Sep 21 07:25:44.349075: FIPS Product: YES Sep 21 07:25:44.349214: FIPS Kernel: NO Sep 21 07:25:44.349217: FIPS Mode: NO Sep 21 07:25:44.349219: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:25:44.349406: Initializing NSS Sep 21 07:25:44.349410: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:25:44.417282: NSS initialized Sep 21 07:25:44.417294: NSS crypto library initialized Sep 21 07:25:44.417296: FIPS HMAC integrity support [enabled] Sep 21 07:25:44.417298: FIPS mode disabled for pluto daemon Sep 21 07:25:44.480680: FIPS HMAC integrity verification self-test FAILED Sep 21 07:25:44.480798: libcap-ng support [enabled] Sep 21 07:25:44.480819: Linux audit support [enabled] Sep 21 07:25:44.480847: Linux audit activated Sep 21 07:25:44.480852: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:18788 Sep 21 07:25:44.480855: core dump dir: /tmp Sep 21 07:25:44.480858: secrets file: /etc/ipsec.secrets Sep 21 07:25:44.480860: leak-detective disabled Sep 21 07:25:44.480861: NSS crypto [enabled] Sep 21 07:25:44.480863: XAUTH PAM support [enabled] Sep 21 07:25:44.481110: | libevent is using pluto's memory allocator Sep 21 07:25:44.481119: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:25:44.481138: | libevent_malloc: new ptr-libevent@0x55a9fd5f1490 size 40 Sep 21 07:25:44.481142: | libevent_malloc: new ptr-libevent@0x55a9fd5f2740 size 40 Sep 21 07:25:44.481145: | libevent_malloc: new ptr-libevent@0x55a9fd5f2770 size 40 Sep 21 07:25:44.481148: | creating event base Sep 21 07:25:44.481151: | libevent_malloc: new ptr-libevent@0x55a9fd5f2700 size 56 Sep 21 07:25:44.481155: | libevent_malloc: new ptr-libevent@0x55a9fd5f27a0 size 664 Sep 21 07:25:44.481167: | libevent_malloc: new ptr-libevent@0x55a9fd5f2a40 size 24 Sep 21 07:25:44.481171: | libevent_malloc: new ptr-libevent@0x55a9fd5e4200 size 384 Sep 21 07:25:44.481183: | libevent_malloc: new ptr-libevent@0x55a9fd5f2a60 size 16 Sep 21 07:25:44.481186: | libevent_malloc: new ptr-libevent@0x55a9fd5f2a80 size 40 Sep 21 07:25:44.481189: | libevent_malloc: new ptr-libevent@0x55a9fd5f2ab0 size 48 Sep 21 07:25:44.481197: | libevent_realloc: new ptr-libevent@0x55a9fd576370 size 256 Sep 21 07:25:44.481200: | libevent_malloc: new ptr-libevent@0x55a9fd5f2af0 size 16 Sep 21 07:25:44.481211: | libevent_free: release ptr-libevent@0x55a9fd5f2700 Sep 21 07:25:44.481215: | libevent initialized Sep 21 07:25:44.481220: | libevent_realloc: new ptr-libevent@0x55a9fd5f2b10 size 64 Sep 21 07:25:44.481223: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:25:44.481242: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:25:44.481245: NAT-Traversal support [enabled] Sep 21 07:25:44.481249: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:25:44.481255: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:25:44.481262: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:25:44.481299: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:25:44.481303: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:25:44.481306: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:25:44.481359: Encryption algorithms: Sep 21 07:25:44.481365: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:25:44.481369: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:25:44.481373: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:25:44.481377: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:25:44.481380: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:25:44.481390: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:25:44.481394: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:25:44.481398: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:25:44.481402: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:25:44.481405: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:25:44.481409: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:25:44.481413: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:25:44.481416: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:25:44.481420: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:25:44.481424: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:25:44.481427: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:25:44.481430: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:25:44.481441: Hash algorithms: Sep 21 07:25:44.481445: MD5 IKEv1: IKE IKEv2: Sep 21 07:25:44.481448: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:25:44.481451: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:25:44.481454: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:25:44.481457: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:25:44.481470: PRF algorithms: Sep 21 07:25:44.481474: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:25:44.481477: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:25:44.481480: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:25:44.481484: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:25:44.481487: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:25:44.481490: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:25:44.481515: Integrity algorithms: Sep 21 07:25:44.481519: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:25:44.481523: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:25:44.481527: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:25:44.481531: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:25:44.481535: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:25:44.481538: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:25:44.481542: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:25:44.481545: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:25:44.481548: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:25:44.481560: DH algorithms: Sep 21 07:25:44.481564: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:25:44.481567: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:25:44.481570: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:25:44.481576: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:25:44.481580: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:25:44.481583: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:25:44.481586: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:25:44.481589: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:25:44.481592: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:25:44.481596: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:25:44.481599: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:25:44.481601: testing CAMELLIA_CBC: Sep 21 07:25:44.481604: Camellia: 16 bytes with 128-bit key Sep 21 07:25:44.481740: Camellia: 16 bytes with 128-bit key Sep 21 07:25:44.481772: Camellia: 16 bytes with 256-bit key Sep 21 07:25:44.481861: Camellia: 16 bytes with 256-bit key Sep 21 07:25:44.481908: testing AES_GCM_16: Sep 21 07:25:44.481914: empty string Sep 21 07:25:44.481945: one block Sep 21 07:25:44.481974: two blocks Sep 21 07:25:44.482003: two blocks with associated data Sep 21 07:25:44.482033: testing AES_CTR: Sep 21 07:25:44.482037: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:25:44.482067: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:25:44.482101: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:25:44.482135: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:25:44.482166: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:25:44.482201: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:25:44.482234: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:25:44.482263: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:25:44.482295: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:25:44.482327: testing AES_CBC: Sep 21 07:25:44.482330: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:25:44.482359: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:25:44.482392: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:25:44.482426: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:25:44.482467: testing AES_XCBC: Sep 21 07:25:44.482470: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:25:44.482593: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:25:44.482728: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:25:44.482862: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:25:44.482997: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:25:44.483131: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:25:44.483267: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:25:44.483572: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:25:44.483704: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:25:44.483858: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:25:44.484518: testing HMAC_MD5: Sep 21 07:25:44.484527: RFC 2104: MD5_HMAC test 1 Sep 21 07:25:44.484731: RFC 2104: MD5_HMAC test 2 Sep 21 07:25:44.484899: RFC 2104: MD5_HMAC test 3 Sep 21 07:25:44.485105: 8 CPU cores online Sep 21 07:25:44.485110: starting up 7 crypto helpers Sep 21 07:25:44.485146: started thread for crypto helper 0 Sep 21 07:25:44.485166: started thread for crypto helper 1 Sep 21 07:25:44.485191: started thread for crypto helper 2 Sep 21 07:25:44.485210: started thread for crypto helper 3 Sep 21 07:25:44.485232: started thread for crypto helper 4 Sep 21 07:25:44.485250: started thread for crypto helper 5 Sep 21 07:25:44.485275: started thread for crypto helper 6 Sep 21 07:25:44.485279: | checking IKEv1 state table Sep 21 07:25:44.485287: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:44.485290: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:25:44.485293: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:44.485296: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:25:44.485299: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:25:44.485302: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:25:44.485305: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:44.485307: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:44.485310: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:25:44.485313: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:25:44.485316: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:44.485318: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:25:44.485323: | starting up helper thread 5 Sep 21 07:25:44.485325: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:25:44.485341: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:44.485317: | starting up helper thread 4 Sep 21 07:25:44.485351: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:25:44.485346: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:44.485341: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:25:44.485361: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:25:44.485374: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:25:44.485377: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:44.485380: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:44.485383: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:25:44.485386: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:25:44.485388: | -> UNDEFINED EVENT_NULL Sep 21 07:25:44.485392: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:25:44.485394: | -> UNDEFINED EVENT_NULL Sep 21 07:25:44.485397: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:44.485400: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:25:44.485403: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:44.485406: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:25:44.485409: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:25:44.485412: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:25:44.485414: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:25:44.485417: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:25:44.485420: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:25:44.485423: | -> UNDEFINED EVENT_NULL Sep 21 07:25:44.485426: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:25:44.485429: | -> UNDEFINED EVENT_NULL Sep 21 07:25:44.485432: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:25:44.485435: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:25:44.485438: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:25:44.485441: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:25:44.485444: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:25:44.485447: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:25:44.485450: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:25:44.485452: | -> UNDEFINED EVENT_NULL Sep 21 07:25:44.485456: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:25:44.485458: | -> UNDEFINED EVENT_NULL Sep 21 07:25:44.485461: | INFO: category: informational flags: 0: Sep 21 07:25:44.485464: | -> UNDEFINED EVENT_NULL Sep 21 07:25:44.485467: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:25:44.485470: | -> UNDEFINED EVENT_NULL Sep 21 07:25:44.485473: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:25:44.485476: | -> XAUTH_R1 EVENT_NULL Sep 21 07:25:44.485479: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:25:44.485482: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:25:44.485356: | crypto helper 4 waiting (nothing to do) Sep 21 07:25:44.485486: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:25:44.485501: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:25:44.485505: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:25:44.485508: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:25:44.485510: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:25:44.485513: | -> UNDEFINED EVENT_NULL Sep 21 07:25:44.485515: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:25:44.485518: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:25:44.485520: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:25:44.485523: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:25:44.485525: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:25:44.485528: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:25:44.485534: | checking IKEv2 state table Sep 21 07:25:44.485540: | PARENT_I0: category: ignore flags: 0: Sep 21 07:25:44.485543: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:25:44.485546: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:25:44.485548: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:25:44.485551: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:25:44.485554: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:25:44.485556: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:25:44.485558: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:25:44.485561: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:25:44.485563: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:25:44.485566: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:25:44.485568: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:25:44.485571: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:25:44.485573: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:25:44.485575: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:25:44.485578: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:25:44.485580: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:25:44.485582: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:25:44.485585: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:25:44.485587: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:25:44.485590: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:25:44.485593: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:25:44.485595: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:25:44.485597: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:25:44.485599: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:25:44.485602: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:25:44.485604: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:25:44.485607: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:25:44.485609: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:25:44.485612: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:25:44.485614: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:25:44.485617: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:25:44.485619: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:25:44.485622: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:25:44.485625: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:25:44.485629: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:25:44.485632: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:25:44.485635: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:25:44.485637: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:25:44.485639: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:25:44.485642: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:25:44.485644: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:25:44.485647: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:25:44.485650: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:25:44.485652: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:25:44.485655: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:25:44.485657: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:25:44.485746: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:25:44.486237: | Hard-wiring algorithms Sep 21 07:25:44.486248: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:25:44.486253: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:25:44.486256: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:25:44.486258: | adding 3DES_CBC to kernel algorithm db Sep 21 07:25:44.486260: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:25:44.486262: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:25:44.486265: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:25:44.486267: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:25:44.486269: | adding AES_CTR to kernel algorithm db Sep 21 07:25:44.486272: | adding AES_CBC to kernel algorithm db Sep 21 07:25:44.486274: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:25:44.486276: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:25:44.486279: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:25:44.486281: | adding NULL to kernel algorithm db Sep 21 07:25:44.486284: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:25:44.486286: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:25:44.486289: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:25:44.486291: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:25:44.486293: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:25:44.486296: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:25:44.486298: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:25:44.486300: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:25:44.486302: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:25:44.486304: | adding NONE to kernel algorithm db Sep 21 07:25:44.486332: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:25:44.486341: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:25:44.486344: | setup kernel fd callback Sep 21 07:25:44.486347: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55a9fd5fcec0 Sep 21 07:25:44.486353: | libevent_malloc: new ptr-libevent@0x55a9fd604390 size 128 Sep 21 07:25:44.486361: | libevent_malloc: new ptr-libevent@0x55a9fd5f2c50 size 16 Sep 21 07:25:44.486369: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55a9fd5f7760 Sep 21 07:25:44.486374: | libevent_malloc: new ptr-libevent@0x55a9fd604420 size 128 Sep 21 07:25:44.486381: | libevent_malloc: new ptr-libevent@0x55a9fd5f76b0 size 16 Sep 21 07:25:44.487048: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:25:44.487064: selinux support is enabled. Sep 21 07:25:44.487563: | starting up helper thread 6 Sep 21 07:25:44.487577: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:25:44.487586: | starting up helper thread 3 Sep 21 07:25:44.487592: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:25:44.487605: | starting up helper thread 1 Sep 21 07:25:44.487611: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:25:44.487791: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:25:44.487978: | unbound context created - setting debug level to 5 Sep 21 07:25:44.488013: | /etc/hosts lookups activated Sep 21 07:25:44.488032: | /etc/resolv.conf usage activated Sep 21 07:25:44.488089: | outgoing-port-avoid set 0-65535 Sep 21 07:25:44.488115: | outgoing-port-permit set 32768-60999 Sep 21 07:25:44.488118: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:25:44.488121: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:25:44.488125: | Setting up events, loop start Sep 21 07:25:44.488128: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55a9fd5f74b0 Sep 21 07:25:44.488132: | libevent_malloc: new ptr-libevent@0x55a9fd60e990 size 128 Sep 21 07:25:44.488137: | libevent_malloc: new ptr-libevent@0x55a9fd60ea20 size 16 Sep 21 07:25:44.488146: | libevent_realloc: new ptr-libevent@0x55a9fd5745b0 size 256 Sep 21 07:25:44.488149: | libevent_malloc: new ptr-libevent@0x55a9fd60ea40 size 8 Sep 21 07:25:44.488152: | libevent_realloc: new ptr-libevent@0x55a9fd603690 size 144 Sep 21 07:25:44.488155: | libevent_malloc: new ptr-libevent@0x55a9fd60ea60 size 152 Sep 21 07:25:44.488158: | libevent_malloc: new ptr-libevent@0x55a9fd60eb00 size 16 Sep 21 07:25:44.488162: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:25:44.488165: | libevent_malloc: new ptr-libevent@0x55a9fd60eb20 size 8 Sep 21 07:25:44.488168: | libevent_malloc: new ptr-libevent@0x55a9fd60eb40 size 152 Sep 21 07:25:44.488171: | signal event handler PLUTO_SIGTERM installed Sep 21 07:25:44.488173: | libevent_malloc: new ptr-libevent@0x55a9fd60ebe0 size 8 Sep 21 07:25:44.488176: | libevent_malloc: new ptr-libevent@0x55a9fd60ec00 size 152 Sep 21 07:25:44.488179: | signal event handler PLUTO_SIGHUP installed Sep 21 07:25:44.488182: | libevent_malloc: new ptr-libevent@0x55a9fd60eca0 size 8 Sep 21 07:25:44.488184: | libevent_realloc: release ptr-libevent@0x55a9fd603690 Sep 21 07:25:44.488186: | libevent_realloc: new ptr-libevent@0x55a9fd60ecc0 size 256 Sep 21 07:25:44.488189: | libevent_malloc: new ptr-libevent@0x55a9fd603690 size 152 Sep 21 07:25:44.488191: | signal event handler PLUTO_SIGSYS installed Sep 21 07:25:44.488578: | crypto helper 5 waiting (nothing to do) Sep 21 07:25:44.488584: | created addconn helper (pid:18952) using fork+execve Sep 21 07:25:44.488608: | forked child 18952 Sep 21 07:25:44.488650: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:44.488666: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:25:44.488673: listening for IKE messages Sep 21 07:25:44.488716: | Inspecting interface lo Sep 21 07:25:44.488724: | found lo with address 127.0.0.1 Sep 21 07:25:44.488727: | Inspecting interface eth0 Sep 21 07:25:44.488731: | found eth0 with address 192.0.3.254 Sep 21 07:25:44.488734: | Inspecting interface eth1 Sep 21 07:25:44.488738: | found eth1 with address 192.1.3.33 Sep 21 07:25:44.488797: Kernel supports NIC esp-hw-offload Sep 21 07:25:44.488813: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Sep 21 07:25:44.488836: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:44.488842: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:44.488845: adding interface eth1/eth1 192.1.3.33:4500 Sep 21 07:25:44.488869: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Sep 21 07:25:44.488905: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:44.488910: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:44.488914: adding interface eth0/eth0 192.0.3.254:4500 Sep 21 07:25:44.488941: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:25:44.488967: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:25:44.488972: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:25:44.488976: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:25:44.489059: | no interfaces to sort Sep 21 07:25:44.489064: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:25:44.489073: | add_fd_read_event_handler: new ethX-pe@0x55a9fd5f8230 Sep 21 07:25:44.489077: | libevent_malloc: new ptr-libevent@0x55a9fd60f030 size 128 Sep 21 07:25:44.489081: | libevent_malloc: new ptr-libevent@0x55a9fd60f0c0 size 16 Sep 21 07:25:44.489091: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:25:44.489094: | add_fd_read_event_handler: new ethX-pe@0x55a9fd60f0e0 Sep 21 07:25:44.489097: | libevent_malloc: new ptr-libevent@0x55a9fd60f120 size 128 Sep 21 07:25:44.489101: | libevent_malloc: new ptr-libevent@0x55a9fd60f1b0 size 16 Sep 21 07:25:44.489106: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:25:44.489109: | add_fd_read_event_handler: new ethX-pe@0x55a9fd60f1d0 Sep 21 07:25:44.489112: | libevent_malloc: new ptr-libevent@0x55a9fd60f210 size 128 Sep 21 07:25:44.489115: | libevent_malloc: new ptr-libevent@0x55a9fd60f2a0 size 16 Sep 21 07:25:44.489120: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Sep 21 07:25:44.489124: | add_fd_read_event_handler: new ethX-pe@0x55a9fd60f2c0 Sep 21 07:25:44.489127: | libevent_malloc: new ptr-libevent@0x55a9fd60f300 size 128 Sep 21 07:25:44.489130: | libevent_malloc: new ptr-libevent@0x55a9fd60f390 size 16 Sep 21 07:25:44.489135: | setup callback for interface eth0 192.0.3.254:500 fd 19 Sep 21 07:25:44.489138: | add_fd_read_event_handler: new ethX-pe@0x55a9fd60f3b0 Sep 21 07:25:44.489141: | libevent_malloc: new ptr-libevent@0x55a9fd60f3f0 size 128 Sep 21 07:25:44.489144: | libevent_malloc: new ptr-libevent@0x55a9fd60f480 size 16 Sep 21 07:25:44.489149: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Sep 21 07:25:44.489153: | add_fd_read_event_handler: new ethX-pe@0x55a9fd60f4a0 Sep 21 07:25:44.489156: | libevent_malloc: new ptr-libevent@0x55a9fd60f4e0 size 128 Sep 21 07:25:44.489159: | libevent_malloc: new ptr-libevent@0x55a9fd60f570 size 16 Sep 21 07:25:44.489164: | setup callback for interface eth1 192.1.3.33:500 fd 17 Sep 21 07:25:44.489170: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:44.489173: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:44.489194: loading secrets from "/etc/ipsec.secrets" Sep 21 07:25:44.489219: | id type added to secret(0x55a9fd604570) PKK_PSK: @east Sep 21 07:25:44.489224: | id type added to secret(0x55a9fd604570) PKK_PSK: @north Sep 21 07:25:44.489228: | Processing PSK at line 1: passed Sep 21 07:25:44.489231: | certs and keys locked by 'process_secret' Sep 21 07:25:44.489234: | certs and keys unlocked by 'process_secret' Sep 21 07:25:44.489239: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:25:44.490464: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:44.490482: | spent 0.603 milliseconds in whack Sep 21 07:25:44.490502: | crypto helper 6 waiting (nothing to do) Sep 21 07:25:44.490518: | crypto helper 3 waiting (nothing to do) Sep 21 07:25:44.490532: | crypto helper 1 waiting (nothing to do) Sep 21 07:25:44.490748: | starting up helper thread 0 Sep 21 07:25:44.490759: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:25:44.490764: | crypto helper 0 waiting (nothing to do) Sep 21 07:25:44.490776: | starting up helper thread 2 Sep 21 07:25:44.490781: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:25:44.490787: | crypto helper 2 waiting (nothing to do) Sep 21 07:25:44.531241: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:44.531275: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:25:44.531282: listening for IKE messages Sep 21 07:25:44.531314: | Inspecting interface lo Sep 21 07:25:44.531327: | found lo with address 127.0.0.1 Sep 21 07:25:44.531331: | Inspecting interface eth0 Sep 21 07:25:44.531335: | found eth0 with address 192.0.3.254 Sep 21 07:25:44.531337: | Inspecting interface eth1 Sep 21 07:25:44.531341: | found eth1 with address 192.1.3.33 Sep 21 07:25:44.531407: | no interfaces to sort Sep 21 07:25:44.531415: | libevent_free: release ptr-libevent@0x55a9fd60f030 Sep 21 07:25:44.531417: | free_event_entry: release EVENT_NULL-pe@0x55a9fd5f8230 Sep 21 07:25:44.531419: | add_fd_read_event_handler: new ethX-pe@0x55a9fd5f8230 Sep 21 07:25:44.531421: | libevent_malloc: new ptr-libevent@0x55a9fd60f030 size 128 Sep 21 07:25:44.531428: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:25:44.531431: | libevent_free: release ptr-libevent@0x55a9fd60f120 Sep 21 07:25:44.531434: | free_event_entry: release EVENT_NULL-pe@0x55a9fd60f0e0 Sep 21 07:25:44.531436: | add_fd_read_event_handler: new ethX-pe@0x55a9fd60f0e0 Sep 21 07:25:44.531439: | libevent_malloc: new ptr-libevent@0x55a9fd60f120 size 128 Sep 21 07:25:44.531444: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:25:44.531448: | libevent_free: release ptr-libevent@0x55a9fd60f210 Sep 21 07:25:44.531451: | free_event_entry: release EVENT_NULL-pe@0x55a9fd60f1d0 Sep 21 07:25:44.531453: | add_fd_read_event_handler: new ethX-pe@0x55a9fd60f1d0 Sep 21 07:25:44.531455: | libevent_malloc: new ptr-libevent@0x55a9fd60f210 size 128 Sep 21 07:25:44.531460: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Sep 21 07:25:44.531463: | libevent_free: release ptr-libevent@0x55a9fd60f300 Sep 21 07:25:44.531466: | free_event_entry: release EVENT_NULL-pe@0x55a9fd60f2c0 Sep 21 07:25:44.531468: | add_fd_read_event_handler: new ethX-pe@0x55a9fd60f2c0 Sep 21 07:25:44.531471: | libevent_malloc: new ptr-libevent@0x55a9fd60f300 size 128 Sep 21 07:25:44.531475: | setup callback for interface eth0 192.0.3.254:500 fd 19 Sep 21 07:25:44.531479: | libevent_free: release ptr-libevent@0x55a9fd60f3f0 Sep 21 07:25:44.531481: | free_event_entry: release EVENT_NULL-pe@0x55a9fd60f3b0 Sep 21 07:25:44.531484: | add_fd_read_event_handler: new ethX-pe@0x55a9fd60f3b0 Sep 21 07:25:44.531486: | libevent_malloc: new ptr-libevent@0x55a9fd60f3f0 size 128 Sep 21 07:25:44.531490: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Sep 21 07:25:44.531494: | libevent_free: release ptr-libevent@0x55a9fd60f4e0 Sep 21 07:25:44.531497: | free_event_entry: release EVENT_NULL-pe@0x55a9fd60f4a0 Sep 21 07:25:44.531499: | add_fd_read_event_handler: new ethX-pe@0x55a9fd60f4a0 Sep 21 07:25:44.531502: | libevent_malloc: new ptr-libevent@0x55a9fd60f4e0 size 128 Sep 21 07:25:44.531506: | setup callback for interface eth1 192.1.3.33:500 fd 17 Sep 21 07:25:44.531510: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:44.531512: forgetting secrets Sep 21 07:25:44.531518: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:44.531533: loading secrets from "/etc/ipsec.secrets" Sep 21 07:25:44.531540: | id type added to secret(0x55a9fd604570) PKK_PSK: @east Sep 21 07:25:44.531544: | id type added to secret(0x55a9fd604570) PKK_PSK: @north Sep 21 07:25:44.531548: | Processing PSK at line 1: passed Sep 21 07:25:44.531550: | certs and keys locked by 'process_secret' Sep 21 07:25:44.531553: | certs and keys unlocked by 'process_secret' Sep 21 07:25:44.531559: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:25:44.531566: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:44.531573: | spent 0.334 milliseconds in whack Sep 21 07:25:44.532016: | processing signal PLUTO_SIGCHLD Sep 21 07:25:44.532034: | waitpid returned pid 18952 (exited with status 0) Sep 21 07:25:44.532039: | reaped addconn helper child (status 0) Sep 21 07:25:44.532043: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:44.532048: | spent 0.0212 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:44.609239: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:44.609275: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:44.609280: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:44.609283: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:44.609285: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:44.609289: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:44.609297: | Added new connection northnet-eastnet/0x1 with policy PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:44.609354: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:25:44.609360: | from whack: got --esp= Sep 21 07:25:44.609397: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:25:44.609403: | counting wild cards for @north is 0 Sep 21 07:25:44.609407: | counting wild cards for @east is 0 Sep 21 07:25:44.609418: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:25:44.609422: | new hp@0x55a9fd5db9c0 Sep 21 07:25:44.609427: added connection description "northnet-eastnet/0x1" Sep 21 07:25:44.609435: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:44.609447: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Sep 21 07:25:44.609455: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:44.609462: | spent 0.233 milliseconds in whack Sep 21 07:25:44.609540: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:44.609555: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:44.609559: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:44.609561: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:44.609564: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:44.609569: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:44.609574: | Added new connection northnet-eastnet/0x2 with policy PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:44.609621: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:25:44.609625: | from whack: got --esp= Sep 21 07:25:44.609663: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:25:44.609668: | counting wild cards for @north is 0 Sep 21 07:25:44.609672: | counting wild cards for @east is 0 Sep 21 07:25:44.609679: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Sep 21 07:25:44.609684: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@0x55a9fd5db9c0: northnet-eastnet/0x1 Sep 21 07:25:44.609687: added connection description "northnet-eastnet/0x2" Sep 21 07:25:44.609695: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:25:44.609707: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Sep 21 07:25:44.609717: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:44.609723: | spent 0.182 milliseconds in whack Sep 21 07:25:44.672763: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:44.672812: | old debugging base+cpu-usage + none Sep 21 07:25:44.672819: | base debugging = base+cpu-usage Sep 21 07:25:44.672822: | old impairing none + suppress-retransmits Sep 21 07:25:44.672825: | base impairing = suppress-retransmits Sep 21 07:25:44.672835: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:44.672842: | spent 0.0682 milliseconds in whack Sep 21 07:25:44.790238: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:44.790441: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:44.790447: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:44.790557: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:25:44.790569: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:44.790577: | spent 0.349 milliseconds in whack Sep 21 07:25:44.854409: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:44.854439: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Sep 21 07:25:44.854444: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:44.854447: initiating all conns with alias='northnet-eastnet' Sep 21 07:25:44.854455: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:25:44.854462: | start processing: connection "northnet-eastnet/0x2" (in initiate_a_connection() at initiate.c:186) Sep 21 07:25:44.854465: | connection 'northnet-eastnet/0x2' +POLICY_UP Sep 21 07:25:44.854468: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Sep 21 07:25:44.854470: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:44.854489: | creating state object #1 at 0x55a9fd611e10 Sep 21 07:25:44.854491: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:25:44.854500: | pstats #1 ikev2.ike started Sep 21 07:25:44.854503: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:25:44.854506: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:25:44.854510: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:44.854518: | suspend processing: connection "northnet-eastnet/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:25:44.854523: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:25:44.854527: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:25:44.854531: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnet/0x2" IKE SA #1 "northnet-eastnet/0x2" Sep 21 07:25:44.854536: "northnet-eastnet/0x2" #1: initiating v2 parent SA Sep 21 07:25:44.854543: | constructing local IKE proposals for northnet-eastnet/0x2 (IKE SA initiator selecting KE) Sep 21 07:25:44.854551: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:44.854559: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:44.854563: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:44.854568: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:44.854572: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:44.854583: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:44.854587: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:25:44.854592: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:44.854602: "northnet-eastnet/0x2": constructed local IKE proposals for northnet-eastnet/0x2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:44.854612: | adding ikev2_outI1 KE work-order 1 for state #1 Sep 21 07:25:44.854616: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55a9fd6144a0 Sep 21 07:25:44.854619: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:25:44.854623: | libevent_malloc: new ptr-libevent@0x55a9fd6144e0 size 128 Sep 21 07:25:44.854639: | #1 spent 0.175 milliseconds in ikev2_parent_outI1() Sep 21 07:25:44.854639: | crypto helper 4 resuming Sep 21 07:25:44.854648: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:44.854659: | crypto helper 4 starting work-order 1 for state #1 Sep 21 07:25:44.854667: | RESET processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:44.854670: | crypto helper 4 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Sep 21 07:25:44.854671: | RESET processing: connection "northnet-eastnet/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:44.854676: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:25:44.854681: | start processing: connection "northnet-eastnet/0x1" (in initiate_a_connection() at initiate.c:186) Sep 21 07:25:44.854684: | connection 'northnet-eastnet/0x1' +POLICY_UP Sep 21 07:25:44.854688: | dup_any(fd@23) -> fd@26 (in initiate_a_connection() at initiate.c:342) Sep 21 07:25:44.854691: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:44.854696: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnet/0x1" IKE SA #1 "northnet-eastnet/0x2" Sep 21 07:25:44.854702: | stop processing: connection "northnet-eastnet/0x1" (in initiate_a_connection() at initiate.c:349) Sep 21 07:25:44.854705: | close_any(fd@23) (in initiate_connection() at initiate.c:384) Sep 21 07:25:44.854708: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:44.854712: | spent 0.308 milliseconds in whack Sep 21 07:25:44.855722: | crypto helper 4 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.001052 seconds Sep 21 07:25:44.855733: | (#1) spent 1.06 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Sep 21 07:25:44.855736: | crypto helper 4 sending results from work-order 1 for state #1 to event queue Sep 21 07:25:44.855739: | scheduling resume sending helper answer for #1 Sep 21 07:25:44.855742: | libevent_malloc: new ptr-libevent@0x7fc8ec006900 size 128 Sep 21 07:25:44.855751: | crypto helper 4 waiting (nothing to do) Sep 21 07:25:44.855760: | processing resume sending helper answer for #1 Sep 21 07:25:44.855790: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:44.855799: | crypto helper 4 replies to request ID 1 Sep 21 07:25:44.855802: | calling continuation function 0x55a9fc27b630 Sep 21 07:25:44.855805: | ikev2_parent_outI1_continue for #1 Sep 21 07:25:44.855839: | **emit ISAKMP Message: Sep 21 07:25:44.855843: | initiator cookie: Sep 21 07:25:44.855846: | ed 77 91 86 49 b9 d1 07 Sep 21 07:25:44.855848: | responder cookie: Sep 21 07:25:44.855850: | 00 00 00 00 00 00 00 00 Sep 21 07:25:44.855854: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:44.855857: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:44.855860: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:44.855863: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:44.855866: | Message ID: 0 (0x0) Sep 21 07:25:44.855869: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:44.855886: | using existing local IKE proposals for connection northnet-eastnet/0x2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:44.855889: | Emitting ikev2_proposals ... Sep 21 07:25:44.855893: | ***emit IKEv2 Security Association Payload: Sep 21 07:25:44.855896: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:44.855899: | flags: none (0x0) Sep 21 07:25:44.855902: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:44.855905: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:44.855908: | discarding INTEG=NONE Sep 21 07:25:44.855911: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:44.855914: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:44.855916: | prop #: 1 (0x1) Sep 21 07:25:44.855919: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:44.855921: | spi size: 0 (0x0) Sep 21 07:25:44.855924: | # transforms: 11 (0xb) Sep 21 07:25:44.855927: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:44.855930: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.855933: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.855935: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:44.855938: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:44.855941: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.855944: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:44.855947: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:44.855950: | length/value: 256 (0x100) Sep 21 07:25:44.855953: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:44.855955: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.855958: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.855960: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:44.855963: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:44.855966: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.855972: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.855975: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.855978: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.855980: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.855983: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:44.855985: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:44.855988: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.855991: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.855993: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.855995: | discarding INTEG=NONE Sep 21 07:25:44.855998: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856000: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856003: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856005: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:44.856008: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856011: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856013: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856016: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856018: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856021: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856023: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:44.856026: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856029: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856032: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856034: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856036: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856039: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856041: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:44.856044: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856047: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856050: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856052: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856055: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856057: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856060: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:44.856063: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856066: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856068: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856071: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856073: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856076: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856080: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:44.856084: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856086: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856089: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856091: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856094: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856097: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856099: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:44.856102: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856105: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856108: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856110: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856112: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856115: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856117: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:44.856120: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856123: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856126: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856128: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856130: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:44.856133: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856135: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:44.856138: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856141: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856144: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856147: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:25:44.856150: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:44.856152: | discarding INTEG=NONE Sep 21 07:25:44.856155: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:44.856158: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:44.856160: | prop #: 2 (0x2) Sep 21 07:25:44.856162: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:44.856165: | spi size: 0 (0x0) Sep 21 07:25:44.856167: | # transforms: 11 (0xb) Sep 21 07:25:44.856170: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:44.856173: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:44.856176: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856178: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856181: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:44.856183: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:44.856186: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856189: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:44.856195: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:44.856198: | length/value: 128 (0x80) Sep 21 07:25:44.856200: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:44.856203: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856205: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856208: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:44.856210: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:44.856213: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856216: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856219: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856221: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856224: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856226: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:44.856229: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:44.856232: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856234: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856237: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856239: | discarding INTEG=NONE Sep 21 07:25:44.856242: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856244: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856246: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856249: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:44.856252: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856255: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856257: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856260: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856262: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856265: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856267: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:44.856270: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856273: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856275: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856278: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856280: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856283: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856285: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:44.856288: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856291: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856294: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856296: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856299: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856301: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856303: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:44.856310: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856313: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856316: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856318: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856321: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856323: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856326: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:44.856329: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856332: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856334: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856337: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856339: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856342: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856344: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:44.856347: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856350: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856352: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856355: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856357: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856360: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856362: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:44.856365: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856368: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856371: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856373: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856376: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:44.856378: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856381: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:44.856384: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856387: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856389: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856392: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:25:44.856395: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:44.856398: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:44.856400: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:44.856402: | prop #: 3 (0x3) Sep 21 07:25:44.856405: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:44.856407: | spi size: 0 (0x0) Sep 21 07:25:44.856410: | # transforms: 13 (0xd) Sep 21 07:25:44.856413: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:44.856416: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:44.856420: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856422: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856425: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:44.856427: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:44.856430: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856433: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:44.856435: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:44.856438: | length/value: 256 (0x100) Sep 21 07:25:44.856440: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:44.856443: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856445: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856448: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:44.856450: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:44.856453: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856456: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856459: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856461: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856464: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856466: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:44.856469: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:44.856471: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856474: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856477: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856479: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856482: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856484: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:44.856487: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:44.856490: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856492: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856495: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856497: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856500: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856502: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:44.856505: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:44.856508: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856511: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856513: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856516: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856518: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856521: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856523: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:44.856526: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856530: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856533: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856535: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856538: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856540: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856543: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:44.856546: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856548: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856551: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856554: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856556: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856559: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856561: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:44.856564: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856567: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856569: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856572: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856574: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856577: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856579: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:44.856582: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856585: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856587: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856590: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856592: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856595: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856597: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:44.856600: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856603: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856606: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856608: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856610: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856613: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856615: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:44.856618: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856621: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856624: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856626: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856629: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856631: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856635: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:44.856638: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856641: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856644: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856646: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856649: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:44.856651: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856653: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:44.856656: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856659: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856662: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856664: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:25:44.856667: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:44.856670: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:44.856672: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:44.856675: | prop #: 4 (0x4) Sep 21 07:25:44.856677: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:44.856680: | spi size: 0 (0x0) Sep 21 07:25:44.856682: | # transforms: 13 (0xd) Sep 21 07:25:44.856685: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:44.856688: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:44.856690: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856693: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856695: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:44.856698: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:44.856700: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856703: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:44.856706: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:44.856708: | length/value: 128 (0x80) Sep 21 07:25:44.856711: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:44.856713: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856715: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856718: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:44.856720: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:44.856723: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856726: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856729: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856731: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856734: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856736: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:44.856739: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:44.856742: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856745: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856749: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856751: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856754: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856756: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:44.856759: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:44.856762: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856765: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856767: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856770: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856772: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856775: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:44.856777: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:44.856780: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856786: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856791: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856793: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856796: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856799: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856801: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:44.856804: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856807: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856810: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856812: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856815: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856817: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856819: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:44.856822: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856825: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856828: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856830: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856833: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856835: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856838: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:44.856841: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856843: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856846: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856849: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856851: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856853: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856856: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:44.856859: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856863: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856866: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856868: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856871: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856873: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856876: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:44.856879: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856882: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856884: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856887: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856889: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856892: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856894: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:44.856897: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856900: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856903: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856905: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856908: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856910: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856913: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:44.856915: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856918: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856921: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856923: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.856926: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:44.856928: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.856931: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:44.856934: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.856937: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.856939: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.856942: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:25:44.856945: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:44.856947: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:25:44.856950: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:44.856952: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:25:44.856955: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:44.856958: | flags: none (0x0) Sep 21 07:25:44.856960: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:44.856963: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:25:44.856968: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:25:44.856971: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:25:44.856974: | ikev2 g^x c1 08 c5 63 42 74 46 d5 1d 92 bd 58 98 88 c2 e4 Sep 21 07:25:44.856977: | ikev2 g^x 94 fc 9a 7f ec 5c 39 99 93 3c 0d ff 0f e5 16 3e Sep 21 07:25:44.856979: | ikev2 g^x 35 d7 af a4 7b c3 35 c7 30 7d 16 0a fa fe 6b 38 Sep 21 07:25:44.856981: | ikev2 g^x 07 fd 3a 68 99 7b 2b 16 9d 07 da 62 96 37 c6 07 Sep 21 07:25:44.856984: | ikev2 g^x 11 87 14 4b 73 4f d9 dc 1c b5 bc b1 2d 1c f7 6f Sep 21 07:25:44.856986: | ikev2 g^x 60 c9 d8 23 c2 f8 8a 55 91 ae 3a 0c f5 e3 49 8e Sep 21 07:25:44.856989: | ikev2 g^x 69 c6 af 8b 50 eb be 0b 94 54 13 c3 41 7c ce 6b Sep 21 07:25:44.856991: | ikev2 g^x 8d 9d c0 ec a1 30 51 e0 be fc 85 19 32 71 ad 36 Sep 21 07:25:44.856993: | ikev2 g^x 59 bd c4 cd ea c5 40 03 85 36 34 c0 27 e1 58 7c Sep 21 07:25:44.856996: | ikev2 g^x a3 be 07 f1 7e 6b 77 c1 94 94 4e 88 64 6d 08 8e Sep 21 07:25:44.856998: | ikev2 g^x 83 af af 37 5e 76 41 96 9f 93 fc 1e 83 d0 13 8f Sep 21 07:25:44.857000: | ikev2 g^x c5 f5 b0 4f 47 f5 82 ec b4 14 2b d1 1e bd 85 c3 Sep 21 07:25:44.857003: | ikev2 g^x 56 b2 f9 e1 a5 21 4b 2a b5 b5 7e 72 fe b3 b8 ce Sep 21 07:25:44.857005: | ikev2 g^x 3d 29 5c 49 00 6c 53 10 2c 4f d5 e7 51 3f 45 dc Sep 21 07:25:44.857007: | ikev2 g^x d7 3c b3 99 5f 8d a6 44 49 0f 3a c7 0a 3c 6a 1e Sep 21 07:25:44.857010: | ikev2 g^x fb 95 24 c2 46 03 0f 28 e7 98 d7 7b cd aa 0a 27 Sep 21 07:25:44.857012: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:25:44.857015: | ***emit IKEv2 Nonce Payload: Sep 21 07:25:44.857017: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:44.857020: | flags: none (0x0) Sep 21 07:25:44.857023: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:25:44.857026: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:25:44.857029: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:25:44.857032: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:25:44.857034: | IKEv2 nonce ef 44 59 40 e4 20 11 b9 87 81 d1 4b 91 b3 8c 7e Sep 21 07:25:44.857037: | IKEv2 nonce 10 68 7d 33 a4 fa 02 a5 4c 4f d8 fe ae 1a b3 fa Sep 21 07:25:44.857039: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:25:44.857042: | Adding a v2N Payload Sep 21 07:25:44.857044: | ***emit IKEv2 Notify Payload: Sep 21 07:25:44.857047: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:44.857049: | flags: none (0x0) Sep 21 07:25:44.857052: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:44.857054: | SPI size: 0 (0x0) Sep 21 07:25:44.857057: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:44.857060: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:44.857063: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:44.857066: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:25:44.857069: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:25:44.857071: | natd_hash: rcookie is zero Sep 21 07:25:44.857084: | natd_hash: hasher=0x55a9fc3517a0(20) Sep 21 07:25:44.857086: | natd_hash: icookie= ed 77 91 86 49 b9 d1 07 Sep 21 07:25:44.857089: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:44.857091: | natd_hash: ip= c0 01 03 21 Sep 21 07:25:44.857094: | natd_hash: port= 01 f4 Sep 21 07:25:44.857096: | natd_hash: hash= bb 86 91 11 a8 34 53 f1 58 bf f6 b8 c4 87 05 61 Sep 21 07:25:44.857099: | natd_hash: hash= b2 b8 b2 3b Sep 21 07:25:44.857101: | Adding a v2N Payload Sep 21 07:25:44.857105: | ***emit IKEv2 Notify Payload: Sep 21 07:25:44.857107: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:44.857110: | flags: none (0x0) Sep 21 07:25:44.857112: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:44.857115: | SPI size: 0 (0x0) Sep 21 07:25:44.857117: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:44.857120: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:44.857123: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:44.857126: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:44.857129: | Notify data bb 86 91 11 a8 34 53 f1 58 bf f6 b8 c4 87 05 61 Sep 21 07:25:44.857131: | Notify data b2 b8 b2 3b Sep 21 07:25:44.857134: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:44.857136: | natd_hash: rcookie is zero Sep 21 07:25:44.857144: | natd_hash: hasher=0x55a9fc3517a0(20) Sep 21 07:25:44.857147: | natd_hash: icookie= ed 77 91 86 49 b9 d1 07 Sep 21 07:25:44.857149: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:44.857151: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:44.857154: | natd_hash: port= 01 f4 Sep 21 07:25:44.857156: | natd_hash: hash= 13 77 5f ee b4 c4 a6 87 0e 5e 69 d9 d5 bc 45 cc Sep 21 07:25:44.857158: | natd_hash: hash= df 0f 70 1f Sep 21 07:25:44.857161: | Adding a v2N Payload Sep 21 07:25:44.857163: | ***emit IKEv2 Notify Payload: Sep 21 07:25:44.857165: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:44.857168: | flags: none (0x0) Sep 21 07:25:44.857170: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:44.857173: | SPI size: 0 (0x0) Sep 21 07:25:44.857175: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:44.857178: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:44.857181: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:44.857184: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:44.857187: | Notify data 13 77 5f ee b4 c4 a6 87 0e 5e 69 d9 d5 bc 45 cc Sep 21 07:25:44.857189: | Notify data df 0f 70 1f Sep 21 07:25:44.857191: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:44.857194: | emitting length of ISAKMP Message: 828 Sep 21 07:25:44.857201: | stop processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:25:44.857213: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:44.857217: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:25:44.857220: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:25:44.857223: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:25:44.857226: | Message ID: updating counters for #1 to 4294967295 after switching state Sep 21 07:25:44.857229: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:25:44.857351: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:25:44.857356: "northnet-eastnet/0x2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:25:44.857367: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:25:44.857379: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:44.857381: | ed 77 91 86 49 b9 d1 07 00 00 00 00 00 00 00 00 Sep 21 07:25:44.857384: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:25:44.857386: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:25:44.857389: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:25:44.857393: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:25:44.857395: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:25:44.857398: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:25:44.857400: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:25:44.857403: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:25:44.857405: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:25:44.857407: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:25:44.857410: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:25:44.857412: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:25:44.857414: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:25:44.857416: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:25:44.857419: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:25:44.857421: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:44.857424: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:25:44.857426: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:25:44.857428: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:25:44.857431: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:25:44.857433: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:25:44.857435: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:25:44.857438: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:25:44.857440: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:25:44.857442: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:25:44.857445: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:25:44.857447: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:25:44.857449: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:25:44.857452: | 28 00 01 08 00 0e 00 00 c1 08 c5 63 42 74 46 d5 Sep 21 07:25:44.857454: | 1d 92 bd 58 98 88 c2 e4 94 fc 9a 7f ec 5c 39 99 Sep 21 07:25:44.857457: | 93 3c 0d ff 0f e5 16 3e 35 d7 af a4 7b c3 35 c7 Sep 21 07:25:44.857459: | 30 7d 16 0a fa fe 6b 38 07 fd 3a 68 99 7b 2b 16 Sep 21 07:25:44.857461: | 9d 07 da 62 96 37 c6 07 11 87 14 4b 73 4f d9 dc Sep 21 07:25:44.857463: | 1c b5 bc b1 2d 1c f7 6f 60 c9 d8 23 c2 f8 8a 55 Sep 21 07:25:44.857466: | 91 ae 3a 0c f5 e3 49 8e 69 c6 af 8b 50 eb be 0b Sep 21 07:25:44.857468: | 94 54 13 c3 41 7c ce 6b 8d 9d c0 ec a1 30 51 e0 Sep 21 07:25:44.857471: | be fc 85 19 32 71 ad 36 59 bd c4 cd ea c5 40 03 Sep 21 07:25:44.857473: | 85 36 34 c0 27 e1 58 7c a3 be 07 f1 7e 6b 77 c1 Sep 21 07:25:44.857475: | 94 94 4e 88 64 6d 08 8e 83 af af 37 5e 76 41 96 Sep 21 07:25:44.857478: | 9f 93 fc 1e 83 d0 13 8f c5 f5 b0 4f 47 f5 82 ec Sep 21 07:25:44.857480: | b4 14 2b d1 1e bd 85 c3 56 b2 f9 e1 a5 21 4b 2a Sep 21 07:25:44.857482: | b5 b5 7e 72 fe b3 b8 ce 3d 29 5c 49 00 6c 53 10 Sep 21 07:25:44.857485: | 2c 4f d5 e7 51 3f 45 dc d7 3c b3 99 5f 8d a6 44 Sep 21 07:25:44.857487: | 49 0f 3a c7 0a 3c 6a 1e fb 95 24 c2 46 03 0f 28 Sep 21 07:25:44.857489: | e7 98 d7 7b cd aa 0a 27 29 00 00 24 ef 44 59 40 Sep 21 07:25:44.857492: | e4 20 11 b9 87 81 d1 4b 91 b3 8c 7e 10 68 7d 33 Sep 21 07:25:44.857494: | a4 fa 02 a5 4c 4f d8 fe ae 1a b3 fa 29 00 00 08 Sep 21 07:25:44.857497: | 00 00 40 2e 29 00 00 1c 00 00 40 04 bb 86 91 11 Sep 21 07:25:44.857499: | a8 34 53 f1 58 bf f6 b8 c4 87 05 61 b2 b8 b2 3b Sep 21 07:25:44.857501: | 00 00 00 1c 00 00 40 05 13 77 5f ee b4 c4 a6 87 Sep 21 07:25:44.857504: | 0e 5e 69 d9 d5 bc 45 cc df 0f 70 1f Sep 21 07:25:44.857600: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:44.857606: | libevent_free: release ptr-libevent@0x55a9fd6144e0 Sep 21 07:25:44.857609: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55a9fd6144a0 Sep 21 07:25:44.857612: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:25:44.857617: "northnet-eastnet/0x2" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:25:44.857626: | event_schedule: new EVENT_RETRANSMIT-pe@0x55a9fd6144a0 Sep 21 07:25:44.857630: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Sep 21 07:25:44.857633: | libevent_malloc: new ptr-libevent@0x55a9fd6144e0 size 128 Sep 21 07:25:44.857638: | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49391.22589 Sep 21 07:25:44.857642: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Sep 21 07:25:44.857648: | #1 spent 1.66 milliseconds in resume sending helper answer Sep 21 07:25:44.857653: | stop processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:44.857656: | libevent_free: release ptr-libevent@0x7fc8ec006900 Sep 21 07:25:44.860391: | spent 0.00235 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:44.860410: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:44.860413: | ed 77 91 86 49 b9 d1 07 a8 aa 2f 49 4c d2 7f cc Sep 21 07:25:44.860414: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Sep 21 07:25:44.860416: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:25:44.860417: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:25:44.860419: | 04 00 00 0e 28 00 01 08 00 0e 00 00 85 d0 4e 81 Sep 21 07:25:44.860420: | 0c c3 bd d3 20 72 ec f0 76 d7 4b 00 5e 43 b7 87 Sep 21 07:25:44.860422: | 60 ff 66 93 ee ce 90 df ed 0c cf 36 cd 99 bb 98 Sep 21 07:25:44.860423: | 7c be 05 bf 81 ce a7 bf 6e 6c db 5c 71 5d 8a e8 Sep 21 07:25:44.860424: | 85 d9 c9 bf 6a 1c d9 ac 51 10 62 82 49 72 c7 08 Sep 21 07:25:44.860426: | 83 e6 e9 9c b2 be 08 8d dd e2 3b aa 18 36 90 53 Sep 21 07:25:44.860427: | f1 5b f0 7a cb 7f af 13 84 d6 76 32 ee 12 93 69 Sep 21 07:25:44.860429: | 7c c4 98 8e c0 97 3f b1 30 6d a1 49 db 7f 75 0d Sep 21 07:25:44.860430: | c2 cb 05 ff 0d 15 a6 a1 68 69 37 44 fc 16 de 7b Sep 21 07:25:44.860432: | 4b cd c6 72 94 c0 bd 4b d0 05 1f 65 5d 01 13 68 Sep 21 07:25:44.860433: | c1 9f d4 76 35 92 80 be 0b 48 71 7f 55 fe 86 35 Sep 21 07:25:44.860434: | a5 f3 45 57 43 8b 5c ae 90 c5 6e 58 44 2c 6c fc Sep 21 07:25:44.860436: | 49 cf 80 6f 09 8d f2 47 5c 06 b0 84 18 f5 a9 d2 Sep 21 07:25:44.860437: | 6e 99 0a 2e d1 e4 fb cf 03 4f 8f 6b 9b 0e 92 c8 Sep 21 07:25:44.860439: | 86 24 6a 79 98 c0 b8 a3 c7 80 a2 70 94 9a 26 7d Sep 21 07:25:44.860440: | d2 47 3b f3 4c eb 37 43 bc 8c 15 3a 43 6c f8 3d Sep 21 07:25:44.860442: | 2e 90 91 2b b2 11 f0 a1 1c 4e 5f 67 29 00 00 24 Sep 21 07:25:44.860443: | af 62 7c 37 31 7f 97 83 f9 3f b6 b5 15 d1 12 47 Sep 21 07:25:44.860444: | ca 8f 02 cb 41 b8 18 74 ff 67 56 fa 55 ae dc 62 Sep 21 07:25:44.860446: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:25:44.860448: | 1b 42 55 c1 aa 67 a2 ed 49 8c c9 88 7a 9e 91 8a Sep 21 07:25:44.860450: | 2f 3c c9 5d 00 00 00 1c 00 00 40 05 91 b6 e8 61 Sep 21 07:25:44.860453: | d9 af bc 72 ef 1e f2 31 33 19 6f a1 95 cd 04 b6 Sep 21 07:25:44.860457: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:44.860460: | **parse ISAKMP Message: Sep 21 07:25:44.860462: | initiator cookie: Sep 21 07:25:44.860464: | ed 77 91 86 49 b9 d1 07 Sep 21 07:25:44.860466: | responder cookie: Sep 21 07:25:44.860468: | a8 aa 2f 49 4c d2 7f cc Sep 21 07:25:44.860470: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:44.860473: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:44.860476: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:44.860478: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:44.860480: | Message ID: 0 (0x0) Sep 21 07:25:44.860482: | length: 432 (0x1b0) Sep 21 07:25:44.860487: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:25:44.860490: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Sep 21 07:25:44.860493: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Sep 21 07:25:44.860499: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:44.860503: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:44.860506: | #1 is idle Sep 21 07:25:44.860508: | #1 idle Sep 21 07:25:44.860510: | unpacking clear payload Sep 21 07:25:44.860512: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:44.860515: | ***parse IKEv2 Security Association Payload: Sep 21 07:25:44.860517: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:25:44.860519: | flags: none (0x0) Sep 21 07:25:44.860522: | length: 40 (0x28) Sep 21 07:25:44.860524: | processing payload: ISAKMP_NEXT_v2SA (len=36) Sep 21 07:25:44.860527: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:25:44.860529: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:25:44.860532: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:25:44.860534: | flags: none (0x0) Sep 21 07:25:44.860536: | length: 264 (0x108) Sep 21 07:25:44.860539: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:44.860541: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:25:44.860544: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:25:44.860546: | ***parse IKEv2 Nonce Payload: Sep 21 07:25:44.860548: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:44.860551: | flags: none (0x0) Sep 21 07:25:44.860553: | length: 36 (0x24) Sep 21 07:25:44.860555: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:25:44.860558: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:44.860560: | ***parse IKEv2 Notify Payload: Sep 21 07:25:44.860562: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:44.860564: | flags: none (0x0) Sep 21 07:25:44.860566: | length: 8 (0x8) Sep 21 07:25:44.860568: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:44.860571: | SPI size: 0 (0x0) Sep 21 07:25:44.860573: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:44.860575: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:25:44.860577: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:44.860580: | ***parse IKEv2 Notify Payload: Sep 21 07:25:44.860582: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:44.860584: | flags: none (0x0) Sep 21 07:25:44.860586: | length: 28 (0x1c) Sep 21 07:25:44.860588: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:44.860590: | SPI size: 0 (0x0) Sep 21 07:25:44.860593: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:44.860595: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:25:44.860597: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:25:44.860600: | ***parse IKEv2 Notify Payload: Sep 21 07:25:44.860602: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:44.860605: | flags: none (0x0) Sep 21 07:25:44.860607: | length: 28 (0x1c) Sep 21 07:25:44.860609: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:44.860611: | SPI size: 0 (0x0) Sep 21 07:25:44.860614: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:44.860616: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:25:44.860618: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Sep 21 07:25:44.860624: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:25:44.860626: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:25:44.860629: | Now let's proceed with state specific processing Sep 21 07:25:44.860631: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:25:44.860636: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Sep 21 07:25:44.860653: | using existing local IKE proposals for connection northnet-eastnet/0x2 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:44.860658: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Sep 21 07:25:44.860661: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:44.860664: | local proposal 1 type PRF has 2 transforms Sep 21 07:25:44.860666: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:44.860669: | local proposal 1 type DH has 8 transforms Sep 21 07:25:44.860672: | local proposal 1 type ESN has 0 transforms Sep 21 07:25:44.860675: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:25:44.860678: | local proposal 2 type ENCR has 1 transforms Sep 21 07:25:44.860680: | local proposal 2 type PRF has 2 transforms Sep 21 07:25:44.860683: | local proposal 2 type INTEG has 1 transforms Sep 21 07:25:44.860685: | local proposal 2 type DH has 8 transforms Sep 21 07:25:44.860688: | local proposal 2 type ESN has 0 transforms Sep 21 07:25:44.860691: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:25:44.860693: | local proposal 3 type ENCR has 1 transforms Sep 21 07:25:44.860695: | local proposal 3 type PRF has 2 transforms Sep 21 07:25:44.860697: | local proposal 3 type INTEG has 2 transforms Sep 21 07:25:44.860700: | local proposal 3 type DH has 8 transforms Sep 21 07:25:44.860702: | local proposal 3 type ESN has 0 transforms Sep 21 07:25:44.860705: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:25:44.860707: | local proposal 4 type ENCR has 1 transforms Sep 21 07:25:44.860709: | local proposal 4 type PRF has 2 transforms Sep 21 07:25:44.860712: | local proposal 4 type INTEG has 2 transforms Sep 21 07:25:44.860714: | local proposal 4 type DH has 8 transforms Sep 21 07:25:44.860715: | local proposal 4 type ESN has 0 transforms Sep 21 07:25:44.860717: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:25:44.860719: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:44.860721: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:44.860722: | length: 36 (0x24) Sep 21 07:25:44.860724: | prop #: 1 (0x1) Sep 21 07:25:44.860725: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:44.860727: | spi size: 0 (0x0) Sep 21 07:25:44.860728: | # transforms: 3 (0x3) Sep 21 07:25:44.860731: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:25:44.860733: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:44.860734: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.860736: | length: 12 (0xc) Sep 21 07:25:44.860737: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:44.860739: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:44.860740: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:44.860742: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:44.860744: | length/value: 256 (0x100) Sep 21 07:25:44.860746: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:44.860748: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:44.860750: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.860754: | length: 8 (0x8) Sep 21 07:25:44.860756: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:44.860757: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:44.860759: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:25:44.860761: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:44.860763: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:44.860764: | length: 8 (0x8) Sep 21 07:25:44.860766: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.860767: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:44.860769: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:25:44.860771: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:25:44.860774: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:25:44.860776: | remote proposal 1 matches local proposal 1 Sep 21 07:25:44.860778: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Sep 21 07:25:44.860779: | converting proposal to internal trans attrs Sep 21 07:25:44.860796: | natd_hash: hasher=0x55a9fc3517a0(20) Sep 21 07:25:44.860800: | natd_hash: icookie= ed 77 91 86 49 b9 d1 07 Sep 21 07:25:44.860801: | natd_hash: rcookie= a8 aa 2f 49 4c d2 7f cc Sep 21 07:25:44.860803: | natd_hash: ip= c0 01 03 21 Sep 21 07:25:44.860804: | natd_hash: port= 01 f4 Sep 21 07:25:44.860806: | natd_hash: hash= 91 b6 e8 61 d9 af bc 72 ef 1e f2 31 33 19 6f a1 Sep 21 07:25:44.860807: | natd_hash: hash= 95 cd 04 b6 Sep 21 07:25:44.860811: | natd_hash: hasher=0x55a9fc3517a0(20) Sep 21 07:25:44.860813: | natd_hash: icookie= ed 77 91 86 49 b9 d1 07 Sep 21 07:25:44.860815: | natd_hash: rcookie= a8 aa 2f 49 4c d2 7f cc Sep 21 07:25:44.860816: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:44.860817: | natd_hash: port= 01 f4 Sep 21 07:25:44.860819: | natd_hash: hash= 1b 42 55 c1 aa 67 a2 ed 49 8c c9 88 7a 9e 91 8a Sep 21 07:25:44.860820: | natd_hash: hash= 2f 3c c9 5d Sep 21 07:25:44.860822: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:25:44.860823: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:25:44.860825: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:25:44.860827: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:25:44.860829: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:25:44.860832: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Sep 21 07:25:44.860834: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:25:44.860836: | #1 STATE_PARENT_I1: retransmits: cleared Sep 21 07:25:44.860838: | libevent_free: release ptr-libevent@0x55a9fd6144e0 Sep 21 07:25:44.860840: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55a9fd6144a0 Sep 21 07:25:44.860842: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55a9fd6144a0 Sep 21 07:25:44.860844: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:25:44.860846: | libevent_malloc: new ptr-libevent@0x55a9fd6144e0 size 128 Sep 21 07:25:44.860855: | #1 spent 0.215 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Sep 21 07:25:44.860857: | crypto helper 6 resuming Sep 21 07:25:44.860862: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:44.860863: | crypto helper 6 starting work-order 2 for state #1 Sep 21 07:25:44.860866: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Sep 21 07:25:44.860868: | crypto helper 6 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Sep 21 07:25:44.860869: | suspending state #1 and saving MD Sep 21 07:25:44.860877: | #1 is busy; has a suspended MD Sep 21 07:25:44.860882: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:44.860887: | "northnet-eastnet/0x2" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:44.860892: | stop processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:44.860896: | #1 spent 0.491 milliseconds in ikev2_process_packet() Sep 21 07:25:44.860901: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:44.860903: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:44.860906: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:44.860910: | spent 0.505 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:44.861419: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:25:44.861698: | crypto helper 6 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.00083 seconds Sep 21 07:25:44.861704: | (#1) spent 0.836 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Sep 21 07:25:44.861706: | crypto helper 6 sending results from work-order 2 for state #1 to event queue Sep 21 07:25:44.861708: | scheduling resume sending helper answer for #1 Sep 21 07:25:44.861710: | libevent_malloc: new ptr-libevent@0x7fc8e4006b90 size 128 Sep 21 07:25:44.861716: | crypto helper 6 waiting (nothing to do) Sep 21 07:25:44.861722: | processing resume sending helper answer for #1 Sep 21 07:25:44.861729: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:44.861733: | crypto helper 6 replies to request ID 2 Sep 21 07:25:44.861735: | calling continuation function 0x55a9fc27b630 Sep 21 07:25:44.861738: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Sep 21 07:25:44.861746: | creating state object #2 at 0x55a9fd616de0 Sep 21 07:25:44.861749: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:25:44.861751: | pstats #2 ikev2.child started Sep 21 07:25:44.861753: | duplicating state object #1 "northnet-eastnet/0x2" as #2 for IPSEC SA Sep 21 07:25:44.861756: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:25:44.861760: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:44.861763: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Sep 21 07:25:44.861766: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Sep 21 07:25:44.861768: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:44.861771: | libevent_free: release ptr-libevent@0x55a9fd6144e0 Sep 21 07:25:44.861773: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55a9fd6144a0 Sep 21 07:25:44.861775: | event_schedule: new EVENT_SA_REPLACE-pe@0x55a9fd6144a0 Sep 21 07:25:44.861777: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Sep 21 07:25:44.861779: | libevent_malloc: new ptr-libevent@0x55a9fd6144e0 size 128 Sep 21 07:25:44.861781: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Sep 21 07:25:44.861789: | **emit ISAKMP Message: Sep 21 07:25:44.861794: | initiator cookie: Sep 21 07:25:44.861796: | ed 77 91 86 49 b9 d1 07 Sep 21 07:25:44.861798: | responder cookie: Sep 21 07:25:44.861800: | a8 aa 2f 49 4c d2 7f cc Sep 21 07:25:44.861803: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:44.861805: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:44.861807: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:44.861810: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:44.861814: | Message ID: 1 (0x1) Sep 21 07:25:44.861816: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:44.861819: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:44.861821: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:44.861822: | flags: none (0x0) Sep 21 07:25:44.861824: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:44.861826: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:25:44.861828: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:44.861833: | IKEv2 CERT: send a certificate? Sep 21 07:25:44.861836: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Sep 21 07:25:44.861837: | IDr payload will be sent Sep 21 07:25:44.861849: | ****emit IKEv2 Identification - Initiator - Payload: Sep 21 07:25:44.861851: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:44.861853: | flags: none (0x0) Sep 21 07:25:44.861854: | ID type: ID_FQDN (0x2) Sep 21 07:25:44.861856: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Sep 21 07:25:44.861858: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:44.861860: | emitting 5 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Sep 21 07:25:44.861862: | my identity 6e 6f 72 74 68 Sep 21 07:25:44.861864: | emitting length of IKEv2 Identification - Initiator - Payload: 13 Sep 21 07:25:44.861869: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:25:44.861871: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:25:44.861872: | flags: none (0x0) Sep 21 07:25:44.861874: | ID type: ID_FQDN (0x2) Sep 21 07:25:44.861875: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Sep 21 07:25:44.861877: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:25:44.861879: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:44.861881: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Sep 21 07:25:44.861883: | IDr 65 61 73 74 Sep 21 07:25:44.861884: | emitting length of IKEv2 Identification - Responder - Payload: 12 Sep 21 07:25:44.861886: | not sending INITIAL_CONTACT Sep 21 07:25:44.861888: | ****emit IKEv2 Authentication Payload: Sep 21 07:25:44.861889: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:44.861891: | flags: none (0x0) Sep 21 07:25:44.861892: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:25:44.861894: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:25:44.861896: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:25:44.861898: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Sep 21 07:25:44.861901: | started looking for secret for @north->@east of kind PKK_PSK Sep 21 07:25:44.861903: | actually looking for secret for @north->@east of kind PKK_PSK Sep 21 07:25:44.861905: | line 1: key type PKK_PSK(@north) to type PKK_PSK Sep 21 07:25:44.861908: | 1: compared key @north to @north / @east -> 010 Sep 21 07:25:44.861910: | 2: compared key @east to @north / @east -> 014 Sep 21 07:25:44.861912: | line 1: match=014 Sep 21 07:25:44.861914: | match 014 beats previous best_match 000 match=0x55a9fd604570 (line=1) Sep 21 07:25:44.861916: | concluding with best_match=014 best=0x55a9fd604570 (lineno=1) Sep 21 07:25:44.861953: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Sep 21 07:25:44.861955: | PSK auth 81 5d 8b a0 d0 ef 58 78 24 0f 6f 6c 26 f3 22 1a Sep 21 07:25:44.861957: | PSK auth a3 4b 83 da 38 30 c2 17 a6 4c 7c f4 32 e5 18 2c Sep 21 07:25:44.861958: | PSK auth 11 8f c6 26 a6 6a 7d 83 a1 f6 e4 46 16 b8 0d 1e Sep 21 07:25:44.861960: | PSK auth 3f a3 44 8a 67 c3 48 67 9c 6f bb df c2 72 d3 e9 Sep 21 07:25:44.861961: | emitting length of IKEv2 Authentication Payload: 72 Sep 21 07:25:44.861963: | getting first pending from state #1 Sep 21 07:25:44.861965: | Switching Child connection for #2 to "northnet-eastnet/0x1" from "northnet-eastnet/0x2" Sep 21 07:25:44.861968: | in connection_discard for connection northnet-eastnet/0x2 Sep 21 07:25:44.861983: | netlink_get_spi: allocated 0x7e4f04b5 for esp.0@192.1.3.33 Sep 21 07:25:44.861986: | constructing ESP/AH proposals with all DH removed for northnet-eastnet/0x1 (IKE SA initiator emitting ESP/AH proposals) Sep 21 07:25:44.861990: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:25:44.861994: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:25:44.861995: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:25:44.861998: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:25:44.862000: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:44.862003: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:44.862004: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:44.862007: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:44.862011: "northnet-eastnet/0x1": constructed local ESP/AH proposals for northnet-eastnet/0x1 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:44.862019: | Emitting ikev2_proposals ... Sep 21 07:25:44.862022: | ****emit IKEv2 Security Association Payload: Sep 21 07:25:44.862024: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:44.862026: | flags: none (0x0) Sep 21 07:25:44.862029: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:44.862032: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:44.862035: | discarding INTEG=NONE Sep 21 07:25:44.862037: | discarding DH=NONE Sep 21 07:25:44.862039: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:44.862042: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:44.862044: | prop #: 1 (0x1) Sep 21 07:25:44.862046: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:44.862048: | spi size: 4 (0x4) Sep 21 07:25:44.862050: | # transforms: 2 (0x2) Sep 21 07:25:44.862053: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:44.862056: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:44.862058: | our spi 7e 4f 04 b5 Sep 21 07:25:44.862060: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.862063: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.862065: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:44.862067: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:44.862070: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.862072: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:44.862077: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:44.862080: | length/value: 256 (0x100) Sep 21 07:25:44.862083: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:44.862085: | discarding INTEG=NONE Sep 21 07:25:44.862087: | discarding DH=NONE Sep 21 07:25:44.862089: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.862091: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:44.862093: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:44.862095: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:44.862098: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.862101: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.862104: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.862107: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:25:44.862109: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:44.862111: | discarding INTEG=NONE Sep 21 07:25:44.862113: | discarding DH=NONE Sep 21 07:25:44.862116: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:44.862118: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:44.862120: | prop #: 2 (0x2) Sep 21 07:25:44.862123: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:44.862125: | spi size: 4 (0x4) Sep 21 07:25:44.862127: | # transforms: 2 (0x2) Sep 21 07:25:44.862130: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:44.862132: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:44.862136: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:44.862138: | our spi 7e 4f 04 b5 Sep 21 07:25:44.862140: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.862142: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.862145: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:44.862147: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:44.862149: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.862152: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:44.862155: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:44.862157: | length/value: 128 (0x80) Sep 21 07:25:44.862159: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:44.862161: | discarding INTEG=NONE Sep 21 07:25:44.862163: | discarding DH=NONE Sep 21 07:25:44.862166: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.862168: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:44.862170: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:44.862171: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:44.862173: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.862175: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.862177: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.862178: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:25:44.862180: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:44.862182: | discarding DH=NONE Sep 21 07:25:44.862183: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:44.862185: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:44.862188: | prop #: 3 (0x3) Sep 21 07:25:44.862189: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:44.862191: | spi size: 4 (0x4) Sep 21 07:25:44.862192: | # transforms: 4 (0x4) Sep 21 07:25:44.862194: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:44.862196: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:44.862198: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:44.862199: | our spi 7e 4f 04 b5 Sep 21 07:25:44.862201: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.862202: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.862204: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:44.862205: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:44.862207: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.862208: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:44.862210: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:44.862212: | length/value: 256 (0x100) Sep 21 07:25:44.862213: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:44.862215: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.862216: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.862218: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:44.862219: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:44.862221: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.862223: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.862224: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.862226: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.862227: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.862229: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:44.862230: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:44.862232: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.862234: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.862236: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.862237: | discarding DH=NONE Sep 21 07:25:44.862238: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.862240: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:44.862241: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:44.862243: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:44.862245: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.862246: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.862248: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.862250: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:25:44.862251: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:44.862253: | discarding DH=NONE Sep 21 07:25:44.862254: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:44.862256: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:44.862257: | prop #: 4 (0x4) Sep 21 07:25:44.862260: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:44.862261: | spi size: 4 (0x4) Sep 21 07:25:44.862263: | # transforms: 4 (0x4) Sep 21 07:25:44.862264: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:44.862266: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:44.862268: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:44.862269: | our spi 7e 4f 04 b5 Sep 21 07:25:44.862271: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.862272: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.862274: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:44.862275: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:44.862277: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.862279: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:44.862280: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:44.862282: | length/value: 128 (0x80) Sep 21 07:25:44.862283: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:44.862285: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.862286: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.862288: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:44.862289: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:44.862291: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.862293: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.862294: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.862296: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.862297: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.862299: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:44.862371: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:44.862376: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.862379: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.862382: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.862385: | discarding DH=NONE Sep 21 07:25:44.862387: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.862390: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:44.862392: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:44.862395: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:44.862398: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.862401: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.862403: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.862404: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:25:44.862406: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:44.862408: | emitting length of IKEv2 Security Association Payload: 164 Sep 21 07:25:44.862409: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:44.862412: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:44.862416: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:44.862417: | flags: none (0x0) Sep 21 07:25:44.862419: | number of TS: 1 (0x1) Sep 21 07:25:44.862421: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:25:44.862423: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:44.862425: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:44.862426: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:44.862428: | IP Protocol ID: 0 (0x0) Sep 21 07:25:44.862429: | start port: 0 (0x0) Sep 21 07:25:44.862431: | end port: 65535 (0xffff) Sep 21 07:25:44.862433: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:44.862435: | IP start c0 00 03 00 Sep 21 07:25:44.862436: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:44.862438: | IP end c0 00 03 ff Sep 21 07:25:44.862439: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:44.862441: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:25:44.862443: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:44.862444: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:44.862446: | flags: none (0x0) Sep 21 07:25:44.862447: | number of TS: 1 (0x1) Sep 21 07:25:44.862449: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:25:44.862451: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:44.862453: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:44.862454: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:44.862456: | IP Protocol ID: 0 (0x0) Sep 21 07:25:44.862457: | start port: 0 (0x0) Sep 21 07:25:44.862459: | end port: 65535 (0xffff) Sep 21 07:25:44.862460: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:44.862462: | IP start c0 00 02 00 Sep 21 07:25:44.862463: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:44.862465: | IP end c0 00 02 ff Sep 21 07:25:44.862466: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:44.862468: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:25:44.862470: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:25:44.862471: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:25:44.862473: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:44.862475: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:44.862477: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:44.862479: | emitting length of IKEv2 Encryption Payload: 338 Sep 21 07:25:44.862481: | emitting length of ISAKMP Message: 366 Sep 21 07:25:44.862493: | suspend processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:44.862497: | start processing: state #2 connection "northnet-eastnet/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:44.862500: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Sep 21 07:25:44.862501: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Sep 21 07:25:44.862504: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Sep 21 07:25:44.862506: | Message ID: updating counters for #2 to 0 after switching state Sep 21 07:25:44.862511: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Sep 21 07:25:44.862517: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Sep 21 07:25:44.862521: "northnet-eastnet/0x1" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:25:44.862533: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:25:44.862540: | sending 366 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:44.862543: | ed 77 91 86 49 b9 d1 07 a8 aa 2f 49 4c d2 7f cc Sep 21 07:25:44.862546: | 2e 20 23 08 00 00 00 01 00 00 01 6e 23 00 01 52 Sep 21 07:25:44.862549: | 50 7e de 1a 84 77 f1 28 3d 38 dd b8 cb c0 65 4c Sep 21 07:25:44.862551: | fd 5d 84 9d 03 4b 1d f9 4b f5 24 b5 e9 2a 7a 19 Sep 21 07:25:44.862554: | b6 6e e4 35 58 17 23 0e c2 ef 78 3d eb 70 48 47 Sep 21 07:25:44.862557: | 40 df 6e 1d 4a 1a 8e f8 3d 6a 08 6e ce 58 d0 fc Sep 21 07:25:44.862559: | 9c 56 3d 1a 36 af 43 9a e2 c9 00 c9 be 42 26 43 Sep 21 07:25:44.862562: | a6 49 84 da a5 5d 9a 88 3e ed 5f 5f 5e ce 4d 36 Sep 21 07:25:44.862565: | 1e 6b 7f b8 87 68 f0 77 7c c0 19 85 8b 2e 90 f2 Sep 21 07:25:44.862567: | 20 09 c1 36 89 b9 35 8c a0 56 13 d5 c4 44 f5 4b Sep 21 07:25:44.862570: | d1 91 6e ba 55 78 94 55 77 7f a1 9d ec 45 0e 0e Sep 21 07:25:44.862573: | 09 98 c2 a4 3c c1 87 c0 59 9e f0 c2 0a 16 19 8a Sep 21 07:25:44.862575: | f3 3b 9e 4e bd 58 f4 9b f9 80 0f e1 77 25 7a a3 Sep 21 07:25:44.862578: | b8 7b 22 27 63 62 1c 12 cd 87 48 13 dd 18 67 8a Sep 21 07:25:44.862581: | 1d bb f7 69 96 d4 bf 88 5f 2d 69 22 2c eb 0a 77 Sep 21 07:25:44.862583: | a7 37 b1 a3 d4 32 12 29 57 0c c5 ae e4 d1 ff 9f Sep 21 07:25:44.862586: | 3a da 10 80 f6 b1 3d f4 ba cb d5 8f 24 b7 55 cf Sep 21 07:25:44.862589: | b5 0c cc ce 15 88 83 9a e8 54 ef f0 82 98 60 f3 Sep 21 07:25:44.862591: | 7a e9 12 3c 4b d7 2b 04 a3 73 be b7 67 74 41 4b Sep 21 07:25:44.862594: | 38 f6 d6 fc 0a 17 96 73 ec f8 90 cc 6c 9d 06 66 Sep 21 07:25:44.862596: | 02 e6 9c de 10 59 91 85 87 48 b1 58 25 54 82 8c Sep 21 07:25:44.862599: | 21 ae 56 8f 15 f0 9a b1 f7 e5 70 ff df b9 4c 92 Sep 21 07:25:44.862602: | d0 b2 9e a7 0a e2 ed e6 f9 1a ad 62 c0 4d Sep 21 07:25:44.862648: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:25:44.862653: "northnet-eastnet/0x1" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:25:44.862660: | event_schedule: new EVENT_RETRANSMIT-pe@0x55a9fd614220 Sep 21 07:25:44.862664: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 Sep 21 07:25:44.862667: | libevent_malloc: new ptr-libevent@0x55a9fd614300 size 128 Sep 21 07:25:44.862673: | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49391.230923 Sep 21 07:25:44.862676: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:25:44.862682: | #1 spent 0.867 milliseconds in resume sending helper answer Sep 21 07:25:44.862687: | stop processing: state #2 connection "northnet-eastnet/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:44.862690: | libevent_free: release ptr-libevent@0x7fc8e4006b90 Sep 21 07:25:44.912280: | spent 0.00288 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:44.912302: | *received 225 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:44.912306: | ed 77 91 86 49 b9 d1 07 a8 aa 2f 49 4c d2 7f cc Sep 21 07:25:44.912308: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Sep 21 07:25:44.912310: | 87 50 9c 2c 50 fb b3 1b b3 0e c6 91 7f d3 b9 c5 Sep 21 07:25:44.912313: | 07 a5 0b 44 4e a0 14 a2 89 59 e4 56 54 d4 1d 2e Sep 21 07:25:44.912315: | da c1 b2 7a b4 30 4e 11 bf 7a c9 9d d2 ee a0 86 Sep 21 07:25:44.912317: | 0b 68 99 14 4f b3 80 c6 1f a2 fe 01 1a 97 70 ad Sep 21 07:25:44.912322: | 9e 4f 39 55 f2 db 7e 50 4e ef 80 89 ac 17 6f 23 Sep 21 07:25:44.912324: | e6 86 42 78 91 9e b2 f1 de 42 fa ca 0e 06 12 b4 Sep 21 07:25:44.912327: | eb 5e a9 93 2f c1 f7 14 b7 22 1e 51 ee cf d7 af Sep 21 07:25:44.912329: | b2 f5 ee e1 4a f5 cf 88 b3 36 da 99 c4 a1 c8 d0 Sep 21 07:25:44.912331: | 8f 40 fe 3f 23 ee 86 0e a0 54 39 cc 40 79 81 0c Sep 21 07:25:44.912334: | 68 cb f1 c3 95 56 9d 38 62 1b d9 12 54 e9 ca 75 Sep 21 07:25:44.912336: | 04 54 a5 de d8 fb bd 2b 72 d6 3f 4a 49 90 17 5b Sep 21 07:25:44.912338: | fa 06 29 f7 cc 5f 80 4b 1f 21 b9 61 47 6d d3 f8 Sep 21 07:25:44.912340: | cd Sep 21 07:25:44.912345: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:44.912349: | **parse ISAKMP Message: Sep 21 07:25:44.912351: | initiator cookie: Sep 21 07:25:44.912354: | ed 77 91 86 49 b9 d1 07 Sep 21 07:25:44.912356: | responder cookie: Sep 21 07:25:44.912358: | a8 aa 2f 49 4c d2 7f cc Sep 21 07:25:44.912361: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:44.912364: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:44.912366: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:25:44.912369: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:44.912372: | Message ID: 1 (0x1) Sep 21 07:25:44.912374: | length: 225 (0xe1) Sep 21 07:25:44.912377: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:25:44.912380: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:25:44.912384: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:25:44.912390: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:44.912393: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:25:44.912398: | suspend processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:44.912402: | start processing: state #2 connection "northnet-eastnet/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:44.912405: | #2 is idle Sep 21 07:25:44.912407: | #2 idle Sep 21 07:25:44.912409: | unpacking clear payload Sep 21 07:25:44.912412: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:44.912414: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:44.912417: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:25:44.912420: | flags: none (0x0) Sep 21 07:25:44.912422: | length: 197 (0xc5) Sep 21 07:25:44.912425: | processing payload: ISAKMP_NEXT_v2SK (len=193) Sep 21 07:25:44.912427: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:25:44.912442: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:25:44.912445: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:25:44.912448: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:25:44.912451: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:25:44.912453: | flags: none (0x0) Sep 21 07:25:44.912455: | length: 12 (0xc) Sep 21 07:25:44.912458: | ID type: ID_FQDN (0x2) Sep 21 07:25:44.912460: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Sep 21 07:25:44.912463: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:25:44.912465: | **parse IKEv2 Authentication Payload: Sep 21 07:25:44.912468: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:44.912470: | flags: none (0x0) Sep 21 07:25:44.912472: | length: 72 (0x48) Sep 21 07:25:44.912475: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:25:44.912477: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Sep 21 07:25:44.912480: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:44.912483: | **parse IKEv2 Security Association Payload: Sep 21 07:25:44.912485: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:25:44.912487: | flags: none (0x0) Sep 21 07:25:44.912491: | length: 36 (0x24) Sep 21 07:25:44.912493: | processing payload: ISAKMP_NEXT_v2SA (len=32) Sep 21 07:25:44.912496: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:25:44.912498: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:44.912501: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:25:44.912503: | flags: none (0x0) Sep 21 07:25:44.912505: | length: 24 (0x18) Sep 21 07:25:44.912508: | number of TS: 1 (0x1) Sep 21 07:25:44.912510: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:25:44.912513: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:25:44.912515: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:44.912517: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:44.912520: | flags: none (0x0) Sep 21 07:25:44.912522: | length: 24 (0x18) Sep 21 07:25:44.912524: | number of TS: 1 (0x1) Sep 21 07:25:44.912527: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:25:44.912529: | selected state microcode Initiator: process IKE_AUTH response Sep 21 07:25:44.912532: | Now let's proceed with state specific processing Sep 21 07:25:44.912534: | calling processor Initiator: process IKE_AUTH response Sep 21 07:25:44.912539: | offered CA: '%none' Sep 21 07:25:44.912543: "northnet-eastnet/0x1" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Sep 21 07:25:44.912580: | verifying AUTH payload Sep 21 07:25:44.912584: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Sep 21 07:25:44.912589: | started looking for secret for @north->@east of kind PKK_PSK Sep 21 07:25:44.912592: | actually looking for secret for @north->@east of kind PKK_PSK Sep 21 07:25:44.912595: | line 1: key type PKK_PSK(@north) to type PKK_PSK Sep 21 07:25:44.912598: | 1: compared key @north to @north / @east -> 010 Sep 21 07:25:44.912602: | 2: compared key @east to @north / @east -> 014 Sep 21 07:25:44.912604: | line 1: match=014 Sep 21 07:25:44.912607: | match 014 beats previous best_match 000 match=0x55a9fd604570 (line=1) Sep 21 07:25:44.912610: | concluding with best_match=014 best=0x55a9fd604570 (lineno=1) Sep 21 07:25:44.912672: "northnet-eastnet/0x1" #2: Authenticated using authby=secret Sep 21 07:25:44.912678: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Sep 21 07:25:44.912682: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Sep 21 07:25:44.912685: | state #1 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:25:44.912689: | libevent_free: release ptr-libevent@0x55a9fd6144e0 Sep 21 07:25:44.912692: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55a9fd6144a0 Sep 21 07:25:44.912694: | event_schedule: new EVENT_SA_REKEY-pe@0x55a9fd6144a0 Sep 21 07:25:44.912698: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Sep 21 07:25:44.912701: | libevent_malloc: new ptr-libevent@0x55a9fd6144e0 size 128 Sep 21 07:25:44.912969: | pstats #1 ikev2.ike established Sep 21 07:25:44.912977: | TSi: parsing 1 traffic selectors Sep 21 07:25:44.912980: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:44.912983: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:44.912985: | IP Protocol ID: 0 (0x0) Sep 21 07:25:44.912988: | length: 16 (0x10) Sep 21 07:25:44.912990: | start port: 0 (0x0) Sep 21 07:25:44.912992: | end port: 65535 (0xffff) Sep 21 07:25:44.912995: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:44.912997: | TS low c0 00 03 00 Sep 21 07:25:44.913000: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:44.913002: | TS high c0 00 03 ff Sep 21 07:25:44.913005: | TSi: parsed 1 traffic selectors Sep 21 07:25:44.913007: | TSr: parsing 1 traffic selectors Sep 21 07:25:44.913009: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:44.913012: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:44.913015: | IP Protocol ID: 0 (0x0) Sep 21 07:25:44.913017: | length: 16 (0x10) Sep 21 07:25:44.913019: | start port: 0 (0x0) Sep 21 07:25:44.913024: | end port: 65535 (0xffff) Sep 21 07:25:44.913027: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:44.913029: | TS low c0 00 02 00 Sep 21 07:25:44.913031: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:44.913033: | TS high c0 00 02 ff Sep 21 07:25:44.913036: | TSr: parsed 1 traffic selectors Sep 21 07:25:44.913042: | evaluating our conn="northnet-eastnet/0x1" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:25:44.913047: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:44.913054: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:25:44.913057: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:44.913060: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:44.913063: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:44.913066: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:44.913070: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:44.913076: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:25:44.913079: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:25:44.913082: | TSr[0] port match: YES fitness 65536 Sep 21 07:25:44.913084: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:25:44.913087: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:44.913089: | best fit so far: TSi[0] TSr[0] Sep 21 07:25:44.913092: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:25:44.913094: | printing contents struct traffic_selector Sep 21 07:25:44.913099: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:25:44.913101: | ipprotoid: 0 Sep 21 07:25:44.913102: | port range: 0-65535 Sep 21 07:25:44.913106: | ip range: 192.0.3.0-192.0.3.255 Sep 21 07:25:44.913107: | printing contents struct traffic_selector Sep 21 07:25:44.913110: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:25:44.913112: | ipprotoid: 0 Sep 21 07:25:44.913113: | port range: 0-65535 Sep 21 07:25:44.913117: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:25:44.913129: | using existing local ESP/AH proposals for northnet-eastnet/0x1 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:25:44.913132: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Sep 21 07:25:44.913135: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:44.913138: | local proposal 1 type PRF has 0 transforms Sep 21 07:25:44.913140: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:44.913142: | local proposal 1 type DH has 1 transforms Sep 21 07:25:44.913144: | local proposal 1 type ESN has 1 transforms Sep 21 07:25:44.913148: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:25:44.913150: | local proposal 2 type ENCR has 1 transforms Sep 21 07:25:44.913152: | local proposal 2 type PRF has 0 transforms Sep 21 07:25:44.913154: | local proposal 2 type INTEG has 1 transforms Sep 21 07:25:44.913156: | local proposal 2 type DH has 1 transforms Sep 21 07:25:44.913159: | local proposal 2 type ESN has 1 transforms Sep 21 07:25:44.913161: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:25:44.913164: | local proposal 3 type ENCR has 1 transforms Sep 21 07:25:44.913166: | local proposal 3 type PRF has 0 transforms Sep 21 07:25:44.913168: | local proposal 3 type INTEG has 2 transforms Sep 21 07:25:44.913170: | local proposal 3 type DH has 1 transforms Sep 21 07:25:44.913173: | local proposal 3 type ESN has 1 transforms Sep 21 07:25:44.913175: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:25:44.913180: | local proposal 4 type ENCR has 1 transforms Sep 21 07:25:44.913182: | local proposal 4 type PRF has 0 transforms Sep 21 07:25:44.913185: | local proposal 4 type INTEG has 2 transforms Sep 21 07:25:44.913187: | local proposal 4 type DH has 1 transforms Sep 21 07:25:44.913189: | local proposal 4 type ESN has 1 transforms Sep 21 07:25:44.913191: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:25:44.913194: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:44.913196: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:44.913199: | length: 32 (0x20) Sep 21 07:25:44.913201: | prop #: 1 (0x1) Sep 21 07:25:44.913203: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:44.913205: | spi size: 4 (0x4) Sep 21 07:25:44.913207: | # transforms: 2 (0x2) Sep 21 07:25:44.913210: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:44.913212: | remote SPI 87 71 24 36 Sep 21 07:25:44.913215: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:25:44.913218: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:44.913220: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.913222: | length: 12 (0xc) Sep 21 07:25:44.913224: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:44.913227: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:44.913229: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:44.913729: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:44.913735: | length/value: 256 (0x100) Sep 21 07:25:44.913740: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:44.913743: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:44.913746: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:44.913748: | length: 8 (0x8) Sep 21 07:25:44.913751: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:44.913753: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:44.913757: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:25:44.913760: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Sep 21 07:25:44.913765: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Sep 21 07:25:44.913768: | remote proposal 1 matches local proposal 1 Sep 21 07:25:44.913770: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Sep 21 07:25:44.913776: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=87712436;ENCR=AES_GCM_C_256;ESN=DISABLED Sep 21 07:25:44.913778: | converting proposal to internal trans attrs Sep 21 07:25:44.913792: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:25:44.913967: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:25:44.913972: | could_route called for northnet-eastnet/0x1 (kind=CK_PERMANENT) Sep 21 07:25:44.913975: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:44.913978: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:44.913981: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:44.913983: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:44.913986: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:44.913992: | route owner of "northnet-eastnet/0x1" unrouted: NULL; eroute owner: NULL Sep 21 07:25:44.913996: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:25:44.913999: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:25:44.914002: | AES_GCM_16 requires 4 salt bytes Sep 21 07:25:44.914005: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:25:44.914009: | setting IPsec SA replay-window to 32 Sep 21 07:25:44.914014: | NIC esp-hw-offload not for connection 'northnet-eastnet/0x1' not available on interface eth1 Sep 21 07:25:44.914018: | netlink: enabling tunnel mode Sep 21 07:25:44.914020: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:44.914023: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:44.914106: | netlink response for Add SA esp.87712436@192.1.2.23 included non-error error Sep 21 07:25:44.914110: | set up outgoing SA, ref=0/0 Sep 21 07:25:44.914113: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:25:44.914116: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:25:44.914119: | AES_GCM_16 requires 4 salt bytes Sep 21 07:25:44.914122: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:25:44.914125: | setting IPsec SA replay-window to 32 Sep 21 07:25:44.914128: | NIC esp-hw-offload not for connection 'northnet-eastnet/0x1' not available on interface eth1 Sep 21 07:25:44.914131: | netlink: enabling tunnel mode Sep 21 07:25:44.914133: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:44.914136: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:44.914221: | netlink response for Add SA esp.7e4f04b5@192.1.3.33 included non-error error Sep 21 07:25:44.914227: | priority calculation of connection "northnet-eastnet/0x1" is 0xfe7e7 Sep 21 07:25:44.914234: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Sep 21 07:25:44.914237: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:44.914280: | raw_eroute result=success Sep 21 07:25:44.914283: | set up incoming SA, ref=0/0 Sep 21 07:25:44.914285: | sr for #2: unrouted Sep 21 07:25:44.914288: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:25:44.914291: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:44.914294: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:44.914296: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:44.914299: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:44.914370: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:44.914374: | route owner of "northnet-eastnet/0x1" unrouted: NULL; eroute owner: NULL Sep 21 07:25:44.914378: | route_and_eroute with c: northnet-eastnet/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:25:44.914381: | priority calculation of connection "northnet-eastnet/0x1" is 0xfe7e7 Sep 21 07:25:44.914389: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:25:44.914392: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:44.914418: | raw_eroute result=success Sep 21 07:25:44.914422: | running updown command "ipsec _updown" for verb up Sep 21 07:25:44.914425: | command executing up-client Sep 21 07:25:44.914451: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' S Sep 21 07:25:44.914455: | popen cmd is 1050 chars long Sep 21 07:25:44.914460: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x: Sep 21 07:25:44.914463: | cmd( 80):1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUT: Sep 21 07:25:44.914466: | cmd( 160):O_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' : Sep 21 07:25:44.914469: | cmd( 240):PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLU: Sep 21 07:25:44.914471: | cmd( 320):TO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@: Sep 21 07:25:44.914474: | cmd( 400):east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_P: Sep 21 07:25:44.914476: | cmd( 480):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Sep 21 07:25:44.914479: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRY: Sep 21 07:25:44.914482: | cmd( 640):PT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_: Sep 21 07:25:44.914484: | cmd( 720):CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PE: Sep 21 07:25:44.914487: | cmd( 800):ER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=: Sep 21 07:25:44.914489: | cmd( 880):'' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=': Sep 21 07:25:44.914492: | cmd( 960):' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x87712436 SPI_OUT=0x7e4f04b5 ipsec _u: Sep 21 07:25:44.914494: | cmd(1040):pdown 2>&1: Sep 21 07:25:44.927797: | route_and_eroute: firewall_notified: true Sep 21 07:25:44.927818: | running updown command "ipsec _updown" for verb prepare Sep 21 07:25:44.927822: | command executing prepare-client Sep 21 07:25:44.927842: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHA Sep 21 07:25:44.927845: | popen cmd is 1055 chars long Sep 21 07:25:44.927847: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:25:44.927849: | cmd( 80):et/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33': Sep 21 07:25:44.927850: | cmd( 160): PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.: Sep 21 07:25:44.927852: | cmd( 240):3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Sep 21 07:25:44.927854: | cmd( 320):' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_: Sep 21 07:25:44.927855: | cmd( 400):ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PL: Sep 21 07:25:44.927857: | cmd( 480):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Sep 21 07:25:44.927858: | cmd( 560): PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+: Sep 21 07:25:44.927860: | cmd( 640):ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' P: Sep 21 07:25:44.927861: | cmd( 720):LUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_: Sep 21 07:25:44.927863: | cmd( 800):IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BA: Sep 21 07:25:44.927867: | cmd( 880):NNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IF: Sep 21 07:25:44.927869: | cmd( 960):ACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x87712436 SPI_OUT=0x7e4f04b5 ips: Sep 21 07:25:44.927871: | cmd(1040):ec _updown 2>&1: Sep 21 07:25:44.937991: | running updown command "ipsec _updown" for verb route Sep 21 07:25:44.938005: | command executing route-client Sep 21 07:25:44.938038: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED= Sep 21 07:25:44.938043: | popen cmd is 1053 chars long Sep 21 07:25:44.938046: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Sep 21 07:25:44.938049: | cmd( 80):/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' P: Sep 21 07:25:44.938052: | cmd( 160):LUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.: Sep 21 07:25:44.938055: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : Sep 21 07:25:44.938057: | cmd( 320):PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: Sep 21 07:25:44.938060: | cmd( 400):='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUT: Sep 21 07:25:44.938063: | cmd( 480):O_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' P: Sep 21 07:25:44.938065: | cmd( 560):LUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+EN: Sep 21 07:25:44.938068: | cmd( 640):CRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLU: Sep 21 07:25:44.938071: | cmd( 720):TO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS: Sep 21 07:25:44.938073: | cmd( 800):_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANN: Sep 21 07:25:44.938076: | cmd( 880):ER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFAC: Sep 21 07:25:44.938079: | cmd( 960):E='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x87712436 SPI_OUT=0x7e4f04b5 ipsec: Sep 21 07:25:44.938081: | cmd(1040): _updown 2>&1: Sep 21 07:25:44.955489: | route_and_eroute: instance "northnet-eastnet/0x1", setting eroute_owner {spd=0x55a9fd60ff00,sr=0x55a9fd60ff00} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:25:44.955589: | #1 spent 0.9 milliseconds in install_ipsec_sa() Sep 21 07:25:44.955599: | inR2: instance northnet-eastnet/0x1[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:25:44.955603: | state #2 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:25:44.955606: | #2 STATE_PARENT_I2: retransmits: cleared Sep 21 07:25:44.955612: | libevent_free: release ptr-libevent@0x55a9fd614300 Sep 21 07:25:44.955616: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55a9fd614220 Sep 21 07:25:44.955622: | #2 spent 1.67 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Sep 21 07:25:44.955630: | [RE]START processing: state #2 connection "northnet-eastnet/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:44.955638: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Sep 21 07:25:44.955642: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Sep 21 07:25:44.955645: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:25:44.955648: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:25:44.955653: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Sep 21 07:25:44.955659: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:44.955662: | pstats #2 ikev2.child established Sep 21 07:25:44.955670: "northnet-eastnet/0x1" #2: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Sep 21 07:25:44.955682: | NAT-T: encaps is 'auto' Sep 21 07:25:44.955688: "northnet-eastnet/0x1" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x87712436 <0x7e4f04b5 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Sep 21 07:25:44.955693: | releasing whack for #2 (sock=fd@26) Sep 21 07:25:44.955697: | close_any(fd@26) (in release_whack() at state.c:654) Sep 21 07:25:44.955700: | releasing whack and unpending for parent #1 Sep 21 07:25:44.955703: | unpending state #1 connection "northnet-eastnet/0x1" Sep 21 07:25:44.955708: | delete from pending Child SA with 192.1.2.23 "northnet-eastnet/0x1" Sep 21 07:25:44.955711: | removing pending policy for no connection {0x55a9fd575160} Sep 21 07:25:44.955714: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:25:44.955719: | creating state object #3 at 0x55a9fd61b730 Sep 21 07:25:44.955722: | State DB: adding IKEv2 state #3 in UNDEFINED Sep 21 07:25:44.955729: | pstats #3 ikev2.child started Sep 21 07:25:44.955732: | duplicating state object #1 "northnet-eastnet/0x2" as #3 for IPSEC SA Sep 21 07:25:44.955737: | #3 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:25:44.955744: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:44.955750: | suspend processing: state #2 connection "northnet-eastnet/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:25:44.955755: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:25:44.955759: | child state #3: UNDEFINED(ignore) => V2_CREATE_I0(established IKE SA) Sep 21 07:25:44.955762: | create child proposal's DH changed from no-PFS to MODP2048, flushing Sep 21 07:25:44.955766: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnet/0x2 (ESP/AH initiator emitting proposals) Sep 21 07:25:44.955774: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:25:44.955781: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:25:44.955825: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:25:44.955831: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:25:44.955835: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:44.955838: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:25:44.955840: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:44.955844: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:25:44.955850: "northnet-eastnet/0x2": constructed local ESP/AH proposals for northnet-eastnet/0x2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:25:44.955863: | #3 schedule initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO using IKE# 1 pfs=MODP2048 Sep 21 07:25:44.955866: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x55a9fd614220 Sep 21 07:25:44.955870: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Sep 21 07:25:44.955885: | libevent_malloc: new ptr-libevent@0x55a9fd614300 size 128 Sep 21 07:25:44.955891: | RESET processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:25:44.955910: | RESET processing: from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:25:44.955913: | delete from pending Child SA with 192.1.2.23 "northnet-eastnet/0x2" Sep 21 07:25:44.955916: | removing pending policy for no connection {0x55a9fd5a0440} Sep 21 07:25:44.955920: | close_any(fd@24) (in release_whack() at state.c:654) Sep 21 07:25:44.955924: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Sep 21 07:25:44.955926: | event_schedule: new EVENT_SA_REKEY-pe@0x7fc8ec002b20 Sep 21 07:25:44.955929: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Sep 21 07:25:44.955932: | libevent_malloc: new ptr-libevent@0x55a9fd616af0 size 128 Sep 21 07:25:44.955935: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:44.955941: | #1 spent 2.21 milliseconds in ikev2_process_packet() Sep 21 07:25:44.955946: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:44.955949: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:44.955953: | spent 2.22 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:44.955967: | timer_event_cb: processing event@0x55a9fd614220 Sep 21 07:25:44.955971: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Sep 21 07:25:44.955977: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:44.955981: | adding Child Initiator KE and nonce ni work-order 3 for state #3 Sep 21 07:25:44.955984: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55a9fd614740 Sep 21 07:25:44.955987: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:25:44.955989: | libevent_malloc: new ptr-libevent@0x55a9fd6166f0 size 128 Sep 21 07:25:44.955995: | libevent_free: release ptr-libevent@0x55a9fd614300 Sep 21 07:25:44.955998: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x55a9fd614220 Sep 21 07:25:44.956000: | crypto helper 3 resuming Sep 21 07:25:44.956002: | #3 spent 0.0342 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:25:44.956010: | crypto helper 3 starting work-order 3 for state #3 Sep 21 07:25:44.956018: | stop processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:25:44.956020: | crypto helper 3 doing build KE and nonce (Child Initiator KE and nonce ni); request ID 3 Sep 21 07:25:44.956021: | processing signal PLUTO_SIGCHLD Sep 21 07:25:44.956031: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:44.956035: | spent 0.00512 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:44.956038: | processing signal PLUTO_SIGCHLD Sep 21 07:25:44.956041: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:44.956045: | spent 0.00314 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:44.956047: | processing signal PLUTO_SIGCHLD Sep 21 07:25:44.956050: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:44.956053: | spent 0.00333 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:44.957001: | crypto helper 3 finished build KE and nonce (Child Initiator KE and nonce ni); request ID 3 time elapsed 0.000981 seconds Sep 21 07:25:44.957014: | (#3) spent 0.968 milliseconds in crypto helper computing work-order 3: Child Initiator KE and nonce ni (pcr) Sep 21 07:25:44.957017: | crypto helper 3 sending results from work-order 3 for state #3 to event queue Sep 21 07:25:44.957019: | scheduling resume sending helper answer for #3 Sep 21 07:25:44.957021: | libevent_malloc: new ptr-libevent@0x7fc8e8006900 size 128 Sep 21 07:25:44.957023: | libevent_realloc: release ptr-libevent@0x55a9fd5f2b10 Sep 21 07:25:44.957025: | libevent_realloc: new ptr-libevent@0x55a9fd616780 size 128 Sep 21 07:25:44.957031: | crypto helper 3 waiting (nothing to do) Sep 21 07:25:44.957080: | processing resume sending helper answer for #3 Sep 21 07:25:44.957089: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:44.957092: | crypto helper 3 replies to request ID 3 Sep 21 07:25:44.957094: | calling continuation function 0x55a9fc27b630 Sep 21 07:25:44.957097: | ikev2_child_outI_continue for #3 STATE_V2_CREATE_I0 Sep 21 07:25:44.957099: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:44.957101: | libevent_free: release ptr-libevent@0x55a9fd6166f0 Sep 21 07:25:44.957103: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55a9fd614740 Sep 21 07:25:44.957105: | event_schedule: new EVENT_SA_REPLACE-pe@0x55a9fd614220 Sep 21 07:25:44.957107: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #3 Sep 21 07:25:44.957109: | libevent_malloc: new ptr-libevent@0x55a9fd6166f0 size 128 Sep 21 07:25:44.957112: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:44.957114: | scheduling callback v2_msgid_schedule_next_initiator (#1) Sep 21 07:25:44.957116: | libevent_malloc: new ptr-libevent@0x55a9fd614300 size 128 Sep 21 07:25:44.957119: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:44.957122: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_SUSPEND Sep 21 07:25:44.957124: | suspending state #3 and saving MD Sep 21 07:25:44.957125: | #3 is busy; has a suspended MD Sep 21 07:25:44.957128: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:44.957130: | "northnet-eastnet/0x2" #3 complete v2 state STATE_V2_CREATE_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:44.957132: | resume sending helper answer for #3 suppresed complete_v2_state_transition() Sep 21 07:25:44.957136: | #3 spent 0.043 milliseconds in resume sending helper answer Sep 21 07:25:44.957139: | stop processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:44.957140: | libevent_free: release ptr-libevent@0x7fc8e8006900 Sep 21 07:25:44.957143: | processing callback v2_msgid_schedule_next_initiator for #1 Sep 21 07:25:44.957146: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:904) Sep 21 07:25:44.957149: | Message ID: #1.#3 resuming SA using IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:44.957152: | suspend processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:25:44.957155: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:25:44.957159: | **emit ISAKMP Message: Sep 21 07:25:44.957161: | initiator cookie: Sep 21 07:25:44.957163: | ed 77 91 86 49 b9 d1 07 Sep 21 07:25:44.957164: | responder cookie: Sep 21 07:25:44.957166: | a8 aa 2f 49 4c d2 7f cc Sep 21 07:25:44.957170: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:44.957172: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:44.957174: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:25:44.957190: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:44.957192: | Message ID: 2 (0x2) Sep 21 07:25:44.957194: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:44.957196: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:44.957198: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:44.957199: | flags: none (0x0) Sep 21 07:25:44.957202: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:44.957203: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:25:44.957206: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:44.957236: | netlink_get_spi: allocated 0x1eb67f38 for esp.0@192.1.3.33 Sep 21 07:25:44.957238: | Emitting ikev2_proposals ... Sep 21 07:25:44.957240: | ****emit IKEv2 Security Association Payload: Sep 21 07:25:44.957241: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:44.957243: | flags: none (0x0) Sep 21 07:25:44.957245: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:44.957246: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:44.957248: | discarding INTEG=NONE Sep 21 07:25:44.957250: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:44.957252: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:44.957253: | prop #: 1 (0x1) Sep 21 07:25:44.957255: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:44.957256: | spi size: 4 (0x4) Sep 21 07:25:44.957258: | # transforms: 3 (0x3) Sep 21 07:25:44.957259: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:44.957261: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:44.957263: | our spi 1e b6 7f 38 Sep 21 07:25:44.957265: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.957266: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.957268: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:44.957270: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:44.957271: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.957273: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:44.957275: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:44.957276: | length/value: 256 (0x100) Sep 21 07:25:44.957278: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:44.957279: | discarding INTEG=NONE Sep 21 07:25:44.957281: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.957282: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.957284: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.957285: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:44.957287: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.957289: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.957291: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.957292: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.957294: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:44.957295: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:44.957297: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:44.957302: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.957304: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.957305: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.957307: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:25:44.957309: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:44.957310: | discarding INTEG=NONE Sep 21 07:25:44.957312: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:44.957313: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:44.957314: | prop #: 2 (0x2) Sep 21 07:25:44.957316: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:44.957317: | spi size: 4 (0x4) Sep 21 07:25:44.957319: | # transforms: 3 (0x3) Sep 21 07:25:44.957321: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:44.957323: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:44.957329: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:44.957332: | our spi 1e b6 7f 38 Sep 21 07:25:44.957335: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.957337: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.957340: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:44.957342: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:44.957345: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.957348: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:44.957350: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:44.957352: | length/value: 128 (0x80) Sep 21 07:25:44.957355: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:44.957357: | discarding INTEG=NONE Sep 21 07:25:44.957360: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.957362: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.957365: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.957367: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:44.957370: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.957373: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.957376: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.957378: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.957381: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:44.957383: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:44.957385: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:44.957389: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.957392: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.957394: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.957396: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:25:44.957399: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:44.957402: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:44.957404: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:44.957409: | prop #: 3 (0x3) Sep 21 07:25:44.957411: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:44.957413: | spi size: 4 (0x4) Sep 21 07:25:44.957415: | # transforms: 5 (0x5) Sep 21 07:25:44.957418: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:44.957421: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:44.957424: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:44.957426: | our spi 1e b6 7f 38 Sep 21 07:25:44.957429: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.957431: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.957433: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:44.957436: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:44.957439: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.957441: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:44.957443: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:44.957446: | length/value: 256 (0x100) Sep 21 07:25:44.957448: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:44.957450: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.957453: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.957455: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:44.957458: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:44.957460: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.957463: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.957466: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.957468: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.957471: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.957473: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:44.957475: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:44.957478: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.957480: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.957483: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.957485: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.957487: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.957489: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.957491: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:44.957494: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.957497: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.957499: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.957501: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.957504: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:44.957506: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:44.957508: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:44.957511: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.957513: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.957517: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.957520: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:25:44.957522: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:44.957525: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:44.957527: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:44.957530: | prop #: 4 (0x4) Sep 21 07:25:44.957532: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:44.957535: | spi size: 4 (0x4) Sep 21 07:25:44.957537: | # transforms: 5 (0x5) Sep 21 07:25:44.957540: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:44.957543: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:44.957546: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:44.957548: | our spi 1e b6 7f 38 Sep 21 07:25:44.957551: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.957553: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.957556: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:44.957558: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:44.957561: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.957563: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:44.957566: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:44.957568: | length/value: 128 (0x80) Sep 21 07:25:44.957570: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:44.957573: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.957575: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.957577: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:44.957579: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:44.957582: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.957585: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.957587: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.957590: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.957592: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.957594: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:44.957596: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:44.957599: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.957602: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.957604: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.957607: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.957609: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.957611: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.957614: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:44.957617: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.957619: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.957622: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.957626: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:44.957629: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:44.957631: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:44.957634: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:44.957637: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.957640: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:44.957642: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:44.957645: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:25:44.957647: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:44.957650: | emitting length of IKEv2 Security Association Payload: 196 Sep 21 07:25:44.957653: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:44.957655: | ****emit IKEv2 Nonce Payload: Sep 21 07:25:44.957658: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:44.957661: | flags: none (0x0) Sep 21 07:25:44.957664: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:25:44.957667: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:25:44.957670: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:25:44.957673: | IKEv2 nonce 01 70 e9 34 72 41 b4 f8 e7 6d da 32 06 e4 8c d9 Sep 21 07:25:44.957675: | IKEv2 nonce 07 9b b5 07 a9 7e 2e 40 19 0d 09 dd 45 42 50 58 Sep 21 07:25:44.957678: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:25:44.957681: | ****emit IKEv2 Key Exchange Payload: Sep 21 07:25:44.957683: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:44.957686: | flags: none (0x0) Sep 21 07:25:44.957688: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:44.957691: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:25:44.957694: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:25:44.957697: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:25:44.957700: | ikev2 g^x 19 2a f7 f6 a5 98 ab a1 c0 55 74 87 38 91 90 62 Sep 21 07:25:44.957702: | ikev2 g^x b7 51 1e a6 72 17 49 37 50 35 e1 cf ca dd 89 78 Sep 21 07:25:44.957704: | ikev2 g^x 22 e9 cd 41 cd 5b 1f c5 48 ec c6 e0 9c 87 98 bb Sep 21 07:25:44.957707: | ikev2 g^x 15 41 6c 37 56 d6 5b 78 53 aa a7 8e 20 47 45 4e Sep 21 07:25:44.957709: | ikev2 g^x 54 bc bc d8 83 c2 6a f2 1a a6 39 9a 2b ca eb 56 Sep 21 07:25:44.957711: | ikev2 g^x ed 51 ef e2 96 e7 cb fb ef 9c af 9b cd 88 dc b7 Sep 21 07:25:44.957714: | ikev2 g^x f6 81 10 24 b3 48 41 5e c9 7e 35 73 b9 63 54 b6 Sep 21 07:25:44.957716: | ikev2 g^x d6 e8 d7 c3 62 0f 6b 39 98 50 0c b1 24 1f d7 cf Sep 21 07:25:44.957718: | ikev2 g^x e4 8c be 49 36 13 bf 58 1a ab 01 d9 5c c6 02 16 Sep 21 07:25:44.957720: | ikev2 g^x 42 c7 a1 29 0b dd 7f b3 25 b9 b1 65 bf 0c f2 1a Sep 21 07:25:44.957722: | ikev2 g^x 9f 17 cc 5e 04 9e 67 95 21 dd ae af 3c f4 8e a3 Sep 21 07:25:44.957724: | ikev2 g^x d7 54 f5 72 e9 c6 46 5e 19 75 50 3f e8 b1 f8 97 Sep 21 07:25:44.957727: | ikev2 g^x 03 fa c1 93 d1 53 e1 c3 3e 51 ce df 2b e2 e8 41 Sep 21 07:25:44.957729: | ikev2 g^x 0e 14 86 a4 fb 4e 30 49 fc 60 ad 27 61 6d 0b 15 Sep 21 07:25:44.957731: | ikev2 g^x bd a4 ff 05 b0 7b 98 eb eb f8 bb 5c b0 08 6c 1a Sep 21 07:25:44.957734: | ikev2 g^x ea 86 05 0e 8a af 89 9f a1 ca 20 ea cd 3f 1c 49 Sep 21 07:25:44.957738: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:25:44.957741: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:44.957744: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:44.957746: | flags: none (0x0) Sep 21 07:25:44.957748: | number of TS: 1 (0x1) Sep 21 07:25:44.957752: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:25:44.957755: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:44.957758: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:44.957761: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:44.957764: | IP Protocol ID: 0 (0x0) Sep 21 07:25:44.957767: | start port: 0 (0x0) Sep 21 07:25:44.957769: | end port: 65535 (0xffff) Sep 21 07:25:44.957773: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:44.957775: | IP start c0 00 03 00 Sep 21 07:25:44.957777: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:44.957779: | IP end c0 00 03 ff Sep 21 07:25:44.957782: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:44.957792: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:25:44.957795: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:44.957798: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:44.957815: | flags: none (0x0) Sep 21 07:25:44.957817: | number of TS: 1 (0x1) Sep 21 07:25:44.957820: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:25:44.957823: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:25:44.957825: | *****emit IKEv2 Traffic Selector: Sep 21 07:25:44.957828: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:44.957830: | IP Protocol ID: 0 (0x0) Sep 21 07:25:44.957833: | start port: 0 (0x0) Sep 21 07:25:44.957835: | end port: 65535 (0xffff) Sep 21 07:25:44.957850: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:25:44.957852: | IP start c0 00 02 00 Sep 21 07:25:44.957855: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:25:44.957857: | IP end c0 00 02 ff Sep 21 07:25:44.957859: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:25:44.957861: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:25:44.957864: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:25:44.957867: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:44.957870: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:44.957873: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:44.957875: | emitting length of IKEv2 Encryption Payload: 573 Sep 21 07:25:44.957877: | emitting length of ISAKMP Message: 601 Sep 21 07:25:44.957894: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:44.957898: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_OK Sep 21 07:25:44.957901: | IKEv2: transition from state STATE_V2_CREATE_I0 to state STATE_V2_CREATE_I Sep 21 07:25:44.957904: | child state #3: V2_CREATE_I0(established IKE SA) => V2_CREATE_I(established IKE SA) Sep 21 07:25:44.957907: | Message ID: updating counters for #3 to 4294967295 after switching state Sep 21 07:25:44.957909: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:25:44.957914: | Message ID: sent #1.#3 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->2 wip.responder=-1 Sep 21 07:25:44.957919: "northnet-eastnet/0x2" #3: STATE_V2_CREATE_I: sent IPsec Child req wait response Sep 21 07:25:44.957930: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:25:44.957951: | sending 601 bytes for STATE_V2_CREATE_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:44.957954: | ed 77 91 86 49 b9 d1 07 a8 aa 2f 49 4c d2 7f cc Sep 21 07:25:44.957956: | 2e 20 24 08 00 00 00 02 00 00 02 59 21 00 02 3d Sep 21 07:25:44.957958: | 7e 0d 94 d0 ff bd b8 80 80 7b 0f be 03 64 62 37 Sep 21 07:25:44.957960: | f3 38 ed 5c 89 51 e1 42 ca fb 75 c9 16 98 85 53 Sep 21 07:25:44.957963: | 55 f7 14 b1 7c 04 23 6d 87 b3 44 18 02 a3 47 85 Sep 21 07:25:44.957965: | 2a e4 ff 64 9b a9 e7 d8 9a 5e 7b 5a ed d5 38 a4 Sep 21 07:25:44.957967: | 24 89 d7 44 c7 be f6 d1 b4 04 d2 72 a0 6e be 75 Sep 21 07:25:44.957969: | fe de 1c 7d 05 e0 fd 47 11 f0 4b be 64 40 54 fb Sep 21 07:25:44.957972: | d4 2a 4e 66 dc 5f af b1 60 3a 6d 8b a3 8a 1d 81 Sep 21 07:25:44.957974: | 87 d3 de 6c 5b 3a 2e 00 27 4a a8 55 fb 74 62 8f Sep 21 07:25:44.957976: | cd 38 3b 4d 65 61 b4 79 b8 e9 74 5b ed ad a8 1f Sep 21 07:25:44.957978: | 73 75 f0 1c fd 12 8d 39 b1 22 46 10 6c 34 29 3f Sep 21 07:25:44.957980: | d9 ef ad 55 cd e5 61 f7 de bd e2 0b bb 02 d6 eb Sep 21 07:25:44.957982: | 83 e9 6b 9b f9 25 b2 ec bd d5 2f 2a fa 0d 9c 4b Sep 21 07:25:44.957985: | 99 b4 57 f7 27 6a b3 83 0d 3f 5a fc 81 35 e6 e0 Sep 21 07:25:44.957987: | c4 bd 32 7c 6f 9b d3 3f b1 27 21 c2 ef d5 dd 41 Sep 21 07:25:44.957989: | f5 3f e7 ce df 80 41 7b b9 6e 8e ef 89 12 77 9d Sep 21 07:25:44.957991: | 00 f0 09 00 c2 a4 6b 0b b4 a8 a9 64 ec 67 4c 6b Sep 21 07:25:44.957994: | 1f 77 6f 74 0f 27 c0 57 7f e6 c4 10 98 5b 02 ea Sep 21 07:25:44.957996: | 0f 77 6e ac 2d 06 25 57 db 3f b6 1f d9 02 f9 7f Sep 21 07:25:44.957998: | 77 b6 cf 20 0c 42 a9 64 e1 bb d5 fc 01 1b 97 4b Sep 21 07:25:44.958000: | c8 b5 cf 39 28 67 a5 6d 92 ef 99 b4 31 63 dc b8 Sep 21 07:25:44.958003: | 14 64 de 0c 08 ae 77 5b c6 ff 60 23 c4 68 81 8c Sep 21 07:25:44.958005: | 79 0d a6 18 c1 74 d7 9a 0b 07 f6 4d 7b eb 92 c2 Sep 21 07:25:44.958007: | f1 15 ab 83 05 5e d0 54 dd 2e 73 be 92 6a 71 37 Sep 21 07:25:44.958009: | 83 d8 95 05 ec 4c d2 88 70 01 3c b9 f4 75 ad 9d Sep 21 07:25:44.958011: | b0 94 9d a4 0a 7e ee 7e 7e d9 e4 4e 7e d8 b9 e3 Sep 21 07:25:44.958013: | 26 6d a6 dd b1 44 4a 31 48 a0 7c 69 b7 bb 61 d5 Sep 21 07:25:44.958016: | e8 da 4c b5 f3 15 c1 b7 54 07 4b ed c7 74 fd d7 Sep 21 07:25:44.958019: | 13 c7 cf 14 b7 1c c7 7e 45 21 14 b5 79 56 fe c2 Sep 21 07:25:44.958021: | b2 b4 a7 8e 69 7f 39 0c 44 7d fe f2 6b 13 e0 af Sep 21 07:25:44.958023: | 3b 0f b3 f3 bc 88 dd b2 d9 b1 d6 87 27 c4 3a 9e Sep 21 07:25:44.958025: | d7 96 41 01 01 70 a6 ab 2a 3c 37 ff d8 5d 03 33 Sep 21 07:25:44.958028: | f8 a7 f0 88 ea ff cb 4b 18 18 73 76 6f a4 10 85 Sep 21 07:25:44.958030: | 0d bd f5 08 b6 84 ab 1d 6f b2 17 86 99 3b 47 dc Sep 21 07:25:44.958032: | 49 a5 f5 a6 ea 9c 0e c2 0c 1e 5a ce 1d df 66 0a Sep 21 07:25:44.958034: | 3f 84 da 45 4f 8e 9a d8 bd c6 1a 59 73 24 9e 7b Sep 21 07:25:44.958036: | ce 6c 9b 5c 62 80 41 20 21 Sep 21 07:25:44.958094: | state #3 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:25:44.958100: | libevent_free: release ptr-libevent@0x55a9fd6166f0 Sep 21 07:25:44.958103: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55a9fd614220 Sep 21 07:25:44.958106: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:25:44.958109: "northnet-eastnet/0x2" #3: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:25:44.958117: | event_schedule: new EVENT_RETRANSMIT-pe@0x55a9fd614220 Sep 21 07:25:44.958121: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #3 Sep 21 07:25:44.958124: | libevent_malloc: new ptr-libevent@0x55a9fd6166f0 size 128 Sep 21 07:25:44.958129: | #3 STATE_V2_CREATE_I: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49391.326381 Sep 21 07:25:44.958138: | stop processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:25:44.958144: | resume processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:25:44.958149: | #1 spent 0.963 milliseconds in callback v2_msgid_schedule_next_initiator Sep 21 07:25:44.958154: | stop processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:908) Sep 21 07:25:44.958157: | libevent_free: release ptr-libevent@0x55a9fd614300 Sep 21 07:25:44.962118: | spent 0.00253 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:44.962134: | *received 449 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:44.962137: | ed 77 91 86 49 b9 d1 07 a8 aa 2f 49 4c d2 7f cc Sep 21 07:25:44.962139: | 2e 20 24 20 00 00 00 02 00 00 01 c1 21 00 01 a5 Sep 21 07:25:44.962141: | e6 cc 79 b3 6b de 9c ec 50 db 3b 49 43 b3 62 ce Sep 21 07:25:44.962142: | 91 19 07 4b d0 97 fd 61 d1 d4 67 c3 2d 5b cd c3 Sep 21 07:25:44.962144: | a4 0a d7 d8 b6 90 4e 07 96 c5 9e 40 49 83 d6 4d Sep 21 07:25:44.962145: | df 96 ee 0b 60 f4 d3 f8 3a fa 3e 13 76 a5 47 0e Sep 21 07:25:44.962147: | af 14 22 62 12 a8 e3 9a 79 6b ea 91 47 b4 27 fc Sep 21 07:25:44.962149: | a5 38 82 ad 3d 79 e9 98 72 30 a2 30 17 c0 20 e9 Sep 21 07:25:44.962150: | 27 19 2a 08 2a d6 b6 d3 1a be b1 c6 d1 dd f1 71 Sep 21 07:25:44.962152: | db cd 90 09 ee 6b 23 a8 63 6e 38 ec ba 6d 96 27 Sep 21 07:25:44.962153: | 0f 3d 1d 0e dc 66 8a 40 9a 6c 72 c1 db 8f 3d e6 Sep 21 07:25:44.962155: | d8 6f 8f 18 9e 63 23 8b e4 d1 54 d8 61 ca e4 b4 Sep 21 07:25:44.962156: | c2 5e 2f f4 38 57 4e 5b 8c a5 2d b3 e8 1f 62 ad Sep 21 07:25:44.962158: | 32 4e fa 31 21 64 41 60 cd 7e f8 33 6d cd a9 61 Sep 21 07:25:44.962159: | 59 93 62 f8 29 98 32 f0 05 70 fa f0 6a ca 0c be Sep 21 07:25:44.962161: | e7 7e d2 84 91 d5 19 a6 a3 f6 6a df 42 09 35 04 Sep 21 07:25:44.962163: | 4c 90 24 56 c2 58 4a 64 52 45 a6 e4 24 3b 62 45 Sep 21 07:25:44.962164: | c9 d0 ab f6 a7 73 84 d0 ac d3 b3 77 ad 46 e0 69 Sep 21 07:25:44.962166: | 93 22 3d 1b 6e b6 09 94 90 72 2c 99 e7 74 9d 5e Sep 21 07:25:44.962167: | 15 d3 6c f0 b4 7e f1 16 23 ba ef 8c a5 01 92 12 Sep 21 07:25:44.962169: | d2 88 83 12 5f 29 a2 33 18 a6 60 ec 6d b4 65 68 Sep 21 07:25:44.962170: | d4 f1 89 d7 28 83 2a 4d 79 a9 de 6c a2 48 26 55 Sep 21 07:25:44.962172: | 1d 46 fb 1a 67 31 10 92 d4 b5 e9 60 12 7c c1 c4 Sep 21 07:25:44.962174: | 83 06 50 d0 d7 68 e2 53 78 a1 ad 96 d1 c5 51 04 Sep 21 07:25:44.962175: | 3e a9 14 0d 5b 24 c9 78 22 1f fd 28 59 d8 61 11 Sep 21 07:25:44.962177: | aa 43 b1 ed c6 cd 54 ab 50 fc 8d f8 ae 1e eb 87 Sep 21 07:25:44.962178: | 5b ce 3b 3a b8 93 bb 5f 7b 49 ba 69 fc aa 68 c0 Sep 21 07:25:44.962180: | 9a 8a fd 90 0e 12 5e 68 ae 68 e2 ce 24 86 81 fe Sep 21 07:25:44.962181: | e6 Sep 21 07:25:44.962185: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:44.962187: | **parse ISAKMP Message: Sep 21 07:25:44.962189: | initiator cookie: Sep 21 07:25:44.962191: | ed 77 91 86 49 b9 d1 07 Sep 21 07:25:44.962192: | responder cookie: Sep 21 07:25:44.962194: | a8 aa 2f 49 4c d2 7f cc Sep 21 07:25:44.962195: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:44.962197: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:44.962199: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:25:44.962201: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:25:44.962203: | Message ID: 2 (0x2) Sep 21 07:25:44.962205: | length: 449 (0x1c1) Sep 21 07:25:44.962207: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Sep 21 07:25:44.962209: | I am the IKE SA Original Initiator receiving an IKEv2 CREATE_CHILD_SA response Sep 21 07:25:44.962215: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:25:44.962220: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:44.962222: | State DB: found IKEv2 state #3 in V2_CREATE_I (find_v2_sa_by_initiator_wip) Sep 21 07:25:44.962225: | suspend processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:44.962228: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:25:44.962230: | #3 is idle Sep 21 07:25:44.962232: | #3 idle Sep 21 07:25:44.962233: | unpacking clear payload Sep 21 07:25:44.962235: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:44.962237: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:44.962239: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:25:44.962241: | flags: none (0x0) Sep 21 07:25:44.962242: | length: 421 (0x1a5) Sep 21 07:25:44.962244: | processing payload: ISAKMP_NEXT_v2SK (len=417) Sep 21 07:25:44.962246: | #3 in state V2_CREATE_I: sent IPsec Child req wait response Sep 21 07:25:44.962258: | #3 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Sep 21 07:25:44.962260: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:25:44.962262: | **parse IKEv2 Security Association Payload: Sep 21 07:25:44.962264: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:25:44.962265: | flags: none (0x0) Sep 21 07:25:44.962267: | length: 44 (0x2c) Sep 21 07:25:44.962269: | processing payload: ISAKMP_NEXT_v2SA (len=40) Sep 21 07:25:44.962270: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:25:44.962272: | **parse IKEv2 Nonce Payload: Sep 21 07:25:44.962273: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:25:44.962275: | flags: none (0x0) Sep 21 07:25:44.962277: | length: 36 (0x24) Sep 21 07:25:44.962278: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:25:44.962280: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:25:44.962282: | **parse IKEv2 Key Exchange Payload: Sep 21 07:25:44.962283: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:25:44.962285: | flags: none (0x0) Sep 21 07:25:44.962286: | length: 264 (0x108) Sep 21 07:25:44.962288: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:44.962290: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:25:44.962291: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:25:44.962293: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:25:44.962294: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:25:44.962296: | flags: none (0x0) Sep 21 07:25:44.962298: | length: 24 (0x18) Sep 21 07:25:44.962299: | number of TS: 1 (0x1) Sep 21 07:25:44.962302: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:25:44.962304: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:25:44.962306: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:25:44.962308: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:44.962313: | flags: none (0x0) Sep 21 07:25:44.962317: | length: 24 (0x18) Sep 21 07:25:44.962320: | number of TS: 1 (0x1) Sep 21 07:25:44.962322: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:25:44.962325: | selected state microcode Process CREATE_CHILD_SA IPsec SA Response Sep 21 07:25:44.962330: | #1 updating local interface from 192.1.3.33:500 to 192.1.3.33:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:25:44.962334: | forcing ST #3 to CHILD #1.#3 in FSM processor Sep 21 07:25:44.962337: | Now let's proceed with state specific processing Sep 21 07:25:44.962339: | calling processor Process CREATE_CHILD_SA IPsec SA Response Sep 21 07:25:44.962349: | using existing local ESP/AH proposals for northnet-eastnet/0x2 (CREATE_CHILD_SA initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:25:44.962354: | Comparing remote proposals against CREATE_CHILD_SA initiator accepting remote ESP/AH proposal 4 local proposals Sep 21 07:25:44.962356: | local proposal 1 type ENCR has 1 transforms Sep 21 07:25:44.962358: | local proposal 1 type PRF has 0 transforms Sep 21 07:25:44.962359: | local proposal 1 type INTEG has 1 transforms Sep 21 07:25:44.962361: | local proposal 1 type DH has 1 transforms Sep 21 07:25:44.962362: | local proposal 1 type ESN has 1 transforms Sep 21 07:25:44.962365: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG Sep 21 07:25:44.962366: | local proposal 2 type ENCR has 1 transforms Sep 21 07:25:44.962368: | local proposal 2 type PRF has 0 transforms Sep 21 07:25:44.962369: | local proposal 2 type INTEG has 1 transforms Sep 21 07:25:44.962371: | local proposal 2 type DH has 1 transforms Sep 21 07:25:44.962372: | local proposal 2 type ESN has 1 transforms Sep 21 07:25:44.962374: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG Sep 21 07:25:44.962376: | local proposal 3 type ENCR has 1 transforms Sep 21 07:25:44.962377: | local proposal 3 type PRF has 0 transforms Sep 21 07:25:44.962379: | local proposal 3 type INTEG has 2 transforms Sep 21 07:25:44.962380: | local proposal 3 type DH has 1 transforms Sep 21 07:25:44.962382: | local proposal 3 type ESN has 1 transforms Sep 21 07:25:44.962383: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none Sep 21 07:25:44.962385: | local proposal 4 type ENCR has 1 transforms Sep 21 07:25:44.962386: | local proposal 4 type PRF has 0 transforms Sep 21 07:25:44.962388: | local proposal 4 type INTEG has 2 transforms Sep 21 07:25:44.962389: | local proposal 4 type DH has 1 transforms Sep 21 07:25:44.962391: | local proposal 4 type ESN has 1 transforms Sep 21 07:25:44.962393: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none Sep 21 07:25:44.962395: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:25:44.962396: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:44.962398: | length: 40 (0x28) Sep 21 07:25:44.962399: | prop #: 1 (0x1) Sep 21 07:25:44.962401: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:44.962402: | spi size: 4 (0x4) Sep 21 07:25:44.962404: | # transforms: 3 (0x3) Sep 21 07:25:44.962406: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:25:44.962407: | remote SPI 81 2a a0 f1 Sep 21 07:25:44.962409: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:25:44.962411: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:44.962413: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.962414: | length: 12 (0xc) Sep 21 07:25:44.962416: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:44.962418: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:44.962420: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:25:44.962421: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:44.962423: | length/value: 256 (0x100) Sep 21 07:25:44.962426: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:25:44.962427: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:44.962429: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:44.962430: | length: 8 (0x8) Sep 21 07:25:44.962432: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:44.962434: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:44.962436: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:25:44.962437: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:25:44.962439: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:44.962442: | length: 8 (0x8) Sep 21 07:25:44.962443: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:44.962445: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:44.962447: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:25:44.962449: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none Sep 21 07:25:44.962452: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN Sep 21 07:25:44.962453: | remote proposal 1 matches local proposal 1 Sep 21 07:25:44.962455: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] Sep 21 07:25:44.962458: | CREATE_CHILD_SA initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=812aa0f1;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED Sep 21 07:25:44.962460: | converting proposal to internal trans attrs Sep 21 07:25:44.962463: | updating #3's .st_oakley with preserved PRF, but why update? Sep 21 07:25:44.962469: | adding ikev2 Child SA initiator pfs=yes work-order 4 for state #3 Sep 21 07:25:44.962471: | state #3 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:25:44.962473: | #3 STATE_V2_CREATE_I: retransmits: cleared Sep 21 07:25:44.962475: | libevent_free: release ptr-libevent@0x55a9fd6166f0 Sep 21 07:25:44.962477: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55a9fd614220 Sep 21 07:25:44.962479: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55a9fd614220 Sep 21 07:25:44.962482: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:25:44.962483: | libevent_malloc: new ptr-libevent@0x55a9fd6166f0 size 128 Sep 21 07:25:44.962491: | #3 spent 0.148 milliseconds in processing: Process CREATE_CHILD_SA IPsec SA Response in ikev2_process_state_packet() Sep 21 07:25:44.962494: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:44.962495: | crypto helper 1 resuming Sep 21 07:25:44.962505: | crypto helper 1 starting work-order 4 for state #3 Sep 21 07:25:44.962509: | crypto helper 1 doing crypto (ikev2 Child SA initiator pfs=yes); request ID 4 Sep 21 07:25:44.962497: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_SUSPEND Sep 21 07:25:44.962561: | suspending state #3 and saving MD Sep 21 07:25:44.962563: | #3 is busy; has a suspended MD Sep 21 07:25:44.962566: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:44.962569: | "northnet-eastnet/0x2" #3 complete v2 state STATE_V2_CREATE_I transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:44.962571: | stop processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:44.962575: | #1 spent 0.444 milliseconds in ikev2_process_packet() Sep 21 07:25:44.962578: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:44.962579: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:44.962581: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:44.962584: | spent 0.453 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:44.963092: | crypto helper 1 finished crypto (ikev2 Child SA initiator pfs=yes); request ID 4 time elapsed 0.000583 seconds Sep 21 07:25:44.963100: | (#3) spent 0.581 milliseconds in crypto helper computing work-order 4: ikev2 Child SA initiator pfs=yes (dh) Sep 21 07:25:44.963102: | crypto helper 1 sending results from work-order 4 for state #3 to event queue Sep 21 07:25:44.963104: | scheduling resume sending helper answer for #3 Sep 21 07:25:44.963107: | libevent_malloc: new ptr-libevent@0x7fc8dc001ef0 size 128 Sep 21 07:25:44.963112: | crypto helper 1 waiting (nothing to do) Sep 21 07:25:44.963160: | processing resume sending helper answer for #3 Sep 21 07:25:44.963170: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:44.963174: | crypto helper 1 replies to request ID 4 Sep 21 07:25:44.963176: | calling continuation function 0x55a9fc27c4f0 Sep 21 07:25:44.963178: | ikev2_child_inR_continue for #3 STATE_V2_CREATE_I Sep 21 07:25:44.963180: | TSi: parsing 1 traffic selectors Sep 21 07:25:44.963182: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:44.963184: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:44.963186: | IP Protocol ID: 0 (0x0) Sep 21 07:25:44.963187: | length: 16 (0x10) Sep 21 07:25:44.963189: | start port: 0 (0x0) Sep 21 07:25:44.963190: | end port: 65535 (0xffff) Sep 21 07:25:44.963192: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:44.963193: | TS low c0 00 03 00 Sep 21 07:25:44.963195: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:44.963197: | TS high c0 00 03 ff Sep 21 07:25:44.963198: | TSi: parsed 1 traffic selectors Sep 21 07:25:44.963200: | TSr: parsing 1 traffic selectors Sep 21 07:25:44.963201: | ***parse IKEv2 Traffic Selector: Sep 21 07:25:44.963203: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:25:44.963204: | IP Protocol ID: 0 (0x0) Sep 21 07:25:44.963206: | length: 16 (0x10) Sep 21 07:25:44.963207: | start port: 0 (0x0) Sep 21 07:25:44.963208: | end port: 65535 (0xffff) Sep 21 07:25:44.963210: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:25:44.963211: | TS low c0 00 02 00 Sep 21 07:25:44.963213: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:25:44.963214: | TS high c0 00 02 ff Sep 21 07:25:44.963216: | TSr: parsed 1 traffic selectors Sep 21 07:25:44.963219: | evaluating our conn="northnet-eastnet/0x2" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:25:44.963222: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:44.963226: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:25:44.963228: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:25:44.963230: | TSi[0] port match: YES fitness 65536 Sep 21 07:25:44.963232: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:25:44.963234: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:44.963236: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:25:44.963240: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:25:44.963241: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:25:44.963243: | TSr[0] port match: YES fitness 65536 Sep 21 07:25:44.963245: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:25:44.963246: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:25:44.963248: | best fit so far: TSi[0] TSr[0] Sep 21 07:25:44.963253: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:25:44.963254: | printing contents struct traffic_selector Sep 21 07:25:44.963256: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:25:44.963257: | ipprotoid: 0 Sep 21 07:25:44.963258: | port range: 0-65535 Sep 21 07:25:44.963261: | ip range: 192.0.3.0-192.0.3.255 Sep 21 07:25:44.963262: | printing contents struct traffic_selector Sep 21 07:25:44.963263: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:25:44.963265: | ipprotoid: 0 Sep 21 07:25:44.963266: | port range: 0-65535 Sep 21 07:25:44.963268: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:25:44.963271: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:25:44.963381: | install_ipsec_sa() for #3: inbound and outbound Sep 21 07:25:44.963385: | could_route called for northnet-eastnet/0x2 (kind=CK_PERMANENT) Sep 21 07:25:44.963387: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:44.963389: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:44.963393: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:44.963394: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:44.963396: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:44.963399: | route owner of "northnet-eastnet/0x2" unrouted: "northnet-eastnet/0x1" erouted; eroute owner: "northnet-eastnet/0x1" erouted Sep 21 07:25:44.963401: | overlapping permitted with "northnet-eastnet/0x1" #2 Sep 21 07:25:44.963404: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:25:44.963406: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:25:44.963407: | AES_GCM_16 requires 4 salt bytes Sep 21 07:25:44.963409: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:25:44.963412: | setting IPsec SA replay-window to 32 Sep 21 07:25:44.963414: | NIC esp-hw-offload not for connection 'northnet-eastnet/0x2' not available on interface eth1 Sep 21 07:25:44.963416: | netlink: enabling tunnel mode Sep 21 07:25:44.963417: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:44.963419: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:44.963495: | netlink response for Add SA esp.812aa0f1@192.1.2.23 included non-error error Sep 21 07:25:44.963499: | set up outgoing SA, ref=0/0 Sep 21 07:25:44.963502: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:25:44.963508: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:25:44.963512: | AES_GCM_16 requires 4 salt bytes Sep 21 07:25:44.963516: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:25:44.963520: | setting IPsec SA replay-window to 32 Sep 21 07:25:44.963524: | NIC esp-hw-offload not for connection 'northnet-eastnet/0x2' not available on interface eth1 Sep 21 07:25:44.963527: | netlink: enabling tunnel mode Sep 21 07:25:44.963530: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:25:44.963533: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:25:44.963586: | netlink response for Add SA esp.1eb67f38@192.1.3.33 included non-error error Sep 21 07:25:44.963595: | priority calculation of connection "northnet-eastnet/0x2" is 0xfe7e7 Sep 21 07:25:44.963605: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Sep 21 07:25:44.963609: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:44.963656: | raw_eroute result=success Sep 21 07:25:44.963660: | set up incoming SA, ref=0/0 Sep 21 07:25:44.963662: | sr for #3: unrouted Sep 21 07:25:44.963664: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:25:44.963665: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:44.963667: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:44.963669: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:44.963671: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:44.963673: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:44.963680: | route owner of "northnet-eastnet/0x2" unrouted: "northnet-eastnet/0x1" erouted; eroute owner: "northnet-eastnet/0x1" erouted Sep 21 07:25:44.963684: | route_and_eroute with c: northnet-eastnet/0x2 (next: none) ero:northnet-eastnet/0x1 esr:{0x55a9fd60ff00} ro:northnet-eastnet/0x1 rosr:{0x55a9fd60ff00} and state: #3 Sep 21 07:25:44.963687: | priority calculation of connection "northnet-eastnet/0x2" is 0xfe7e7 Sep 21 07:25:44.963696: | eroute_connection replace eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23>tun.0@192.1.2.23 (raw_eroute) Sep 21 07:25:44.963699: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:44.963725: | raw_eroute result=success Sep 21 07:25:44.963730: | running updown command "ipsec _updown" for verb up Sep 21 07:25:44.963733: | command executing up-client Sep 21 07:25:44.963764: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' S Sep 21 07:25:44.963771: | popen cmd is 1050 chars long Sep 21 07:25:44.963773: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x: Sep 21 07:25:44.963775: | cmd( 80):2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUT: Sep 21 07:25:44.963776: | cmd( 160):O_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' : Sep 21 07:25:44.963778: | cmd( 240):PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLU: Sep 21 07:25:44.963780: | cmd( 320):TO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@: Sep 21 07:25:44.963781: | cmd( 400):east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_P: Sep 21 07:25:44.963787: | cmd( 480):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Sep 21 07:25:44.963792: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRY: Sep 21 07:25:44.963793: | cmd( 640):PT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_: Sep 21 07:25:44.963795: | cmd( 720):CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PE: Sep 21 07:25:44.963797: | cmd( 800):ER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=: Sep 21 07:25:44.963802: | cmd( 880):'' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=': Sep 21 07:25:44.963806: | cmd( 960):' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x812aa0f1 SPI_OUT=0x1eb67f38 ipsec _u: Sep 21 07:25:44.963809: | cmd(1040):pdown 2>&1: Sep 21 07:25:44.971403: | route_and_eroute: firewall_notified: true Sep 21 07:25:44.971419: | route_and_eroute: instance "northnet-eastnet/0x2", setting eroute_owner {spd=0x55a9fd610ed0,sr=0x55a9fd610ed0} to #3 (was #0) (newest_ipsec_sa=#0) Sep 21 07:25:44.971503: | #1 spent 0.6 milliseconds in install_ipsec_sa() Sep 21 07:25:44.971508: | inR2: instance northnet-eastnet/0x2[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Sep 21 07:25:44.971511: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:44.971515: | libevent_free: release ptr-libevent@0x55a9fd6166f0 Sep 21 07:25:44.971517: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55a9fd614220 Sep 21 07:25:44.971524: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:44.971527: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_OK Sep 21 07:25:44.971529: | IKEv2: transition from state STATE_V2_CREATE_I to state STATE_V2_IPSEC_I Sep 21 07:25:44.971532: | child state #3: V2_CREATE_I(established IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:25:44.971534: | Message ID: updating counters for #3 to 2 after switching state Sep 21 07:25:44.971538: | Message ID: recv #1.#3 response 2; ike: initiator.sent=2 initiator.recv=1->2 responder.sent=-1 responder.recv=-1; child: wip.initiator=2->-1 wip.responder=-1 Sep 21 07:25:44.971541: | Message ID: #1.#3 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:44.971547: | pstats #3 ikev2.child established Sep 21 07:25:44.971553: "northnet-eastnet/0x2" #3: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Sep 21 07:25:44.971562: | NAT-T: encaps is 'auto' Sep 21 07:25:44.971566: "northnet-eastnet/0x2" #3: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x812aa0f1 <0x1eb67f38 xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive} Sep 21 07:25:44.971569: | releasing whack for #3 (sock=fd@25) Sep 21 07:25:44.971574: | close_any(fd@25) (in release_whack() at state.c:654) Sep 21 07:25:44.971576: | releasing whack and unpending for parent #1 Sep 21 07:25:44.971578: | unpending state #1 connection "northnet-eastnet/0x2" Sep 21 07:25:44.971583: | #3 will start re-keying in 27838 seconds with margin of 962 seconds (attempting re-key) Sep 21 07:25:44.971586: | event_schedule: new EVENT_SA_REKEY-pe@0x55a9fd614220 Sep 21 07:25:44.971589: | inserting event EVENT_SA_REKEY, timeout in 27838 seconds for #3 Sep 21 07:25:44.971593: | libevent_malloc: new ptr-libevent@0x55a9fd6166f0 size 128 Sep 21 07:25:44.971598: | #3 spent 0.906 milliseconds in resume sending helper answer Sep 21 07:25:44.971601: | stop processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:44.971604: | libevent_free: release ptr-libevent@0x7fc8dc001ef0 Sep 21 07:25:44.971614: | processing signal PLUTO_SIGCHLD Sep 21 07:25:44.971618: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:44.971621: | spent 0.00356 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:47.290175: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:47.290196: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:25:47.290201: | FOR_EACH_STATE_... in sort_states Sep 21 07:25:47.290209: | get_sa_info esp.7e4f04b5@192.1.3.33 Sep 21 07:25:47.290639: | get_sa_info esp.87712436@192.1.2.23 Sep 21 07:25:47.290656: | get_sa_info esp.1eb67f38@192.1.3.33 Sep 21 07:25:47.290663: | get_sa_info esp.812aa0f1@192.1.2.23 Sep 21 07:25:47.290676: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:47.290683: | spent 0.51 milliseconds in whack Sep 21 07:25:48.542390: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:48.542417: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:25:48.542421: | FOR_EACH_STATE_... in sort_states Sep 21 07:25:48.542429: | get_sa_info esp.7e4f04b5@192.1.3.33 Sep 21 07:25:48.542445: | get_sa_info esp.87712436@192.1.2.23 Sep 21 07:25:48.542461: | get_sa_info esp.1eb67f38@192.1.3.33 Sep 21 07:25:48.542469: | get_sa_info esp.812aa0f1@192.1.2.23 Sep 21 07:25:48.542483: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:48.542491: | spent 0.109 milliseconds in whack Sep 21 07:25:48.828540: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:48.828757: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:48.828763: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:25:48.828879: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:25:48.828885: | FOR_EACH_STATE_... in sort_states Sep 21 07:25:48.828895: | get_sa_info esp.7e4f04b5@192.1.3.33 Sep 21 07:25:48.828914: | get_sa_info esp.87712436@192.1.2.23 Sep 21 07:25:48.828936: | get_sa_info esp.1eb67f38@192.1.3.33 Sep 21 07:25:48.828944: | get_sa_info esp.812aa0f1@192.1.2.23 Sep 21 07:25:48.828963: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:25:48.828970: | spent 0.431 milliseconds in whack Sep 21 07:25:49.148703: | spent 0.00265 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:49.148720: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:49.148725: | ed 77 91 86 49 b9 d1 07 a8 aa 2f 49 4c d2 7f cc Sep 21 07:25:49.148727: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:25:49.148728: | 48 13 e2 31 b0 69 be 3c c2 0b 98 fd 01 34 2a bc Sep 21 07:25:49.148730: | bf b7 8f 17 80 65 8f b9 fb 2a 95 91 1e 5e 49 31 Sep 21 07:25:49.148731: | 82 c5 32 ad 96 Sep 21 07:25:49.148734: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:49.148736: | **parse ISAKMP Message: Sep 21 07:25:49.148738: | initiator cookie: Sep 21 07:25:49.148740: | ed 77 91 86 49 b9 d1 07 Sep 21 07:25:49.148741: | responder cookie: Sep 21 07:25:49.148742: | a8 aa 2f 49 4c d2 7f cc Sep 21 07:25:49.148744: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:49.148747: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:49.148748: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:49.148750: | flags: none (0x0) Sep 21 07:25:49.148752: | Message ID: 0 (0x0) Sep 21 07:25:49.148753: | length: 69 (0x45) Sep 21 07:25:49.148755: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:25:49.148757: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:25:49.148761: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:25:49.148765: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:49.148767: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:49.148770: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:49.148772: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:25:49.148775: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 Sep 21 07:25:49.148777: | unpacking clear payload Sep 21 07:25:49.148780: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:49.148796: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:49.148799: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:25:49.148802: | flags: none (0x0) Sep 21 07:25:49.148804: | length: 41 (0x29) Sep 21 07:25:49.148807: | processing payload: ISAKMP_NEXT_v2SK (len=37) Sep 21 07:25:49.148812: | Message ID: start-responder #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:25:49.148816: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:25:49.148833: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:25:49.148837: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:25:49.148841: | **parse IKEv2 Delete Payload: Sep 21 07:25:49.148844: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:49.148846: | flags: none (0x0) Sep 21 07:25:49.148849: | length: 12 (0xc) Sep 21 07:25:49.148851: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:49.148854: | SPI size: 4 (0x4) Sep 21 07:25:49.148857: | number of SPIs: 1 (0x1) Sep 21 07:25:49.148860: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:25:49.148863: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:25:49.148866: | Now let's proceed with state specific processing Sep 21 07:25:49.148868: | calling processor I3: INFORMATIONAL Request Sep 21 07:25:49.148872: | an informational request should send a response Sep 21 07:25:49.148877: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:25:49.148881: | **emit ISAKMP Message: Sep 21 07:25:49.148884: | initiator cookie: Sep 21 07:25:49.148886: | ed 77 91 86 49 b9 d1 07 Sep 21 07:25:49.148889: | responder cookie: Sep 21 07:25:49.148891: | a8 aa 2f 49 4c d2 7f cc Sep 21 07:25:49.148894: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:49.148897: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:49.148902: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:49.148906: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:25:49.148908: | Message ID: 0 (0x0) Sep 21 07:25:49.148912: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:49.148915: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:49.148918: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:49.148920: | flags: none (0x0) Sep 21 07:25:49.148925: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:49.148932: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:49.148937: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:49.148946: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:25:49.148950: | SPI 81 2a a0 f1 Sep 21 07:25:49.148953: | delete PROTO_v2_ESP SA(0x812aa0f1) Sep 21 07:25:49.148958: | v2 CHILD SA #3 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Sep 21 07:25:49.148962: | State DB: found IKEv2 state #3 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Sep 21 07:25:49.148966: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x812aa0f1) Sep 21 07:25:49.148970: "northnet-eastnet/0x2" #1: received Delete SA payload: replace IPsec State #3 now Sep 21 07:25:49.148974: | state #3 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:49.148978: | libevent_free: release ptr-libevent@0x55a9fd6166f0 Sep 21 07:25:49.148981: | free_event_entry: release EVENT_SA_REKEY-pe@0x55a9fd614220 Sep 21 07:25:49.148984: | event_schedule: new EVENT_SA_REPLACE-pe@0x55a9fd614220 Sep 21 07:25:49.148988: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #3 Sep 21 07:25:49.148991: | libevent_malloc: new ptr-libevent@0x55a9fd6166f0 size 128 Sep 21 07:25:49.148995: | ****emit IKEv2 Delete Payload: Sep 21 07:25:49.148998: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:49.148999: | flags: none (0x0) Sep 21 07:25:49.149001: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:49.149002: | SPI size: 4 (0x4) Sep 21 07:25:49.149004: | number of SPIs: 1 (0x1) Sep 21 07:25:49.149006: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:25:49.149008: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:49.149010: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:25:49.149011: | local SPIs 1e b6 7f 38 Sep 21 07:25:49.149013: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:25:49.149015: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:49.149017: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:49.149019: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:49.149021: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:25:49.149022: | emitting length of ISAKMP Message: 69 Sep 21 07:25:49.149033: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:49.149035: | ed 77 91 86 49 b9 d1 07 a8 aa 2f 49 4c d2 7f cc Sep 21 07:25:49.149037: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:25:49.149038: | db 39 d6 02 11 c7 8a c5 ad 62 23 b4 9f 1f 55 36 Sep 21 07:25:49.149040: | 6e 09 83 cd d8 b0 91 4d 53 ef 0a 4d b2 24 8a 17 Sep 21 07:25:49.149041: | f9 74 e7 0a 73 Sep 21 07:25:49.149070: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:25:49.149077: | Message ID: sent #1 response 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:25:49.149082: | #1 spent 0.193 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:25:49.149086: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:49.149088: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:25:49.149090: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:25:49.149093: | Message ID: recv #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:25:49.149096: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:49.149098: "northnet-eastnet/0x2" #1: STATE_PARENT_I3: PARENT SA established Sep 21 07:25:49.149101: | stop processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:49.149104: | #1 spent 0.368 milliseconds in ikev2_process_packet() Sep 21 07:25:49.149107: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:49.149109: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:49.149111: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:49.149113: | spent 0.377 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:49.149118: | timer_event_cb: processing event@0x55a9fd614220 Sep 21 07:25:49.149120: | handling event EVENT_SA_REPLACE for child state #3 Sep 21 07:25:49.149123: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:49.149125: | picked newest_ipsec_sa #3 for #3 Sep 21 07:25:49.149127: | replacing stale CHILD SA Sep 21 07:25:49.149130: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:25:49.149131: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:49.149134: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:25:49.149137: | creating state object #4 at 0x55a9fd61dd60 Sep 21 07:25:49.149139: | State DB: adding IKEv2 state #4 in UNDEFINED Sep 21 07:25:49.149141: | pstats #4 ikev2.child started Sep 21 07:25:49.149143: | duplicating state object #1 "northnet-eastnet/0x2" as #4 for IPSEC SA Sep 21 07:25:49.149146: | #4 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:25:49.149150: | Message ID: init_child #1.#4; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:49.149153: | suspend processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:25:49.149156: | start processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:25:49.149158: | child state #4: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Sep 21 07:25:49.149167: | using existing local ESP/AH proposals for northnet-eastnet/0x2 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:25:49.149171: | #4 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #3 using IKE# 1 pfs=MODP2048 Sep 21 07:25:49.149173: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x7fc8e8002b20 Sep 21 07:25:49.149175: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #4 Sep 21 07:25:49.149179: | libevent_malloc: new ptr-libevent@0x7fc8dc001ef0 size 128 Sep 21 07:25:49.149182: | RESET processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:25:49.149184: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55a9fd621df0 Sep 21 07:25:49.149186: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #3 Sep 21 07:25:49.149188: | libevent_malloc: new ptr-libevent@0x7fc8e8006900 size 128 Sep 21 07:25:49.149190: | libevent_free: release ptr-libevent@0x55a9fd6166f0 Sep 21 07:25:49.149192: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55a9fd614220 Sep 21 07:25:49.149195: | #3 spent 0.0764 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:25:49.149197: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:25:49.149200: | timer_event_cb: processing event@0x7fc8e8002b20 Sep 21 07:25:49.149202: | handling event EVENT_v2_INITIATE_CHILD for child state #4 Sep 21 07:25:49.149204: | start processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:49.149207: | adding Child Rekey Initiator KE and nonce ni work-order 5 for state #4 Sep 21 07:25:49.149209: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55a9fd614220 Sep 21 07:25:49.149211: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Sep 21 07:25:49.149213: | libevent_malloc: new ptr-libevent@0x55a9fd6166f0 size 128 Sep 21 07:25:49.149219: | libevent_free: release ptr-libevent@0x7fc8dc001ef0 Sep 21 07:25:49.149222: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x7fc8e8002b20 Sep 21 07:25:49.149223: | crypto helper 5 resuming Sep 21 07:25:49.149225: | #4 spent 0.0245 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:25:49.149232: | crypto helper 5 starting work-order 5 for state #4 Sep 21 07:25:49.149238: | stop processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:25:49.149241: | crypto helper 5 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 Sep 21 07:25:49.149241: | timer_event_cb: processing event@0x55a9fd621df0 Sep 21 07:25:49.149249: | handling event EVENT_SA_EXPIRE for child state #3 Sep 21 07:25:49.149253: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:49.149256: | picked newest_ipsec_sa #3 for #3 Sep 21 07:25:49.149259: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:25:49.149261: | pstats #3 ikev2.child re-failed exchange-timeout Sep 21 07:25:49.149264: | pstats #3 ikev2.child deleted completed Sep 21 07:25:49.149267: | #3 spent 2.76 milliseconds in total Sep 21 07:25:49.149271: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:49.149274: "northnet-eastnet/0x2" #3: deleting state (STATE_V2_IPSEC_I) aged 4.193s and NOT sending notification Sep 21 07:25:49.149277: | child state #3: V2_IPSEC_I(established CHILD SA) => delete Sep 21 07:25:49.149281: | get_sa_info esp.812aa0f1@192.1.2.23 Sep 21 07:25:49.149294: | get_sa_info esp.1eb67f38@192.1.3.33 Sep 21 07:25:49.149302: "northnet-eastnet/0x2" #3: ESP traffic information: in=336B out=336B Sep 21 07:25:49.149306: | child state #3: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:25:49.149465: | running updown command "ipsec _updown" for verb down Sep 21 07:25:49.149471: | command executing down-client Sep 21 07:25:49.149498: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050744' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_ Sep 21 07:25:49.149503: | popen cmd is 1061 chars long Sep 21 07:25:49.149507: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/: Sep 21 07:25:49.149509: | cmd( 80):0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PL: Sep 21 07:25:49.149512: | cmd( 160):UTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0: Sep 21 07:25:49.149515: | cmd( 240):' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' P: Sep 21 07:25:49.149517: | cmd( 320):LUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=: Sep 21 07:25:49.149520: | cmd( 400):'@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO: Sep 21 07:25:49.149522: | cmd( 480):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Sep 21 07:25:49.149525: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050744' PLUTO_CONN_POLICY: Sep 21 07:25:49.149527: | cmd( 640):='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN: Sep 21 07:25:49.149530: | cmd( 720):_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 : Sep 21 07:25:49.149532: | cmd( 800):PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_P: Sep 21 07:25:49.149535: | cmd( 880):EER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' : Sep 21 07:25:49.149537: | cmd( 960):VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x812aa0f1 SPI_OUT=0x1eb67f: Sep 21 07:25:49.149540: | cmd(1040):38 ipsec _updown 2>&1: Sep 21 07:25:49.149941: | crypto helper 5 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 time elapsed 0.0007 seconds Sep 21 07:25:49.149951: | (#4) spent 0.706 milliseconds in crypto helper computing work-order 5: Child Rekey Initiator KE and nonce ni (pcr) Sep 21 07:25:49.149953: | crypto helper 5 sending results from work-order 5 for state #4 to event queue Sep 21 07:25:49.149955: | scheduling resume sending helper answer for #4 Sep 21 07:25:49.149958: | libevent_malloc: new ptr-libevent@0x7fc8e0006900 size 128 Sep 21 07:25:49.149962: | crypto helper 5 waiting (nothing to do) Sep 21 07:25:49.159299: | shunt_eroute() called for connection 'northnet-eastnet/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:25:49.159317: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:25:49.159322: | priority calculation of connection "northnet-eastnet/0x2" is 0xfe7e7 Sep 21 07:25:49.159326: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:49.159375: | delete esp.812aa0f1@192.1.2.23 Sep 21 07:25:49.159409: | netlink response for Del SA esp.812aa0f1@192.1.2.23 included non-error error Sep 21 07:25:49.159413: | priority calculation of connection "northnet-eastnet/0x2" is 0xfe7e7 Sep 21 07:25:49.159420: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:25:49.159465: | raw_eroute result=success Sep 21 07:25:49.159469: | delete esp.1eb67f38@192.1.3.33 Sep 21 07:25:49.159495: | netlink response for Del SA esp.1eb67f38@192.1.3.33 included non-error error Sep 21 07:25:49.159501: | in connection_discard for connection northnet-eastnet/0x2 Sep 21 07:25:49.159504: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Sep 21 07:25:49.159512: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:25:49.159537: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:49.159546: | State DB: found IKEv2 state #4 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Sep 21 07:25:49.159549: | can't expire unused IKE SA #1; it has the child #4 Sep 21 07:25:49.159553: | libevent_free: release ptr-libevent@0x7fc8e8006900 Sep 21 07:25:49.159556: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55a9fd621df0 Sep 21 07:25:49.159559: | in statetime_stop() and could not find #3 Sep 21 07:25:49.159562: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:25:49.159574: | processing resume sending helper answer for #4 Sep 21 07:25:49.159579: | start processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:49.159584: | crypto helper 5 replies to request ID 5 Sep 21 07:25:49.159586: | calling continuation function 0x55a9fc27b630 Sep 21 07:25:49.159590: | ikev2_child_outI_continue for #4 STATE_V2_REKEY_CHILD_I0 Sep 21 07:25:49.159594: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:49.159596: | libevent_free: release ptr-libevent@0x55a9fd6166f0 Sep 21 07:25:49.159599: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55a9fd614220 Sep 21 07:25:49.159602: | event_schedule: new EVENT_SA_REPLACE-pe@0x55a9fd614220 Sep 21 07:25:49.159606: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #4 Sep 21 07:25:49.159610: | libevent_malloc: new ptr-libevent@0x55a9fd6166f0 size 128 Sep 21 07:25:49.159615: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:49.159618: | scheduling callback v2_msgid_schedule_next_initiator (#1) Sep 21 07:25:49.159621: | libevent_malloc: new ptr-libevent@0x7fc8e8006900 size 128 Sep 21 07:25:49.159627: | [RE]START processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:49.159631: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Sep 21 07:25:49.159634: | suspending state #4 and saving MD Sep 21 07:25:49.159636: | #4 is busy; has a suspended MD Sep 21 07:25:49.159641: | [RE]START processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:25:49.159644: | "northnet-eastnet/0x2" #4 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:25:49.159647: | resume sending helper answer for #4 suppresed complete_v2_state_transition() Sep 21 07:25:49.159654: | #4 spent 0.0678 milliseconds in resume sending helper answer Sep 21 07:25:49.159659: | stop processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:49.159662: | libevent_free: release ptr-libevent@0x7fc8e0006900 Sep 21 07:25:49.159665: | processing signal PLUTO_SIGCHLD Sep 21 07:25:49.159670: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:49.159674: | spent 0.00504 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:49.159679: | processing callback v2_msgid_schedule_next_initiator for #1 Sep 21 07:25:49.159684: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:904) Sep 21 07:25:49.159690: | Message ID: #1.#4 resuming SA using IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:49.159695: | suspend processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:25:49.159699: | start processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:25:49.159705: | **emit ISAKMP Message: Sep 21 07:25:49.159710: | initiator cookie: Sep 21 07:25:49.159712: | ed 77 91 86 49 b9 d1 07 Sep 21 07:25:49.159715: | responder cookie: Sep 21 07:25:49.159717: | a8 aa 2f 49 4c d2 7f cc Sep 21 07:25:49.159720: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:49.159723: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:49.159726: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:25:49.159728: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:49.159731: | Message ID: 3 (0x3) Sep 21 07:25:49.159734: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:49.159737: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:49.159740: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:49.159743: | flags: none (0x0) Sep 21 07:25:49.159746: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:49.159749: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:25:49.159752: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:49.159772: | netlink_get_spi: allocated 0x572f82f for esp.0@192.1.3.33 Sep 21 07:25:49.159776: | Emitting ikev2_proposals ... Sep 21 07:25:49.159778: | ****emit IKEv2 Security Association Payload: Sep 21 07:25:49.159781: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:49.159796: | flags: none (0x0) Sep 21 07:25:49.159801: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:49.159804: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:49.159807: | discarding INTEG=NONE Sep 21 07:25:49.159810: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:49.159812: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:49.159815: | prop #: 1 (0x1) Sep 21 07:25:49.159818: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:49.159820: | spi size: 4 (0x4) Sep 21 07:25:49.159822: | # transforms: 3 (0x3) Sep 21 07:25:49.159825: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:49.159829: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:49.159831: | our spi 05 72 f8 2f Sep 21 07:25:49.159834: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.159837: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.159839: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:49.159842: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:49.159845: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.159848: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:49.159851: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:49.159853: | length/value: 256 (0x100) Sep 21 07:25:49.159856: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:49.159858: | discarding INTEG=NONE Sep 21 07:25:49.159861: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.159863: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.159866: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.159868: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:49.159871: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.159874: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.159877: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.159879: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.159884: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:49.159886: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:49.159889: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:49.159892: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.159894: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.159897: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.159899: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:25:49.159902: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:49.159904: | discarding INTEG=NONE Sep 21 07:25:49.159907: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:49.159909: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:49.159912: | prop #: 2 (0x2) Sep 21 07:25:49.159914: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:49.159916: | spi size: 4 (0x4) Sep 21 07:25:49.159919: | # transforms: 3 (0x3) Sep 21 07:25:49.159922: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:49.159925: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:49.159928: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:49.159930: | our spi 05 72 f8 2f Sep 21 07:25:49.159933: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.159935: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.159938: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:49.159940: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:49.159943: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.159945: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:49.159948: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:49.159951: | length/value: 128 (0x80) Sep 21 07:25:49.159953: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:49.159956: | discarding INTEG=NONE Sep 21 07:25:49.159958: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.159960: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.159963: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.159965: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:49.159968: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.159971: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.159974: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.159976: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.159978: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:49.159981: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:49.159983: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:49.159986: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.159989: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.159991: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.159994: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:25:49.159996: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:49.160001: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:49.160003: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:49.160006: | prop #: 3 (0x3) Sep 21 07:25:49.160008: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:49.160010: | spi size: 4 (0x4) Sep 21 07:25:49.160013: | # transforms: 5 (0x5) Sep 21 07:25:49.160016: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:49.160019: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:49.160022: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:49.160024: | our spi 05 72 f8 2f Sep 21 07:25:49.160026: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.160029: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.160031: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:49.160034: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:49.160036: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.160039: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:49.160042: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:49.160044: | length/value: 256 (0x100) Sep 21 07:25:49.160047: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:49.160049: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.160051: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.160054: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:49.160057: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:49.160059: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.160062: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.160065: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.160067: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.160070: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.160072: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:49.160075: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:49.160078: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.160081: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.160083: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.160086: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.160088: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.160090: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.160093: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:49.160096: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.160098: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.160101: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.160103: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.160106: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:49.160108: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:49.160111: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:49.160115: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.160118: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.160120: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.160123: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:25:49.160126: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:49.160128: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:49.160130: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:49.160133: | prop #: 4 (0x4) Sep 21 07:25:49.160135: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:25:49.160137: | spi size: 4 (0x4) Sep 21 07:25:49.160140: | # transforms: 5 (0x5) Sep 21 07:25:49.160143: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:49.160146: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:49.160148: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:25:49.160151: | our spi 05 72 f8 2f Sep 21 07:25:49.160153: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.160155: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.160158: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:49.160160: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:49.160163: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.160165: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:49.160168: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:49.160170: | length/value: 128 (0x80) Sep 21 07:25:49.160173: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:49.160175: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.160178: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.160180: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:49.160182: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:49.160185: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.160188: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.160190: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.160193: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.160195: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.160198: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:49.160200: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:49.160203: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.160205: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.160208: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.160210: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.160213: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.160215: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.160217: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:49.160220: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.160225: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.160227: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.160230: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.160232: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:49.160235: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:25:49.160237: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:25:49.160240: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.160242: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.160245: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.160247: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:25:49.160250: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:49.160253: | emitting length of IKEv2 Security Association Payload: 196 Sep 21 07:25:49.160256: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:49.160259: "northnet-eastnet/0x2" #4: CHILD SA to rekey #3 vanished abort this exchange Sep 21 07:25:49.160262: | ikev2_child_sa_respond returned STF_INTERNAL_ERROR Sep 21 07:25:49.160267: | [RE]START processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:49.160271: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_INTERNAL_ERROR Sep 21 07:25:49.160343: | state transition function for STATE_V2_REKEY_CHILD_I0 had internal error Sep 21 07:25:49.160351: | stop processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:25:49.160356: | resume processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:25:49.160362: | #1 spent 0.657 milliseconds in callback v2_msgid_schedule_next_initiator Sep 21 07:25:49.160366: | stop processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:908) Sep 21 07:25:49.160370: | libevent_free: release ptr-libevent@0x7fc8e8006900 Sep 21 07:25:49.161084: | spent 0.00199 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:49.161100: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:49.161102: | ed 77 91 86 49 b9 d1 07 a8 aa 2f 49 4c d2 7f cc Sep 21 07:25:49.161104: | 2e 20 25 00 00 00 00 01 00 00 00 45 2a 00 00 29 Sep 21 07:25:49.161105: | c9 51 b9 cc ba 57 2c d1 05 2c eb a5 3b 74 55 ff Sep 21 07:25:49.161107: | 56 86 8f 56 57 21 60 38 9a fb d6 0a ab 4e 30 5d Sep 21 07:25:49.161108: | 0c 88 4b 3a 56 Sep 21 07:25:49.161111: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:49.161114: | **parse ISAKMP Message: Sep 21 07:25:49.161115: | initiator cookie: Sep 21 07:25:49.161117: | ed 77 91 86 49 b9 d1 07 Sep 21 07:25:49.161118: | responder cookie: Sep 21 07:25:49.161120: | a8 aa 2f 49 4c d2 7f cc Sep 21 07:25:49.161121: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:49.161123: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:49.161125: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:49.161126: | flags: none (0x0) Sep 21 07:25:49.161128: | Message ID: 1 (0x1) Sep 21 07:25:49.161130: | length: 69 (0x45) Sep 21 07:25:49.161131: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:25:49.161134: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:25:49.161139: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:25:49.161143: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:49.161145: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:49.161148: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:49.161150: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:25:49.161153: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 Sep 21 07:25:49.161154: | unpacking clear payload Sep 21 07:25:49.161157: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:49.161163: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:49.161167: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:25:49.161170: | flags: none (0x0) Sep 21 07:25:49.161173: | length: 41 (0x29) Sep 21 07:25:49.161176: | processing payload: ISAKMP_NEXT_v2SK (len=37) Sep 21 07:25:49.161182: | Message ID: start-responder #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:25:49.161186: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:25:49.161202: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:25:49.161206: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:25:49.161209: | **parse IKEv2 Delete Payload: Sep 21 07:25:49.161212: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:49.161215: | flags: none (0x0) Sep 21 07:25:49.161218: | length: 12 (0xc) Sep 21 07:25:49.161221: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:49.161224: | SPI size: 4 (0x4) Sep 21 07:25:49.161227: | number of SPIs: 1 (0x1) Sep 21 07:25:49.161229: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:25:49.161232: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:25:49.161235: | Now let's proceed with state specific processing Sep 21 07:25:49.161238: | calling processor I3: INFORMATIONAL Request Sep 21 07:25:49.161243: | an informational request should send a response Sep 21 07:25:49.161249: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:25:49.161253: | **emit ISAKMP Message: Sep 21 07:25:49.161255: | initiator cookie: Sep 21 07:25:49.161258: | ed 77 91 86 49 b9 d1 07 Sep 21 07:25:49.161261: | responder cookie: Sep 21 07:25:49.161264: | a8 aa 2f 49 4c d2 7f cc Sep 21 07:25:49.161267: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:49.161270: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:49.161274: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:49.161277: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:25:49.161280: | Message ID: 1 (0x1) Sep 21 07:25:49.161284: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:49.161287: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:49.161291: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:49.161294: | flags: none (0x0) Sep 21 07:25:49.161298: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:49.161302: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:49.161306: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:49.161312: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:25:49.161315: | SPI 87 71 24 36 Sep 21 07:25:49.161318: | delete PROTO_v2_ESP SA(0x87712436) Sep 21 07:25:49.161323: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Sep 21 07:25:49.161326: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Sep 21 07:25:49.161332: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x87712436) Sep 21 07:25:49.161336: "northnet-eastnet/0x2" #1: received Delete SA payload: replace IPsec State #2 now Sep 21 07:25:49.161338: | state #2 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:49.161340: | libevent_free: release ptr-libevent@0x55a9fd616af0 Sep 21 07:25:49.161342: | free_event_entry: release EVENT_SA_REKEY-pe@0x7fc8ec002b20 Sep 21 07:25:49.161344: | event_schedule: new EVENT_SA_REPLACE-pe@0x7fc8ec002b20 Sep 21 07:25:49.161347: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Sep 21 07:25:49.161351: | libevent_malloc: new ptr-libevent@0x55a9fd616af0 size 128 Sep 21 07:25:49.161354: | ****emit IKEv2 Delete Payload: Sep 21 07:25:49.161358: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:49.161360: | flags: none (0x0) Sep 21 07:25:49.161363: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:25:49.161366: | SPI size: 4 (0x4) Sep 21 07:25:49.161369: | number of SPIs: 1 (0x1) Sep 21 07:25:49.161373: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:25:49.161377: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:49.161381: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:25:49.161384: | local SPIs 7e 4f 04 b5 Sep 21 07:25:49.161387: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:25:49.161390: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:49.161394: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:49.161398: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:49.161401: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:25:49.161403: | emitting length of ISAKMP Message: 69 Sep 21 07:25:49.161418: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:49.161420: | ed 77 91 86 49 b9 d1 07 a8 aa 2f 49 4c d2 7f cc Sep 21 07:25:49.161422: | 2e 20 25 28 00 00 00 01 00 00 00 45 2a 00 00 29 Sep 21 07:25:49.161423: | 49 82 b9 d9 ff 5a 0d f0 3d d5 f3 27 06 64 38 18 Sep 21 07:25:49.161425: | 76 c1 64 6e ba 27 3c 61 48 98 3a 72 10 81 ee 5c Sep 21 07:25:49.161426: | fd 0a 4c 07 ce Sep 21 07:25:49.161456: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:25:49.161460: | Message ID: sent #1 response 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:25:49.161464: | #1 spent 0.206 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:25:49.161468: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:49.161472: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:25:49.161474: | Message ID: updating counters for #1 to 1 after switching state Sep 21 07:25:49.161476: | Message ID: recv #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=0->1 wip.initiator=-1 wip.responder=1->-1 Sep 21 07:25:49.161479: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Sep 21 07:25:49.161481: "northnet-eastnet/0x2" #1: STATE_PARENT_I3: PARENT SA established Sep 21 07:25:49.161484: | stop processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:49.161487: | #1 spent 0.379 milliseconds in ikev2_process_packet() Sep 21 07:25:49.161492: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:49.161495: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:49.161498: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:49.161501: | spent 0.392 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:49.161505: | timer_event_cb: processing event@0x7fc8ec002b20 Sep 21 07:25:49.161507: | handling event EVENT_SA_REPLACE for child state #2 Sep 21 07:25:49.161511: | start processing: state #2 connection "northnet-eastnet/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:25:49.161514: | picked newest_ipsec_sa #2 for #2 Sep 21 07:25:49.161516: | replacing stale CHILD SA Sep 21 07:25:49.161518: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:25:49.161520: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:49.161523: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:25:49.161525: | creating state object #5 at 0x55a9fd61b730 Sep 21 07:25:49.161527: | State DB: adding IKEv2 state #5 in UNDEFINED Sep 21 07:25:49.161529: | pstats #5 ikev2.child started Sep 21 07:25:49.161531: | duplicating state object #1 "northnet-eastnet/0x2" as #5 for IPSEC SA Sep 21 07:25:49.161534: | #5 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:25:49.161539: | Message ID: init_child #1.#5; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:49.161542: | in connection_discard for connection northnet-eastnet/0x2 Sep 21 07:25:49.161545: | suspend processing: state #2 connection "northnet-eastnet/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:25:49.161548: | start processing: state #5 connection "northnet-eastnet/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:25:49.161550: | child state #5: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Sep 21 07:25:49.161553: | create child proposal's DH changed from no-PFS to MODP2048, flushing Sep 21 07:25:49.161555: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnet/0x1 (ESP/AH initiator emitting proposals) Sep 21 07:25:49.161559: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:25:49.161565: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:25:49.161567: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:25:49.161569: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:25:49.161571: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:49.161574: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:25:49.161576: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:25:49.161579: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:25:49.161586: "northnet-eastnet/0x1": constructed local ESP/AH proposals for northnet-eastnet/0x1 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:25:49.161590: | #5 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Sep 21 07:25:49.161592: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x7fc8e0002b20 Sep 21 07:25:49.161595: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #5 Sep 21 07:25:49.161597: | libevent_malloc: new ptr-libevent@0x7fc8e8006900 size 128 Sep 21 07:25:49.161603: | RESET processing: state #5 connection "northnet-eastnet/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:25:49.161606: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55a9fd621df0 Sep 21 07:25:49.161608: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Sep 21 07:25:49.161610: | libevent_malloc: new ptr-libevent@0x7fc8e0006900 size 128 Sep 21 07:25:49.161612: | libevent_free: release ptr-libevent@0x55a9fd616af0 Sep 21 07:25:49.161614: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7fc8ec002b20 Sep 21 07:25:49.161617: | #2 spent 0.111 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:25:49.161618: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:25:49.161625: | spent 0.00161 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:25:49.161632: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:25:49.161636: | ed 77 91 86 49 b9 d1 07 a8 aa 2f 49 4c d2 7f cc Sep 21 07:25:49.161639: | 2e 20 25 00 00 00 00 02 00 00 00 41 2a 00 00 25 Sep 21 07:25:49.161642: | 83 5d ed 13 9d 1f 9d 07 35 55 10 f2 2b aa b8 f8 Sep 21 07:25:49.161644: | 42 b8 b0 3f be 02 e1 77 5b 2b d6 0a ad 97 c1 96 Sep 21 07:25:49.161647: | e1 Sep 21 07:25:49.161652: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:25:49.161655: | **parse ISAKMP Message: Sep 21 07:25:49.161658: | initiator cookie: Sep 21 07:25:49.161660: | ed 77 91 86 49 b9 d1 07 Sep 21 07:25:49.161663: | responder cookie: Sep 21 07:25:49.161666: | a8 aa 2f 49 4c d2 7f cc Sep 21 07:25:49.161669: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:25:49.161672: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:49.161676: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:49.161678: | flags: none (0x0) Sep 21 07:25:49.161681: | Message ID: 2 (0x2) Sep 21 07:25:49.161684: | length: 65 (0x41) Sep 21 07:25:49.161690: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:25:49.161694: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:25:49.161697: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:25:49.161704: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:25:49.161707: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:25:49.161713: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:25:49.161716: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Sep 21 07:25:49.161720: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 Sep 21 07:25:49.161723: | unpacking clear payload Sep 21 07:25:49.161726: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:25:49.161729: | ***parse IKEv2 Encryption Payload: Sep 21 07:25:49.161732: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:25:49.161734: | flags: none (0x0) Sep 21 07:25:49.161737: | length: 37 (0x25) Sep 21 07:25:49.161739: | processing payload: ISAKMP_NEXT_v2SK (len=33) Sep 21 07:25:49.161744: | Message ID: start-responder #1 request 2; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 Sep 21 07:25:49.161747: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:25:49.161759: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:25:49.161762: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:25:49.161765: | **parse IKEv2 Delete Payload: Sep 21 07:25:49.161768: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:49.161770: | flags: none (0x0) Sep 21 07:25:49.161772: | length: 8 (0x8) Sep 21 07:25:49.161773: | protocol ID: PROTO_v2_IKE (0x1) Sep 21 07:25:49.161775: | SPI size: 0 (0x0) Sep 21 07:25:49.161780: | number of SPIs: 0 (0x0) Sep 21 07:25:49.161782: | processing payload: ISAKMP_NEXT_v2D (len=0) Sep 21 07:25:49.161790: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:25:49.161792: | Now let's proceed with state specific processing Sep 21 07:25:49.161793: | calling processor I3: INFORMATIONAL Request Sep 21 07:25:49.161797: | an informational request should send a response Sep 21 07:25:49.161802: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:25:49.161804: | **emit ISAKMP Message: Sep 21 07:25:49.161806: | initiator cookie: Sep 21 07:25:49.161807: | ed 77 91 86 49 b9 d1 07 Sep 21 07:25:49.161808: | responder cookie: Sep 21 07:25:49.161810: | a8 aa 2f 49 4c d2 7f cc Sep 21 07:25:49.161811: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:49.161813: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:49.161815: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:25:49.161816: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:25:49.161818: | Message ID: 2 (0x2) Sep 21 07:25:49.161820: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:49.161823: | ***emit IKEv2 Encryption Payload: Sep 21 07:25:49.161826: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:49.161828: | flags: none (0x0) Sep 21 07:25:49.161831: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:25:49.161833: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:25:49.161835: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:25:49.161838: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:25:49.161840: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:25:49.161843: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:25:49.161846: | emitting length of IKEv2 Encryption Payload: 29 Sep 21 07:25:49.161848: | emitting length of ISAKMP Message: 57 Sep 21 07:25:49.161856: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:25:49.161858: | ed 77 91 86 49 b9 d1 07 a8 aa 2f 49 4c d2 7f cc Sep 21 07:25:49.161860: | 2e 20 25 28 00 00 00 02 00 00 00 39 00 00 00 1d Sep 21 07:25:49.161861: | d1 6f 9b dd 6d 5c 9f f7 95 0a 06 2c 42 8f 9e 57 Sep 21 07:25:49.161862: | 2a 66 28 c6 25 ea 48 dc b5 Sep 21 07:25:49.161883: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 Sep 21 07:25:49.161887: | Message ID: sent #1 response 2; ike: initiator.sent=2 initiator.recv=2 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 Sep 21 07:25:49.161889: | child state #5: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Sep 21 07:25:49.161891: | pstats #5 ikev2.child deleted other Sep 21 07:25:49.161894: | suspend processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:49.161897: | start processing: state #5 connection "northnet-eastnet/0x1" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:49.161899: "northnet-eastnet/0x1" #5: deleting other state #5 connection (STATE_CHILDSA_DEL) "northnet-eastnet/0x1" aged 0.000s and NOT sending notification Sep 21 07:25:49.161901: | child state #5: CHILDSA_DEL(informational) => delete Sep 21 07:25:49.161903: | state #5 requesting EVENT_v2_INITIATE_CHILD to be deleted Sep 21 07:25:49.161905: | libevent_free: release ptr-libevent@0x7fc8e8006900 Sep 21 07:25:49.161907: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x7fc8e0002b20 Sep 21 07:25:49.161912: | in connection_discard for connection northnet-eastnet/0x1 Sep 21 07:25:49.161914: | State DB: deleting IKEv2 state #5 in CHILDSA_DEL Sep 21 07:25:49.161916: | child state #5: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:25:49.161920: | stop processing: state #5 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:49.161924: | resume processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:49.161929: | child state #4: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Sep 21 07:25:49.161931: | pstats #4 ikev2.child deleted other Sep 21 07:25:49.161935: | #4 spent 0.798 milliseconds in total Sep 21 07:25:49.161938: | suspend processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:49.161941: | start processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:49.161943: "northnet-eastnet/0x2" #4: deleting other state #4 (STATE_CHILDSA_DEL) aged 0.012s and NOT sending notification Sep 21 07:25:49.161945: | child state #4: CHILDSA_DEL(informational) => delete Sep 21 07:25:49.161947: | state #4 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:25:49.161949: | libevent_free: release ptr-libevent@0x55a9fd6166f0 Sep 21 07:25:49.161950: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55a9fd614220 Sep 21 07:25:49.161952: | priority calculation of connection "northnet-eastnet/0x2" is 0xfe7e7 Sep 21 07:25:49.161957: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:25:49.161968: | raw_eroute result=success Sep 21 07:25:49.161970: | in connection_discard for connection northnet-eastnet/0x2 Sep 21 07:25:49.161972: | State DB: deleting IKEv2 state #4 in CHILDSA_DEL Sep 21 07:25:49.161974: | child state #4: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:25:49.161983: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:49.161985: | resume processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:49.161988: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:25:49.161990: | pstats #2 ikev2.child deleted completed Sep 21 07:25:49.161992: | #2 spent 1.78 milliseconds in total Sep 21 07:25:49.161994: | suspend processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:49.161997: | start processing: state #2 connection "northnet-eastnet/0x1" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:49.161999: "northnet-eastnet/0x1" #2: deleting other state #2 connection (STATE_CHILDSA_DEL) "northnet-eastnet/0x1" aged 4.300s and NOT sending notification Sep 21 07:25:49.162001: | child state #2: CHILDSA_DEL(informational) => delete Sep 21 07:25:49.162002: | state #2 requesting EVENT_SA_EXPIRE to be deleted Sep 21 07:25:49.162004: | libevent_free: release ptr-libevent@0x7fc8e0006900 Sep 21 07:25:49.162006: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55a9fd621df0 Sep 21 07:25:49.162060: | running updown command "ipsec _updown" for verb down Sep 21 07:25:49.162066: | command executing down-client Sep 21 07:25:49.162100: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050744' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_ Sep 21 07:25:49.162106: | popen cmd is 1061 chars long Sep 21 07:25:49.162110: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/: Sep 21 07:25:49.162114: | cmd( 80):0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PL: Sep 21 07:25:49.162118: | cmd( 160):UTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0: Sep 21 07:25:49.162121: | cmd( 240):' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' P: Sep 21 07:25:49.162124: | cmd( 320):LUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=: Sep 21 07:25:49.162128: | cmd( 400):'@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO: Sep 21 07:25:49.162131: | cmd( 480):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Sep 21 07:25:49.162134: | cmd( 560):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050744' PLUTO_CONN_POLICY: Sep 21 07:25:49.162138: | cmd( 640):='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN: Sep 21 07:25:49.162140: | cmd( 720):_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 : Sep 21 07:25:49.162143: | cmd( 800):PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_P: Sep 21 07:25:49.162144: | cmd( 880):EER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' : Sep 21 07:25:49.162146: | cmd( 960):VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x87712436 SPI_OUT=0x7e4f04: Sep 21 07:25:49.162148: | cmd(1040):b5 ipsec _updown 2>&1: Sep 21 07:25:49.173148: | shunt_eroute() called for connection 'northnet-eastnet/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:25:49.173163: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:25:49.173167: | priority calculation of connection "northnet-eastnet/0x1" is 0xfe7e7 Sep 21 07:25:49.173171: | IPsec Sa SPD priority set to 1042407 Sep 21 07:25:49.173217: | delete esp.87712436@192.1.2.23 Sep 21 07:25:49.173248: | netlink response for Del SA esp.87712436@192.1.2.23 included non-error error Sep 21 07:25:49.173252: | priority calculation of connection "northnet-eastnet/0x1" is 0xfe7e7 Sep 21 07:25:49.173259: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:25:49.173268: | raw_eroute result=success Sep 21 07:25:49.173272: | delete esp.7e4f04b5@192.1.3.33 Sep 21 07:25:49.173294: | netlink response for Del SA esp.7e4f04b5@192.1.3.33 included non-error error Sep 21 07:25:49.173300: | in connection_discard for connection northnet-eastnet/0x1 Sep 21 07:25:49.173303: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Sep 21 07:25:49.173308: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:25:49.173314: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:49.173320: | resume processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:49.173325: | State DB: IKEv2 state not found (delete_my_family) Sep 21 07:25:49.173328: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Sep 21 07:25:49.173331: | pstats #1 ikev2.ike deleted completed Sep 21 07:25:49.173336: | #1 spent 10.7 milliseconds in total Sep 21 07:25:49.173341: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:49.173345: "northnet-eastnet/0x2" #1: deleting state (STATE_IKESA_DEL) aged 4.318s and NOT sending notification Sep 21 07:25:49.173351: | parent state #1: IKESA_DEL(established IKE SA) => delete Sep 21 07:25:49.173405: | state #1 requesting EVENT_SA_REKEY to be deleted Sep 21 07:25:49.173411: | libevent_free: release ptr-libevent@0x55a9fd6144e0 Sep 21 07:25:49.173414: | free_event_entry: release EVENT_SA_REKEY-pe@0x55a9fd6144a0 Sep 21 07:25:49.173417: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:25:49.173419: | picked newest_isakmp_sa #0 for #1 Sep 21 07:25:49.173422: "northnet-eastnet/0x2" #1: deleting IKE SA for connection 'northnet-eastnet/0x2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:25:49.173426: | add revival: connection 'northnet-eastnet/0x2' added to the list and scheduled for 0 seconds Sep 21 07:25:49.173429: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Sep 21 07:25:49.173433: | in connection_discard for connection northnet-eastnet/0x2 Sep 21 07:25:49.173436: | State DB: deleting IKEv2 state #1 in IKESA_DEL Sep 21 07:25:49.173439: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Sep 21 07:25:49.173457: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:49.173472: | in statetime_stop() and could not find #1 Sep 21 07:25:49.173476: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:49.173480: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Sep 21 07:25:49.173483: | STF_OK but no state object remains Sep 21 07:25:49.173486: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:25:49.173488: | in statetime_stop() and could not find #1 Sep 21 07:25:49.173493: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:25:49.173496: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:25:49.173499: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:25:49.173504: | spent 0.937 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:25:49.173515: | processing global timer EVENT_REVIVE_CONNS Sep 21 07:25:49.173518: Initiating connection northnet-eastnet/0x2 which received a Delete/Notify but must remain up per local policy Sep 21 07:25:49.173521: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:25:49.173525: | start processing: connection "northnet-eastnet/0x2" (in initiate_a_connection() at initiate.c:186) Sep 21 07:25:49.173528: | connection 'northnet-eastnet/0x2' +POLICY_UP Sep 21 07:25:49.173531: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Sep 21 07:25:49.173533: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:25:49.173543: | creating state object #6 at 0x55a9fd616de0 Sep 21 07:25:49.173546: | State DB: adding IKEv2 state #6 in UNDEFINED Sep 21 07:25:49.173552: | pstats #6 ikev2.ike started Sep 21 07:25:49.173575: | Message ID: init #6: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:25:49.173578: | parent state #6: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:25:49.173584: | Message ID: init_ike #6; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:25:49.173590: | suspend processing: connection "northnet-eastnet/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:25:49.173594: | start processing: state #6 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:25:49.173597: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:25:49.173601: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnet/0x2" IKE SA #6 "northnet-eastnet/0x2" Sep 21 07:25:49.173605: "northnet-eastnet/0x2" #6: initiating v2 parent SA Sep 21 07:25:49.173622: | using existing local IKE proposals for connection northnet-eastnet/0x2 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:49.173630: | adding ikev2_outI1 KE work-order 6 for state #6 Sep 21 07:25:49.173634: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55a9fd621df0 Sep 21 07:25:49.173637: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Sep 21 07:25:49.173641: | libevent_malloc: new ptr-libevent@0x55a9fd6144e0 size 128 Sep 21 07:25:49.173652: | #6 spent 0.108 milliseconds in ikev2_parent_outI1() Sep 21 07:25:49.173656: | RESET processing: state #6 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:49.173656: | crypto helper 0 resuming Sep 21 07:25:49.173665: | RESET processing: connection "northnet-eastnet/0x2" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:25:49.173675: | crypto helper 0 starting work-order 6 for state #6 Sep 21 07:25:49.173681: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:25:49.173688: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 6 Sep 21 07:25:49.173691: | spent 0.147 milliseconds in global timer EVENT_REVIVE_CONNS Sep 21 07:25:49.173694: | processing signal PLUTO_SIGCHLD Sep 21 07:25:49.173699: | waitpid returned ECHILD (no child processes left) Sep 21 07:25:49.173703: | spent 0.00461 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:25:49.174657: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 6 time elapsed 0.000969 seconds Sep 21 07:25:49.174672: | (#6) spent 0.974 milliseconds in crypto helper computing work-order 6: ikev2_outI1 KE (pcr) Sep 21 07:25:49.174676: | crypto helper 0 sending results from work-order 6 for state #6 to event queue Sep 21 07:25:49.174679: | scheduling resume sending helper answer for #6 Sep 21 07:25:49.174682: | libevent_malloc: new ptr-libevent@0x7fc8d4006900 size 128 Sep 21 07:25:49.174691: | crypto helper 0 waiting (nothing to do) Sep 21 07:25:49.174702: | processing resume sending helper answer for #6 Sep 21 07:25:49.174711: | start processing: state #6 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:25:49.174716: | crypto helper 0 replies to request ID 6 Sep 21 07:25:49.174719: | calling continuation function 0x55a9fc27b630 Sep 21 07:25:49.174722: | ikev2_parent_outI1_continue for #6 Sep 21 07:25:49.174728: | **emit ISAKMP Message: Sep 21 07:25:49.174731: | initiator cookie: Sep 21 07:25:49.174733: | b1 e4 e1 9e a4 c4 da 8d Sep 21 07:25:49.174736: | responder cookie: Sep 21 07:25:49.174738: | 00 00 00 00 00 00 00 00 Sep 21 07:25:49.174741: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:25:49.174744: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:25:49.174747: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:25:49.174750: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:25:49.174753: | Message ID: 0 (0x0) Sep 21 07:25:49.174756: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:25:49.174773: | using existing local IKE proposals for connection northnet-eastnet/0x2 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:25:49.174779: | Emitting ikev2_proposals ... Sep 21 07:25:49.174806: | ***emit IKEv2 Security Association Payload: Sep 21 07:25:49.174813: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:49.174816: | flags: none (0x0) Sep 21 07:25:49.174820: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:25:49.174823: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:25:49.174826: | discarding INTEG=NONE Sep 21 07:25:49.174829: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:49.174832: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:49.174834: | prop #: 1 (0x1) Sep 21 07:25:49.174837: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:49.174839: | spi size: 0 (0x0) Sep 21 07:25:49.174842: | # transforms: 11 (0xb) Sep 21 07:25:49.174845: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:49.174848: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.174851: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.174853: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:49.174856: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:49.174859: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.174862: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:49.174865: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:49.174868: | length/value: 256 (0x100) Sep 21 07:25:49.174871: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:49.174873: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.174877: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.174879: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:49.174882: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:49.174885: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.174888: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.174891: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.174894: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.174896: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.174899: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:49.174901: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:49.174904: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.174907: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.174910: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.174912: | discarding INTEG=NONE Sep 21 07:25:49.174915: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.174917: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.174920: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.174923: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:49.174926: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.174931: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.174934: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.174936: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.174939: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.174942: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.174944: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:49.174947: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.174950: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.174953: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.174955: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.174958: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.174960: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.174963: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:49.174966: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.174969: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.174971: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.174974: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.174977: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.174979: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.174982: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:49.174985: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.174988: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.174990: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.174993: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.174995: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.174998: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.175000: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:49.175003: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175006: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175009: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175011: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175014: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175016: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.175019: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:49.175022: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175025: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175028: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175030: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175033: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175035: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.175039: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:49.175043: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175046: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175048: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175051: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175053: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:49.175056: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.175058: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:49.175061: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175064: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175067: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175070: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:25:49.175073: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:49.175075: | discarding INTEG=NONE Sep 21 07:25:49.175078: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:49.175081: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:49.175083: | prop #: 2 (0x2) Sep 21 07:25:49.175086: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:49.175088: | spi size: 0 (0x0) Sep 21 07:25:49.175091: | # transforms: 11 (0xb) Sep 21 07:25:49.175094: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:49.175097: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:49.175100: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175102: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175105: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:49.175107: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:25:49.175110: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175113: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:49.175116: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:49.175118: | length/value: 128 (0x80) Sep 21 07:25:49.175121: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:49.175123: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175126: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175128: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:49.175131: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:49.175134: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175137: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175139: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175142: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175144: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175147: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:49.175149: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:49.175152: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175155: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175159: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175162: | discarding INTEG=NONE Sep 21 07:25:49.175164: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175167: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175169: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.175172: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:49.175175: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175178: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175181: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175183: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175186: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175188: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.175191: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:49.175194: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175197: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175199: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175202: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175204: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175207: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.175209: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:49.175212: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175215: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175218: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175220: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175223: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175225: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.175228: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:49.175231: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175234: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175236: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175239: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175241: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175244: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.175246: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:49.175249: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175252: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175255: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175257: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175260: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175262: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.175265: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:49.175269: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175272: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175275: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175277: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175280: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175282: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.175285: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:49.175288: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175291: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175293: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175296: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175299: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:49.175301: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.175304: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:49.175307: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175310: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175312: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175315: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:25:49.175318: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:49.175321: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:49.175323: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:49.175326: | prop #: 3 (0x3) Sep 21 07:25:49.175328: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:49.175331: | spi size: 0 (0x0) Sep 21 07:25:49.175333: | # transforms: 13 (0xd) Sep 21 07:25:49.175336: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:49.175339: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:49.175342: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175344: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175347: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:49.175349: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:49.175352: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175355: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:49.175358: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:49.175360: | length/value: 256 (0x100) Sep 21 07:25:49.175363: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:49.175365: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175367: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175370: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:49.175373: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:49.175376: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175378: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175383: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175385: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175387: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175390: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:49.175392: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:49.175395: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175398: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175401: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175403: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175405: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175408: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:49.175410: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:49.175413: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175416: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175419: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175421: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175423: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175426: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:49.175428: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:49.175431: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175434: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175437: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175439: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175442: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175444: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.175447: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:49.175449: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175452: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175455: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175457: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175460: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175462: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.175464: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:49.175467: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175470: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175473: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175475: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175477: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175480: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.175482: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:49.175485: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175490: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175492: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175495: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175497: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175500: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.175502: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:49.175505: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175508: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175511: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175513: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175515: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175518: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.175520: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:49.175523: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175526: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175529: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175531: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175534: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175536: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.175539: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:49.175542: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175544: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175547: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175549: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175552: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175554: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.175557: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:49.175560: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175562: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175565: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175567: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175570: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:49.175572: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.175575: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:49.175578: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175581: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175583: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175586: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:25:49.175589: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:49.175593: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:25:49.175596: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:25:49.175598: | prop #: 4 (0x4) Sep 21 07:25:49.175601: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:25:49.175603: | spi size: 0 (0x0) Sep 21 07:25:49.175606: | # transforms: 13 (0xd) Sep 21 07:25:49.175609: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:25:49.175612: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:25:49.175614: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175617: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175620: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:25:49.175622: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:25:49.175625: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175628: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:25:49.175630: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:25:49.175633: | length/value: 128 (0x80) Sep 21 07:25:49.175635: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:25:49.175638: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175640: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175643: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:49.175645: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:25:49.175648: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175651: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175653: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175656: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175658: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175661: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:25:49.175663: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:25:49.175666: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175669: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175671: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175674: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175676: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175678: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:49.175681: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:25:49.175684: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175687: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175690: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175692: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175694: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175697: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:25:49.175699: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:25:49.175702: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175705: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175709: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175712: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175714: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175717: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.175719: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:49.175722: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175725: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175727: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175730: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175732: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175735: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.175737: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:25:49.175740: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175743: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175745: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175748: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175750: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175752: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.175755: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:25:49.175757: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175760: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175763: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175766: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175768: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175771: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.175773: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:25:49.175776: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175779: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175782: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175790: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175792: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175795: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.175797: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:25:49.175800: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175803: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175806: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175809: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175811: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175813: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.175816: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:25:49.175818: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175823: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175825: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175828: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175830: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175832: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.175835: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:25:49.175838: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175840: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175843: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175845: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:25:49.175847: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:25:49.175850: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:25:49.175852: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:25:49.175855: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:25:49.175858: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:25:49.175860: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:25:49.175862: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:25:49.175865: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:25:49.175867: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:25:49.175870: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:25:49.175873: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:25:49.175875: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:49.175878: | flags: none (0x0) Sep 21 07:25:49.175880: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:25:49.175883: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:25:49.175886: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:25:49.175890: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:25:49.175892: | ikev2 g^x 4c ef 16 65 21 f9 71 33 49 8c 05 ef 8e 2e de ea Sep 21 07:25:49.175895: | ikev2 g^x 94 ef 13 f9 75 0c 0d c7 1c f6 0b 64 57 bd e3 0d Sep 21 07:25:49.175897: | ikev2 g^x 34 b4 33 df ef ff dd 4b 31 a5 91 dd 2b 3b 52 7d Sep 21 07:25:49.175899: | ikev2 g^x 99 83 71 db 3f 5b ed 98 2a 2c 0a b9 4f ce 33 19 Sep 21 07:25:49.175901: | ikev2 g^x f1 04 97 66 c1 82 06 7c 1a c7 3b cd 48 15 7c dd Sep 21 07:25:49.175904: | ikev2 g^x 5e f5 71 82 16 39 b5 1b 92 a6 ab 70 10 bb d6 75 Sep 21 07:25:49.175906: | ikev2 g^x ae 27 63 d7 2b ad fe 7b 46 a8 1e 93 e9 8e 55 a8 Sep 21 07:25:49.175908: | ikev2 g^x fa 12 12 53 48 61 2a 7e 09 47 a9 f6 85 bf 73 2f Sep 21 07:25:49.175910: | ikev2 g^x 08 b0 cc f1 8b a6 95 64 a3 4b ea 0f a4 4c f3 e6 Sep 21 07:25:49.175912: | ikev2 g^x 22 5b f0 89 9b c5 fd 6b 7d 9b 68 d0 c1 0e 19 b5 Sep 21 07:25:49.175915: | ikev2 g^x cd fc b3 ac 00 1e e6 a6 f8 2f fd 93 67 80 95 a3 Sep 21 07:25:49.175917: | ikev2 g^x 4a 37 53 2c 71 fb 8f e9 0b df 64 66 50 4d 1f 39 Sep 21 07:25:49.175919: | ikev2 g^x 3a 37 61 34 a0 5c 5c 35 df e9 ed 09 df 4e 44 d3 Sep 21 07:25:49.175921: | ikev2 g^x de 4e f6 37 ae f3 22 72 76 bc 75 0a 80 d5 a2 d9 Sep 21 07:25:49.175925: | ikev2 g^x 8d 54 21 f6 dc 12 23 72 2c 35 95 44 e7 f2 60 c8 Sep 21 07:25:49.175927: | ikev2 g^x fc db 4c 2f b8 d3 90 d6 6d 0a 4e ef 23 44 0f 98 Sep 21 07:25:49.175930: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:25:49.175932: | ***emit IKEv2 Nonce Payload: Sep 21 07:25:49.175935: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:25:49.175937: | flags: none (0x0) Sep 21 07:25:49.175940: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:25:49.175943: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:25:49.175946: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:25:49.175948: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:25:49.175951: | IKEv2 nonce d2 35 28 55 57 cd 9d 9f 46 b3 52 e0 a8 ef 03 1b Sep 21 07:25:49.175953: | IKEv2 nonce 6f da 83 be fd d9 4c d4 54 ef f2 ab e8 9c ff f7 Sep 21 07:25:49.175956: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:25:49.175958: | Adding a v2N Payload Sep 21 07:25:49.175961: | ***emit IKEv2 Notify Payload: Sep 21 07:25:49.175963: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:49.175966: | flags: none (0x0) Sep 21 07:25:49.175968: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:49.175971: | SPI size: 0 (0x0) Sep 21 07:25:49.175973: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:25:49.175977: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:49.175979: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:49.175982: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:25:49.175985: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:25:49.175988: | natd_hash: rcookie is zero Sep 21 07:25:49.176004: | natd_hash: hasher=0x55a9fc3517a0(20) Sep 21 07:25:49.176007: | natd_hash: icookie= b1 e4 e1 9e a4 c4 da 8d Sep 21 07:25:49.176009: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:49.176012: | natd_hash: ip= c0 01 03 21 Sep 21 07:25:49.176014: | natd_hash: port= 01 f4 Sep 21 07:25:49.176016: | natd_hash: hash= 86 87 8f 9b 89 0b 34 e2 52 20 b9 d6 5f e5 40 5f Sep 21 07:25:49.176018: | natd_hash: hash= 80 32 26 48 Sep 21 07:25:49.176020: | Adding a v2N Payload Sep 21 07:25:49.176023: | ***emit IKEv2 Notify Payload: Sep 21 07:25:49.176025: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:49.176027: | flags: none (0x0) Sep 21 07:25:49.176030: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:49.176032: | SPI size: 0 (0x0) Sep 21 07:25:49.176034: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:25:49.176037: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:49.176040: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:49.176043: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:49.176045: | Notify data 86 87 8f 9b 89 0b 34 e2 52 20 b9 d6 5f e5 40 5f Sep 21 07:25:49.176047: | Notify data 80 32 26 48 Sep 21 07:25:49.176050: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:49.176052: | natd_hash: rcookie is zero Sep 21 07:25:49.176058: | natd_hash: hasher=0x55a9fc3517a0(20) Sep 21 07:25:49.176060: | natd_hash: icookie= b1 e4 e1 9e a4 c4 da 8d Sep 21 07:25:49.176062: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:25:49.176064: | natd_hash: ip= c0 01 02 17 Sep 21 07:25:49.176067: | natd_hash: port= 01 f4 Sep 21 07:25:49.176069: | natd_hash: hash= d8 5b b6 92 08 ad b7 2b 4e 22 3d 29 a4 42 22 32 Sep 21 07:25:49.176073: | natd_hash: hash= 8d 69 f6 2c Sep 21 07:25:49.176075: | Adding a v2N Payload Sep 21 07:25:49.176077: | ***emit IKEv2 Notify Payload: Sep 21 07:25:49.176079: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:25:49.176082: | flags: none (0x0) Sep 21 07:25:49.176084: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:25:49.176086: | SPI size: 0 (0x0) Sep 21 07:25:49.176089: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:25:49.176091: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:25:49.176094: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:25:49.176097: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:25:49.176099: | Notify data d8 5b b6 92 08 ad b7 2b 4e 22 3d 29 a4 42 22 32 Sep 21 07:25:49.176101: | Notify data 8d 69 f6 2c Sep 21 07:25:49.176103: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:25:49.176106: | emitting length of ISAKMP Message: 828 Sep 21 07:25:49.176113: | stop processing: state #6 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:25:49.176120: | start processing: state #6 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:25:49.176124: | #6 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:25:49.176127: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:25:49.176130: | parent state #6: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:25:49.176133: | Message ID: updating counters for #6 to 4294967295 after switching state Sep 21 07:25:49.176136: | Message ID: IKE #6 skipping update_recv as MD is fake Sep 21 07:25:49.176141: | Message ID: sent #6 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:25:49.176144: "northnet-eastnet/0x2" #6: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:25:49.176149: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:25:49.176155: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #6) Sep 21 07:25:49.176157: | b1 e4 e1 9e a4 c4 da 8d 00 00 00 00 00 00 00 00 Sep 21 07:25:49.176160: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:25:49.176162: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:25:49.176164: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:25:49.176166: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:25:49.176169: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:25:49.176171: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:25:49.176173: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:25:49.176175: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:25:49.176178: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:25:49.176180: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:25:49.176182: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:25:49.176185: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:25:49.176187: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:25:49.176189: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:25:49.176191: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:25:49.176193: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:25:49.176196: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:25:49.176198: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:25:49.176200: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:25:49.176202: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:25:49.176205: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:25:49.176211: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:25:49.176213: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:25:49.176215: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:25:49.176218: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:25:49.176220: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:25:49.176222: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:25:49.176224: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:25:49.176226: | 28 00 01 08 00 0e 00 00 4c ef 16 65 21 f9 71 33 Sep 21 07:25:49.176229: | 49 8c 05 ef 8e 2e de ea 94 ef 13 f9 75 0c 0d c7 Sep 21 07:25:49.176231: | 1c f6 0b 64 57 bd e3 0d 34 b4 33 df ef ff dd 4b Sep 21 07:25:49.176233: | 31 a5 91 dd 2b 3b 52 7d 99 83 71 db 3f 5b ed 98 Sep 21 07:25:49.176235: | 2a 2c 0a b9 4f ce 33 19 f1 04 97 66 c1 82 06 7c Sep 21 07:25:49.176238: | 1a c7 3b cd 48 15 7c dd 5e f5 71 82 16 39 b5 1b Sep 21 07:25:49.176240: | 92 a6 ab 70 10 bb d6 75 ae 27 63 d7 2b ad fe 7b Sep 21 07:25:49.176242: | 46 a8 1e 93 e9 8e 55 a8 fa 12 12 53 48 61 2a 7e Sep 21 07:25:49.176244: | 09 47 a9 f6 85 bf 73 2f 08 b0 cc f1 8b a6 95 64 Sep 21 07:25:49.176246: | a3 4b ea 0f a4 4c f3 e6 22 5b f0 89 9b c5 fd 6b Sep 21 07:25:49.176249: | 7d 9b 68 d0 c1 0e 19 b5 cd fc b3 ac 00 1e e6 a6 Sep 21 07:25:49.176251: | f8 2f fd 93 67 80 95 a3 4a 37 53 2c 71 fb 8f e9 Sep 21 07:25:49.176253: | 0b df 64 66 50 4d 1f 39 3a 37 61 34 a0 5c 5c 35 Sep 21 07:25:49.176255: | df e9 ed 09 df 4e 44 d3 de 4e f6 37 ae f3 22 72 Sep 21 07:25:49.176258: | 76 bc 75 0a 80 d5 a2 d9 8d 54 21 f6 dc 12 23 72 Sep 21 07:25:49.176260: | 2c 35 95 44 e7 f2 60 c8 fc db 4c 2f b8 d3 90 d6 Sep 21 07:25:49.176262: | 6d 0a 4e ef 23 44 0f 98 29 00 00 24 d2 35 28 55 Sep 21 07:25:49.176264: | 57 cd 9d 9f 46 b3 52 e0 a8 ef 03 1b 6f da 83 be Sep 21 07:25:49.176267: | fd d9 4c d4 54 ef f2 ab e8 9c ff f7 29 00 00 08 Sep 21 07:25:49.176269: | 00 00 40 2e 29 00 00 1c 00 00 40 04 86 87 8f 9b Sep 21 07:25:49.176271: | 89 0b 34 e2 52 20 b9 d6 5f e5 40 5f 80 32 26 48 Sep 21 07:25:49.176273: | 00 00 00 1c 00 00 40 05 d8 5b b6 92 08 ad b7 2b Sep 21 07:25:49.176275: | 4e 22 3d 29 a4 42 22 32 8d 69 f6 2c Sep 21 07:25:49.176319: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:25:49.176324: | libevent_free: release ptr-libevent@0x55a9fd6144e0 Sep 21 07:25:49.176328: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55a9fd621df0 Sep 21 07:25:49.176330: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:25:49.176333: "northnet-eastnet/0x2" #6: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:25:49.176337: | event_schedule: new EVENT_RETRANSMIT-pe@0x55a9fd621df0 Sep 21 07:25:49.176340: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #6 Sep 21 07:25:49.176343: | libevent_malloc: new ptr-libevent@0x55a9fd6144e0 size 128 Sep 21 07:25:49.176348: | #6 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49395.544601 Sep 21 07:25:49.176352: | resume sending helper answer for #6 suppresed complete_v2_state_transition() and stole MD Sep 21 07:25:49.176358: | #6 spent 1.6 milliseconds in resume sending helper answer Sep 21 07:25:49.176363: | stop processing: state #6 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:25:49.176366: | libevent_free: release ptr-libevent@0x7fc8d4006900 Sep 21 07:25:49.577951: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:25:49.577970: shutting down Sep 21 07:25:49.577976: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:25:49.577979: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:25:49.577984: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:25:49.577988: forgetting secrets Sep 21 07:25:49.577991: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:25:49.577994: | start processing: connection "northnet-eastnet/0x2" (in delete_connection() at connections.c:189) Sep 21 07:25:49.577996: | removing pending policy for no connection {0x55a9fd5a0440} Sep 21 07:25:49.577998: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:25:49.578000: | pass 0 Sep 21 07:25:49.578001: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:49.578003: | state #6 Sep 21 07:25:49.578006: | suspend processing: connection "northnet-eastnet/0x2" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:25:49.578011: | start processing: state #6 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:25:49.578014: | pstats #6 ikev2.ike deleted other Sep 21 07:25:49.578019: | #6 spent 2.68 milliseconds in total Sep 21 07:25:49.578023: | [RE]START processing: state #6 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:25:49.578027: "northnet-eastnet/0x2" #6: deleting state (STATE_PARENT_I1) aged 0.404s and NOT sending notification Sep 21 07:25:49.578030: | parent state #6: PARENT_I1(half-open IKE SA) => delete Sep 21 07:25:49.578033: | state #6 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:25:49.578036: | #6 STATE_PARENT_I1: retransmits: cleared Sep 21 07:25:49.578040: | libevent_free: release ptr-libevent@0x55a9fd6144e0 Sep 21 07:25:49.578043: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55a9fd621df0 Sep 21 07:25:49.578046: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:25:49.578049: | picked newest_isakmp_sa #0 for #6 Sep 21 07:25:49.578052: "northnet-eastnet/0x2" #6: deleting IKE SA for connection 'northnet-eastnet/0x2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:25:49.578055: | add revival: connection 'northnet-eastnet/0x2' added to the list and scheduled for 5 seconds Sep 21 07:25:49.578058: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Sep 21 07:25:49.578064: | stop processing: connection "northnet-eastnet/0x2" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:25:49.578067: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:25:49.578069: | in connection_discard for connection northnet-eastnet/0x2 Sep 21 07:25:49.578071: | State DB: deleting IKEv2 state #6 in PARENT_I1 Sep 21 07:25:49.578074: | parent state #6: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Sep 21 07:25:49.578089: | stop processing: state #6 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:25:49.578093: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:25:49.578094: | pass 1 Sep 21 07:25:49.578096: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:49.578101: | shunt_eroute() called for connection 'northnet-eastnet/0x2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:25:49.578104: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:25:49.578106: | priority calculation of connection "northnet-eastnet/0x2" is 0xfe7e7 Sep 21 07:25:49.578147: | priority calculation of connection "northnet-eastnet/0x2" is 0xfe7e7 Sep 21 07:25:49.578155: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:49.578157: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:49.578159: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 Sep 21 07:25:49.578160: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:25:49.578162: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:49.578165: | route owner of "northnet-eastnet/0x2" unrouted: "northnet-eastnet/0x1" prospective erouted Sep 21 07:25:49.578169: | flush revival: connection 'northnet-eastnet/0x2' revival flushed Sep 21 07:25:49.578171: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:25:49.578176: | start processing: connection "northnet-eastnet/0x1" (in delete_connection() at connections.c:189) Sep 21 07:25:49.578178: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:25:49.578179: | pass 0 Sep 21 07:25:49.578181: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:49.578182: | pass 1 Sep 21 07:25:49.578183: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:25:49.578187: | shunt_eroute() called for connection 'northnet-eastnet/0x1' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:25:49.578189: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:25:49.578191: | priority calculation of connection "northnet-eastnet/0x1" is 0xfe7e7 Sep 21 07:25:49.578199: "northnet-eastnet/0x1": ERROR: netlink XFRM_MSG_DELPOLICY response for flow eroute_connection delete included errno 2: No such file or directory Sep 21 07:25:49.578201: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:25:49.578202: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:25:49.578204: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 Sep 21 07:25:49.578206: | route owner of "northnet-eastnet/0x1" unrouted: NULL Sep 21 07:25:49.578208: | running updown command "ipsec _updown" for verb unroute Sep 21 07:25:49.578209: | command executing unroute-client Sep 21 07:25:49.578229: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH Sep 21 07:25:49.578232: | popen cmd is 1042 chars long Sep 21 07:25:49.578234: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:25:49.578236: | cmd( 80):et/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33': Sep 21 07:25:49.578237: | cmd( 160): PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.: Sep 21 07:25:49.578239: | cmd( 240):3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Sep 21 07:25:49.578241: | cmd( 320):' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER: Sep 21 07:25:49.578242: | cmd( 400):_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' P: Sep 21 07:25:49.578244: | cmd( 480):LUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0: Sep 21 07:25:49.578245: | cmd( 560):' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK: Sep 21 07:25:49.578247: | cmd( 640):+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' : Sep 21 07:25:49.578248: | cmd( 720):PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO: Sep 21 07:25:49.578250: | cmd( 800):_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_B: Sep 21 07:25:49.578252: | cmd( 880):ANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_I: Sep 21 07:25:49.578255: | cmd( 960):FACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>: Sep 21 07:25:49.578256: | cmd(1040):&1: Sep 21 07:25:49.585433: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.585447: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.585449: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.585460: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.585471: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.585483: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.585496: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.585507: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.585517: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.585528: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.585539: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.585551: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.585563: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.585574: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.585587: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.585602: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.585617: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.585631: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.585645: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.585659: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.585672: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.585686: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.585695: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.585704: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.585713: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.585722: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.585732: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.585742: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586023: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586033: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586044: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586060: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586075: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586088: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586101: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586115: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586130: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586141: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586150: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586159: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586168: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586178: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586188: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586197: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586206: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586215: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586224: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586233: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586242: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586252: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586261: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586270: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586280: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586292: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586310: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586330: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586345: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586361: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586375: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586384: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586393: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586403: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586412: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586421: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586430: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586438: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586448: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586458: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586469: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586478: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586487: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586497: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586506: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586515: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586527: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586549: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586557: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586567: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586575: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586584: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586592: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586603: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586613: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586627: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586640: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586653: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586669: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586682: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586692: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586701: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586710: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586720: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586729: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586738: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586747: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586756: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586766: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586775: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586793: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586808: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586821: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586837: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586852: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586865: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586879: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586893: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586909: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.586922: "northnet-eastnet/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:25:49.590397: | free hp@0x55a9fd5db9c0 Sep 21 07:25:49.590408: | flush revival: connection 'northnet-eastnet/0x1' wasn't on the list Sep 21 07:25:49.590412: | stop processing: connection "northnet-eastnet/0x1" (in discard_connection() at connections.c:249) Sep 21 07:25:49.590417: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:25:49.590419: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:25:49.590426: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:25:49.590429: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:25:49.590431: shutting down interface eth0/eth0 192.0.3.254:4500 Sep 21 07:25:49.590433: shutting down interface eth0/eth0 192.0.3.254:500 Sep 21 07:25:49.590435: shutting down interface eth1/eth1 192.1.3.33:4500 Sep 21 07:25:49.590437: shutting down interface eth1/eth1 192.1.3.33:500 Sep 21 07:25:49.590439: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:25:49.590446: | libevent_free: release ptr-libevent@0x55a9fd60f030 Sep 21 07:25:49.590448: | free_event_entry: release EVENT_NULL-pe@0x55a9fd5f8230 Sep 21 07:25:49.590457: | libevent_free: release ptr-libevent@0x55a9fd60f120 Sep 21 07:25:49.590458: | free_event_entry: release EVENT_NULL-pe@0x55a9fd60f0e0 Sep 21 07:25:49.590463: | libevent_free: release ptr-libevent@0x55a9fd60f210 Sep 21 07:25:49.590465: | free_event_entry: release EVENT_NULL-pe@0x55a9fd60f1d0 Sep 21 07:25:49.590469: | libevent_free: release ptr-libevent@0x55a9fd60f300 Sep 21 07:25:49.590471: | free_event_entry: release EVENT_NULL-pe@0x55a9fd60f2c0 Sep 21 07:25:49.590475: | libevent_free: release ptr-libevent@0x55a9fd60f3f0 Sep 21 07:25:49.590477: | free_event_entry: release EVENT_NULL-pe@0x55a9fd60f3b0 Sep 21 07:25:49.590481: | libevent_free: release ptr-libevent@0x55a9fd60f4e0 Sep 21 07:25:49.590482: | free_event_entry: release EVENT_NULL-pe@0x55a9fd60f4a0 Sep 21 07:25:49.590486: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:25:49.590839: | libevent_free: release ptr-libevent@0x55a9fd60e990 Sep 21 07:25:49.590845: | free_event_entry: release EVENT_NULL-pe@0x55a9fd5f74b0 Sep 21 07:25:49.590848: | libevent_free: release ptr-libevent@0x55a9fd604420 Sep 21 07:25:49.590849: | free_event_entry: release EVENT_NULL-pe@0x55a9fd5f7760 Sep 21 07:25:49.590852: | libevent_free: release ptr-libevent@0x55a9fd604390 Sep 21 07:25:49.590853: | free_event_entry: release EVENT_NULL-pe@0x55a9fd5fcec0 Sep 21 07:25:49.590856: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:25:49.590857: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:25:49.590859: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:25:49.590860: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:25:49.590862: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:25:49.590863: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:25:49.590865: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:25:49.590867: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:25:49.590868: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:25:49.590871: | libevent_free: release ptr-libevent@0x55a9fd60ea60 Sep 21 07:25:49.590873: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:25:49.590875: | libevent_free: release ptr-libevent@0x55a9fd60eb40 Sep 21 07:25:49.590877: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:25:49.590879: | libevent_free: release ptr-libevent@0x55a9fd60ec00 Sep 21 07:25:49.590880: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:25:49.590882: | libevent_free: release ptr-libevent@0x55a9fd603690 Sep 21 07:25:49.590884: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:25:49.590885: | releasing event base Sep 21 07:25:49.590896: | libevent_free: release ptr-libevent@0x55a9fd60ecc0 Sep 21 07:25:49.590897: | libevent_free: release ptr-libevent@0x55a9fd5e4200 Sep 21 07:25:49.590900: | libevent_free: release ptr-libevent@0x55a9fd5f2a40 Sep 21 07:25:49.590901: | libevent_free: release ptr-libevent@0x55a9fd616780 Sep 21 07:25:49.590903: | libevent_free: release ptr-libevent@0x55a9fd5f2a60 Sep 21 07:25:49.590905: | libevent_free: release ptr-libevent@0x55a9fd60ea20 Sep 21 07:25:49.590908: | libevent_free: release ptr-libevent@0x55a9fd60eb00 Sep 21 07:25:49.590910: | libevent_free: release ptr-libevent@0x55a9fd5f2af0 Sep 21 07:25:49.590911: | libevent_free: release ptr-libevent@0x55a9fd5f2c50 Sep 21 07:25:49.590913: | libevent_free: release ptr-libevent@0x55a9fd5f76b0 Sep 21 07:25:49.590914: | libevent_free: release ptr-libevent@0x55a9fd60f570 Sep 21 07:25:49.590916: | libevent_free: release ptr-libevent@0x55a9fd60f480 Sep 21 07:25:49.590917: | libevent_free: release ptr-libevent@0x55a9fd60f390 Sep 21 07:25:49.590919: | libevent_free: release ptr-libevent@0x55a9fd60f2a0 Sep 21 07:25:49.590920: | libevent_free: release ptr-libevent@0x55a9fd60f1b0 Sep 21 07:25:49.590922: | libevent_free: release ptr-libevent@0x55a9fd60f0c0 Sep 21 07:25:49.590923: | libevent_free: release ptr-libevent@0x55a9fd576370 Sep 21 07:25:49.590925: | libevent_free: release ptr-libevent@0x55a9fd60ebe0 Sep 21 07:25:49.590926: | libevent_free: release ptr-libevent@0x55a9fd60eb20 Sep 21 07:25:49.590928: | libevent_free: release ptr-libevent@0x55a9fd60ea40 Sep 21 07:25:49.590929: | libevent_free: release ptr-libevent@0x55a9fd60eca0 Sep 21 07:25:49.590931: | libevent_free: release ptr-libevent@0x55a9fd5745b0 Sep 21 07:25:49.590933: | libevent_free: release ptr-libevent@0x55a9fd5f2a80 Sep 21 07:25:49.590934: | libevent_free: release ptr-libevent@0x55a9fd5f2ab0 Sep 21 07:25:49.590936: | libevent_free: release ptr-libevent@0x55a9fd5f27a0 Sep 21 07:25:49.590937: | releasing global libevent data Sep 21 07:25:49.590939: | libevent_free: release ptr-libevent@0x55a9fd5f1490 Sep 21 07:25:49.590941: | libevent_free: release ptr-libevent@0x55a9fd5f2740 Sep 21 07:25:49.590943: | libevent_free: release ptr-libevent@0x55a9fd5f2770