Sep 21 07:32:47.937588: FIPS Product: YES Sep 21 07:32:47.937634: FIPS Kernel: NO Sep 21 07:32:47.937638: FIPS Mode: NO Sep 21 07:32:47.937640: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:32:47.937830: Initializing NSS Sep 21 07:32:47.937838: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:32:47.969759: NSS initialized Sep 21 07:32:47.969773: NSS crypto library initialized Sep 21 07:32:47.969774: FIPS HMAC integrity support [enabled] Sep 21 07:32:47.969776: FIPS mode disabled for pluto daemon Sep 21 07:32:48.012100: FIPS HMAC integrity verification self-test FAILED Sep 21 07:32:48.012210: libcap-ng support [enabled] Sep 21 07:32:48.012221: Linux audit support [enabled] Sep 21 07:32:48.012249: Linux audit activated Sep 21 07:32:48.012257: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:24529 Sep 21 07:32:48.012260: core dump dir: /tmp Sep 21 07:32:48.012263: secrets file: /etc/ipsec.secrets Sep 21 07:32:48.012265: leak-detective disabled Sep 21 07:32:48.012268: NSS crypto [enabled] Sep 21 07:32:48.012270: XAUTH PAM support [enabled] Sep 21 07:32:48.012351: | libevent is using pluto's memory allocator Sep 21 07:32:48.012358: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:32:48.012374: | libevent_malloc: new ptr-libevent@0x55beab1af0f0 size 40 Sep 21 07:32:48.012377: | libevent_malloc: new ptr-libevent@0x55beab1b03a0 size 40 Sep 21 07:32:48.012380: | libevent_malloc: new ptr-libevent@0x55beab1b03d0 size 40 Sep 21 07:32:48.012383: | creating event base Sep 21 07:32:48.012386: | libevent_malloc: new ptr-libevent@0x55beab1b0360 size 56 Sep 21 07:32:48.012389: | libevent_malloc: new ptr-libevent@0x55beab1b0400 size 664 Sep 21 07:32:48.012399: | libevent_malloc: new ptr-libevent@0x55beab1b06a0 size 24 Sep 21 07:32:48.012403: | libevent_malloc: new ptr-libevent@0x55beab1a1df0 size 384 Sep 21 07:32:48.012414: | libevent_malloc: new ptr-libevent@0x55beab1b06c0 size 16 Sep 21 07:32:48.012416: | libevent_malloc: new ptr-libevent@0x55beab1b06e0 size 40 Sep 21 07:32:48.012419: | libevent_malloc: new ptr-libevent@0x55beab1b0710 size 48 Sep 21 07:32:48.012426: | libevent_realloc: new ptr-libevent@0x55beab133370 size 256 Sep 21 07:32:48.012429: | libevent_malloc: new ptr-libevent@0x55beab1b0750 size 16 Sep 21 07:32:48.012435: | libevent_free: release ptr-libevent@0x55beab1b0360 Sep 21 07:32:48.012438: | libevent initialized Sep 21 07:32:48.012442: | libevent_realloc: new ptr-libevent@0x55beab1b0770 size 64 Sep 21 07:32:48.012447: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:32:48.012470: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:32:48.012473: NAT-Traversal support [enabled] Sep 21 07:32:48.012477: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:32:48.012484: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:32:48.012488: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:32:48.012527: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:32:48.012531: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:32:48.012534: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:32:48.012594: Encryption algorithms: Sep 21 07:32:48.012604: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:32:48.012609: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:32:48.012612: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:32:48.012616: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:32:48.012620: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:32:48.012630: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:32:48.012635: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:32:48.012640: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:32:48.012644: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:32:48.012648: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:32:48.012652: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:32:48.012657: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:32:48.012661: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:32:48.012666: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:32:48.012669: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:32:48.012672: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:32:48.012675: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:32:48.012682: Hash algorithms: Sep 21 07:32:48.012685: MD5 IKEv1: IKE IKEv2: Sep 21 07:32:48.012688: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:32:48.012692: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:32:48.012695: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:32:48.012697: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:32:48.012713: PRF algorithms: Sep 21 07:32:48.012717: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:32:48.012721: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:32:48.012726: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:32:48.012730: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:32:48.012733: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:32:48.012737: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:32:48.012764: Integrity algorithms: Sep 21 07:32:48.012768: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:32:48.012772: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:32:48.012776: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:32:48.012780: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:32:48.012790: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:32:48.012797: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:32:48.012802: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:32:48.012806: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:32:48.012809: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:32:48.012838: DH algorithms: Sep 21 07:32:48.012842: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:32:48.012846: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:32:48.012849: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:32:48.012855: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:32:48.012858: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:32:48.012860: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:32:48.012863: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:32:48.012866: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:32:48.012869: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:32:48.012872: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:32:48.012875: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:32:48.012878: testing CAMELLIA_CBC: Sep 21 07:32:48.012880: Camellia: 16 bytes with 128-bit key Sep 21 07:32:48.013059: Camellia: 16 bytes with 128-bit key Sep 21 07:32:48.013092: Camellia: 16 bytes with 256-bit key Sep 21 07:32:48.013141: Camellia: 16 bytes with 256-bit key Sep 21 07:32:48.013171: testing AES_GCM_16: Sep 21 07:32:48.013175: empty string Sep 21 07:32:48.013211: one block Sep 21 07:32:48.013237: two blocks Sep 21 07:32:48.013270: two blocks with associated data Sep 21 07:32:48.013297: testing AES_CTR: Sep 21 07:32:48.013301: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:32:48.013328: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:32:48.013357: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:32:48.013382: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:32:48.013401: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:32:48.013417: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:32:48.013433: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:32:48.013448: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:32:48.013466: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:32:48.013482: testing AES_CBC: Sep 21 07:32:48.013484: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:32:48.013500: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:32:48.013517: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:32:48.013534: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:32:48.013557: testing AES_XCBC: Sep 21 07:32:48.013559: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:32:48.013632: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:32:48.013758: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:32:48.013934: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:32:48.014084: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:32:48.014230: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:32:48.014348: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:32:48.014515: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:32:48.014590: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:32:48.014702: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:32:48.014868: testing HMAC_MD5: Sep 21 07:32:48.014873: RFC 2104: MD5_HMAC test 1 Sep 21 07:32:48.014978: RFC 2104: MD5_HMAC test 2 Sep 21 07:32:48.015068: RFC 2104: MD5_HMAC test 3 Sep 21 07:32:48.015178: 8 CPU cores online Sep 21 07:32:48.015181: starting up 7 crypto helpers Sep 21 07:32:48.015208: started thread for crypto helper 0 Sep 21 07:32:48.015232: started thread for crypto helper 1 Sep 21 07:32:48.015238: | starting up helper thread 1 Sep 21 07:32:48.015248: | starting up helper thread 0 Sep 21 07:32:48.015296: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:32:48.015306: | crypto helper 1 waiting (nothing to do) Sep 21 07:32:48.015282: | starting up helper thread 2 Sep 21 07:32:48.015319: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:32:48.015279: started thread for crypto helper 2 Sep 21 07:32:48.015300: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:32:48.015388: | starting up helper thread 3 Sep 21 07:32:48.015385: started thread for crypto helper 3 Sep 21 07:32:48.015322: | crypto helper 2 waiting (nothing to do) Sep 21 07:32:48.015402: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:32:48.015422: | crypto helper 3 waiting (nothing to do) Sep 21 07:32:48.015430: | crypto helper 0 waiting (nothing to do) Sep 21 07:32:48.015433: started thread for crypto helper 4 Sep 21 07:32:48.015435: | starting up helper thread 4 Sep 21 07:32:48.015448: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:32:48.015450: | crypto helper 4 waiting (nothing to do) Sep 21 07:32:48.015459: started thread for crypto helper 5 Sep 21 07:32:48.015461: | starting up helper thread 5 Sep 21 07:32:48.015485: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:32:48.015487: | crypto helper 5 waiting (nothing to do) Sep 21 07:32:48.015497: started thread for crypto helper 6 Sep 21 07:32:48.015499: | starting up helper thread 6 Sep 21 07:32:48.015503: | checking IKEv1 state table Sep 21 07:32:48.015508: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:32:48.015514: | crypto helper 6 waiting (nothing to do) Sep 21 07:32:48.015517: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:32:48.015520: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:32:48.015523: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:32:48.015525: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:32:48.015528: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:32:48.015530: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:32:48.015532: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:32:48.015534: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:32:48.015537: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:32:48.015539: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:32:48.015541: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:32:48.015543: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:32:48.015546: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:32:48.015548: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:32:48.015551: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:32:48.015553: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:32:48.015555: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:32:48.015558: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:32:48.015560: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:32:48.015562: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:32:48.015565: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:32:48.015567: | -> UNDEFINED EVENT_NULL Sep 21 07:32:48.015570: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:32:48.015572: | -> UNDEFINED EVENT_NULL Sep 21 07:32:48.015575: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:32:48.015577: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:32:48.015579: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:32:48.015582: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:32:48.015584: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:32:48.015586: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:32:48.015588: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:32:48.015591: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:32:48.015593: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:32:48.015595: | -> UNDEFINED EVENT_NULL Sep 21 07:32:48.015598: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:32:48.015600: | -> UNDEFINED EVENT_NULL Sep 21 07:32:48.015603: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:32:48.015610: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:32:48.015613: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:32:48.015615: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:32:48.015618: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:32:48.015620: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:32:48.015623: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:32:48.015625: | -> UNDEFINED EVENT_NULL Sep 21 07:32:48.015627: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:32:48.015630: | -> UNDEFINED EVENT_NULL Sep 21 07:32:48.015632: | INFO: category: informational flags: 0: Sep 21 07:32:48.015634: | -> UNDEFINED EVENT_NULL Sep 21 07:32:48.015637: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:32:48.015639: | -> UNDEFINED EVENT_NULL Sep 21 07:32:48.015642: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:32:48.015644: | -> XAUTH_R1 EVENT_NULL Sep 21 07:32:48.015647: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:32:48.015649: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:32:48.015651: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:32:48.015654: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:32:48.015656: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:32:48.015659: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:32:48.015661: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:32:48.015663: | -> UNDEFINED EVENT_NULL Sep 21 07:32:48.015666: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:32:48.015668: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:32:48.015671: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:32:48.015673: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:32:48.015675: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:32:48.015678: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:32:48.015684: | checking IKEv2 state table Sep 21 07:32:48.015690: | PARENT_I0: category: ignore flags: 0: Sep 21 07:32:48.015692: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:32:48.015695: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:32:48.015698: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:32:48.015701: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:32:48.015703: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:32:48.015706: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:32:48.015709: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:32:48.015711: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:32:48.015714: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:32:48.015716: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:32:48.015719: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:32:48.015722: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:32:48.015724: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:32:48.015727: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:32:48.015729: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:32:48.015732: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:32:48.015734: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:32:48.015737: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:32:48.015740: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:32:48.015742: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:32:48.015745: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:32:48.015750: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:32:48.015752: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:32:48.015755: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:32:48.015757: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:32:48.015760: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:32:48.015762: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:32:48.015765: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:32:48.015767: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:32:48.015770: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:32:48.015773: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:32:48.015776: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:32:48.015778: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:32:48.015781: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:32:48.015787: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:32:48.015805: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:32:48.015808: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:32:48.015811: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:32:48.015813: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:32:48.015816: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:32:48.015819: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:32:48.015822: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:32:48.015837: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:32:48.015840: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:32:48.015843: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:32:48.015845: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:32:48.015895: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:32:48.015947: | Hard-wiring algorithms Sep 21 07:32:48.015950: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:32:48.015954: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:32:48.015957: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:32:48.015959: | adding 3DES_CBC to kernel algorithm db Sep 21 07:32:48.015961: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:32:48.015963: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:32:48.015966: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:32:48.015968: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:32:48.015970: | adding AES_CTR to kernel algorithm db Sep 21 07:32:48.015973: | adding AES_CBC to kernel algorithm db Sep 21 07:32:48.015975: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:32:48.015977: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:32:48.015980: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:32:48.015982: | adding NULL to kernel algorithm db Sep 21 07:32:48.015984: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:32:48.015987: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:32:48.015989: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:32:48.015991: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:32:48.015994: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:32:48.015997: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:32:48.015999: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:32:48.016001: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:32:48.016004: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:32:48.016006: | adding NONE to kernel algorithm db Sep 21 07:32:48.016028: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:32:48.016032: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:32:48.016035: | setup kernel fd callback Sep 21 07:32:48.016038: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55beab1b5e10 Sep 21 07:32:48.016043: | libevent_malloc: new ptr-libevent@0x55beab1c1fb0 size 128 Sep 21 07:32:48.016046: | libevent_malloc: new ptr-libevent@0x55beab1b50f0 size 16 Sep 21 07:32:48.016052: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55beab1b5dd0 Sep 21 07:32:48.016055: | libevent_malloc: new ptr-libevent@0x55beab1c2040 size 128 Sep 21 07:32:48.016057: | libevent_malloc: new ptr-libevent@0x55beab1b5110 size 16 Sep 21 07:32:48.016284: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:32:48.016293: selinux support is enabled. Sep 21 07:32:48.016365: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:32:48.016534: | unbound context created - setting debug level to 5 Sep 21 07:32:48.016560: | /etc/hosts lookups activated Sep 21 07:32:48.016576: | /etc/resolv.conf usage activated Sep 21 07:32:48.016637: | outgoing-port-avoid set 0-65535 Sep 21 07:32:48.016667: | outgoing-port-permit set 32768-60999 Sep 21 07:32:48.016670: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:32:48.016673: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:32:48.016675: | Setting up events, loop start Sep 21 07:32:48.016678: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55beab1b0360 Sep 21 07:32:48.016682: | libevent_malloc: new ptr-libevent@0x55beab1cc5b0 size 128 Sep 21 07:32:48.016684: | libevent_malloc: new ptr-libevent@0x55beab1cc640 size 16 Sep 21 07:32:48.016691: | libevent_realloc: new ptr-libevent@0x55beab1315b0 size 256 Sep 21 07:32:48.016694: | libevent_malloc: new ptr-libevent@0x55beab1cc660 size 8 Sep 21 07:32:48.016696: | libevent_realloc: new ptr-libevent@0x55beab1c1330 size 144 Sep 21 07:32:48.016699: | libevent_malloc: new ptr-libevent@0x55beab1cc680 size 152 Sep 21 07:32:48.016703: | libevent_malloc: new ptr-libevent@0x55beab1cc720 size 16 Sep 21 07:32:48.016706: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:32:48.016709: | libevent_malloc: new ptr-libevent@0x55beab1cc740 size 8 Sep 21 07:32:48.016711: | libevent_malloc: new ptr-libevent@0x55beab1cc760 size 152 Sep 21 07:32:48.016714: | signal event handler PLUTO_SIGTERM installed Sep 21 07:32:48.016717: | libevent_malloc: new ptr-libevent@0x55beab1cc800 size 8 Sep 21 07:32:48.016719: | libevent_malloc: new ptr-libevent@0x55beab1cc820 size 152 Sep 21 07:32:48.016722: | signal event handler PLUTO_SIGHUP installed Sep 21 07:32:48.016724: | libevent_malloc: new ptr-libevent@0x55beab1cc8c0 size 8 Sep 21 07:32:48.016727: | libevent_realloc: release ptr-libevent@0x55beab1c1330 Sep 21 07:32:48.016730: | libevent_realloc: new ptr-libevent@0x55beab1cc8e0 size 256 Sep 21 07:32:48.016732: | libevent_malloc: new ptr-libevent@0x55beab1c1330 size 152 Sep 21 07:32:48.016735: | signal event handler PLUTO_SIGSYS installed Sep 21 07:32:48.017127: | created addconn helper (pid:24575) using fork+execve Sep 21 07:32:48.017140: | forked child 24575 Sep 21 07:32:48.017177: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:48.017191: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:32:48.017197: listening for IKE messages Sep 21 07:32:48.017231: | Inspecting interface lo Sep 21 07:32:48.017237: | found lo with address 127.0.0.1 Sep 21 07:32:48.017240: | Inspecting interface eth0 Sep 21 07:32:48.017244: | found eth0 with address 192.0.1.254 Sep 21 07:32:48.017246: | Inspecting interface eth1 Sep 21 07:32:48.017250: | found eth1 with address 192.1.2.45 Sep 21 07:32:48.017297: Kernel supports NIC esp-hw-offload Sep 21 07:32:48.017307: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 Sep 21 07:32:48.017327: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:32:48.017334: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:32:48.017338: adding interface eth1/eth1 192.1.2.45:4500 Sep 21 07:32:48.017364: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 Sep 21 07:32:48.017384: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:32:48.017388: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:32:48.017391: adding interface eth0/eth0 192.0.1.254:4500 Sep 21 07:32:48.017414: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:32:48.017434: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:32:48.017438: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:32:48.017441: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:32:48.017500: | no interfaces to sort Sep 21 07:32:48.017504: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:32:48.017513: | add_fd_read_event_handler: new ethX-pe@0x55beab1ccc50 Sep 21 07:32:48.017516: | libevent_malloc: new ptr-libevent@0x55beab1ccc90 size 128 Sep 21 07:32:48.017519: | libevent_malloc: new ptr-libevent@0x55beab1ccd20 size 16 Sep 21 07:32:48.017527: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:32:48.017530: | add_fd_read_event_handler: new ethX-pe@0x55beab1ccd40 Sep 21 07:32:48.017533: | libevent_malloc: new ptr-libevent@0x55beab1ccd80 size 128 Sep 21 07:32:48.017535: | libevent_malloc: new ptr-libevent@0x55beab1cce10 size 16 Sep 21 07:32:48.017540: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:32:48.017542: | add_fd_read_event_handler: new ethX-pe@0x55beab1cce30 Sep 21 07:32:48.017545: | libevent_malloc: new ptr-libevent@0x55beab1cce70 size 128 Sep 21 07:32:48.017547: | libevent_malloc: new ptr-libevent@0x55beab1ccf00 size 16 Sep 21 07:32:48.017552: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Sep 21 07:32:48.017554: | add_fd_read_event_handler: new ethX-pe@0x55beab1ccf20 Sep 21 07:32:48.017557: | libevent_malloc: new ptr-libevent@0x55beab1ccf60 size 128 Sep 21 07:32:48.017559: | libevent_malloc: new ptr-libevent@0x55beab1ccff0 size 16 Sep 21 07:32:48.017564: | setup callback for interface eth0 192.0.1.254:500 fd 19 Sep 21 07:32:48.017566: | add_fd_read_event_handler: new ethX-pe@0x55beab1cd010 Sep 21 07:32:48.017569: | libevent_malloc: new ptr-libevent@0x55beab1cd050 size 128 Sep 21 07:32:48.017571: | libevent_malloc: new ptr-libevent@0x55beab1cd0e0 size 16 Sep 21 07:32:48.017576: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Sep 21 07:32:48.017578: | add_fd_read_event_handler: new ethX-pe@0x55beab1cd100 Sep 21 07:32:48.017581: | libevent_malloc: new ptr-libevent@0x55beab1cd140 size 128 Sep 21 07:32:48.017583: | libevent_malloc: new ptr-libevent@0x55beab1cd1d0 size 16 Sep 21 07:32:48.017588: | setup callback for interface eth1 192.1.2.45:500 fd 17 Sep 21 07:32:48.017593: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:32:48.017595: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:32:48.017613: loading secrets from "/etc/ipsec.secrets" Sep 21 07:32:48.017631: | saving Modulus Sep 21 07:32:48.017636: | saving PublicExponent Sep 21 07:32:48.017640: | ignoring PrivateExponent Sep 21 07:32:48.017643: | ignoring Prime1 Sep 21 07:32:48.017646: | ignoring Prime2 Sep 21 07:32:48.017649: | ignoring Exponent1 Sep 21 07:32:48.017652: | ignoring Exponent2 Sep 21 07:32:48.017655: | ignoring Coefficient Sep 21 07:32:48.017658: | ignoring CKAIDNSS Sep 21 07:32:48.017697: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:32:48.017700: | computed rsa CKAID 7f 0f 03 50 Sep 21 07:32:48.017703: loaded private key for keyid: PKK_RSA:AQOm9dY/4 Sep 21 07:32:48.017710: | certs and keys locked by 'process_secret' Sep 21 07:32:48.017714: | certs and keys unlocked by 'process_secret' Sep 21 07:32:48.017719: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:32:48.017727: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:48.017736: | spent 0.567 milliseconds in whack Sep 21 07:32:48.053833: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:48.053851: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:32:48.053856: listening for IKE messages Sep 21 07:32:48.053889: | Inspecting interface lo Sep 21 07:32:48.053895: | found lo with address 127.0.0.1 Sep 21 07:32:48.053897: | Inspecting interface eth0 Sep 21 07:32:48.053900: | found eth0 with address 192.0.1.254 Sep 21 07:32:48.053901: | Inspecting interface eth1 Sep 21 07:32:48.053904: | found eth1 with address 192.1.2.45 Sep 21 07:32:48.053961: | no interfaces to sort Sep 21 07:32:48.053969: | libevent_free: release ptr-libevent@0x55beab1ccc90 Sep 21 07:32:48.053971: | free_event_entry: release EVENT_NULL-pe@0x55beab1ccc50 Sep 21 07:32:48.053973: | add_fd_read_event_handler: new ethX-pe@0x55beab1ccc50 Sep 21 07:32:48.053975: | libevent_malloc: new ptr-libevent@0x55beab1ccc90 size 128 Sep 21 07:32:48.053981: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:32:48.053984: | libevent_free: release ptr-libevent@0x55beab1ccd80 Sep 21 07:32:48.053985: | free_event_entry: release EVENT_NULL-pe@0x55beab1ccd40 Sep 21 07:32:48.053987: | add_fd_read_event_handler: new ethX-pe@0x55beab1ccd40 Sep 21 07:32:48.053989: | libevent_malloc: new ptr-libevent@0x55beab1ccd80 size 128 Sep 21 07:32:48.053992: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:32:48.053994: | libevent_free: release ptr-libevent@0x55beab1cce70 Sep 21 07:32:48.053996: | free_event_entry: release EVENT_NULL-pe@0x55beab1cce30 Sep 21 07:32:48.053997: | add_fd_read_event_handler: new ethX-pe@0x55beab1cce30 Sep 21 07:32:48.053999: | libevent_malloc: new ptr-libevent@0x55beab1cce70 size 128 Sep 21 07:32:48.054002: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Sep 21 07:32:48.054004: | libevent_free: release ptr-libevent@0x55beab1ccf60 Sep 21 07:32:48.054006: | free_event_entry: release EVENT_NULL-pe@0x55beab1ccf20 Sep 21 07:32:48.054007: | add_fd_read_event_handler: new ethX-pe@0x55beab1ccf20 Sep 21 07:32:48.054009: | libevent_malloc: new ptr-libevent@0x55beab1ccf60 size 128 Sep 21 07:32:48.054012: | setup callback for interface eth0 192.0.1.254:500 fd 19 Sep 21 07:32:48.054014: | libevent_free: release ptr-libevent@0x55beab1cd050 Sep 21 07:32:48.054016: | free_event_entry: release EVENT_NULL-pe@0x55beab1cd010 Sep 21 07:32:48.054018: | add_fd_read_event_handler: new ethX-pe@0x55beab1cd010 Sep 21 07:32:48.054019: | libevent_malloc: new ptr-libevent@0x55beab1cd050 size 128 Sep 21 07:32:48.054022: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Sep 21 07:32:48.054025: | libevent_free: release ptr-libevent@0x55beab1cd140 Sep 21 07:32:48.054039: | free_event_entry: release EVENT_NULL-pe@0x55beab1cd100 Sep 21 07:32:48.054041: | add_fd_read_event_handler: new ethX-pe@0x55beab1cd100 Sep 21 07:32:48.054042: | libevent_malloc: new ptr-libevent@0x55beab1cd140 size 128 Sep 21 07:32:48.054045: | setup callback for interface eth1 192.1.2.45:500 fd 17 Sep 21 07:32:48.054047: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:32:48.054049: forgetting secrets Sep 21 07:32:48.054057: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:32:48.054083: loading secrets from "/etc/ipsec.secrets" Sep 21 07:32:48.054093: | saving Modulus Sep 21 07:32:48.054095: | saving PublicExponent Sep 21 07:32:48.054098: | ignoring PrivateExponent Sep 21 07:32:48.054100: | ignoring Prime1 Sep 21 07:32:48.054101: | ignoring Prime2 Sep 21 07:32:48.054103: | ignoring Exponent1 Sep 21 07:32:48.054105: | ignoring Exponent2 Sep 21 07:32:48.054107: | ignoring Coefficient Sep 21 07:32:48.054109: | ignoring CKAIDNSS Sep 21 07:32:48.054143: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:32:48.054145: | computed rsa CKAID 7f 0f 03 50 Sep 21 07:32:48.054148: loaded private key for keyid: PKK_RSA:AQOm9dY/4 Sep 21 07:32:48.054154: | certs and keys locked by 'process_secret' Sep 21 07:32:48.054174: | certs and keys unlocked by 'process_secret' Sep 21 07:32:48.054178: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:32:48.054184: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:48.054203: | spent 0.363 milliseconds in whack Sep 21 07:32:48.054636: | processing signal PLUTO_SIGCHLD Sep 21 07:32:48.054656: | waitpid returned pid 24575 (exited with status 0) Sep 21 07:32:48.054664: | reaped addconn helper child (status 0) Sep 21 07:32:48.054668: | waitpid returned ECHILD (no child processes left) Sep 21 07:32:48.054673: | spent 0.0305 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:32:48.228181: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:48.228199: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:48.228205: | Added new connection testmanual1 with policy ENCRYPT+IKEV2_ALLOW Sep 21 07:32:48.228241: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:32:48.228243: | from whack: got --esp= Sep 21 07:32:48.228267: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:32:48.228270: | counting wild cards for (none) is 15 Sep 21 07:32:48.228272: | counting wild cards for (none) is 15 Sep 21 07:32:48.228279: added connection description "testmanual1" Sep 21 07:32:48.228286: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: ENCRYPT+IKEV2_ALLOW Sep 21 07:32:48.228291: | 1.2.3.4[+S?C]...2.3.4.5[+S?C] Sep 21 07:32:48.228296: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:48.228301: | spent 0.128 milliseconds in whack Sep 21 07:32:48.299298: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:48.299383: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:48.299407: | Added new connection testmanual2 with policy ENCRYPT+IKEV2_ALLOW Sep 21 07:32:48.299556: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:32:48.299566: | from whack: got --esp= Sep 21 07:32:48.299670: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:32:48.299682: | counting wild cards for (none) is 15 Sep 21 07:32:48.299692: | counting wild cards for (none) is 15 Sep 21 07:32:48.299705: added connection description "testmanual2" Sep 21 07:32:48.299738: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+IKEV2_ALLOW Sep 21 07:32:48.299761: | 1.2.3.5[+S?C]...2.3.4.6[+S?C] Sep 21 07:32:48.299822: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:48.299850: | spent 0.549 milliseconds in whack Sep 21 07:32:48.362101: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:48.362137: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:48.362149: | Added new connection testmanual3 with policy PSK+ENCRYPT+IKEV2_ALLOW Sep 21 07:32:48.362239: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:32:48.362253: | from whack: got --esp= Sep 21 07:32:48.362313: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:32:48.362319: | counting wild cards for (none) is 15 Sep 21 07:32:48.362324: | counting wild cards for (none) is 15 Sep 21 07:32:48.362331: added connection description "testmanual3" Sep 21 07:32:48.362347: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+IKEV2_ALLOW Sep 21 07:32:48.362360: | 1.2.3.6[+S?C]...2.3.4.7[+S?C] Sep 21 07:32:48.362370: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:48.362380: | spent 0.291 milliseconds in whack Sep 21 07:32:48.500742: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:48.500757: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:48.500760: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:48.500762: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:48.500763: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:48.500766: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:48.500772: | Added new connection test-default with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:32:48.500774: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:32:48.500817: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:32:48.500821: | from whack: got --esp= Sep 21 07:32:48.500843: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:32:48.500848: | counting wild cards for 1.2.3.4 is 0 Sep 21 07:32:48.500851: | counting wild cards for 5.6.7.8 is 0 Sep 21 07:32:48.500855: added connection description "test-default" Sep 21 07:32:48.500863: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:32:48.500869: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Sep 21 07:32:48.500875: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:48.500881: | spent 0.144 milliseconds in whack Sep 21 07:32:48.596642: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:48.596658: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:48.596661: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:48.596663: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:48.596664: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:48.596667: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:48.596673: | Added new connection test-v1-secret with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:32:48.596678: | counting wild cards for 1.2.3.4 is 0 Sep 21 07:32:48.596681: | counting wild cards for 5.6.7.8 is 0 Sep 21 07:32:48.596684: added connection description "test-v1-secret" Sep 21 07:32:48.596692: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:32:48.596701: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Sep 21 07:32:48.596708: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:48.596713: | spent 0.0795 milliseconds in whack Sep 21 07:32:48.697140: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:48.697156: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:48.697174: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:48.697176: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:48.697178: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:48.697184: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:48.697190: | Added new connection test-v1-rsasig with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:32:48.697195: | counting wild cards for 1.2.3.4 is 0 Sep 21 07:32:48.697198: | counting wild cards for 5.6.7.8 is 0 Sep 21 07:32:48.697215: added connection description "test-v1-rsasig" Sep 21 07:32:48.697222: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:32:48.697227: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Sep 21 07:32:48.697247: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:48.697252: | spent 0.133 milliseconds in whack Sep 21 07:32:48.782757: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:48.782778: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:48.782786: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:48.782792: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:48.782795: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:48.782798: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:48.782818: | Added new connection test-passthrough with policy none+PASS+NEVER_NEGOTIATE Sep 21 07:32:48.782821: | No AUTH policy was set for type=passthrough - defaulting to AUTH_NEVER Sep 21 07:32:48.782828: | counting wild cards for 3.3.3.3 is 0 Sep 21 07:32:48.782832: | counting wild cards for 5.5.5.5 is 0 Sep 21 07:32:48.782838: added connection description "test-passthrough" Sep 21 07:32:48.782848: | ike_life: 0s; ipsec_life: 0s; rekey_margin: 0s; rekey_fuzz: 0%; keyingtries: 0; replay_window: 0; policy: AUTH_NEVER+PASS+NEVER_NEGOTIATE Sep 21 07:32:48.782872: | 3.3.3.3<3.3.3.3>...5.5.5.5<5.5.5.5> Sep 21 07:32:48.782879: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:48.782887: | spent 0.135 milliseconds in whack Sep 21 07:32:48.869991: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:48.870011: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:48.870016: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:48.870019: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:48.870020: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:48.870026: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:48.870032: | Added new connection test1 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:32:48.870066: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:32:48.870068: | from whack: got --esp= Sep 21 07:32:48.870090: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:32:48.870098: | counting wild cards for 1.2.3.4 is 0 Sep 21 07:32:48.870101: | counting wild cards for 5.6.7.8 is 0 Sep 21 07:32:48.870104: added connection description "test1" Sep 21 07:32:48.870112: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:32:48.870117: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Sep 21 07:32:48.870124: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:48.870129: | spent 0.147 milliseconds in whack Sep 21 07:32:48.968011: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:48.968030: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:48.968035: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:48.968038: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:48.968040: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:48.968047: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:48.968055: | Added new connection test2 with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:32:48.968108: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:32:48.968111: | from whack: got --esp= Sep 21 07:32:48.968147: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:32:48.968154: | counting wild cards for 1.2.3.4 is 0 Sep 21 07:32:48.968159: | counting wild cards for 5.6.7.8 is 0 Sep 21 07:32:48.968164: added connection description "test2" Sep 21 07:32:48.968172: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:32:48.968180: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Sep 21 07:32:48.968186: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:48.968193: | spent 0.189 milliseconds in whack Sep 21 07:32:49.056194: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:49.056210: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:49.056213: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:49.056215: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:49.056217: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:49.056222: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:49.056228: | Added new connection test3 with policy AUTHNULL+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:32:49.056263: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:32:49.056265: | from whack: got --esp= Sep 21 07:32:49.056288: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:32:49.056294: | counting wild cards for 1.2.3.4 is 0 Sep 21 07:32:49.056299: | counting wild cards for 5.6.7.8 is 0 Sep 21 07:32:49.056307: added connection description "test3" Sep 21 07:32:49.056319: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: AUTHNULL+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:32:49.056326: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Sep 21 07:32:49.056334: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:49.056341: | spent 0.154 milliseconds in whack Sep 21 07:32:49.148175: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:49.148192: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:49.148195: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:49.148197: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:49.148199: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:49.148204: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:49.148210: | Added new connection test5 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:32:49.148243: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:32:49.148245: | from whack: got --esp= Sep 21 07:32:49.148267: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:32:49.148272: | counting wild cards for 1.2.3.4 is 0 Sep 21 07:32:49.148275: | counting wild cards for 5.6.7.8 is 0 Sep 21 07:32:49.148279: added connection description "test5" Sep 21 07:32:49.148286: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:32:49.148291: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Sep 21 07:32:49.148299: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:49.148305: | spent 0.137 milliseconds in whack Sep 21 07:32:49.230479: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:49.230498: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:49.230502: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:49.230505: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:49.230507: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:49.230514: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:49.230521: | Added new connection test6 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:32:49.230573: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:32:49.230576: | from whack: got --esp= Sep 21 07:32:49.230615: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:32:49.230621: | counting wild cards for 1.2.3.4 is 0 Sep 21 07:32:49.230626: | counting wild cards for 5.6.7.8 is 0 Sep 21 07:32:49.230631: added connection description "test6" Sep 21 07:32:49.230641: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:32:49.230652: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Sep 21 07:32:49.230660: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:49.230666: | spent 0.193 milliseconds in whack Sep 21 07:32:49.335712: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:49.335731: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:49.335736: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:49.335739: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:49.335742: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:49.335748: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:49.335756: | Added new connection test7 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:32:49.335813: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:32:49.335818: | from whack: got --esp= Sep 21 07:32:49.335855: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:32:49.335862: | counting wild cards for 1.2.3.4 is 0 Sep 21 07:32:49.335866: | counting wild cards for 5.6.7.8 is 0 Sep 21 07:32:49.335871: added connection description "test7" Sep 21 07:32:49.335882: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:32:49.335889: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Sep 21 07:32:49.335896: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:49.335902: | spent 0.196 milliseconds in whack Sep 21 07:32:49.434552: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:49.434571: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:49.434575: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:49.434577: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:49.434578: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:49.434584: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:49.434590: | Added new connection test8 with policy AUTHNULL+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:32:49.434625: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:32:49.434628: | from whack: got --esp= Sep 21 07:32:49.434651: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:32:49.434662: | counting wild cards for 1.2.3.4 is 0 Sep 21 07:32:49.434668: | counting wild cards for 5.6.7.8 is 0 Sep 21 07:32:49.434673: added connection description "test8" Sep 21 07:32:49.434684: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: AUTHNULL+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:32:49.434690: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Sep 21 07:32:49.434696: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:49.434701: | spent 0.157 milliseconds in whack Sep 21 07:32:49.515706: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:49.515724: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:49.515728: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:49.515730: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:49.515732: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:49.515738: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:49.515743: | Added new connection test9 with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:32:49.515781: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:32:49.515787: | from whack: got --esp= Sep 21 07:32:49.515809: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:32:49.515816: | counting wild cards for 1.2.3.4 is 0 Sep 21 07:32:49.515819: | counting wild cards for 5.6.7.8 is 0 Sep 21 07:32:49.515822: added connection description "test9" Sep 21 07:32:49.515830: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:32:49.515835: | 1.2.3.4<1.2.3.4>...5.6.7.8<5.6.7.8> Sep 21 07:32:49.515840: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:49.515846: | spent 0.144 milliseconds in whack Sep 21 07:32:49.676526: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:49.676547: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:49.676552: Failed to add connection "failtestmanual1": non-shunt connection must have AH or ESP Sep 21 07:32:49.676559: | flush revival: connection 'failtestmanual1' wasn't on the list Sep 21 07:32:49.676561: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:32:49.676569: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:49.676575: | spent 0.0553 milliseconds in whack Sep 21 07:32:49.733825: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:49.733847: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:49.733852: Failed to add connection "failtestmanual2": leftauth= and rightauth= require ikev2 Sep 21 07:32:49.733858: | flush revival: connection 'failtestmanual2' wasn't on the list Sep 21 07:32:49.733861: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:32:49.733867: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:49.733874: | spent 0.0555 milliseconds in whack Sep 21 07:32:49.789571: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:49.789594: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:49.789602: Failed to add connection "failtestmanual3": leftauth=null is unequal to rightauth=rsasig so authby=PSK must not be set Sep 21 07:32:49.789612: | flush revival: connection 'failtestmanual3' wasn't on the list Sep 21 07:32:49.789616: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:32:49.789625: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:49.789633: | spent 0.0693 milliseconds in whack Sep 21 07:32:49.847117: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:49.847152: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:49.847160: Failed to add connection "failtestmanual4": leftauth=null is unequal to rightauth=rsasig so authby=RSASIG must not be set Sep 21 07:32:49.847170: | flush revival: connection 'failtestmanual4' wasn't on the list Sep 21 07:32:49.847174: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:32:49.847183: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:49.847190: | spent 0.0836 milliseconds in whack Sep 21 07:32:49.981135: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:49.981154: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:49.981159: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:49.981162: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:49.981165: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:49.981169: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:49.981173: Failed to add connection "failtest0": cannot mix PSK and NULL authentication (leftauth=secret and rightauth=null) Sep 21 07:32:49.981182: | flush revival: connection 'failtest0' wasn't on the list Sep 21 07:32:49.981185: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:32:49.981195: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:49.981201: | spent 0.0751 milliseconds in whack Sep 21 07:32:50.079071: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:50.079091: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:50.079097: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:50.079100: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:50.079102: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:50.079106: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:50.079110: Failed to add connection "failtest1": leftauth= and rightauth= require ikev2 Sep 21 07:32:50.079119: | flush revival: connection 'failtest1' wasn't on the list Sep 21 07:32:50.079123: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:32:50.079130: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:50.079137: | spent 0.0743 milliseconds in whack Sep 21 07:32:50.177962: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:50.177996: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:50.178002: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:50.178004: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:50.178006: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:50.178009: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:50.178013: Failed to add connection "failtest2": leftauth=rsasig is unequal to rightauth=secret so authby=PSK must not be set Sep 21 07:32:50.178020: | flush revival: connection 'failtest2' wasn't on the list Sep 21 07:32:50.178035: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:32:50.178041: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:50.178046: | spent 0.107 milliseconds in whack Sep 21 07:32:50.259388: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:50.259406: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:50.259410: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:50.259412: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:50.259414: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:50.259417: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:50.259421: Failed to add connection "failtest3": leftauth=rsasig is unequal to rightauth=secret so authby=RSASIG must not be set Sep 21 07:32:50.259428: | flush revival: connection 'failtest3' wasn't on the list Sep 21 07:32:50.259434: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:32:50.259440: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:50.259446: | spent 0.0652 milliseconds in whack Sep 21 07:32:50.341747: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:50.341763: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:50.341767: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:50.341770: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:50.341771: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:50.341775: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:50.341779: Failed to add connection "failtest4": leftauth=rsasig is unequal to rightauth=secret so authby=AUTHNULL must not be set Sep 21 07:32:50.341792: | flush revival: connection 'failtest4' wasn't on the list Sep 21 07:32:50.341797: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:32:50.341806: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:50.341812: | spent 0.0703 milliseconds in whack Sep 21 07:32:50.431199: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:50.431215: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:50.431219: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:50.431221: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:50.431222: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:50.431225: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:50.431228: Failed to add connection "failtest5": leftauth= and rightauth= must both be set or both be unset Sep 21 07:32:50.431234: | flush revival: connection 'failtest5' wasn't on the list Sep 21 07:32:50.431237: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:32:50.431243: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:50.431250: | spent 0.0571 milliseconds in whack Sep 21 07:32:50.523968: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:50.523986: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:50.523991: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:50.523993: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:50.523995: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:50.523997: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:50.524000: Failed to add connection "failtest6": leftauth= and rightauth= must both be set or both be unset Sep 21 07:32:50.524008: | flush revival: connection 'failtest6' wasn't on the list Sep 21 07:32:50.524011: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:32:50.524024: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:50.524031: | spent 0.0654 milliseconds in whack Sep 21 07:32:50.620152: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:50.620173: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:50.620179: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:50.620182: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:50.620185: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:50.620188: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:50.620192: Failed to add connection "failtest7": leftauth= and rightauth= must both be set or both be unset Sep 21 07:32:50.620203: | flush revival: connection 'failtest7' wasn't on the list Sep 21 07:32:50.620207: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:32:50.620224: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:50.620232: | spent 0.0827 milliseconds in whack Sep 21 07:32:50.715116: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:50.715133: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:50.715138: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:50.715153: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:50.715154: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:50.715157: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:50.715159: Failed to add connection "failtest8": shunt connection cannot have authentication method other then authby=never Sep 21 07:32:50.715167: | flush revival: connection 'failtest8' wasn't on the list Sep 21 07:32:50.715170: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:32:50.715179: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:50.715186: | spent 0.0768 milliseconds in whack Sep 21 07:32:50.805649: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:50.805676: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:50.805682: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:50.805685: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:50.805688: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:32:50.805692: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:32:50.805695: Failed to add connection "failtest9": leftauth= / rightauth= options are invalid for type=passthrough connection Sep 21 07:32:50.805703: | flush revival: connection 'failtest9' wasn't on the list Sep 21 07:32:50.805707: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:32:50.805714: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:50.805722: | spent 0.0749 milliseconds in whack Sep 21 07:32:50.994089: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:50.994250: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:32:50.994256: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:32:50.994678: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:32:50.994693: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:50.994702: | spent 0.612 milliseconds in whack Sep 21 07:32:51.553837: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:51.554537: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:32:51.554557: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:32:51.558007: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:32:51.558068: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:32:51.558092: | spent 2.56 milliseconds in whack Sep 21 07:32:52.644046: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:32:52.644069: shutting down Sep 21 07:32:52.644078: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:32:52.644082: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:32:52.644088: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:32:52.644090: forgetting secrets Sep 21 07:32:52.644095: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:32:52.644100: | start processing: connection "test9" (in delete_connection() at connections.c:189) Sep 21 07:32:52.644103: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:32:52.644105: | pass 0 Sep 21 07:32:52.644108: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644124: | pass 1 Sep 21 07:32:52.644127: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644130: | flush revival: connection 'test9' wasn't on the list Sep 21 07:32:52.644137: | stop processing: connection "test9" (in discard_connection() at connections.c:249) Sep 21 07:32:52.644144: | start processing: connection "test8" (in delete_connection() at connections.c:189) Sep 21 07:32:52.644146: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:32:52.644148: | pass 0 Sep 21 07:32:52.644151: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644153: | pass 1 Sep 21 07:32:52.644168: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644171: | flush revival: connection 'test8' wasn't on the list Sep 21 07:32:52.644173: | stop processing: connection "test8" (in discard_connection() at connections.c:249) Sep 21 07:32:52.644178: | start processing: connection "test7" (in delete_connection() at connections.c:189) Sep 21 07:32:52.644181: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:32:52.644183: | pass 0 Sep 21 07:32:52.644185: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644187: | pass 1 Sep 21 07:32:52.644189: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644192: | flush revival: connection 'test7' wasn't on the list Sep 21 07:32:52.644194: | stop processing: connection "test7" (in discard_connection() at connections.c:249) Sep 21 07:32:52.644199: | start processing: connection "test6" (in delete_connection() at connections.c:189) Sep 21 07:32:52.644202: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:32:52.644204: | pass 0 Sep 21 07:32:52.644206: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644208: | pass 1 Sep 21 07:32:52.644210: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644213: | flush revival: connection 'test6' wasn't on the list Sep 21 07:32:52.644215: | stop processing: connection "test6" (in discard_connection() at connections.c:249) Sep 21 07:32:52.644220: | start processing: connection "test5" (in delete_connection() at connections.c:189) Sep 21 07:32:52.644223: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:32:52.644225: | pass 0 Sep 21 07:32:52.644227: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644229: | pass 1 Sep 21 07:32:52.644231: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644234: | flush revival: connection 'test5' wasn't on the list Sep 21 07:32:52.644237: | stop processing: connection "test5" (in discard_connection() at connections.c:249) Sep 21 07:32:52.644242: | start processing: connection "test3" (in delete_connection() at connections.c:189) Sep 21 07:32:52.644245: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:32:52.644247: | pass 0 Sep 21 07:32:52.644249: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644251: | pass 1 Sep 21 07:32:52.644253: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644256: | flush revival: connection 'test3' wasn't on the list Sep 21 07:32:52.644259: | stop processing: connection "test3" (in discard_connection() at connections.c:249) Sep 21 07:32:52.644279: | start processing: connection "test2" (in delete_connection() at connections.c:189) Sep 21 07:32:52.644281: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:32:52.644283: | pass 0 Sep 21 07:32:52.644286: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644288: | pass 1 Sep 21 07:32:52.644290: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644293: | flush revival: connection 'test2' wasn't on the list Sep 21 07:32:52.644296: | stop processing: connection "test2" (in discard_connection() at connections.c:249) Sep 21 07:32:52.644300: | start processing: connection "test1" (in delete_connection() at connections.c:189) Sep 21 07:32:52.644305: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:32:52.644308: | pass 0 Sep 21 07:32:52.644310: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644312: | pass 1 Sep 21 07:32:52.644314: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644317: | flush revival: connection 'test1' wasn't on the list Sep 21 07:32:52.644319: | stop processing: connection "test1" (in discard_connection() at connections.c:249) Sep 21 07:32:52.644324: | start processing: connection "test-passthrough" (in delete_connection() at connections.c:189) Sep 21 07:32:52.644327: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:32:52.644329: | pass 0 Sep 21 07:32:52.644331: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644333: | pass 1 Sep 21 07:32:52.644336: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644351: | flush revival: connection 'test-passthrough' wasn't on the list Sep 21 07:32:52.644354: | stop processing: connection "test-passthrough" (in discard_connection() at connections.c:249) Sep 21 07:32:52.644357: | start processing: connection "test-v1-rsasig" (in delete_connection() at connections.c:189) Sep 21 07:32:52.644373: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:32:52.644375: | pass 0 Sep 21 07:32:52.644377: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644379: | pass 1 Sep 21 07:32:52.644381: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644384: | flush revival: connection 'test-v1-rsasig' wasn't on the list Sep 21 07:32:52.644387: | stop processing: connection "test-v1-rsasig" (in discard_connection() at connections.c:249) Sep 21 07:32:52.644390: | start processing: connection "test-v1-secret" (in delete_connection() at connections.c:189) Sep 21 07:32:52.644393: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:32:52.644395: | pass 0 Sep 21 07:32:52.644398: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644400: | pass 1 Sep 21 07:32:52.644402: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644404: | flush revival: connection 'test-v1-secret' wasn't on the list Sep 21 07:32:52.644407: | stop processing: connection "test-v1-secret" (in discard_connection() at connections.c:249) Sep 21 07:32:52.644424: | start processing: connection "test-default" (in delete_connection() at connections.c:189) Sep 21 07:32:52.644426: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:32:52.644428: | pass 0 Sep 21 07:32:52.644431: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644446: | pass 1 Sep 21 07:32:52.644448: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644450: | flush revival: connection 'test-default' wasn't on the list Sep 21 07:32:52.644453: | stop processing: connection "test-default" (in discard_connection() at connections.c:249) Sep 21 07:32:52.644458: | start processing: connection "testmanual3" (in delete_connection() at connections.c:189) Sep 21 07:32:52.644461: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:32:52.644463: | pass 0 Sep 21 07:32:52.644465: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644467: | pass 1 Sep 21 07:32:52.644470: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644472: | flush revival: connection 'testmanual3' wasn't on the list Sep 21 07:32:52.644488: | stop processing: connection "testmanual3" (in discard_connection() at connections.c:249) Sep 21 07:32:52.644493: | start processing: connection "testmanual2" (in delete_connection() at connections.c:189) Sep 21 07:32:52.644508: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:32:52.644512: | pass 0 Sep 21 07:32:52.644514: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644516: | pass 1 Sep 21 07:32:52.644518: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644521: | flush revival: connection 'testmanual2' wasn't on the list Sep 21 07:32:52.644524: | stop processing: connection "testmanual2" (in discard_connection() at connections.c:249) Sep 21 07:32:52.644529: | start processing: connection "testmanual1" (in delete_connection() at connections.c:189) Sep 21 07:32:52.644532: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:32:52.644534: | pass 0 Sep 21 07:32:52.644536: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644538: | pass 1 Sep 21 07:32:52.644540: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:32:52.644543: | flush revival: connection 'testmanual1' wasn't on the list Sep 21 07:32:52.644546: | stop processing: connection "testmanual1" (in discard_connection() at connections.c:249) Sep 21 07:32:52.644551: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:32:52.644553: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:32:52.644565: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:32:52.644569: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:32:52.644572: shutting down interface eth0/eth0 192.0.1.254:4500 Sep 21 07:32:52.644575: shutting down interface eth0/eth0 192.0.1.254:500 Sep 21 07:32:52.644579: shutting down interface eth1/eth1 192.1.2.45:4500 Sep 21 07:32:52.644582: shutting down interface eth1/eth1 192.1.2.45:500 Sep 21 07:32:52.644586: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:32:52.644593: | libevent_free: release ptr-libevent@0x55beab1ccc90 Sep 21 07:32:52.644596: | free_event_entry: release EVENT_NULL-pe@0x55beab1ccc50 Sep 21 07:32:52.644607: | libevent_free: release ptr-libevent@0x55beab1ccd80 Sep 21 07:32:52.644609: | free_event_entry: release EVENT_NULL-pe@0x55beab1ccd40 Sep 21 07:32:52.644616: | libevent_free: release ptr-libevent@0x55beab1cce70 Sep 21 07:32:52.644618: | free_event_entry: release EVENT_NULL-pe@0x55beab1cce30 Sep 21 07:32:52.644624: | libevent_free: release ptr-libevent@0x55beab1ccf60 Sep 21 07:32:52.644627: | free_event_entry: release EVENT_NULL-pe@0x55beab1ccf20 Sep 21 07:32:52.644633: | libevent_free: release ptr-libevent@0x55beab1cd050 Sep 21 07:32:52.644635: | free_event_entry: release EVENT_NULL-pe@0x55beab1cd010 Sep 21 07:32:52.644641: | libevent_free: release ptr-libevent@0x55beab1cd140 Sep 21 07:32:52.644644: | free_event_entry: release EVENT_NULL-pe@0x55beab1cd100 Sep 21 07:32:52.644648: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:32:52.645102: | libevent_free: release ptr-libevent@0x55beab1cc5b0 Sep 21 07:32:52.645110: | free_event_entry: release EVENT_NULL-pe@0x55beab1b0360 Sep 21 07:32:52.645114: | libevent_free: release ptr-libevent@0x55beab1c2040 Sep 21 07:32:52.645117: | free_event_entry: release EVENT_NULL-pe@0x55beab1b5dd0 Sep 21 07:32:52.645122: | libevent_free: release ptr-libevent@0x55beab1c1fb0 Sep 21 07:32:52.645124: | free_event_entry: release EVENT_NULL-pe@0x55beab1b5e10 Sep 21 07:32:52.645127: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:32:52.645130: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:32:52.645133: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:32:52.645135: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:32:52.645137: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:32:52.645140: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:32:52.645142: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:32:52.645144: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:32:52.645147: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:32:52.645152: | libevent_free: release ptr-libevent@0x55beab1cc680 Sep 21 07:32:52.645155: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:32:52.645158: | libevent_free: release ptr-libevent@0x55beab1cc760 Sep 21 07:32:52.645162: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:32:52.645165: | libevent_free: release ptr-libevent@0x55beab1cc820 Sep 21 07:32:52.645168: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:32:52.645171: | libevent_free: release ptr-libevent@0x55beab1c1330 Sep 21 07:32:52.645173: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:32:52.645175: | releasing event base Sep 21 07:32:52.645188: | libevent_free: release ptr-libevent@0x55beab1cc8e0 Sep 21 07:32:52.645191: | libevent_free: release ptr-libevent@0x55beab1a1df0 Sep 21 07:32:52.645194: | libevent_free: release ptr-libevent@0x55beab1b06a0 Sep 21 07:32:52.645197: | libevent_free: release ptr-libevent@0x55beab1b0770 Sep 21 07:32:52.645199: | libevent_free: release ptr-libevent@0x55beab1b06c0 Sep 21 07:32:52.645202: | libevent_free: release ptr-libevent@0x55beab1cc640 Sep 21 07:32:52.645204: | libevent_free: release ptr-libevent@0x55beab1cc720 Sep 21 07:32:52.645207: | libevent_free: release ptr-libevent@0x55beab1b0750 Sep 21 07:32:52.645222: | libevent_free: release ptr-libevent@0x55beab1b50f0 Sep 21 07:32:52.645224: | libevent_free: release ptr-libevent@0x55beab1b5110 Sep 21 07:32:52.645226: | libevent_free: release ptr-libevent@0x55beab1cd1d0 Sep 21 07:32:52.645229: | libevent_free: release ptr-libevent@0x55beab1cd0e0 Sep 21 07:32:52.645231: | libevent_free: release ptr-libevent@0x55beab1ccff0 Sep 21 07:32:52.645233: | libevent_free: release ptr-libevent@0x55beab1ccf00 Sep 21 07:32:52.645236: | libevent_free: release ptr-libevent@0x55beab1cce10 Sep 21 07:32:52.645238: | libevent_free: release ptr-libevent@0x55beab1ccd20 Sep 21 07:32:52.645240: | libevent_free: release ptr-libevent@0x55beab133370 Sep 21 07:32:52.645242: | libevent_free: release ptr-libevent@0x55beab1cc800 Sep 21 07:32:52.645245: | libevent_free: release ptr-libevent@0x55beab1cc740 Sep 21 07:32:52.645247: | libevent_free: release ptr-libevent@0x55beab1cc660 Sep 21 07:32:52.645249: | libevent_free: release ptr-libevent@0x55beab1cc8c0 Sep 21 07:32:52.645252: | libevent_free: release ptr-libevent@0x55beab1315b0 Sep 21 07:32:52.645254: | libevent_free: release ptr-libevent@0x55beab1b06e0 Sep 21 07:32:52.645257: | libevent_free: release ptr-libevent@0x55beab1b0710 Sep 21 07:32:52.645259: | libevent_free: release ptr-libevent@0x55beab1b0400 Sep 21 07:32:52.645261: | releasing global libevent data Sep 21 07:32:52.645264: | libevent_free: release ptr-libevent@0x55beab1af0f0 Sep 21 07:32:52.645267: | libevent_free: release ptr-libevent@0x55beab1b03a0 Sep 21 07:32:52.645270: | libevent_free: release ptr-libevent@0x55beab1b03d0