d5 60 b4 a7 bf 29 Sep 21 07:25:37.614395: | ikev2 g^x 13 e4 ca 8b 2a 20 1f c7 7b 2d 13 bb 4a 11 53 62 Sep 21 07:25:37.614397: | ikev2 g^x 7c 3c ce b6 17 a1 e3 eb 2a eb 46 61 90 26 85 91 Sep 21 07:25:37.614400: | ikev2 g^x ef e3 56 64 84 7a cc 06 d5 48 f0 83 42 52 24 05 Sep 21 07:25:37.614402: | ikev2 g^x 4f e5 7f ec ef 3d df 8c 59 21 5e 33 95 68 a8 55 Sep 21 07:25:37.614404: | ikev2 g^x 4e c3 2c 73 e4 0a 89 c8 ee 83 eb 54 97 c5 62 ba Sep 21 07:25:37.614406: | ikev2 g^x cf 47 b8 fe 7b 26 ca 57 9a 9d 4c 40 f7 ef 64 9d Sep 21 07:25:37.614408: | ikev2 g^x f3 68 de f4 e8 cc 2f bb 39 ad 28 a4 ed 51 7d 55 Sep 21 07:25:37.614411: | ikev2 g^x dc 1d 97 a8 80 cd f8 89 28 db 44 66 85 e8 8b 18 Sep 21 07:25:37.614413: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:25:37.614416: | ***emit IKEv2 Nonce Payload: Sep 21 07:25:37.614418: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:37.614420: | flags: none (0x0) Sep 21 07:25:37.614423: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:25:37.614430: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:25:37.614433: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.614436: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:25:37.614438: | IKEv2 nonce e4 65 9a f3 98 62 e3 4e 25 34 1f 3d 27 73 fb 0c Sep 21 07:25:37.614441: | IKEv2 nonce 02 9c cd 28 a5 a8 60 82 51 01 01 51 8f b4 49 f1 Sep 21 07:25:37.614443: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:25:37.614446: | Adding a v2N Payload Sep 21 07:25:37.614448: | ***emit IKEv2 Notify Payload: Sep 21 07:25:37.614451: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.614453: | flags: none (0x0) Sep 21 07:25:37.614456: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:37.614458: | SPI size: 0 (0x0) Sep 21 07:25:37.614461: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:37.614464: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:37.614467: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.614469: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:25:37.614472: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:25:37.614484: | natd_hash: hasher=0x55decd46f7a0(20) Sep 21 07:25:37.614488: | natd_hash: icookie= 5a 58 e3 67 94 a9 c8 46 Sep 21 07:25:37.614490: | natd_hash: rcookie= e7 fd 96 9e ef d8 36 47 Sep 21 07:25:37.614492: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:37.614494: | natd_hash: port= 01 f4 Sep 21 07:25:37.614497: | natd_hash: hash= 0f 9d 47 9e bf 53 8b 20 4d 40 0a 0e 4b 41 e4 42 Sep 21 07:25:37.614499: | natd_hash: hash= 08 bd 3a 05 Sep 21 07:25:37.614501: | Adding a v2N Payload Sep 21 07:25:37.614504: | ***emit IKEv2 Notify Payload: Sep 21 07:25:37.614506: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.614508: | flags: none (0x0) Sep 21 07:25:37.614511: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:37.614513: | SPI size: 0 (0x0) Sep 21 07:25:37.614515: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:37.614518: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:37.614521: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.614524: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:37.614527: | Notify data 0f 9d 47 9e bf 53 8b 20 4d 40 0a 0e 4b 41 e4 42 Sep 21 07:25:37.614529: | Notify data 08 bd 3a 05 Sep 21 07:25:37.614531: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:37.614539: | natd_hash: hasher=0x55decd46f7a0(20) Sep 21 07:25:37.614541: | natd_hash: icookie= 5a 58 e3 67 94 a9 c8 46 Sep 21 07:25:37.614544: | natd_hash: rcookie= e7 fd 96 9e ef d8 36 47 Sep 21 07:25:37.614546: | natd_hash: ip= c0 01 02 fe Sep 21 07:25:37.614548: | natd_hash: port= 01 f4 Sep 21 07:25:37.614550: | natd_hash: hash= 7f 79 0f 8b 08 65 b5 32 03 91 41 3f 18 f7 07 ba Sep 21 07:25:37.614552: | natd_hash: hash= a7 f8 74 b6 Sep 21 07:25:37.614554: | Adding a v2N Payload Sep 21 07:25:37.614557: | ***emit IKEv2 Notify Payload: Sep 21 07:25:37.614559: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.614562: | flags: none (0x0) Sep 21 07:25:37.614564: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:37.614566: | SPI size: 0 (0x0) Sep 21 07:25:37.614569: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:37.614572: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:37.614574: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.614579: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:37.614582: | Notify data 7f 79 0f 8b 08 65 b5 32 03 91 41 3f 18 f7 07 ba Sep 21 07:25:37.614584: | Notify data a7 f8 74 b6 Sep 21 07:25:37.614586: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:37.614588: | emitting length of ISAKMP Message: 432 Sep 21 07:25:37.614596: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.2.254 from 192.1.2.254:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:37.614600: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Sep 21 07:25:37.614602: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 Sep 21 07:25:37.614606: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Sep 21 07:25:37.614609: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:25:37.614614: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:25:37.614618: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:37.614624: "eastnet-any"[1] 192.1.2.254 #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:25:37.614629: | sending V2 new request packet to 192.1.2.254:500 (from 192.1.2.23:500) Sep 21 07:25:37.614635: | sending 432 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.254:500 (using #1) Sep 21 07:25:37.614638: | 5a 58 e3 67 94 a9 c8 46 e7 fd 96 9e ef d8 36 47 Sep 21 07:25:37.614640: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Sep 21 07:25:37.614642: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:25:37.614644: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:25:37.614647: | 04 00 00 0e 28 00 01 08 00 0e 00 00 e8 73 94 38 Sep 21 07:25:37.614649: | 5c 14 b5 f5 d3 2b 8f 8e 59 a7 be 26 53 dd 5c 8b Sep 21 07:25:37.614651: | 01 d7 db ff b8 4c fb 09 6f 83 6f a0 60 2f b9 a2 Sep 21 07:25:37.614653: | df 02 ae 98 29 79 1e 1b c5 c2 4e ba 2a 23 c6 e8 Sep 21 07:25:37.614655: | 8b e4 21 c3 00 6e ec 73 32 e9 3d d8 13 49 01 9e Sep 21 07:25:37.614658: | 65 fb 5d d6 c6 6a 8f 0b fb bf 7c f7 68 96 7e 21 Sep 21 07:25:37.614660: | 3a b4 ef c8 aa ea 7a c1 3a c1 07 f4 2d 54 79 37 Sep 21 07:25:37.614662: | 0e 3b 83 7f 2c 65 30 02 f9 d9 5b b1 50 16 22 0c Sep 21 07:25:37.614664: | 25 95 95 7c c7 47 d5 60 b4 a7 bf 29 13 e4 ca 8b Sep 21 07:25:37.614666: | 2a 20 1f c7 7b 2d 13 bb 4a 11 53 62 7c 3c ce b6 Sep 21 07:25:37.614669: | 17 a1 e3 eb 2a eb 46 61 90 26 85 91 ef e3 56 64 Sep 21 07:25:37.614671: | 84 7a cc 06 d5 48 f0 83 42 52 24 05 4f e5 7f ec Sep 21 07:25:37.614673: | ef 3d df 8c 59 21 5e 33 95 68 a8 55 4e c3 2c 73 Sep 21 07:25:37.614676: | e4 0a 89 c8 ee 83 eb 54 97 c5 62 ba cf 47 b8 fe Sep 21 07:25:37.614678: | 7b 26 ca 57 9a 9d 4c 40 f7 ef 64 9d f3 68 de f4 Sep 21 07:25:37.614680: | e8 cc 2f bb 39 ad 28 a4 ed 51 7d 55 dc 1d 97 a8 Sep 21 07:25:37.614682: | 80 cd f8 89 28 db 44 66 85 e8 8b 18 29 00 00 24 Sep 21 07:25:37.614684: | e4 65 9a f3 98 62 e3 4e 25 34 1f 3d 27 73 fb 0c Sep 21 07:25:37.614687: | 02 9c cd 28 a5 a8 60 82 51 01 01 51 8f b4 49 f1 Sep 21 07:25:37.614689: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:25:37.614691: | 0f 9d 47 9e bf 53 8b 20 4d 40 0a 0e 4b 41 e4 42 Sep 21 07:25:37.614693: | 08 bd 3a 05 00 00 00 1c 00 00 40 05 7f 79 0f 8b Sep 21 07:25:37.614695: | 08 65 b5 32 03 91 41 3f 18 f7 07 ba a7 f8 74 b6 Sep 21 07:25:37.614739: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:37.614744: | libevent_free: release ptr-libevent@0x55decdad9e90 Sep 21 07:25:37.614747: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55decdad9e50 Sep 21 07:25:37.614752: | event_schedule: new EVENT_SO_DISCARD-pe@0x55decdad9e50 Sep 21 07:25:37.614756: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Sep 21 07:25:37.614759: | libevent_malloc: new ptr-libevent@0x55decdad9e90 size 128 Sep 21 07:25:37.614763: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:25:37.614769: | #1 spent 0.562 milliseconds in resume sending helper answer Sep 21 07:25:37.614775: | stop processing: state #1 connection "eastnet-any"[1] 192.1.2.254 from 192.1.2.254:500 (in resume_handler() at server.c:833) Sep 21 07:25:37.614778: | libevent_free: release ptr-libevent@0x7f4064006900 Sep 21 07:25:37.618109: | spent 0.00297 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:37.618130: | *received 365 bytes from 192.1.2.254:4500 on eth1 (192.1.2.23:4500) Sep 21 07:25:37.618134: | 5a 58 e3 67 94 a9 c8 46 e7 fd 96 9e ef d8 36 47 Sep 21 07:25:37.618137: | 2e 20 23 08 00 00 00 01 00 00 01 6d 23 00 01 51 Sep 21 07:25:37.618139: | 47 48 c7 63 b2 95 8b 75 f6 18 fd 08 c1 94 98 59 Sep 21 07:25:37.618142: | ec 2a 83 99 ad 29 85 5b 45 6a 84 9c 94 80 a7 9d Sep 21 07:25:37.618144: | 71 0d 23 86 23 b0 2d ae df 14 4e 32 6a 9a 49 c2 Sep 21 07:25:37.618146: | ec 5a f6 dc 56 cb 23 55 20 b4 a5 b3 41 dd db 07 Sep 21 07:25:37.618148: | e5 09 fe ea 41 74 07 13 90 f4 39 f4 91 b5 ee d7 Sep 21 07:25:37.618151: | e3 5c 10 22 df 39 5c af e1 73 5a e3 3a 50 71 da Sep 21 07:25:37.618153: | 31 c4 49 b5 2e 65 8d ea 56 5b ee 81 b9 f7 5a 44 Sep 21 07:25:37.618155: | 08 3f 2f 89 dd b8 c7 4a 87 d3 cc 5a c0 c5 c8 00 Sep 21 07:25:37.618157: | 77 da 6e 9e dc 03 10 67 e0 87 f2 ec 13 50 56 87 Sep 21 07:25:37.618159: | a7 79 81 8d 40 36 f3 6e 5b c8 30 54 4f 56 e1 7d Sep 21 07:25:37.618162: | c7 18 2d 50 3c 43 a0 ae c7 fa 08 f8 b3 f2 41 63 Sep 21 07:25:37.618164: | 68 5a 9c a4 0a a0 3e 92 9a 63 af b7 38 23 1e 5c Sep 21 07:25:37.618166: | 8e 01 c1 8d 1c 12 15 1e 83 43 cd b3 e5 e8 c7 90 Sep 21 07:25:37.618168: | 37 ed 46 20 e8 ad 04 37 9a ef 24 91 e7 b6 9f 5e Sep 21 07:25:37.618171: | 83 f0 b2 c8 27 6b 20 09 75 4d 2d f9 4b f6 f5 fe Sep 21 07:25:37.618173: | d1 cf 21 f6 90 1b ae 83 57 d1 d0 1d 7c b9 28 cf Sep 21 07:25:37.618175: | e8 8d af e0 1e 3d da ae 8a b7 97 52 ac a9 a8 c7 Sep 21 07:25:37.618177: | e6 c3 4c 58 37 5e a2 88 bd 50 3d 88 ea b6 1c da Sep 21 07:25:37.618180: | 63 d1 cd 79 c8 13 c2 c7 cf 79 e9 7b 74 ec ab 8e Sep 21 07:25:37.618182: | 9f b4 aa 19 3e 20 8e 09 5b 2c bc fa a9 54 c9 4d Sep 21 07:25:37.618184: | 40 4f 73 08 83 12 bc 0e 66 6f 7d e2 b4 Sep 21 07:25:37.618189: | start processing: from 192.1.2.254:4500 (in process_md() at demux.c:378) Sep 21 07:25:37.618193: | **parse ISAKMP Message: Sep 21 07:25:37.618196: | initiator cookie: Sep 21 07:25:37.618198: | 5a 58 e3 67 94 a9 c8 46 Sep 21 07:25:37.618200: | responder cookie: Sep 21 07:25:37.618202: | e7 fd 96 9e ef d8 36 47 Sep 21 07:25:37.618205: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:37.618208: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:37.618210: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:37.618213: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:37.618216: | Message ID: 1 (0x1) Sep 21 07:25:37.618218: | length: 365 (0x16d) Sep 21 07:25:37.618221: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:25:37.618224: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Sep 21 07:25:37.618228: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Sep 21 07:25:37.618236: | start processing: state #1 connection "eastnet-any"[1] 192.1.2.254 from 192.1.2.254:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:37.618240: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:37.618246: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.2.254 from 192.1.2.254:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:37.618252: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:25:37.618256: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 Sep 21 07:25:37.618258: | unpacking clear payload Sep 21 07:25:37.618261: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:37.618264: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:37.618266: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:25:37.618269: | flags: none (0x0) Sep 21 07:25:37.618271: | length: 337 (0x151) Sep 21 07:25:37.618274: | processing payload: ISAKMP_NEXT_v2SK (len=333) Sep 21 07:25:37.618278: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:25:37.618281: | #1 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:25:37.618284: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Sep 21 07:25:37.618287: | Now let's proceed with state specific processing Sep 21 07:25:37.618289: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Sep 21 07:25:37.618292: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 Sep 21 07:25:37.618296: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:25:37.618300: | adding ikev2_inI2outR2 KE work-order 2 for state #1 Sep 21 07:25:37.618303: | state #1 requesting EVENT_SO_DISCARD to be deleted Sep 21 07:25:37.618306: | libevent_free: release ptr-libevent@0x55decdad9e90 Sep 21 07:25:37.618309: | free_event_entry: release EVENT_SO_DISCARD-pe@0x55decdad9e50 Sep 21 07:25:37.618312: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55decdad9e50 Sep 21 07:25:37.618316: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:25:37.618318: | libevent_malloc: new ptr-libevent@0x55decdad9e90 size 128 Sep 21 07:25:37.618329: | #1 spent 0.0349 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() Sep 21 07:25:37.618334: | crypto helper 2 resuming Sep 21 07:25:37.618336: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.2.254 from 192.1.2.254:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:37.618357: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND Sep 21 07:25:37.618360: | suspending state #1 and saving MD Sep 21 07:25:37.618363: | #1 is busy; has a suspended MD Sep 21 07:25:37.618369: | [RE]START processing: state #1 connection "eastnet-any"[1] 192.1.2.254 from 192.1.2.254:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:37.618374: | "eastnet-any"[1] 192.1.2.254 #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:37.618379: | stop processing: state #1 connection "eastnet-any"[1] 192.1.2.254 from 192.1.2.254:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:37.618384: | #1 spent 0.257 milliseconds in ikev2_process_packet() Sep 21 07:25:37.618389: | stop processing: from 192.1.2.254:4500 (in process_md() at demux.c:380) Sep 21 07:25:37.618392: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:37.618394: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:37.618398: | spent 0.271 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:37.618348: | crypto helper 2 starting work-order 2 for state #1 Sep 21 07:25:37.618410: | crypto helper 2 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 Sep 21 07:25:37.619468: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:25:37.619922: | crypto helper 2 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.001512 seconds Sep 21 07:25:37.619933: | (#1) spent 1.36 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr) Sep 21 07:25:37.619940: | crypto helper 2 sending results from work-order 2 for state #1 to event queue Sep 21 07:25:37.619943: | scheduling resume sending helper answer for #1 Sep 21 07:25:37.619946: | libevent_malloc: new ptr-libevent@0x7f405c006b90 size 128 Sep 21 07:25:37.619953: | crypto helper 2 waiting (nothing to do) Sep 21 07:25:37.620101: | processing resume sending helper answer for #1 Sep 21 07:25:37.620110: | start processing: state #1 connection "eastnet-any"[1] 192.1.2.254 from 192.1.2.254:500 (in resume_handler() at server.c:797) Sep 21 07:25:37.620115: | crypto helper 2 replies to request ID 2 Sep 21 07:25:37.620118: | calling continuation function 0x55decd399630 Sep 21 07:25:37.620121: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2 Sep 21 07:25:37.620124: | #1 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:25:37.620138: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:25:37.620141: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Sep 21 07:25:37.620145: | **parse IKEv2 Identification - Initiator - Payload: Sep 21 07:25:37.620148: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:25:37.620150: | flags: none (0x0) Sep 21 07:25:37.620153: | length: 12 (0xc) Sep 21 07:25:37.620155: | ID type: ID_IPV4_ADDR (0x1) Sep 21 07:25:37.620158: | processing payload: ISAKMP_NEXT_v2IDi (len=4) Sep 21 07:25:37.620160: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:25:37.620163: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:25:37.620165: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:25:37.620167: | flags: none (0x0) Sep 21 07:25:37.620170: | length: 12 (0xc) Sep 21 07:25:37.620172: | ID type: ID_FQDN (0x2) Sep 21 07:25:37.620174: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Sep 21 07:25:37.620177: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:25:37.620179: | **parse IKEv2 Authentication Payload: Sep 21 07:25:37.620182: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:37.620185: | flags: none (0x0) Sep 21 07:25:37.620187: | length: 72 (0x48) Sep 21 07:25:37.620189: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:25:37.620192: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Sep 21 07:25:37.620194: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:37.620196: | **parse IKEv2 Security Association Payload: Sep 21 07:25:37.620199: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:25:37.620201: | flags: none (0x0) Sep 21 07:25:37.620203: | length: 164 (0xa4) Sep 21 07:25:37.620206: | processing payload: ISAKMP_NEXT_v2SA (len=160) Sep 21 07:25:37.620208: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:25:37.620211: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:37.620213: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:25:37.620215: | flags: none (0x0) Sep 21 07:25:37.620218: | length: 24 (0x18) Sep 21 07:25:37.620220: | number of TS: 1 (0x1) Sep 21 07:25:37.620222: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:25:37.620225: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:25:37.620227: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:37.620230: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.620232: | flags: none (0x0) Sep 21 07:25:37.620234: | length: 24 (0x18) Sep 21 07:25:37.620236: | number of TS: 1 (0x1) Sep 21 07:25:37.620238: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:25:37.620245: | selected state microcode Responder: process IKE_AUTH request Sep 21 07:25:37.620247: | Now let's proceed with state specific processing Sep 21 07:25:37.620250: | calling processor Responder: process IKE_AUTH request Sep 21 07:25:37.620257: "eastnet-any"[1] 192.1.2.254 #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} Sep 21 07:25:37.620264: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:4500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:25:37.620268: | parsing 4 raw bytes of IKEv2 Identification - Initiator - Payload into peer ID Sep 21 07:25:37.620273: | peer ID c0 01 03 d1 Sep 21 07:25:37.620276: | received IDr payload - extracting our alleged ID Sep 21 07:25:37.620280: | refine_host_connection for IKEv2: starting with "eastnet-any"[1] 192.1.2.254 Sep 21 07:25:37.620285: | match_id a=192.1.3.209 Sep 21 07:25:37.620288: | b=192.1.2.254 Sep 21 07:25:37.620291: | results fail Sep 21 07:25:37.620296: | refine_host_connection: checking "eastnet-any"[1] 192.1.2.254 against "eastnet-any"[1] 192.1.2.254, best=(none) with match=0(id=0(0)/ca=1(0)/reqca=1(0)) Sep 21 07:25:37.620299: | Warning: not switching back to template of current instance Sep 21 07:25:37.620302: | Peer expects us to be @east (ID_FQDN) according to its IDr payload Sep 21 07:25:37.620305: | This connection's local id is @east (ID_FQDN) Sep 21 07:25:37.620308: | skipping because peer_id does not match Sep 21 07:25:37.620310: | refine going into 2nd loop allowing instantiated conns as well Sep 21 07:25:37.620315: | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports Sep 21 07:25:37.620319: | match_id a=192.1.3.209 Sep 21 07:25:37.620322: | b=(none) Sep 21 07:25:37.620324: | results matched Sep 21 07:25:37.620329: | refine_host_connection: checking "eastnet-any"[1] 192.1.2.254 against "eastnet-any", best=(none) with match=1(id=1(15)/ca=1(0)/reqca=1(0)) Sep 21 07:25:37.620331: | Warning: not switching back to template of current instance Sep 21 07:25:37.620334: | Peer expects us to be @east (ID_FQDN) according to its IDr payload Sep 21 07:25:37.620336: | This connection's local id is @east (ID_FQDN) Sep 21 07:25:37.620340: | refine_host_connection: checked eastnet-any[1] 192.1.2.254 against eastnet-any, now for see if best Sep 21 07:25:37.620344: | started looking for secret for @east->(none) of kind PKK_PSK Sep 21 07:25:37.620347: | instantiating him to %ANYADDR Sep 21 07:25:37.620350: | actually looking for secret for @east->%any of kind PKK_PSK Sep 21 07:25:37.620353: | line 1: key type PKK_PSK(@east) to type PKK_PSK Sep 21 07:25:37.620357: | 1: compared key %any to @east / %any -> 002 Sep 21 07:25:37.620361: | 2: compared key @east to @east / %any -> 012 Sep 21 07:25:37.620363: | line 1: match=012 Sep 21 07:25:37.620366: | match 012 beats previous best_match 000 match=0x55decdac9590 (line=1) Sep 21 07:25:37.620368: | concluding with best_match=012 best=0x55decdac9590 (lineno=1) Sep 21 07:25:37.620371: | refine_host_connection: picking new best "eastnet-any" (wild=15, peer_pathlen=0/our=0) Sep 21 07:25:37.620374: | returning since no better match than original best_found Sep 21 07:25:37.620379: "eastnet-any"[1] 192.1.2.254 #1: switched from "eastnet-any"[1] 192.1.2.254 to "eastnet-any" Sep 21 07:25:37.620383: | match_id a=192.1.3.209 Sep 21 07:25:37.620386: | b=(none) Sep 21 07:25:37.620388: | results matched Sep 21 07:25:37.620395: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.254:500 but ignoring ports Sep 21 07:25:37.620400: | connect_to_host_pair: 192.1.2.23:500 192.1.2.254:500 -> hp@0x55decda66e20: eastnet-any Sep 21 07:25:37.620404: | rw_instantiate() instantiated "eastnet-any"[2] 192.1.2.254 for 192.1.2.254 Sep 21 07:25:37.620410: | in connection_discard for connection eastnet-any Sep 21 07:25:37.620412: | connection is instance Sep 21 07:25:37.620414: | not in pending use Sep 21 07:25:37.620417: | State DB: state not found (connection_discard) Sep 21 07:25:37.620419: | no states use this connection instance, deleting Sep 21 07:25:37.620424: | start processing: connection "eastnet-any"[1] 192.1.2.254 (BACKGROUND) (in delete_connection() at connections.c:189) Sep 21 07:25:37.620430: "eastnet-any"[2] 192.1.2.254 #1: deleting connection "eastnet-any"[1] 192.1.2.254 instance with peer 192.1.2.254 {isakmp=#0/ipsec=#0} Sep 21 07:25:37.620433: | Deleting states for connection - not including other IPsec SA's Sep 21 07:25:37.620435: | pass 0 Sep 21 07:25:37.620437: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:37.620441: | state #1 Sep 21 07:25:37.620444: | pass 1 Sep 21 07:25:37.620446: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:37.620448: | state #1 Sep 21 07:25:37.620452: | flush revival: connection 'eastnet-any' wasn't on the list Sep 21 07:25:37.620456: | stop processing: connection "eastnet-any"[1] 192.1.2.254 (BACKGROUND) (in discard_connection() at connections.c:249) Sep 21 07:25:37.620460: | retrying ikev2_decode_peer_id_and_certs() with new conn Sep 21 07:25:37.620463: | parsing 4 raw bytes of IKEv2 Identification - Initiator - Payload into peer ID Sep 21 07:25:37.620465: | peer ID c0 01 03 d1 Sep 21 07:25:37.620467: | received IDr payload - extracting our alleged ID Sep 21 07:25:37.620471: | refine_host_connection for IKEv2: starting with "eastnet-any"[2] 192.1.2.254 Sep 21 07:25:37.620475: | match_id a=192.1.3.209 Sep 21 07:25:37.620478: | b=192.1.3.209 Sep 21 07:25:37.620480: | results matched Sep 21 07:25:37.620486: | refine_host_connection: checking "eastnet-any"[2] 192.1.2.254 against "eastnet-any"[2] 192.1.2.254, best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) Sep 21 07:25:37.620489: | Warning: not switching back to template of current instance Sep 21 07:25:37.620491: | Peer expects us to be @east (ID_FQDN) according to its IDr payload Sep 21 07:25:37.620494: | This connection's local id is @east (ID_FQDN) Sep 21 07:25:37.620499: | refine_host_connection: checked eastnet-any[2] 192.1.2.254 against eastnet-any[2] 192.1.2.254, now for see if best Sep 21 07:25:37.620503: | started looking for secret for @east->192.1.3.209 of kind PKK_PSK Sep 21 07:25:37.620506: | actually looking for secret for @east->192.1.3.209 of kind PKK_PSK Sep 21 07:25:37.620509: | line 1: key type PKK_PSK(@east) to type PKK_PSK Sep 21 07:25:37.620513: | 1: compared key %any to @east / 192.1.3.209 -> 002 Sep 21 07:25:37.620518: | 2: compared key @east to @east / 192.1.3.209 -> 012 Sep 21 07:25:37.620520: | line 1: match=012 Sep 21 07:25:37.620523: | match 012 beats previous best_match 000 match=0x55decdac9590 (line=1) Sep 21 07:25:37.620525: | concluding with best_match=012 best=0x55decdac9590 (lineno=1) Sep 21 07:25:37.620528: | returning because exact peer id match Sep 21 07:25:37.620530: | offered CA: '%none' Sep 21 07:25:37.620535: "eastnet-any"[2] 192.1.2.254 #1: IKEv2 mode peer ID is ID_IPV4_ADDR: '192.1.3.209' Sep 21 07:25:37.620554: | verifying AUTH payload Sep 21 07:25:37.620559: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret Sep 21 07:25:37.620563: | started looking for secret for @east->192.1.3.209 of kind PKK_PSK Sep 21 07:25:37.620567: | actually looking for secret for @east->192.1.3.209 of kind PKK_PSK Sep 21 07:25:37.620570: | line 1: key type PKK_PSK(@east) to type PKK_PSK Sep 21 07:25:37.620574: | 1: compared key %any to @east / 192.1.3.209 -> 002 Sep 21 07:25:37.620578: | 2: compared key @east to @east / 192.1.3.209 -> 012 Sep 21 07:25:37.620580: | line 1: match=012 Sep 21 07:25:37.620583: | match 012 beats previous best_match 000 match=0x55decdac9590 (line=1) Sep 21 07:25:37.620585: | concluding with best_match=012 best=0x55decdac9590 (lineno=1) Sep 21 07:25:37.620651: "eastnet-any"[2] 192.1.2.254 #1: Authenticated using authby=secret Sep 21 07:25:37.620658: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) Sep 21 07:25:37.620662: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Sep 21 07:25:37.620665: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:37.620668: | libevent_free: release ptr-libevent@0x55decdad9e90 Sep 21 07:25:37.620671: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55decdad9e50 Sep 21 07:25:37.620674: | event_schedule: new EVENT_SA_REKEY-pe@0x55decdad9e50 Sep 21 07:25:37.620677: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 Sep 21 07:25:37.620680: | libevent_malloc: new ptr-libevent@0x55decdad9e90 size 128 Sep 21 07:25:37.620950: | pstats #1 ikev2.ike established Sep 21 07:25:37.620965: | **emit ISAKMP Message: Sep 21 07:25:37.620968: | initiator cookie: Sep 21 07:25:37.620971: | 5a 58 e3 67 94 a9 c8 46 Sep 21 07:25:37.620973: | responder cookie: Sep 21 07:25:37.620975: | e7 fd 96 9e ef d8 36 47 Sep 21 07:25:37.620978: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:37.620981: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:37.620983: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:37.620986: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:37.620988: | Message ID: 1 (0x1) Sep 21 07:25:37.620991: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:37.620994: | IKEv2 CERT: send a certificate? Sep 21 07:25:37.620997: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Sep 21 07:25:37.621000: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:37.621002: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.621005: | flags: none (0x0) Sep 21 07:25:37.621008: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:37.621011: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.621014: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:37.621021: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:25:37.621037: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:25:37.621040: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.621043: | flags: none (0x0) Sep 21 07:25:37.621045: | ID type: ID_FQDN (0x2) Sep 21 07:25:37.621049: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:25:37.621052: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.621055: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload Sep 21 07:25:37.621057: | my identity 65 61 73 74 Sep 21 07:25:37.621060: | emitting length of IKEv2 Identification - Responder - Payload: 12 Sep 21 07:25:37.621069: | assembled IDr payload Sep 21 07:25:37.621071: | CHILD SA proposals received Sep 21 07:25:37.621074: | going to assemble AUTH payload Sep 21 07:25:37.621076: | ****emit IKEv2 Authentication Payload: Sep 21 07:25:37.621079: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:37.621081: | flags: none (0x0) Sep 21 07:25:37.621084: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:25:37.621087: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Sep 21 07:25:37.621090: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:25:37.621096: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.621100: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret Sep 21 07:25:37.621105: | started looking for secret for @east->192.1.3.209 of kind PKK_PSK Sep 21 07:25:37.621108: | actually looking for secret for @east->192.1.3.209 of kind PKK_PSK Sep 21 07:25:37.621111: | line 1: key type PKK_PSK(@east) to type PKK_PSK Sep 21 07:25:37.621116: | 1: compared key %any to @east / 192.1.3.209 -> 002 Sep 21 07:25:37.621120: | 2: compared key @east to @east / 192.1.3.209 -> 012 Sep 21 07:25:37.621123: | line 1: match=012 Sep 21 07:25:37.621125: | match 012 beats previous best_match 000 match=0x55decdac9590 (line=1) Sep 21 07:25:37.621128: | concluding with best_match=012 best=0x55decdac9590 (lineno=1) Sep 21 07:25:37.621188: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Sep 21 07:25:37.621193: | PSK auth c8 5d a6 b1 aa d1 ec f9 af 69 91 d9 f4 d6 bf e6 Sep 21 07:25:37.621198: | PSK auth 32 3e d2 98 ab 3e 5d e9 f1 8e 79 bd 7c 1e 2f a1 Sep 21 07:25:37.621200: | PSK auth 05 db 3d f7 cf 44 49 29 21 e7 cd ba da 03 b8 ed Sep 21 07:25:37.621202: | PSK auth b5 19 9f 77 a9 0c b4 d7 07 53 41 e6 46 ad fe e1 Sep 21 07:25:37.621205: | emitting length of IKEv2 Authentication Payload: 72 Sep 21 07:25:37.621209: | creating state object #2 at 0x55decdad87a0 Sep 21 07:25:37.621212: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:25:37.621215: | pstats #2 ikev2.child started Sep 21 07:25:37.621220: | duplicating state object #1 "eastnet-any"[2] 192.1.2.254 as #2 for IPSEC SA Sep 21 07:25:37.621224: | #2 setting local endpoint to 192.1.2.23:4500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:25:37.621231: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:37.621236: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 Sep 21 07:25:37.621241: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 Sep 21 07:25:37.621244: | Child SA TS Request has ike->sa == md->st; so using parent connection Sep 21 07:25:37.621247: | TSi: parsing 1 traffic selectors Sep 21 07:25:37.621249: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:37.621252: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:37.621254: | IP Protocol ID: 0 (0x0) Sep 21 07:25:37.621257: | length: 16 (0x10) Sep 21 07:25:37.621259: | start port: 0 (0x0) Sep 21 07:25:37.621261: | end port: 65535 (0xffff) Sep 21 07:25:37.621264: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:37.621267: | TS low c0 00 01 00 Sep 21 07:25:37.621269: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:37.621272: | TS high c0 00 01 ff Sep 21 07:25:37.621274: | TSi: parsed 1 traffic selectors Sep 21 07:25:37.621276: | TSr: parsing 1 traffic selectors Sep 21 07:25:37.621279: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:37.621281: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:37.621283: | IP Protocol ID: 0 (0x0) Sep 21 07:25:37.621285: | length: 16 (0x10) Sep 21 07:25:37.621288: | start port: 0 (0x0) Sep 21 07:25:37.621290: | end port: 65535 (0xffff) Sep 21 07:25:37.621292: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:37.621295: | TS low c0 00 02 00 Sep 21 07:25:37.621297: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:37.621299: | TS high c0 00 02 ff Sep 21 07:25:37.621302: | TSr: parsed 1 traffic selectors Sep 21 07:25:37.621304: | looking for best SPD in current connection Sep 21 07:25:37.621311: | evaluating our conn="eastnet-any"[2] 192.1.2.254 I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:25:37.621316: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:37.621323: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Sep 21 07:25:37.621326: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:37.621329: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:37.621332: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:37.621335: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:37.621340: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:37.621346: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:25:37.621348: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:25:37.621351: | TSr[0] port match: YES fitness 65536 Sep 21 07:25:37.621354: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:25:37.621357: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:37.621362: | best fit so far: TSi[0] TSr[0] Sep 21 07:25:37.621365: | found better spd route for TSi[0],TSr[0] Sep 21 07:25:37.621367: | looking for better host pair Sep 21 07:25:37.621372: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.254:500 but ignoring ports Sep 21 07:25:37.621377: | checking hostpair 192.0.2.0/24:0 -> 192.0.1.0/24:0 is found Sep 21 07:25:37.621379: | investigating connection "eastnet-any" as a better match Sep 21 07:25:37.621383: | match_id a=192.1.3.209 Sep 21 07:25:37.621386: | b=192.1.3.209 Sep 21 07:25:37.621388: | results matched Sep 21 07:25:37.621397: | evaluating our conn="eastnet-any"[2] 192.1.2.254 I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:25:37.621404: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:37.621410: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Sep 21 07:25:37.621413: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:37.621416: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:37.621419: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:37.621423: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:37.621428: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:37.621435: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:25:37.621438: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:25:37.621440: | TSr[0] port match: YES fitness 65536 Sep 21 07:25:37.621443: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:25:37.621447: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:37.621450: | best fit so far: TSi[0] TSr[0] Sep 21 07:25:37.621453: | did not find a better connection using host pair Sep 21 07:25:37.621455: | printing contents struct traffic_selector Sep 21 07:25:37.621458: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Sep 21 07:25:37.621460: | ipprotoid: 0 Sep 21 07:25:37.621462: | port range: 0-65535 Sep 21 07:25:37.621466: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:25:37.621468: | printing contents struct traffic_selector Sep 21 07:25:37.621470: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Sep 21 07:25:37.621472: | ipprotoid: 0 Sep 21 07:25:37.621476: | port range: 0-65535 Sep 21 07:25:37.621482: | ip range: 192.0.1.0-192.0.1.255 Sep 21 07:25:37.621487: | constructing ESP/AH proposals with all DH removed for eastnet-any (IKE_AUTH responder matching remote ESP/AH proposals) Sep 21 07:25:37.621495: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:25:37.621500: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:25:37.621503: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:25:37.621507: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:25:37.621510: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:37.621515: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:37.621518: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:37.621521: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:37.621531: "eastnet-any"[2] 192.1.2.254: constructed local ESP/AH proposals for eastnet-any (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:37.621535: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals Sep 21 07:25:37.621541: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:37.621544: | local proposal 1 type PRF has 0 transforms Sep 21 07:25:37.621546: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:37.621549: | local proposal 1 type DH has 1 transforms Sep 21 07:25:37.621551: | local proposal 1 type ESN has 1 transforms Sep 21 07:25:37.621554: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:25:37.621557: | local proposal 2 type ENCR has 1 transforms Sep 21 07:25:37.621559: | local proposal 2 type PRF has 0 transforms Sep 21 07:25:37.621562: | local proposal 2 type INTEG has 1 transforms Sep 21 07:25:37.621564: | local proposal 2 type DH has 1 transforms Sep 21 07:25:37.621566: | local proposal 2 type ESN has 1 transforms Sep 21 07:25:37.621569: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:25:37.621572: | local proposal 3 type ENCR has 1 transforms Sep 21 07:25:37.621574: | local proposal 3 type PRF has 0 transforms Sep 21 07:25:37.621576: | local proposal 3 type INTEG has 2 transforms Sep 21 07:25:37.621579: | local proposal 3 type DH has 1 transforms Sep 21 07:25:37.621581: | local proposal 3 type ESN has 1 transforms Sep 21 07:25:37.621584: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:25:37.621586: | local proposal 4 type ENCR has 1 transforms Sep 21 07:25:37.621589: | local proposal 4 type PRF has 0 transforms Sep 21 07:25:37.621591: | local proposal 4 type INTEG has 2 transforms Sep 21 07:25:37.621593: | local proposal 4 type DH has 1 transforms Sep 21 07:25:37.621596: | local proposal 4 type ESN has 1 transforms Sep 21 07:25:37.621599: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:25:37.621602: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.621605: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:37.621607: | length: 32 (0x20) Sep 21 07:25:37.621610: | prop #: 1 (0x1) Sep 21 07:25:37.621612: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:37.621614: | spi size: 4 (0x4) Sep 21 07:25:37.621617: | # transforms: 2 (0x2) Sep 21 07:25:37.621620: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:37.621622: | remote SPI 2d b0 a5 45 Sep 21 07:25:37.621625: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals Sep 21 07:25:37.621628: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.621631: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.621634: | length: 12 (0xc) Sep 21 07:25:37.621636: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.621638: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:37.621641: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.621644: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.621646: | length/value: 256 (0x100) Sep 21 07:25:37.621650: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:37.621653: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.621656: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.621658: | length: 8 (0x8) Sep 21 07:25:37.621660: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:37.621663: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:37.621666: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:25:37.621670: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Sep 21 07:25:37.621673: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Sep 21 07:25:37.621676: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Sep 21 07:25:37.621679: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Sep 21 07:25:37.621685: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Sep 21 07:25:37.621688: | remote proposal 1 matches local proposal 1 Sep 21 07:25:37.621691: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.621694: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:37.621696: | length: 32 (0x20) Sep 21 07:25:37.621698: | prop #: 2 (0x2) Sep 21 07:25:37.621700: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:37.621703: | spi size: 4 (0x4) Sep 21 07:25:37.621705: | # transforms: 2 (0x2) Sep 21 07:25:37.621708: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:37.621710: | remote SPI 2d b0 a5 45 Sep 21 07:25:37.621713: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:37.621716: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.621718: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.621721: | length: 12 (0xc) Sep 21 07:25:37.621723: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.621725: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:37.621728: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.621730: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.621733: | length/value: 128 (0x80) Sep 21 07:25:37.621736: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.621738: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.621741: | length: 8 (0x8) Sep 21 07:25:37.621743: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:37.621745: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:37.621749: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN Sep 21 07:25:37.621752: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN Sep 21 07:25:37.621754: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.621757: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:37.621759: | length: 48 (0x30) Sep 21 07:25:37.621761: | prop #: 3 (0x3) Sep 21 07:25:37.621764: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:37.621766: | spi size: 4 (0x4) Sep 21 07:25:37.621768: | # transforms: 4 (0x4) Sep 21 07:25:37.621771: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:37.621773: | remote SPI 2d b0 a5 45 Sep 21 07:25:37.621776: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:37.621779: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.621781: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.621792: | length: 12 (0xc) Sep 21 07:25:37.621795: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.621797: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:37.621800: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.621802: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.621807: | length/value: 256 (0x100) Sep 21 07:25:37.621812: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.621816: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.621819: | length: 8 (0x8) Sep 21 07:25:37.621822: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:37.621825: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:37.621829: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.621831: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.621834: | length: 8 (0x8) Sep 21 07:25:37.621836: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:37.621838: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:37.621841: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.621843: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.621846: | length: 8 (0x8) Sep 21 07:25:37.621848: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:37.621853: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:37.621858: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Sep 21 07:25:37.621862: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN Sep 21 07:25:37.621865: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.621870: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:37.621874: | length: 48 (0x30) Sep 21 07:25:37.621877: | prop #: 4 (0x4) Sep 21 07:25:37.621879: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:37.621882: | spi size: 4 (0x4) Sep 21 07:25:37.621884: | # transforms: 4 (0x4) Sep 21 07:25:37.621887: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:37.621889: | remote SPI 2d b0 a5 45 Sep 21 07:25:37.621892: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:25:37.621895: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.621898: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.621900: | length: 12 (0xc) Sep 21 07:25:37.621903: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.621905: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:37.621908: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.621910: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.621913: | length/value: 128 (0x80) Sep 21 07:25:37.621916: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.621919: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.621921: | length: 8 (0x8) Sep 21 07:25:37.621924: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:37.621926: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:37.621929: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.621932: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.621934: | length: 8 (0x8) Sep 21 07:25:37.621936: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:37.621939: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:37.621942: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:37.621945: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.621947: | length: 8 (0x8) Sep 21 07:25:37.621949: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:37.621952: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:37.621956: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Sep 21 07:25:37.621959: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN Sep 21 07:25:37.621966: "eastnet-any"[2] 192.1.2.254 #1: proposal 1:ESP:SPI=2db0a545;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Sep 21 07:25:37.621971: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=2db0a545;ENCR=AES_GCM_C_256;ESN=DISABLED Sep 21 07:25:37.621974: | converting proposal to internal trans attrs Sep 21 07:25:37.621994: | netlink_get_spi: allocated 0x7568ab41 for esp.0@192.1.2.23 Sep 21 07:25:37.621997: | Emitting ikev2_proposal ... Sep 21 07:25:37.622000: | ****emit IKEv2 Security Association Payload: Sep 21 07:25:37.622003: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.622006: | flags: none (0x0) Sep 21 07:25:37.622009: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:37.622012: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.622015: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:37.622020: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:37.622023: | prop #: 1 (0x1) Sep 21 07:25:37.622026: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:37.622028: | spi size: 4 (0x4) Sep 21 07:25:37.622030: | # transforms: 2 (0x2) Sep 21 07:25:37.622033: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:37.622037: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:37.622039: | our spi 75 68 ab 41 Sep 21 07:25:37.622042: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.622044: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.622047: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:37.622049: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:37.622052: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.622055: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:37.622058: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:37.622061: | length/value: 256 (0x100) Sep 21 07:25:37.622064: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:37.622066: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:37.622069: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:37.622071: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:37.622074: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:37.622077: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:37.622080: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:37.622082: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:37.622085: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:25:37.622088: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:37.622090: | emitting length of IKEv2 Security Association Payload: 36 Sep 21 07:25:37.622093: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:37.622096: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:37.622099: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.622102: | flags: none (0x0) Sep 21 07:25:37.622104: | number of TS: 1 (0x1) Sep 21 07:25:37.622107: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:25:37.622110: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.622113: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:37.622116: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:37.622118: | IP Protocol ID: 0 (0x0) Sep 21 07:25:37.622121: | start port: 0 (0x0) Sep 21 07:25:37.622123: | end port: 65535 (0xffff) Sep 21 07:25:37.622126: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:37.622129: | IP start c0 00 01 00 Sep 21 07:25:37.622132: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:37.622134: | IP end c0 00 01 ff Sep 21 07:25:37.622137: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:37.622139: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:25:37.622142: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:37.622144: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:37.622147: | flags: none (0x0) Sep 21 07:25:37.622149: | number of TS: 1 (0x1) Sep 21 07:25:37.622152: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:25:37.622159: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:37.622162: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:37.622165: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:37.622167: | IP Protocol ID: 0 (0x0) Sep 21 07:25:37.622170: | start port: 0 (0x0) Sep 21 07:25:37.622172: | end port: 65535 (0xffff) Sep 21 07:25:37.622175: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:37.622177: | IP start c0 00 02 00 Sep 21 07:25:37.622180: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:37.622182: | IP end c0 00 02 ff Sep 21 07:25:37.622185: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:37.622187: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:25:37.622190: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:25:37.622193: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:25:37.622371: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Sep 21 07:25:37.622379: | #1 spent 1.95 milliseconds Sep 21 07:25:37.622383: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:25:37.622385: | could_route called for eastnet-any (kind=CK_INSTANCE) Sep 21 07:25:37.622388: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:37.622391: | conn eastnet-any mark 0/00000000, 0/00000000 vs Sep 21 07:25:37.622394: | conn eastnet-any mark 0/00000000, 0/00000000 Sep 21 07:25:37.622397: | conn eastnet-any mark 0/00000000, 0/00000000 vs Sep 21 07:25:37.622399: | conn eastnet-any mark 0/00000000, 0/00000000 Sep 21 07:25:37.622407: | route owner of "eastnet-any"[2] 192.1.2.254 unrouted: NULL; eroute owner: NULL Sep 21 07:25:37.622411: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:25:37.622414: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:25:37.622417: | AES_GCM_16 requires 4 salt bytes Sep 21 07:25:37.622420: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:25:37.622423: | setting IPsec SA replay-window to 32 Sep 21 07:25:37.622427: | NIC esp-hw-offload not for connection 'eastnet-any' not available on interface eth1 Sep 21 07:25:37.622430: | netlink: enabling tunnel mode Sep 21 07:25:37.622432: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:37.622435: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:37.622520: | netlink response for Add SA esp.2db0a545@192.1.2.254 included non-error error Sep 21 07:25:37.622524: | set up outgoing SA, ref=0/0 Sep 21 07:25:37.622528: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:25:37.622531: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:25:37.622533: | AES_GCM_16 requires 4 salt bytes Sep 21 07:25:37.622536: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:25:37.622540: | setting IPsec SA replay-window to 32 Sep 21 07:25:37.622542: | NIC esp-hw-offload not for connection 'eastnet-any' not available on interface eth1 Sep 21 07:25:37.622545: | netlink: enabling tunnel mode Sep 21 07:25:37.622547: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:37.622550: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:37.622918: | netlink response for Add SA esp.7568ab41@192.1.2.23 included non-error error Sep 21 07:25:37.622928: | priority calculation of connection "eastnet-any" is 0xfe7e7 Sep 21 07:25:37.622937: | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Sep 21 07:25:37.622941: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:37.622993: | raw_eroute result=success Sep 21 07:25:37.622998: | set up incoming SA, ref=0/0 Sep 21 07:25:37.623003: | sr for #2: unrouted Sep 21 07:25:37.623007: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:25:37.623009: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:37.623012: | conn eastnet-any mark 0/00000000, 0/00000000 vs Sep 21 07:25:37.623014: | conn eastnet-any mark 0/00000000, 0/00000000 Sep 21 07:25:37.623017: | conn eastnet-any mark 0/00000000, 0/00000000 vs Sep 21 07:25:37.623020: | conn eastnet-any mark 0/00000000, 0/00000000 Sep 21 07:25:37.623025: | route owner of "eastnet-any"[2] 192.1.2.254 unrouted: NULL; eroute owner: NULL Sep 21 07:25:37.623028: | route_and_eroute with c: eastnet-any (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:25:37.623032: | priority calculation of connection "eastnet-any" is 0xfe7e7 Sep 21 07:25:37.623039: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.254 (raw_eroute) Sep 21 07:25:37.623043: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:37.623066: | raw_eroute result=success Sep 21 07:25:37.623070: | running updown command "ipsec _updown" for verb up Sep 21 07:25:37.623073: | command executing up-client Sep 21 07:25:37.623100: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16396' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.254' PLUTO_PEER_ID='192.1.3.209' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2db0a545 Sep 21 07:25:37.623104: | popen cmd is 1034 chars long Sep 21 07:25:37.623107: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' PLUTO_: Sep 21 07:25:37.623110: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID=: Sep 21 07:25:37.623112: | cmd( 160):'@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_: Sep 21 07:25:37.623115: | cmd( 240):CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQ: Sep 21 07:25:37.623117: | cmd( 320):ID='16396' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.254' PLUTO_PEER_ID='192.1.3.2: Sep 21 07:25:37.623120: | cmd( 400):09' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEE: Sep 21 07:25:37.623122: | cmd( 480):R_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_: Sep 21 07:25:37.623125: | cmd( 560):PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT: Sep 21 07:25:37.623128: | cmd( 640):+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_I: Sep 21 07:25:37.623130: | cmd( 720):NSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLU: Sep 21 07:25:37.623132: | cmd( 800):TO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SER: Sep 21 07:25:37.623135: | cmd( 880):VER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='n: Sep 21 07:25:37.623138: | cmd( 960):o' VTI_SHARED='no' SPI_IN=0x2db0a545 SPI_OUT=0x7568ab41 ipsec _updown 2>&1: Sep 21 07:25:37.688718: | route_and_eroute: firewall_notified: true Sep 21 07:25:37.688737: | running updown command "ipsec _updown" for verb prepare Sep 21 07:25:37.688741: | command executing prepare-client Sep 21 07:25:37.688772: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16396' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.254' PLUTO_PEER_ID='192.1.3.209' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN= Sep 21 07:25:37.688781: | popen cmd is 1039 chars long Sep 21 07:25:37.688806: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' P: Sep 21 07:25:37.688809: | cmd( 80):LUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_M: Sep 21 07:25:37.688811: | cmd( 160):Y_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUT: Sep 21 07:25:37.688813: | cmd( 240):O_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_S: Sep 21 07:25:37.688816: | cmd( 320):A_REQID='16396' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.254' PLUTO_PEER_ID='192.: Sep 21 07:25:37.688818: | cmd( 400):1.3.209' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUT: Sep 21 07:25:37.688820: | cmd( 480):O_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' P: Sep 21 07:25:37.688822: | cmd( 560):LUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+EN: Sep 21 07:25:37.688825: | cmd( 640):CRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND=: Sep 21 07:25:37.688827: | cmd( 720):'CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0: Sep 21 07:25:37.688829: | cmd( 800):' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CF: Sep 21 07:25:37.688831: | cmd( 880):G_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTI: Sep 21 07:25:37.688834: | cmd( 960):NG='no' VTI_SHARED='no' SPI_IN=0x2db0a545 SPI_OUT=0x7568ab41 ipsec _updown 2>&1: Sep 21 07:25:37.731065: | running updown command "ipsec _updown" for verb route Sep 21 07:25:37.731084: | command executing route-client Sep 21 07:25:37.731115: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16396' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.254' PLUTO_PEER_ID='192.1.3.209' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2d Sep 21 07:25:37.731119: | popen cmd is 1037 chars long Sep 21 07:25:37.731122: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' PLU: Sep 21 07:25:37.731125: | cmd( 80):TO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_: Sep 21 07:25:37.731127: | cmd( 160):ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_: Sep 21 07:25:37.731134: | cmd( 240):MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_: Sep 21 07:25:37.731136: | cmd( 320):REQID='16396' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.254' PLUTO_PEER_ID='192.1.: Sep 21 07:25:37.731139: | cmd( 400):3.209' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_: Sep 21 07:25:37.731141: | cmd( 480):PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLU: Sep 21 07:25:37.731143: | cmd( 560):TO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCR: Sep 21 07:25:37.731146: | cmd( 640):YPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='C: Sep 21 07:25:37.731148: | cmd( 720):K_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' : Sep 21 07:25:37.731151: | cmd( 800):PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_: Sep 21 07:25:37.731153: | cmd( 880):SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING: Sep 21 07:25:37.731156: | cmd( 960):='no' VTI_SHARED='no' SPI_IN=0x2db0a545 SPI_OUT=0x7568ab41 ipsec _updown 2>&1: Sep 21 07:25:37.831691: | route_and_eroute: instance "eastnet-any"[2] 192.1.2.254, setting eroute_owner {spd=0x55decdadb3e0,sr=0x55decdadb3e0} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:25:37.831797: | #1 spent 0.967 milliseconds in install_ipsec_sa() Sep 21 07:25:37.831807: | ISAKMP_v2_IKE_AUTH: instance eastnet-any[2], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:25:37.831811: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:37.831815: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:37.831818: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:37.831821: | emitting length of IKEv2 Encryption Payload: 197 Sep 21 07:25:37.831823: | emitting length of ISAKMP Message: 225 Sep 21 07:25:37.831843: | ikev2_parent_inI2outR2_continue_tail returned STF_OK Sep 21 07:25:37.831849: | #1 spent 2.97 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() Sep 21 07:25:37.831858: | suspend processing: state #1 connection "eastnet-any"[2] 192.1.2.254 from 192.1.2.254:4500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:37.831864: | start processing: state #2 connection "eastnet-any"[2] 192.1.2.254 from 192.1.2.254:4500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:37.831869: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK Sep 21 07:25:37.831872: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R Sep 21 07:25:37.831876: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) Sep 21 07:25:37.831879: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:25:37.831885: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 Sep 21 07:25:37.831890: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 Sep 21 07:25:37.831893: | pstats #2 ikev2.child established Sep 21 07:25:37.831902: "eastnet-any"[2] 192.1.2.254 #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] Sep 21 07:25:37.831907: | NAT-T: NAT Traversal detected - their IKE port is '500' Sep 21 07:25:37.831910: | NAT-T: encaps is 'auto' Sep 21 07:25:37.831916: "eastnet-any"[2] 192.1.2.254 #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP/NAT=>0x2db0a545 <0x7568ab41 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=192.1.2.254:4500 DPD=passive} Sep 21 07:25:37.831922: | sending V2 new request packet to 192.1.2.254:4500 (from 192.1.2.23:4500) Sep 21 07:25:37.831936: | sending 229 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:4500 to 192.1.2.254:4500 (using #1) Sep 21 07:25:37.831939: | 00 00 00 00 5a 58 e3 67 94 a9 c8 46 e7 fd 96 9e Sep 21 07:25:37.831942: | ef d8 36 47 2e 20 23 20 00 00 00 01 00 00 00 e1 Sep 21 07:25:37.831944: | 24 00 00 c5 f4 2c 97 f8 06 f3 22 55 9f 8b 87 9f Sep 21 07:25:37.831946: | fe ea 5e af 1a 4c bf c4 bd 06 11 84 78 4a 0b d8 Sep 21 07:25:37.831949: | 29 34 72 aa 12 2c 8d fe 05 f7 3d a5 71 c0 a4 c9 Sep 21 07:25:37.831951: | ed 14 61 b6 74 c1 ce 7a 3a d7 3e e6 0d ca 5c a0 Sep 21 07:25:37.831953: | 74 fa 9e 24 f7 bd 3f c3 10 52 73 51 2a 92 d9 17 Sep 21 07:25:37.831955: | 14 94 9f 23 2f fc 00 28 cc 70 50 7b 11 34 09 4a Sep 21 07:25:37.831957: | 02 ef d0 07 cf b2 92 41 00 ea 10 b2 06 2b 1a cd Sep 21 07:25:37.831960: | 46 05 3c a3 cb b6 d8 ab 05 18 c7 8e 73 e1 49 e7 Sep 21 07:25:37.831962: | eb eb 1e f9 85 b5 b7 f4 61 3d 58 dd fa 81 6a 3d Sep 21 07:25:37.831964: | bc ec 1f 7a 92 9a d1 f0 84 04 2c 1f be 72 ff f2 Sep 21 07:25:37.831966: | 57 58 b3 ed 20 45 20 ad ea 19 44 04 c5 d5 a3 9d Sep 21 07:25:37.831968: | c2 34 c2 9c 55 5c f3 a1 d4 9a 0d f3 4d f7 ca 0f Sep 21 07:25:37.831971: | 05 63 cd d2 10 Sep 21 07:25:37.832012: | releasing whack for #2 (sock=fd@-1) Sep 21 07:25:37.832017: | releasing whack and unpending for parent #1 Sep 21 07:25:37.832021: | unpending state #1 connection "eastnet-any"[2] 192.1.2.254 Sep 21 07:25:37.832026: | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Sep 21 07:25:37.832029: | event_schedule: new EVENT_SA_REKEY-pe@0x7f4064002b20 Sep 21 07:25:37.832033: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 Sep 21 07:25:37.832036: | libevent_malloc: new ptr-libevent@0x55decdaddf90 size 128 Sep 21 07:25:37.832042: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:25:37.832047: | #1 spent 3.28 milliseconds in resume sending helper answer Sep 21 07:25:37.832053: | stop processing: state #2 connection "eastnet-any"[2] 192.1.2.254 from 192.1.2.254:4500 (in resume_handler() at server.c:833) Sep 21 07:25:37.832058: | libevent_free: release ptr-libevent@0x7f405c006b90 Sep 21 07:25:37.832070: | processing signal PLUTO_SIGCHLD Sep 21 07:25:37.832076: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:37.832080: | spent 0.00538 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:37.832083: | processing signal PLUTO_SIGCHLD Sep 21 07:25:37.832086: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:37.832090: | spent 0.00337 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:37.832092: | processing signal PLUTO_SIGCHLD Sep 21 07:25:37.832095: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:37.832099: | spent 0.00356 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:38.534826: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:38.535029: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:38.535034: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:38.535140: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:25:38.535145: | FOR_EACH_STATE_... in sort_states Sep 21 07:25:38.535161: | get_sa_info esp.7568ab41@192.1.2.23 Sep 21 07:25:38.535178: | get_sa_info esp.2db0a545@192.1.2.254 Sep 21 07:25:38.535201: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:38.535209: | spent 0.392 milliseconds in whack Sep 21 07:25:40.421662: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:40.421686: shutting down Sep 21 07:25:40.421697: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:25:40.421701: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:25:40.421708: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:40.421710: forgetting secrets Sep 21 07:25:40.421719: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:40.421726: | start processing: connection "eastnet-any"[2] 192.1.2.254 (in delete_connection() at connections.c:189) Sep 21 07:25:40.421732: "eastnet-any"[2] 192.1.2.254: deleting connection "eastnet-any"[2] 192.1.2.254 instance with peer 192.1.2.254 {isakmp=#1/ipsec=#2} Sep 21 07:25:40.421736: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:25:40.421738: | pass 0 Sep 21 07:25:40.421740: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:40.421743: | state #2 Sep 21 07:25:40.421748: | suspend processing: connection "eastnet-any"[2] 192.1.2.254 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:25:40.421754: | start processing: state #2 connection "eastnet-any"[2] 192.1.2.254 from 192.1.2.254:4500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:25:40.421757: | pstats #2 ikev2.child deleted completed Sep 21 07:25:40.421763: | [RE]START processing: state #2 connection "eastnet-any"[2] 192.1.2.254 from 192.1.2.254:4500 (in delete_state() at state.c:879) Sep 21 07:25:40.421768: "eastnet-any"[2] 192.1.2.254 #2: deleting state (STATE_V2_IPSEC_R) aged 2.800s and sending notification Sep 21 07:25:40.421772: | child state #2: V2_IPSEC_R(established CHILD SA) => delete Sep 21 07:25:40.421777: | get_sa_info esp.2db0a545@192.1.2.254 Sep 21 07:25:40.421795: | get_sa_info esp.7568ab41@192.1.2.23 Sep 21 07:25:40.421807: "eastnet-any"[2] 192.1.2.254 #2: ESP traffic information: in=0B out=0B Sep 21 07:25:40.421812: | #2 send IKEv2 delete notification for STATE_V2_IPSEC_R Sep 21 07:25:40.421815: | Opening output PBS informational exchange delete request Sep 21 07:25:40.421818: | **emit ISAKMP Message: Sep 21 07:25:40.421820: | initiator cookie: Sep 21 07:25:40.421823: | 5a 58 e3 67 94 a9 c8 46 Sep 21 07:25:40.421825: | responder cookie: Sep 21 07:25:40.421827: | e7 fd 96 9e ef d8 36 47 Sep 21 07:25:40.421830: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:40.421833: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:40.421835: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:40.421838: | flags: none (0x0) Sep 21 07:25:40.421840: | Message ID: 0 (0x0) Sep 21 07:25:40.421844: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:40.421847: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:40.421850: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:40.421852: | flags: none (0x0) Sep 21 07:25:40.421855: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:40.421858: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:25:40.421861: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:40.421871: | ****emit IKEv2 Delete Payload: Sep 21 07:25:40.421874: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:40.421876: | flags: none (0x0) Sep 21 07:25:40.421879: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:40.421881: | SPI size: 4 (0x4) Sep 21 07:25:40.421883: | number of SPIs: 1 (0x1) Sep 21 07:25:40.421887: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:25:40.421889: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:25:40.421892: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Sep 21 07:25:40.421895: | local spis 75 68 ab 41 Sep 21 07:25:40.421897: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:25:40.421900: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:40.421903: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:40.421908: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:40.421911: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:25:40.421913: | emitting length of ISAKMP Message: 69 Sep 21 07:25:40.421940: | sending 73 bytes for delete notification through eth1 from 192.1.2.23:4500 to 192.1.2.254:4500 (using #2) Sep 21 07:25:40.421944: | 00 00 00 00 5a 58 e3 67 94 a9 c8 46 e7 fd 96 9e Sep 21 07:25:40.421947: | ef d8 36 47 2e 20 25 00 00 00 00 00 00 00 00 45 Sep 21 07:25:40.421949: | 2a 00 00 29 23 d0 e4 ba c9 0c 37 ea dd 60 a2 79 Sep 21 07:25:40.421951: | 21 8a ba ba a1 f0 64 9d c2 7d 14 83 ef 18 d2 52 Sep 21 07:25:40.421953: | 19 fb c3 86 ee af 05 f3 d0 Sep 21 07:25:40.421997: | Message ID: IKE #1 sender #2 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 Sep 21 07:25:40.422002: | Message ID: IKE #1 sender #2 in send_delete hacking around record ' send Sep 21 07:25:40.422007: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:25:40.422010: | state #2 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:40.422015: | libevent_free: release ptr-libevent@0x55decdaddf90 Sep 21 07:25:40.422018: | free_event_entry: release EVENT_SA_REKEY-pe@0x7f4064002b20 Sep 21 07:25:40.422084: | running updown command "ipsec _updown" for verb down Sep 21 07:25:40.422089: | command executing down-client Sep 21 07:25:40.422118: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16396' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.254' PLUTO_PEER_ID='192.1.3.209' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050737' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP Sep 21 07:25:40.422122: | popen cmd is 1047 chars long Sep 21 07:25:40.422125: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' PLUT: Sep 21 07:25:40.422128: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_I: Sep 21 07:25:40.422131: | cmd( 160):D='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_M: Sep 21 07:25:40.422133: | cmd( 240):Y_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_R: Sep 21 07:25:40.422136: | cmd( 320):EQID='16396' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.254' PLUTO_PEER_ID='192.1.3: Sep 21 07:25:40.422138: | cmd( 400):.209' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_P: Sep 21 07:25:40.422141: | cmd( 480):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Sep 21 07:25:40.422143: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050737' PLUTO_CONN_POLICY=': Sep 21 07:25:40.422146: | cmd( 640):PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN: Sep 21 07:25:40.422148: | cmd( 720):_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_: Sep 21 07:25:40.422151: | cmd( 800):CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' : Sep 21 07:25:40.422153: | cmd( 880):PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' V: Sep 21 07:25:40.422156: | cmd( 960):TI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2db0a545 SPI_OUT=0x7568ab41 ipsec _updo: Sep 21 07:25:40.422160: | cmd(1040):wn 2>&1: Sep 21 07:25:40.434054: | shunt_eroute() called for connection 'eastnet-any' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.1.0/24:0 Sep 21 07:25:40.434076: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.1.0/24:0 Sep 21 07:25:40.434081: | priority calculation of connection "eastnet-any" is 0xfe7e7 Sep 21 07:25:40.434085: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:40.434205: | delete esp.2db0a545@192.1.2.254 Sep 21 07:25:40.434279: | netlink response for Del SA esp.2db0a545@192.1.2.254 included non-error error Sep 21 07:25:40.434285: | priority calculation of connection "eastnet-any" is 0xfe7e7 Sep 21 07:25:40.434293: | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Sep 21 07:25:40.434455: | raw_eroute result=success Sep 21 07:25:40.434462: | delete esp.7568ab41@192.1.2.23 Sep 21 07:25:40.434529: | netlink response for Del SA esp.7568ab41@192.1.2.23 included non-error error Sep 21 07:25:40.434540: | stop processing: connection "eastnet-any"[2] 192.1.2.254 (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:25:40.434544: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:25:40.434547: | in connection_discard for connection eastnet-any Sep 21 07:25:40.434550: | State DB: deleting IKEv2 state #2 in V2_IPSEC_R Sep 21 07:25:40.434554: | child state #2: V2_IPSEC_R(established CHILD SA) => UNDEFINED(ignore) Sep 21 07:25:40.434561: | stop processing: state #2 from 192.1.2.254:4500 (in delete_state() at state.c:1143) Sep 21 07:25:40.434567: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:25:40.434569: | state #1 Sep 21 07:25:40.434572: | pass 1 Sep 21 07:25:40.434574: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:40.434576: | state #1 Sep 21 07:25:40.434582: | start processing: state #1 connection "eastnet-any"[2] 192.1.2.254 from 192.1.2.254:4500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:25:40.434585: | pstats #1 ikev2.ike deleted completed Sep 21 07:25:40.434591: | #1 spent 8.06 milliseconds in total Sep 21 07:25:40.434597: | [RE]START processing: state #1 connection "eastnet-any"[2] 192.1.2.254 from 192.1.2.254:4500 (in delete_state() at state.c:879) Sep 21 07:25:40.434602: "eastnet-any"[2] 192.1.2.254 #1: deleting state (STATE_PARENT_R2) aged 2.822s and sending notification Sep 21 07:25:40.434605: | parent state #1: PARENT_R2(established IKE SA) => delete Sep 21 07:25:40.434708: | #1 send IKEv2 delete notification for STATE_PARENT_R2 Sep 21 07:25:40.434714: | Opening output PBS informational exchange delete request Sep 21 07:25:40.434717: | **emit ISAKMP Message: Sep 21 07:25:40.434720: | initiator cookie: Sep 21 07:25:40.434723: | 5a 58 e3 67 94 a9 c8 46 Sep 21 07:25:40.434725: | responder cookie: Sep 21 07:25:40.434727: | e7 fd 96 9e ef d8 36 47 Sep 21 07:25:40.434730: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:40.434733: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:40.434736: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:40.434738: | flags: none (0x0) Sep 21 07:25:40.434741: | Message ID: 1 (0x1) Sep 21 07:25:40.434744: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:40.434747: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:40.434750: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:40.434752: | flags: none (0x0) Sep 21 07:25:40.434755: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:40.434758: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:25:40.434765: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:40.434775: | ****emit IKEv2 Delete Payload: Sep 21 07:25:40.434778: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:40.434780: | flags: none (0x0) Sep 21 07:25:40.434787: | protocol ID: PROTO_v2_IKE (0x1) Sep 21 07:25:40.434791: | SPI size: 0 (0x0) Sep 21 07:25:40.434794: | number of SPIs: 0 (0x0) Sep 21 07:25:40.434797: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:25:40.434799: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:25:40.434802: | emitting length of IKEv2 Delete Payload: 8 Sep 21 07:25:40.434805: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:40.434808: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:40.434811: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:40.434814: | emitting length of IKEv2 Encryption Payload: 37 Sep 21 07:25:40.434816: | emitting length of ISAKMP Message: 65 Sep 21 07:25:40.434839: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:4500 to 192.1.2.254:4500 (using #1) Sep 21 07:25:40.434843: | 00 00 00 00 5a 58 e3 67 94 a9 c8 46 e7 fd 96 9e Sep 21 07:25:40.434845: | ef d8 36 47 2e 20 25 00 00 00 00 01 00 00 00 41 Sep 21 07:25:40.434848: | 2a 00 00 25 57 08 0b 1f ba 7f d3 14 4d 6b 51 f6 Sep 21 07:25:40.434850: | dd e9 24 db a0 e8 52 1a e1 98 a9 0a c5 58 f4 39 Sep 21 07:25:40.434852: | f2 54 fa cf 4c Sep 21 07:25:40.434896: | Message ID: IKE #1 sender #1 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 Sep 21 07:25:40.434900: | Message ID: IKE #1 sender #1 in send_delete hacking around record ' send Sep 21 07:25:40.434905: | Message ID: #1 XXX: expecting sender.wip.initiator 0 == -1 - suspect record'n'send out-of-order?); initiator.sent=1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=1 wip.responder=-1 Sep 21 07:25:40.434910: | Message ID: sent #1 request 1; ike: initiator.sent=0->1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=0->1 wip.responder=-1 Sep 21 07:25:40.434913: | state #1 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:40.434918: | libevent_free: release ptr-libevent@0x55decdad9e90 Sep 21 07:25:40.434921: | free_event_entry: release EVENT_SA_REKEY-pe@0x55decdad9e50 Sep 21 07:25:40.434924: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:25:40.434928: | in connection_discard for connection eastnet-any Sep 21 07:25:40.434930: | State DB: deleting IKEv2 state #1 in PARENT_R2 Sep 21 07:25:40.434933: | parent state #1: PARENT_R2(established IKE SA) => UNDEFINED(ignore) Sep 21 07:25:40.434951: | stop processing: state #1 from 192.1.2.254:4500 (in delete_state() at state.c:1143) Sep 21 07:25:40.434965: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:25:40.434972: | shunt_eroute() called for connection 'eastnet-any' to 'delete' for rt_kind 'unrouted' using protoports 192.0.2.0/24:0 --0->- 192.0.1.0/24:0 Sep 21 07:25:40.434977: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.1.0/24:0 Sep 21 07:25:40.434980: | priority calculation of connection "eastnet-any" is 0xfe7e7 Sep 21 07:25:40.435060: | priority calculation of connection "eastnet-any" is 0xfe7e7 Sep 21 07:25:40.435073: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:40.435078: | conn eastnet-any mark 0/00000000, 0/00000000 vs Sep 21 07:25:40.435081: | conn eastnet-any mark 0/00000000, 0/00000000 Sep 21 07:25:40.435083: | conn eastnet-any mark 0/00000000, 0/00000000 vs Sep 21 07:25:40.435086: | conn eastnet-any mark 0/00000000, 0/00000000 Sep 21 07:25:40.435090: | route owner of "eastnet-any" unrouted: NULL Sep 21 07:25:40.435093: | running updown command "ipsec _updown" for verb unroute Sep 21 07:25:40.435098: | command executing unroute-client Sep 21 07:25:40.435125: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16396' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.254' PLUTO_PEER_ID='192.1.3.209' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_ Sep 21 07:25:40.435129: | popen cmd is 1028 chars long Sep 21 07:25:40.435132: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='eastnet-any' P: Sep 21 07:25:40.435135: | cmd( 80):LUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_M: Sep 21 07:25:40.435138: | cmd( 160):Y_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUT: Sep 21 07:25:40.435141: | cmd( 240):O_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_S: Sep 21 07:25:40.435143: | cmd( 320):A_REQID='16396' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.254' PLUTO_PEER_ID='192: Sep 21 07:25:40.435146: | cmd( 400):.1.3.209' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLU: Sep 21 07:25:40.435148: | cmd( 480):TO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' : Sep 21 07:25:40.435151: | cmd( 560):PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+E: Sep 21 07:25:40.435153: | cmd( 640):NCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND: Sep 21 07:25:40.435156: | cmd( 720):='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO: Sep 21 07:25:40.435159: | cmd( 800):='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO: Sep 21 07:25:40.435161: | cmd( 880):_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_RO: Sep 21 07:25:40.435164: | cmd( 960):UTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:25:40.502562: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.502611: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.502640: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.502669: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.502698: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.502726: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.502756: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.502789: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.502821: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.502850: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.502878: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.502910: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.502939: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.502968: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.502996: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.503375: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.503410: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.503440: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.503468: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.503497: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.503525: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.503554: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.503583: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.503611: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.503639: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.503669: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.503700: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.503728: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.503756: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.503795: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.503829: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.503859: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.503888: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.503917: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.503945: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.503974: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504004: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504032: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504060: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504088: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504118: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504148: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504176: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504204: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504233: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504261: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504291: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504319: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504348: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504376: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504404: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504434: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504463: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504491: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504520: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504549: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504581: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504610: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504638: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504666: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504695: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504724: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504753: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504786: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504818: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504846: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504877: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504905: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504935: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504964: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.504993: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.505023: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.505052: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.505080: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.505108: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.505136: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.505167: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.505195: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.505223: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.505251: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.505280: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.505310: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.505340: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.505368: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.505398: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.505427: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.505457: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.505485: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.505514: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.505542: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.505570: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.505600: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.505629: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.505657: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.505685: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:40.574077: | free hp@0x55decda66e20 Sep 21 07:25:40.574093: | flush revival: connection 'eastnet-any' wasn't on the list Sep 21 07:25:40.574097: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:25:40.574103: | start processing: connection "eastnet-any" (in delete_connection() at connections.c:189) Sep 21 07:25:40.574106: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:25:40.574109: | pass 0 Sep 21 07:25:40.574112: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:40.574114: | pass 1 Sep 21 07:25:40.574116: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:40.574119: | free hp@0x55decdaa09b0 Sep 21 07:25:40.574122: | flush revival: connection 'eastnet-any' wasn't on the list Sep 21 07:25:40.574125: | stop processing: connection "eastnet-any" (in discard_connection() at connections.c:249) Sep 21 07:25:40.574130: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:25:40.574133: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:25:40.574144: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:25:40.574148: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:25:40.574151: shutting down interface eth0/eth0 192.0.2.254:4500 Sep 21 07:25:40.574160: shutting down interface eth0/eth0 192.0.2.254:500 Sep 21 07:25:40.574164: shutting down interface eth1/eth1 192.1.2.23:4500 Sep 21 07:25:40.574167: shutting down interface eth1/eth1 192.1.2.23:500 Sep 21 07:25:40.574171: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:25:40.574179: | libevent_free: release ptr-libevent@0x55decdad4050 Sep 21 07:25:40.574182: | free_event_entry: release EVENT_NULL-pe@0x55decdabd250 Sep 21 07:25:40.574192: | libevent_free: release ptr-libevent@0x55decdad4140 Sep 21 07:25:40.574195: | free_event_entry: release EVENT_NULL-pe@0x55decdad4100 Sep 21 07:25:40.574201: | libevent_free: release ptr-libevent@0x55decdad4230 Sep 21 07:25:40.574204: | free_event_entry: release EVENT_NULL-pe@0x55decdad41f0 Sep 21 07:25:40.574210: | libevent_free: release ptr-libevent@0x55decdad4320 Sep 21 07:25:40.574213: | free_event_entry: release EVENT_NULL-pe@0x55decdad42e0 Sep 21 07:25:40.574219: | libevent_free: release ptr-libevent@0x55decdad4410 Sep 21 07:25:40.574222: | free_event_entry: release EVENT_NULL-pe@0x55decdad43d0 Sep 21 07:25:40.574227: | libevent_free: release ptr-libevent@0x55decdad4500 Sep 21 07:25:40.574230: | free_event_entry: release EVENT_NULL-pe@0x55decdad44c0 Sep 21 07:25:40.574235: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:25:40.574745: | libevent_free: release ptr-libevent@0x55decdad39b0 Sep 21 07:25:40.574751: | free_event_entry: release EVENT_NULL-pe@0x55decdabc4d0 Sep 21 07:25:40.574755: | libevent_free: release ptr-libevent@0x55decdac9440 Sep 21 07:25:40.574758: | free_event_entry: release EVENT_NULL-pe@0x55decdabc780 Sep 21 07:25:40.574761: | libevent_free: release ptr-libevent@0x55decdac93b0 Sep 21 07:25:40.574764: | free_event_entry: release EVENT_NULL-pe@0x55decdac1ee0 Sep 21 07:25:40.574767: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:25:40.574769: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:25:40.574772: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:25:40.574774: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:25:40.574777: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:25:40.574779: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:25:40.574782: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:25:40.574794: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:25:40.574797: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:25:40.574801: | libevent_free: release ptr-libevent@0x55decdad3a80 Sep 21 07:25:40.574804: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:25:40.574807: | libevent_free: release ptr-libevent@0x55decdad3b60 Sep 21 07:25:40.574809: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:25:40.574812: | libevent_free: release ptr-libevent@0x55decdad3c20 Sep 21 07:25:40.574814: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:25:40.574817: | libevent_free: release ptr-libevent@0x55decdac86b0 Sep 21 07:25:40.574820: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:25:40.574822: | releasing event base Sep 21 07:25:40.574834: | libevent_free: release ptr-libevent@0x55decdad3ce0 Sep 21 07:25:40.574837: | libevent_free: release ptr-libevent@0x55decdaa91c0 Sep 21 07:25:40.574841: | libevent_free: release ptr-libevent@0x55decdab7a60 Sep 21 07:25:40.574843: | libevent_free: release ptr-libevent@0x55decdab7b30 Sep 21 07:25:40.574846: | libevent_free: release ptr-libevent@0x55decdab7a80 Sep 21 07:25:40.574849: | libevent_free: release ptr-libevent@0x55decdad3a40 Sep 21 07:25:40.574851: | libevent_free: release ptr-libevent@0x55decdad3b20 Sep 21 07:25:40.574853: | libevent_free: release ptr-libevent@0x55decdab7b10 Sep 21 07:25:40.574856: | libevent_free: release ptr-libevent@0x55decdab7c70 Sep 21 07:25:40.574858: | libevent_free: release ptr-libevent@0x55decdabc6d0 Sep 21 07:25:40.574860: | libevent_free: release ptr-libevent@0x55decdad4590 Sep 21 07:25:40.574863: | libevent_free: release ptr-libevent@0x55decdad44a0 Sep 21 07:25:40.574865: | libevent_free: release ptr-libevent@0x55decdad43b0 Sep 21 07:25:40.574870: | libevent_free: release ptr-libevent@0x55decdad42c0 Sep 21 07:25:40.574872: | libevent_free: release ptr-libevent@0x55decdad41d0 Sep 21 07:25:40.574875: | libevent_free: release ptr-libevent@0x55decdad40e0 Sep 21 07:25:40.574877: | libevent_free: release ptr-libevent@0x55decda3b370 Sep 21 07:25:40.574879: | libevent_free: release ptr-libevent@0x55decdad3c00 Sep 21 07:25:40.574882: | libevent_free: release ptr-libevent@0x55decdad3b40 Sep 21 07:25:40.574884: | libevent_free: release ptr-libevent@0x55decdad3a60 Sep 21 07:25:40.574886: | libevent_free: release ptr-libevent@0x55decdad3cc0 Sep 21 07:25:40.574889: | libevent_free: release ptr-libevent@0x55decda395b0 Sep 21 07:25:40.574891: | libevent_free: release ptr-libevent@0x55decdab7aa0 Sep 21 07:25:40.574894: | libevent_free: release ptr-libevent@0x55decdab7ad0 Sep 21 07:25:40.574896: | libevent_free: release ptr-libevent@0x55decdab77c0 Sep 21 07:25:40.574898: | releasing global libevent data Sep 21 07:25:40.574901: | libevent_free: release ptr-libevent@0x55decdab6470 Sep 21 07:25:40.574904: | libevent_free: release ptr-libevent@0x55decdab64a0 Sep 21 07:25:40.574907: | libevent_free: release ptr-libevent@0x55decdab7790