Sep 21 07:34:32.043212: FIPS Product: YES
Sep 21 07:34:32.043247: FIPS Kernel: NO
Sep 21 07:34:32.043250: FIPS Mode: NO
Sep 21 07:34:32.043252: NSS DB directory: sql:/etc/ipsec.d
Sep 21 07:34:32.043413: Initializing NSS
Sep 21 07:34:32.043417: Opening NSS database "sql:/etc/ipsec.d" read-only
Sep 21 07:34:32.083939: NSS initialized
Sep 21 07:34:32.083958: NSS crypto library initialized
Sep 21 07:34:32.083961: FIPS HMAC integrity support [enabled]
Sep 21 07:34:32.083964: FIPS mode disabled for pluto daemon
Sep 21 07:34:32.151842: FIPS HMAC integrity verification self-test FAILED
Sep 21 07:34:32.151962: libcap-ng support [enabled]
Sep 21 07:34:32.151973: Linux audit support [enabled]
Sep 21 07:34:32.152004: Linux audit activated
Sep 21 07:34:32.152013: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:11200
Sep 21 07:34:32.152016: core dump dir: /tmp
Sep 21 07:34:32.152018: secrets file: /etc/ipsec.secrets
Sep 21 07:34:32.152020: leak-detective disabled
Sep 21 07:34:32.152022: NSS crypto [enabled]
Sep 21 07:34:32.152024: XAUTH PAM support [enabled]
Sep 21 07:34:32.152097: | libevent is using pluto's memory allocator
Sep 21 07:34:32.152106: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800)
Sep 21 07:34:32.152118: | libevent_malloc: new ptr-libevent@0x56158f8e9230 size 40
Sep 21 07:34:32.152121: | libevent_malloc: new ptr-libevent@0x56158f8ea4e0 size 40
Sep 21 07:34:32.152123: | libevent_malloc: new ptr-libevent@0x56158f8ea510 size 40
Sep 21 07:34:32.152125: | creating event base
Sep 21 07:34:32.152128: | libevent_malloc: new ptr-libevent@0x56158f8ea4a0 size 56
Sep 21 07:34:32.152131: | libevent_malloc: new ptr-libevent@0x56158f8ea540 size 664
Sep 21 07:34:32.152141: | libevent_malloc: new ptr-libevent@0x56158f8ea7e0 size 24
Sep 21 07:34:32.152146: | libevent_malloc: new ptr-libevent@0x56158f8dbf70 size 384
Sep 21 07:34:32.152156: | libevent_malloc: new ptr-libevent@0x56158f8ea800 size 16
Sep 21 07:34:32.152158: | libevent_malloc: new ptr-libevent@0x56158f8ea820 size 40
Sep 21 07:34:32.152160: | libevent_malloc: new ptr-libevent@0x56158f8ea850 size 48
Sep 21 07:34:32.152167: | libevent_realloc: new ptr-libevent@0x56158f86c370 size 256
Sep 21 07:34:32.152170: | libevent_malloc: new ptr-libevent@0x56158f8ea890 size 16
Sep 21 07:34:32.152175: | libevent_free: release ptr-libevent@0x56158f8ea4a0
Sep 21 07:34:32.152179: | libevent initialized
Sep 21 07:34:32.152182: | libevent_realloc: new ptr-libevent@0x56158f8ea8b0 size 64
Sep 21 07:34:32.152191: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds
Sep 21 07:34:32.152208: | init_nat_traversal() initialized with keep_alive=0s
Sep 21 07:34:32.152211: NAT-Traversal support  [enabled]
Sep 21 07:34:32.152214: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized
Sep 21 07:34:32.152220: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized
Sep 21 07:34:32.152224: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds
Sep 21 07:34:32.152264: | global one-shot timer EVENT_REVIVE_CONNS initialized
Sep 21 07:34:32.152268: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds
Sep 21 07:34:32.152271: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds
Sep 21 07:34:32.152325: Encryption algorithms:
Sep 21 07:34:32.152331:   AES_CCM_16              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm, aes_ccm_c
Sep 21 07:34:32.152335:   AES_CCM_12              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_b
Sep 21 07:34:32.152338:   AES_CCM_8               IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_a
Sep 21 07:34:32.152341:   3DES_CBC                IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  [*192]  3des
Sep 21 07:34:32.152344:   CAMELLIA_CTR            IKEv1:     ESP     IKEv2:     ESP           {256,192,*128}
Sep 21 07:34:32.152352:   CAMELLIA_CBC            IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  camellia
Sep 21 07:34:32.152356:   AES_GCM_16              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm, aes_gcm_c
Sep 21 07:34:32.152360:   AES_GCM_12              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_b
Sep 21 07:34:32.152364:   AES_GCM_8               IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_a
Sep 21 07:34:32.152367:   AES_CTR                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aesctr
Sep 21 07:34:32.152370:   AES_CBC                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes
Sep 21 07:34:32.152373:   SERPENT_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  serpent
Sep 21 07:34:32.152376:   TWOFISH_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  twofish
Sep 21 07:34:32.152379:   TWOFISH_SSH             IKEv1: IKE         IKEv2: IKE ESP           {256,192,*128}  twofish_cbc_ssh
Sep 21 07:34:32.152382:   NULL_AUTH_AES_GMAC      IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_gmac
Sep 21 07:34:32.152384:   NULL                    IKEv1:     ESP     IKEv2:     ESP           []
Sep 21 07:34:32.152387:   CHACHA20_POLY1305       IKEv1:             IKEv2: IKE ESP           [*256]  chacha20poly1305
Sep 21 07:34:32.152394: Hash algorithms:
Sep 21 07:34:32.152397:   MD5                     IKEv1: IKE         IKEv2:                 
Sep 21 07:34:32.152401:   SHA1                    IKEv1: IKE         IKEv2:             FIPS  sha
Sep 21 07:34:32.152404:   SHA2_256                IKEv1: IKE         IKEv2:             FIPS  sha2, sha256
Sep 21 07:34:32.152407:   SHA2_384                IKEv1: IKE         IKEv2:             FIPS  sha384
Sep 21 07:34:32.152410:   SHA2_512                IKEv1: IKE         IKEv2:             FIPS  sha512
Sep 21 07:34:32.152426: PRF algorithms:
Sep 21 07:34:32.152430:   HMAC_MD5                IKEv1: IKE         IKEv2: IKE               md5
Sep 21 07:34:32.152433:   HMAC_SHA1               IKEv1: IKE         IKEv2: IKE         FIPS  sha, sha1
Sep 21 07:34:32.152436:   HMAC_SHA2_256           IKEv1: IKE         IKEv2: IKE         FIPS  sha2, sha256, sha2_256
Sep 21 07:34:32.152439:   HMAC_SHA2_384           IKEv1: IKE         IKEv2: IKE         FIPS  sha384, sha2_384
Sep 21 07:34:32.152442:   HMAC_SHA2_512           IKEv1: IKE         IKEv2: IKE         FIPS  sha512, sha2_512
Sep 21 07:34:32.152445:   AES_XCBC                IKEv1:             IKEv2: IKE               aes128_xcbc
Sep 21 07:34:32.152468: Integrity algorithms:
Sep 21 07:34:32.152475:   HMAC_MD5_96             IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        md5, hmac_md5
Sep 21 07:34:32.152481:   HMAC_SHA1_96            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha, sha1, sha1_96, hmac_sha1
Sep 21 07:34:32.152485:   HMAC_SHA2_512_256       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha512, sha2_512, sha2_512_256, hmac_sha2_512
Sep 21 07:34:32.152489:   HMAC_SHA2_384_192       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha384, sha2_384, sha2_384_192, hmac_sha2_384
Sep 21 07:34:32.152494:   HMAC_SHA2_256_128       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Sep 21 07:34:32.152497:   HMAC_SHA2_256_TRUNCBUG  IKEv1:     ESP AH  IKEv2:         AH      
Sep 21 07:34:32.152501:   AES_XCBC_96             IKEv1:     ESP AH  IKEv2: IKE ESP AH        aes_xcbc, aes128_xcbc, aes128_xcbc_96
Sep 21 07:34:32.152505:   AES_CMAC_96             IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  aes_cmac
Sep 21 07:34:32.152508:   NONE                    IKEv1:     ESP     IKEv2: IKE ESP     FIPS  null
Sep 21 07:34:32.152525: DH algorithms:
Sep 21 07:34:32.152529:   NONE                    IKEv1:             IKEv2: IKE ESP AH  FIPS  null, dh0
Sep 21 07:34:32.152532:   MODP1536                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        dh5
Sep 21 07:34:32.152535:   MODP2048                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh14
Sep 21 07:34:32.152542:   MODP3072                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh15
Sep 21 07:34:32.152546:   MODP4096                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh16
Sep 21 07:34:32.152550:   MODP6144                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh17
Sep 21 07:34:32.152553:   MODP8192                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh18
Sep 21 07:34:32.152557:   DH19                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_256, ecp256
Sep 21 07:34:32.152561:   DH20                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_384, ecp384
Sep 21 07:34:32.152565:   DH21                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_521, ecp521
Sep 21 07:34:32.152569:   DH31                    IKEv1: IKE         IKEv2: IKE ESP AH        curve25519
Sep 21 07:34:32.152571: testing CAMELLIA_CBC:
Sep 21 07:34:32.152574:   Camellia: 16 bytes with 128-bit key
Sep 21 07:34:32.152707:   Camellia: 16 bytes with 128-bit key
Sep 21 07:34:32.152738:   Camellia: 16 bytes with 256-bit key
Sep 21 07:34:32.152773:   Camellia: 16 bytes with 256-bit key
Sep 21 07:34:32.152809: testing AES_GCM_16:
Sep 21 07:34:32.152816:   empty string
Sep 21 07:34:32.152844:   one block
Sep 21 07:34:32.152869:   two blocks
Sep 21 07:34:32.152894:   two blocks with associated data
Sep 21 07:34:32.152920: testing AES_CTR:
Sep 21 07:34:32.152923:   Encrypting 16 octets using AES-CTR with 128-bit key
Sep 21 07:34:32.152948:   Encrypting 32 octets using AES-CTR with 128-bit key
Sep 21 07:34:32.152975:   Encrypting 36 octets using AES-CTR with 128-bit key
Sep 21 07:34:32.153003:   Encrypting 16 octets using AES-CTR with 192-bit key
Sep 21 07:34:32.153028:   Encrypting 32 octets using AES-CTR with 192-bit key
Sep 21 07:34:32.153065:   Encrypting 36 octets using AES-CTR with 192-bit key
Sep 21 07:34:32.153102:   Encrypting 16 octets using AES-CTR with 256-bit key
Sep 21 07:34:32.153139:   Encrypting 32 octets using AES-CTR with 256-bit key
Sep 21 07:34:32.153173:   Encrypting 36 octets using AES-CTR with 256-bit key
Sep 21 07:34:32.153203: testing AES_CBC:
Sep 21 07:34:32.153207:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Sep 21 07:34:32.153245:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Sep 21 07:34:32.153283:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Sep 21 07:34:32.153319:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Sep 21 07:34:32.153361: testing AES_XCBC:
Sep 21 07:34:32.153365:   RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input
Sep 21 07:34:32.153487:   RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input
Sep 21 07:34:32.153618:   RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input
Sep 21 07:34:32.153741:   RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input
Sep 21 07:34:32.153867:   RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input
Sep 21 07:34:32.154007:   RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input
Sep 21 07:34:32.154139:   RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input
Sep 21 07:34:32.154414:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Sep 21 07:34:32.154532:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Sep 21 07:34:32.154654:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Sep 21 07:34:32.154875: testing HMAC_MD5:
Sep 21 07:34:32.154882:   RFC 2104: MD5_HMAC test 1
Sep 21 07:34:32.155019:   RFC 2104: MD5_HMAC test 2
Sep 21 07:34:32.155114:   RFC 2104: MD5_HMAC test 3
Sep 21 07:34:32.155235: 8 CPU cores online
Sep 21 07:34:32.155238: starting up 7 crypto helpers
Sep 21 07:34:32.155271: started thread for crypto helper 0
Sep 21 07:34:32.155291: started thread for crypto helper 1
Sep 21 07:34:32.155320: started thread for crypto helper 2
Sep 21 07:34:32.155340: started thread for crypto helper 3
Sep 21 07:34:32.155358: started thread for crypto helper 4
Sep 21 07:34:32.155372: started thread for crypto helper 5
Sep 21 07:34:32.155391: started thread for crypto helper 6
Sep 21 07:34:32.155398: | checking IKEv1 state table
Sep 21 07:34:32.155403: |   MAIN_R0: category: half-open IKE SA flags: 0:
Sep 21 07:34:32.155404: |     -> MAIN_R1 EVENT_SO_DISCARD
Sep 21 07:34:32.155406: |   MAIN_I1: category: half-open IKE SA flags: 0:
Sep 21 07:34:32.155408: |     -> MAIN_I2 EVENT_RETRANSMIT
Sep 21 07:34:32.155409: |   MAIN_R1: category: open IKE SA flags: 200:
Sep 21 07:34:32.155411: |     -> MAIN_R2 EVENT_RETRANSMIT
Sep 21 07:34:32.155412: |     -> UNDEFINED EVENT_RETRANSMIT
Sep 21 07:34:32.155414: |     -> UNDEFINED EVENT_RETRANSMIT
Sep 21 07:34:32.155415: |   MAIN_I2: category: open IKE SA flags: 0:
Sep 21 07:34:32.155417: |     -> MAIN_I3 EVENT_RETRANSMIT
Sep 21 07:34:32.155418: |     -> UNDEFINED EVENT_RETRANSMIT
Sep 21 07:34:32.155419: |     -> UNDEFINED EVENT_RETRANSMIT
Sep 21 07:34:32.155421: |   MAIN_R2: category: open IKE SA flags: 0:
Sep 21 07:34:32.155422: |     -> MAIN_R3 EVENT_SA_REPLACE
Sep 21 07:34:32.155424: |     -> MAIN_R3 EVENT_SA_REPLACE
Sep 21 07:34:32.155425: |     -> UNDEFINED EVENT_SA_REPLACE
Sep 21 07:34:32.155427: |   MAIN_I3: category: open IKE SA flags: 0:
Sep 21 07:34:32.155428: |     -> MAIN_I4 EVENT_SA_REPLACE
Sep 21 07:34:32.155429: |     -> MAIN_I4 EVENT_SA_REPLACE
Sep 21 07:34:32.155431: |     -> UNDEFINED EVENT_SA_REPLACE
Sep 21 07:34:32.155432: |   MAIN_R3: category: established IKE SA flags: 200:
Sep 21 07:34:32.155434: |     -> UNDEFINED EVENT_NULL
Sep 21 07:34:32.155435: |   MAIN_I4: category: established IKE SA flags: 0:
Sep 21 07:34:32.155437: |     -> UNDEFINED EVENT_NULL
Sep 21 07:34:32.155438: |   AGGR_R0: category: half-open IKE SA flags: 0:
Sep 21 07:34:32.155440: |     -> AGGR_R1 EVENT_SO_DISCARD
Sep 21 07:34:32.155441: |   AGGR_I1: category: half-open IKE SA flags: 0:
Sep 21 07:34:32.155443: |     -> AGGR_I2 EVENT_SA_REPLACE
Sep 21 07:34:32.155444: |     -> AGGR_I2 EVENT_SA_REPLACE
Sep 21 07:34:32.155446: |   AGGR_R1: category: open IKE SA flags: 200:
Sep 21 07:34:32.155447: |     -> AGGR_R2 EVENT_SA_REPLACE
Sep 21 07:34:32.155448: |     -> AGGR_R2 EVENT_SA_REPLACE
Sep 21 07:34:32.155450: |   AGGR_I2: category: established IKE SA flags: 200:
Sep 21 07:34:32.155451: |     -> UNDEFINED EVENT_NULL
Sep 21 07:34:32.155453: |   AGGR_R2: category: established IKE SA flags: 0:
Sep 21 07:34:32.155454: |     -> UNDEFINED EVENT_NULL
Sep 21 07:34:32.155456: |   QUICK_R0: category: established CHILD SA flags: 0:
Sep 21 07:34:32.155457: |     -> QUICK_R1 EVENT_RETRANSMIT
Sep 21 07:34:32.155459: |   QUICK_I1: category: established CHILD SA flags: 0:
Sep 21 07:34:32.155460: |     -> QUICK_I2 EVENT_SA_REPLACE
Sep 21 07:34:32.155462: |   QUICK_R1: category: established CHILD SA flags: 0:
Sep 21 07:34:32.155463: |     -> QUICK_R2 EVENT_SA_REPLACE
Sep 21 07:34:32.155465: |   QUICK_I2: category: established CHILD SA flags: 200:
Sep 21 07:34:32.155466: |     -> UNDEFINED EVENT_NULL
Sep 21 07:34:32.155468: |   QUICK_R2: category: established CHILD SA flags: 0:
Sep 21 07:34:32.155469: |     -> UNDEFINED EVENT_NULL
Sep 21 07:34:32.155471: |   INFO: category: informational flags: 0:
Sep 21 07:34:32.155472: |     -> UNDEFINED EVENT_NULL
Sep 21 07:34:32.155474: |   INFO_PROTECTED: category: informational flags: 0:
Sep 21 07:34:32.155475: |     -> UNDEFINED EVENT_NULL
Sep 21 07:34:32.155477: |   XAUTH_R0: category: established IKE SA flags: 0:
Sep 21 07:34:32.155478: |     -> XAUTH_R1 EVENT_NULL
Sep 21 07:34:32.155480: |   XAUTH_R1: category: established IKE SA flags: 0:
Sep 21 07:34:32.155481: |     -> MAIN_R3 EVENT_SA_REPLACE
Sep 21 07:34:32.155483: |   MODE_CFG_R0: category: informational flags: 0:
Sep 21 07:34:32.155484: |     -> MODE_CFG_R1 EVENT_SA_REPLACE
Sep 21 07:34:32.155486: |   MODE_CFG_R1: category: established IKE SA flags: 0:
Sep 21 07:34:32.155487: |     -> MODE_CFG_R2 EVENT_SA_REPLACE
Sep 21 07:34:32.155489: |   MODE_CFG_R2: category: established IKE SA flags: 0:
Sep 21 07:34:32.155490: |     -> UNDEFINED EVENT_NULL
Sep 21 07:34:32.155492: |   MODE_CFG_I1: category: established IKE SA flags: 0:
Sep 21 07:34:32.155495: |     -> MAIN_I4 EVENT_SA_REPLACE
Sep 21 07:34:32.155497: |   XAUTH_I0: category: established IKE SA flags: 0:
Sep 21 07:34:32.155498: |     -> XAUTH_I1 EVENT_RETRANSMIT
Sep 21 07:34:32.155500: |   XAUTH_I1: category: established IKE SA flags: 0:
Sep 21 07:34:32.155501: |     -> MAIN_I4 EVENT_RETRANSMIT
Sep 21 07:34:32.155505: | checking IKEv2 state table
Sep 21 07:34:32.155509: |   PARENT_I0: category: ignore flags: 0:
Sep 21 07:34:32.155511: |     -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT)
Sep 21 07:34:32.155513: |   PARENT_I1: category: half-open IKE SA flags: 0:
Sep 21 07:34:32.155515: |     -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification)
Sep 21 07:34:32.155516: |     -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH)
Sep 21 07:34:32.155518: |   PARENT_I2: category: open IKE SA flags: 0:
Sep 21 07:34:32.155520: |     -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification)
Sep 21 07:34:32.155521: |     -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification)
Sep 21 07:34:32.155523: |     -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification)
Sep 21 07:34:32.155525: |     -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response)
Sep 21 07:34:32.155526: |     -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification)
Sep 21 07:34:32.155528: |   PARENT_I3: category: established IKE SA flags: 0:
Sep 21 07:34:32.155530: |     -> PARENT_I3 EVENT_RETAIN (I3: Informational Request)
Sep 21 07:34:32.155531: |     -> PARENT_I3 EVENT_RETAIN (I3: Informational Response)
Sep 21 07:34:32.155533: |     -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request)
Sep 21 07:34:32.155534: |     -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response)
Sep 21 07:34:32.155536: |   PARENT_R0: category: half-open IKE SA flags: 0:
Sep 21 07:34:32.155537: |     -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT)
Sep 21 07:34:32.155539: |   PARENT_R1: category: half-open IKE SA flags: 0:
Sep 21 07:34:32.155541: |     -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED))
Sep 21 07:34:32.155542: |     -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request)
Sep 21 07:34:32.155544: |   PARENT_R2: category: established IKE SA flags: 0:
Sep 21 07:34:32.155546: |     -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request)
Sep 21 07:34:32.155547: |     -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response)
Sep 21 07:34:32.155549: |     -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request)
Sep 21 07:34:32.155550: |     -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response)
Sep 21 07:34:32.155552: |   V2_CREATE_I0: category: established IKE SA flags: 0:
Sep 21 07:34:32.155553: |     -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA)
Sep 21 07:34:32.155555: |   V2_CREATE_I: category: established IKE SA flags: 0:
Sep 21 07:34:32.155557: |     -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response)
Sep 21 07:34:32.155558: |   V2_REKEY_IKE_I0: category: established IKE SA flags: 0:
Sep 21 07:34:32.155560: |     -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey)
Sep 21 07:34:32.155562: |   V2_REKEY_IKE_I: category: established IKE SA flags: 0:
Sep 21 07:34:32.155563: |     -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response)
Sep 21 07:34:32.155565: |   V2_REKEY_CHILD_I0: category: established IKE SA flags: 0:
Sep 21 07:34:32.155567: |     -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA)
Sep 21 07:34:32.155568: |   V2_REKEY_CHILD_I: category: established IKE SA flags: 0: <none>
Sep 21 07:34:32.155570: |   V2_CREATE_R: category: established IKE SA flags: 0:
Sep 21 07:34:32.155572: |     -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request)
Sep 21 07:34:32.155575: |   V2_REKEY_IKE_R: category: established IKE SA flags: 0:
Sep 21 07:34:32.155576: |     -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey)
Sep 21 07:34:32.155578: |   V2_REKEY_CHILD_R: category: established IKE SA flags: 0: <none>
Sep 21 07:34:32.155580: |   V2_IPSEC_I: category: established CHILD SA flags: 0: <none>
Sep 21 07:34:32.155581: |   V2_IPSEC_R: category: established CHILD SA flags: 0: <none>
Sep 21 07:34:32.155583: |   IKESA_DEL: category: established IKE SA flags: 0:
Sep 21 07:34:32.155585: |     -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL)
Sep 21 07:34:32.155586: |   CHILDSA_DEL: category: informational flags: 0: <none>
Sep 21 07:34:32.155634: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+
Sep 21 07:34:32.155687: | Hard-wiring algorithms
Sep 21 07:34:32.155690: | adding AES_CCM_16 to kernel algorithm db
Sep 21 07:34:32.155693: | adding AES_CCM_12 to kernel algorithm db
Sep 21 07:34:32.155694: | adding AES_CCM_8 to kernel algorithm db
Sep 21 07:34:32.155696: | adding 3DES_CBC to kernel algorithm db
Sep 21 07:34:32.155698: | adding CAMELLIA_CBC to kernel algorithm db
Sep 21 07:34:32.155699: | adding AES_GCM_16 to kernel algorithm db
Sep 21 07:34:32.155701: | adding AES_GCM_12 to kernel algorithm db
Sep 21 07:34:32.155702: | adding AES_GCM_8 to kernel algorithm db
Sep 21 07:34:32.155704: | adding AES_CTR to kernel algorithm db
Sep 21 07:34:32.155705: | adding AES_CBC to kernel algorithm db
Sep 21 07:34:32.155707: | adding SERPENT_CBC to kernel algorithm db
Sep 21 07:34:32.155708: | adding TWOFISH_CBC to kernel algorithm db
Sep 21 07:34:32.155710: | adding NULL_AUTH_AES_GMAC to kernel algorithm db
Sep 21 07:34:32.155711: | adding NULL to kernel algorithm db
Sep 21 07:34:32.155713: | adding CHACHA20_POLY1305 to kernel algorithm db
Sep 21 07:34:32.155715: | adding HMAC_MD5_96 to kernel algorithm db
Sep 21 07:34:32.155716: | adding HMAC_SHA1_96 to kernel algorithm db
Sep 21 07:34:32.155718: | adding HMAC_SHA2_512_256 to kernel algorithm db
Sep 21 07:34:32.155719: | adding HMAC_SHA2_384_192 to kernel algorithm db
Sep 21 07:34:32.155721: | adding HMAC_SHA2_256_128 to kernel algorithm db
Sep 21 07:34:32.155722: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db
Sep 21 07:34:32.155724: | adding AES_XCBC_96 to kernel algorithm db
Sep 21 07:34:32.155725: | adding AES_CMAC_96 to kernel algorithm db
Sep 21 07:34:32.155727: | adding NONE to kernel algorithm db
Sep 21 07:34:32.155743: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes
Sep 21 07:34:32.155748: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds
Sep 21 07:34:32.155749: | setup kernel fd callback
Sep 21 07:34:32.155751: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x56158f8efe30
Sep 21 07:34:32.155754: | libevent_malloc: new ptr-libevent@0x56158f8fbf50 size 128
Sep 21 07:34:32.155756: | libevent_malloc: new ptr-libevent@0x56158f8ef110 size 16
Sep 21 07:34:32.155760: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x56158f8efdf0
Sep 21 07:34:32.155764: | libevent_malloc: new ptr-libevent@0x56158f8fbfe0 size 128
Sep 21 07:34:32.155765: | libevent_malloc: new ptr-libevent@0x56158f8ef130 size 16
Sep 21 07:34:32.156001: | global one-shot timer EVENT_CHECK_CRLS initialized
Sep 21 07:34:32.156013: selinux support is enabled.
Sep 21 07:34:32.156095: systemd watchdog not enabled - not sending watchdog keepalives
Sep 21 07:34:32.156286: | unbound context created - setting debug level to 5
Sep 21 07:34:32.156318: | /etc/hosts lookups activated
Sep 21 07:34:32.156334: | /etc/resolv.conf usage activated
Sep 21 07:34:32.156397: | outgoing-port-avoid set 0-65535
Sep 21 07:34:32.156428: | outgoing-port-permit set 32768-60999
Sep 21 07:34:32.156431: | Loading dnssec root key from:/var/lib/unbound/root.key
Sep 21 07:34:32.156434: | No additional dnssec trust anchors defined via dnssec-trusted= option
Sep 21 07:34:32.156436: | Setting up events, loop start
Sep 21 07:34:32.156440: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x56158f8ea4a0
Sep 21 07:34:32.156447: | libevent_malloc: new ptr-libevent@0x56158f906550 size 128
Sep 21 07:34:32.156450: | libevent_malloc: new ptr-libevent@0x56158f9065e0 size 16
Sep 21 07:34:32.156458: | libevent_realloc: new ptr-libevent@0x56158f86a5b0 size 256
Sep 21 07:34:32.156461: | libevent_malloc: new ptr-libevent@0x56158f906600 size 8
Sep 21 07:34:32.156464: | libevent_realloc: new ptr-libevent@0x56158f8fb350 size 144
Sep 21 07:34:32.156466: | libevent_malloc: new ptr-libevent@0x56158f906620 size 152
Sep 21 07:34:32.156470: | libevent_malloc: new ptr-libevent@0x56158f9066c0 size 16
Sep 21 07:34:32.156474: | signal event handler PLUTO_SIGCHLD installed
Sep 21 07:34:32.156477: | libevent_malloc: new ptr-libevent@0x56158f9066e0 size 8
Sep 21 07:34:32.156480: | libevent_malloc: new ptr-libevent@0x56158f906700 size 152
Sep 21 07:34:32.156483: | signal event handler PLUTO_SIGTERM installed
Sep 21 07:34:32.156485: | libevent_malloc: new ptr-libevent@0x56158f9067a0 size 8
Sep 21 07:34:32.156488: | libevent_malloc: new ptr-libevent@0x56158f9067c0 size 152
Sep 21 07:34:32.156491: | signal event handler PLUTO_SIGHUP installed
Sep 21 07:34:32.156494: | libevent_malloc: new ptr-libevent@0x56158f906860 size 8
Sep 21 07:34:32.156497: | libevent_realloc: release ptr-libevent@0x56158f8fb350
Sep 21 07:34:32.156500: | libevent_realloc: new ptr-libevent@0x56158f906880 size 256
Sep 21 07:34:32.156502: | libevent_malloc: new ptr-libevent@0x56158f8fb350 size 152
Sep 21 07:34:32.156506: | signal event handler PLUTO_SIGSYS installed
Sep 21 07:34:32.156900: | created addconn helper (pid:11407) using fork+execve
Sep 21 07:34:32.156916: | forked child 11407
Sep 21 07:34:32.156954: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:34:32.156974: | pluto_sd: executing action action: reloading(4), status 0
Sep 21 07:34:32.156981: listening for IKE messages
Sep 21 07:34:32.157031: | Inspecting interface lo 
Sep 21 07:34:32.157038: | found lo with address 127.0.0.1
Sep 21 07:34:32.157041: | Inspecting interface eth0 
Sep 21 07:34:32.157046: | found eth0 with address 192.0.2.254
Sep 21 07:34:32.157048: | Inspecting interface eth1 
Sep 21 07:34:32.157053: | found eth1 with address 192.1.2.23
Sep 21 07:34:32.157098: Kernel supports NIC esp-hw-offload
Sep 21 07:34:32.157114: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500
Sep 21 07:34:32.157142: | NAT-Traversal: Trying sockopt style NAT-T
Sep 21 07:34:32.157148: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Sep 21 07:34:32.157152: adding interface eth1/eth1 192.1.2.23:4500
Sep 21 07:34:32.157185: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500
Sep 21 07:34:32.157213: | NAT-Traversal: Trying sockopt style NAT-T
Sep 21 07:34:32.157217: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Sep 21 07:34:32.157221: adding interface eth0/eth0 192.0.2.254:4500
Sep 21 07:34:32.157253: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500
Sep 21 07:34:32.157281: | NAT-Traversal: Trying sockopt style NAT-T
Sep 21 07:34:32.157285: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Sep 21 07:34:32.157289: adding interface lo/lo 127.0.0.1:4500
Sep 21 07:34:32.157350: | no interfaces to sort
Sep 21 07:34:32.157355: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
Sep 21 07:34:32.157363: | add_fd_read_event_handler: new ethX-pe@0x56158f906bf0
Sep 21 07:34:32.157367: | libevent_malloc: new ptr-libevent@0x56158f906c30 size 128
Sep 21 07:34:32.157370: | libevent_malloc: new ptr-libevent@0x56158f906cc0 size 16
Sep 21 07:34:32.157379: | setup callback for interface lo 127.0.0.1:4500 fd 22
Sep 21 07:34:32.157382: | add_fd_read_event_handler: new ethX-pe@0x56158f906ce0
Sep 21 07:34:32.157385: | libevent_malloc: new ptr-libevent@0x56158f906d20 size 128
Sep 21 07:34:32.157388: | libevent_malloc: new ptr-libevent@0x56158f906db0 size 16
Sep 21 07:34:32.157396: | setup callback for interface lo 127.0.0.1:500 fd 21
Sep 21 07:34:32.157399: | add_fd_read_event_handler: new ethX-pe@0x56158f906dd0
Sep 21 07:34:32.157402: | libevent_malloc: new ptr-libevent@0x56158f906e10 size 128
Sep 21 07:34:32.157405: | libevent_malloc: new ptr-libevent@0x56158f906ea0 size 16
Sep 21 07:34:32.157409: | setup callback for interface eth0 192.0.2.254:4500 fd 20
Sep 21 07:34:32.157412: | add_fd_read_event_handler: new ethX-pe@0x56158f906ec0
Sep 21 07:34:32.157415: | libevent_malloc: new ptr-libevent@0x56158f906f00 size 128
Sep 21 07:34:32.157418: | libevent_malloc: new ptr-libevent@0x56158f906f90 size 16
Sep 21 07:34:32.157423: | setup callback for interface eth0 192.0.2.254:500 fd 19
Sep 21 07:34:32.157425: | add_fd_read_event_handler: new ethX-pe@0x56158f906fb0
Sep 21 07:34:32.157428: | libevent_malloc: new ptr-libevent@0x56158f906ff0 size 128
Sep 21 07:34:32.157431: | libevent_malloc: new ptr-libevent@0x56158f907080 size 16
Sep 21 07:34:32.157436: | setup callback for interface eth1 192.1.2.23:4500 fd 18
Sep 21 07:34:32.157438: | add_fd_read_event_handler: new ethX-pe@0x56158f9070a0
Sep 21 07:34:32.157441: | libevent_malloc: new ptr-libevent@0x56158f9070e0 size 128
Sep 21 07:34:32.157444: | libevent_malloc: new ptr-libevent@0x56158f907170 size 16
Sep 21 07:34:32.157448: | setup callback for interface eth1 192.1.2.23:500 fd 17
Sep 21 07:34:32.157454: | certs and keys locked by 'free_preshared_secrets'
Sep 21 07:34:32.157457: | certs and keys unlocked by 'free_preshared_secrets'
Sep 21 07:34:32.157478: loading secrets from "/etc/ipsec.secrets"
Sep 21 07:34:32.157497: | id type added to secret(0x56158f8fc130) PKK_PSK: @west
Sep 21 07:34:32.157501: | id type added to secret(0x56158f8fc130) PKK_PSK: @east
Sep 21 07:34:32.157505: | Processing PSK at line 1: passed
Sep 21 07:34:32.157507: | certs and keys locked by 'process_secret'
Sep 21 07:34:32.157513: | certs and keys unlocked by 'process_secret'
Sep 21 07:34:32.157519: | pluto_sd: executing action action: ready(5), status 0
Sep 21 07:34:32.157603: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:34:32.157610: | spent 0.545 milliseconds in whack
Sep 21 07:34:32.158878: | starting up helper thread 4
Sep 21 07:34:32.158894: | status value returned by setting the priority of this thread (crypto helper 4) 22
Sep 21 07:34:32.158901: | crypto helper 4 waiting (nothing to do)
Sep 21 07:34:32.158912: | starting up helper thread 5
Sep 21 07:34:32.158917: | status value returned by setting the priority of this thread (crypto helper 5) 22
Sep 21 07:34:32.158920: | crypto helper 5 waiting (nothing to do)
Sep 21 07:34:32.159233: | starting up helper thread 0
Sep 21 07:34:32.159250: | status value returned by setting the priority of this thread (crypto helper 0) 22
Sep 21 07:34:32.159253: | crypto helper 0 waiting (nothing to do)
Sep 21 07:34:32.159267: | starting up helper thread 1
Sep 21 07:34:32.159272: | status value returned by setting the priority of this thread (crypto helper 1) 22
Sep 21 07:34:32.159275: | crypto helper 1 waiting (nothing to do)
Sep 21 07:34:32.159286: | starting up helper thread 2
Sep 21 07:34:32.159292: | status value returned by setting the priority of this thread (crypto helper 2) 22
Sep 21 07:34:32.159294: | crypto helper 2 waiting (nothing to do)
Sep 21 07:34:32.159306: | starting up helper thread 3
Sep 21 07:34:32.159311: | status value returned by setting the priority of this thread (crypto helper 3) 22
Sep 21 07:34:32.159314: | crypto helper 3 waiting (nothing to do)
Sep 21 07:34:32.159640: | starting up helper thread 6
Sep 21 07:34:32.159649: | status value returned by setting the priority of this thread (crypto helper 6) 22
Sep 21 07:34:32.159652: | crypto helper 6 waiting (nothing to do)
Sep 21 07:34:32.191610: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:34:32.191629: | pluto_sd: executing action action: reloading(4), status 0
Sep 21 07:34:32.191634: listening for IKE messages
Sep 21 07:34:32.191667: | Inspecting interface lo 
Sep 21 07:34:32.191676: | found lo with address 127.0.0.1
Sep 21 07:34:32.191679: | Inspecting interface eth0 
Sep 21 07:34:32.191682: | found eth0 with address 192.0.2.254
Sep 21 07:34:32.191684: | Inspecting interface eth1 
Sep 21 07:34:32.191687: | found eth1 with address 192.1.2.23
Sep 21 07:34:32.191740: | no interfaces to sort
Sep 21 07:34:32.191748: | libevent_free: release ptr-libevent@0x56158f906c30
Sep 21 07:34:32.191751: | free_event_entry: release EVENT_NULL-pe@0x56158f906bf0
Sep 21 07:34:32.191753: | add_fd_read_event_handler: new ethX-pe@0x56158f906bf0
Sep 21 07:34:32.191755: | libevent_malloc: new ptr-libevent@0x56158f906c30 size 128
Sep 21 07:34:32.191760: | setup callback for interface lo 127.0.0.1:4500 fd 22
Sep 21 07:34:32.191763: | libevent_free: release ptr-libevent@0x56158f906d20
Sep 21 07:34:32.191765: | free_event_entry: release EVENT_NULL-pe@0x56158f906ce0
Sep 21 07:34:32.191766: | add_fd_read_event_handler: new ethX-pe@0x56158f906ce0
Sep 21 07:34:32.191768: | libevent_malloc: new ptr-libevent@0x56158f906d20 size 128
Sep 21 07:34:32.191771: | setup callback for interface lo 127.0.0.1:500 fd 21
Sep 21 07:34:32.191773: | libevent_free: release ptr-libevent@0x56158f906e10
Sep 21 07:34:32.191775: | free_event_entry: release EVENT_NULL-pe@0x56158f906dd0
Sep 21 07:34:32.191776: | add_fd_read_event_handler: new ethX-pe@0x56158f906dd0
Sep 21 07:34:32.191778: | libevent_malloc: new ptr-libevent@0x56158f906e10 size 128
Sep 21 07:34:32.191781: | setup callback for interface eth0 192.0.2.254:4500 fd 20
Sep 21 07:34:32.191787: | libevent_free: release ptr-libevent@0x56158f906f00
Sep 21 07:34:32.191793: | free_event_entry: release EVENT_NULL-pe@0x56158f906ec0
Sep 21 07:34:32.191795: | add_fd_read_event_handler: new ethX-pe@0x56158f906ec0
Sep 21 07:34:32.191796: | libevent_malloc: new ptr-libevent@0x56158f906f00 size 128
Sep 21 07:34:32.191800: | setup callback for interface eth0 192.0.2.254:500 fd 19
Sep 21 07:34:32.191802: | libevent_free: release ptr-libevent@0x56158f906ff0
Sep 21 07:34:32.191803: | free_event_entry: release EVENT_NULL-pe@0x56158f906fb0
Sep 21 07:34:32.191805: | add_fd_read_event_handler: new ethX-pe@0x56158f906fb0
Sep 21 07:34:32.191807: | libevent_malloc: new ptr-libevent@0x56158f906ff0 size 128
Sep 21 07:34:32.191809: | setup callback for interface eth1 192.1.2.23:4500 fd 18
Sep 21 07:34:32.191812: | libevent_free: release ptr-libevent@0x56158f9070e0
Sep 21 07:34:32.191813: | free_event_entry: release EVENT_NULL-pe@0x56158f9070a0
Sep 21 07:34:32.191815: | add_fd_read_event_handler: new ethX-pe@0x56158f9070a0
Sep 21 07:34:32.191816: | libevent_malloc: new ptr-libevent@0x56158f9070e0 size 128
Sep 21 07:34:32.191820: | setup callback for interface eth1 192.1.2.23:500 fd 17
Sep 21 07:34:32.191822: | certs and keys locked by 'free_preshared_secrets'
Sep 21 07:34:32.191823: forgetting secrets
Sep 21 07:34:32.191831: | certs and keys unlocked by 'free_preshared_secrets'
Sep 21 07:34:32.191844: loading secrets from "/etc/ipsec.secrets"
Sep 21 07:34:32.191852: | id type added to secret(0x56158f8fc130) PKK_PSK: @west
Sep 21 07:34:32.191855: | id type added to secret(0x56158f8fc130) PKK_PSK: @east
Sep 21 07:34:32.191858: | Processing PSK at line 1: passed
Sep 21 07:34:32.191859: | certs and keys locked by 'process_secret'
Sep 21 07:34:32.191861: | certs and keys unlocked by 'process_secret'
Sep 21 07:34:32.191864: | pluto_sd: executing action action: ready(5), status 0
Sep 21 07:34:32.191871: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:34:32.191878: | spent 0.272 milliseconds in whack
Sep 21 07:34:32.192479: | processing signal PLUTO_SIGCHLD
Sep 21 07:34:32.192489: | waitpid returned pid 11407 (exited with status 0)
Sep 21 07:34:32.192492: | reaped addconn helper child (status 0)
Sep 21 07:34:32.192495: | waitpid returned ECHILD (no child processes left)
Sep 21 07:34:32.192499: | spent 0.0127 milliseconds in signal handler PLUTO_SIGCHLD
Sep 21 07:34:32.268004: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:34:32.268044: | FOR_EACH_CONNECTION_... in conn_by_name
Sep 21 07:34:32.268048: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Sep 21 07:34:32.268051: | FOR_EACH_CONNECTION_... in conn_by_name
Sep 21 07:34:32.268054: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Sep 21 07:34:32.268058: | FOR_EACH_CONNECTION_... in conn_by_name
Sep 21 07:34:32.268067: | Added new connection east with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Sep 21 07:34:32.268145: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31
Sep 21 07:34:32.268149: | from whack: got --esp=
Sep 21 07:34:32.268206: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128
Sep 21 07:34:32.268212: | counting wild cards for @west is 0
Sep 21 07:34:32.268215: | counting wild cards for @east is 0
Sep 21 07:34:32.268228: | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none
Sep 21 07:34:32.268232: | new hp@0x56158f8d3630
Sep 21 07:34:32.268236: added connection description "east"
Sep 21 07:34:32.268245: | ike_life: 3600s; ipsec_life: 30s; rekey_margin: 5s; rekey_fuzz: 0%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Sep 21 07:34:32.268258: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24
Sep 21 07:34:32.268265: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:34:32.268272: | spent 0.271 milliseconds in whack
Sep 21 07:34:32.268337: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:34:32.268351: add keyid @west
Sep 21 07:34:32.268355: | add pubkey  01 03 a6 f5  d6 3f e3 8f  6c 01 6a fc  7b 7c 6d 57
Sep 21 07:34:32.268359: | add pubkey  8b 49 39 0d  77 f7 ac e2  85 f1 98 1e  4b 6d a5 3e
Sep 21 07:34:32.268362: | add pubkey  b3 96 9a d1  99 5a bc 10  f2 97 de f2  28 f9 5f 92
Sep 21 07:34:32.268364: | add pubkey  09 f0 c8 d4  12 e4 60 6e  9c 60 98 10  01 7d 26 b7
Sep 21 07:34:32.268367: | add pubkey  8f 95 62 2d  87 dd cd de  f6 d3 8f 35  b0 50 d0 18
Sep 21 07:34:32.268371: | add pubkey  f5 99 f8 04  f1 ff 61 5b  bc 7f 1f c0  04 d8 e4 8c
Sep 21 07:34:32.268374: | add pubkey  ac 34 ad 7a  c1 da 3c 2d  8c 30 ae d6  3c 59 b1 3a
Sep 21 07:34:32.268376: | add pubkey  94 d3 d5 2a  73 91 bd 59  5f 3e 72 bf  4a 1b 9d c5
Sep 21 07:34:32.268379: | add pubkey  b2 2b 4d e7  0d 24 3e 77  f9 7f 2d d6  9d 29 ef 70
Sep 21 07:34:32.268382: | add pubkey  7d 7a 6d a2  b8 61 0c 4b  09 4a 06 71  84 70 85 9a
Sep 21 07:34:32.268385: | add pubkey  8f 52 a1 80  06 fd c6 fc  3e 27 fa 16  fa 32 83 a9
Sep 21 07:34:32.268388: | add pubkey  ca 80 db 0f  4a bf f7 e9  55 8e bd 29  4d 23 a6 dc
Sep 21 07:34:32.268391: | add pubkey  2a b3 5d 62  a9 21 1e be  83 d8 69 3c  03 0a 48 8e
Sep 21 07:34:32.268394: | add pubkey  d3 3a 11 f2  86 5a d1 30  65 bd c8 f4  83 87 ff 04
Sep 21 07:34:32.268397: | add pubkey  87 33 05 4f  e0 d8 8c fe  b3 19 4c dd  85 40 f3 4d
Sep 21 07:34:32.268400: | add pubkey  6e e8 49 14  06 2c 1f 59  59 05 8f 20  b0 ca 46 3f
Sep 21 07:34:32.268403: | add pubkey  c9 20 7e 04  30 7d 9a 80  6c 3f 0a 89  f7 d3 af d8
Sep 21 07:34:32.268406: | add pubkey  15 04 37 f9
Sep 21 07:34:32.268446: | computed rsa CKAID  b4 9f 1a ac  9e 45 6e 79  29 c8 81 97  3a 0c 6a d3
Sep 21 07:34:32.268450: | computed rsa CKAID  7f 0f 03 50
Sep 21 07:34:32.268455: | keyid: *AQOm9dY/4
Sep 21 07:34:32.268458: |   n  a6 f5 d6 3f  e3 8f 6c 01  6a fc 7b 7c  6d 57 8b 49
Sep 21 07:34:32.268461: |   n  39 0d 77 f7  ac e2 85 f1  98 1e 4b 6d  a5 3e b3 96
Sep 21 07:34:32.268468: |   n  9a d1 99 5a  bc 10 f2 97  de f2 28 f9  5f 92 09 f0
Sep 21 07:34:32.268471: |   n  c8 d4 12 e4  60 6e 9c 60  98 10 01 7d  26 b7 8f 95
Sep 21 07:34:32.268473: |   n  62 2d 87 dd  cd de f6 d3  8f 35 b0 50  d0 18 f5 99
Sep 21 07:34:32.268476: |   n  f8 04 f1 ff  61 5b bc 7f  1f c0 04 d8  e4 8c ac 34
Sep 21 07:34:32.268480: |   n  ad 7a c1 da  3c 2d 8c 30  ae d6 3c 59  b1 3a 94 d3
Sep 21 07:34:32.268483: |   n  d5 2a 73 91  bd 59 5f 3e  72 bf 4a 1b  9d c5 b2 2b
Sep 21 07:34:32.268486: |   n  4d e7 0d 24  3e 77 f9 7f  2d d6 9d 29  ef 70 7d 7a
Sep 21 07:34:32.268488: |   n  6d a2 b8 61  0c 4b 09 4a  06 71 84 70  85 9a 8f 52
Sep 21 07:34:32.268491: |   n  a1 80 06 fd  c6 fc 3e 27  fa 16 fa 32  83 a9 ca 80
Sep 21 07:34:32.268494: |   n  db 0f 4a bf  f7 e9 55 8e  bd 29 4d 23  a6 dc 2a b3
Sep 21 07:34:32.268497: |   n  5d 62 a9 21  1e be 83 d8  69 3c 03 0a  48 8e d3 3a
Sep 21 07:34:32.268500: |   n  11 f2 86 5a  d1 30 65 bd  c8 f4 83 87  ff 04 87 33
Sep 21 07:34:32.268503: |   n  05 4f e0 d8  8c fe b3 19  4c dd 85 40  f3 4d 6e e8
Sep 21 07:34:32.268506: |   n  49 14 06 2c  1f 59 59 05  8f 20 b0 ca  46 3f c9 20
Sep 21 07:34:32.268509: |   n  7e 04 30 7d  9a 80 6c 3f  0a 89 f7 d3  af d8 15 04
Sep 21 07:34:32.268511: |   n  37 f9
Sep 21 07:34:32.268514: |   e  03
Sep 21 07:34:32.268517: |   CKAID  b4 9f 1a ac  9e 45 6e 79  29 c8 81 97  3a 0c 6a d3
Sep 21 07:34:32.268519: |   CKAID  7f 0f 03 50
Sep 21 07:34:32.268525: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:34:32.268530: | spent 0.193 milliseconds in whack
Sep 21 07:34:32.268573: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:34:32.268592: add keyid @east
Sep 21 07:34:32.268602: | add pubkey  01 03 bd 6c  96 eb df 78  89 b3 ed 77  0d a1 7f 7b
Sep 21 07:34:32.268605: | add pubkey  e5 16 c2 c9  e4 7d 92 0a  90 9d 55 43  b4 62 13 03
Sep 21 07:34:32.268607: | add pubkey  85 7a e0 26  7b 54 1f ca  09 93 cf ff  25 c9 02 4c
Sep 21 07:34:32.268609: | add pubkey  78 ca 94 e5  3e ac d1 f9  a8 e5 bb 7f  cc 20 84 e0
Sep 21 07:34:32.268612: | add pubkey  21 c9 f0 0d  c5 44 ba f3  48 64 61 58  f6 0f 63 0d
Sep 21 07:34:32.268614: | add pubkey  d2 67 1e 59  8b ec f3 50  39 71 fb 39  da 11 64 b6
Sep 21 07:34:32.268616: | add pubkey  62 cd 5f d3  8d 2e c1 50  ed 9c 6e 22  0c 39 a7 ce
Sep 21 07:34:32.268618: | add pubkey  62 b5 af 8a  80 0f 2e 4c  05 5c 82 c7  8d 29 02 2e
Sep 21 07:34:32.268621: | add pubkey  bb 23 5f db  f2 9e b5 7d  e2 20 70 1a  63 f3 8e 5d
Sep 21 07:34:32.268623: | add pubkey  ac 47 f0 5c  26 4e b1 d0  42 60 52 4a  b0 77 25 ce
Sep 21 07:34:32.268625: | add pubkey  e0 98 2b 43  f4 c7 59 1a  64 01 83 ea  4e e3 1a 2a
Sep 21 07:34:32.268627: | add pubkey  92 b8 55 ab  63 dd 4b 70  47 29 dc e9  b4 60 bf 43
Sep 21 07:34:32.268630: | add pubkey  4d 58 8f 64  73 95 70 ac  35 89 b2 c2  9c d4 62 c0
Sep 21 07:34:32.268632: | add pubkey  5f 56 5f ad  1b e5 dd 49  93 6a f5 23  82 ed d4 e7
Sep 21 07:34:32.268634: | add pubkey  d5 f1 55 f2  2d a2 26 a6  36 53 2f 94  fb 99 22 5c
Sep 21 07:34:32.268637: | add pubkey  47 cc 6d 80  30 88 96 38  0c f5 f2 ed  37 d0 09 d5
Sep 21 07:34:32.268639: | add pubkey  07 8f 69 ef  a9 99 ce 4d  1a 77 9e 39  c4 38 f3 c5
Sep 21 07:34:32.268642: | add pubkey  51 51 48 ef
Sep 21 07:34:32.268656: | computed rsa CKAID  61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Sep 21 07:34:32.268659: | computed rsa CKAID  8a 82 25 f1
Sep 21 07:34:32.268666: | keyid: *AQO9bJbr3
Sep 21 07:34:32.268669: |   n  bd 6c 96 eb  df 78 89 b3  ed 77 0d a1  7f 7b e5 16
Sep 21 07:34:32.268671: |   n  c2 c9 e4 7d  92 0a 90 9d  55 43 b4 62  13 03 85 7a
Sep 21 07:34:32.268673: |   n  e0 26 7b 54  1f ca 09 93  cf ff 25 c9  02 4c 78 ca
Sep 21 07:34:32.268676: |   n  94 e5 3e ac  d1 f9 a8 e5  bb 7f cc 20  84 e0 21 c9
Sep 21 07:34:32.268678: |   n  f0 0d c5 44  ba f3 48 64  61 58 f6 0f  63 0d d2 67
Sep 21 07:34:32.268680: |   n  1e 59 8b ec  f3 50 39 71  fb 39 da 11  64 b6 62 cd
Sep 21 07:34:32.268683: |   n  5f d3 8d 2e  c1 50 ed 9c  6e 22 0c 39  a7 ce 62 b5
Sep 21 07:34:32.268689: |   n  af 8a 80 0f  2e 4c 05 5c  82 c7 8d 29  02 2e bb 23
Sep 21 07:34:32.268691: |   n  5f db f2 9e  b5 7d e2 20  70 1a 63 f3  8e 5d ac 47
Sep 21 07:34:32.268694: |   n  f0 5c 26 4e  b1 d0 42 60  52 4a b0 77  25 ce e0 98
Sep 21 07:34:32.268696: |   n  2b 43 f4 c7  59 1a 64 01  83 ea 4e e3  1a 2a 92 b8
Sep 21 07:34:32.268699: |   n  55 ab 63 dd  4b 70 47 29  dc e9 b4 60  bf 43 4d 58
Sep 21 07:34:32.268701: |   n  8f 64 73 95  70 ac 35 89  b2 c2 9c d4  62 c0 5f 56
Sep 21 07:34:32.268703: |   n  5f ad 1b e5  dd 49 93 6a  f5 23 82 ed  d4 e7 d5 f1
Sep 21 07:34:32.268706: |   n  55 f2 2d a2  26 a6 36 53  2f 94 fb 99  22 5c 47 cc
Sep 21 07:34:32.268708: |   n  6d 80 30 88  96 38 0c f5  f2 ed 37 d0  09 d5 07 8f
Sep 21 07:34:32.268710: |   n  69 ef a9 99  ce 4d 1a 77  9e 39 c4 38  f3 c5 51 51
Sep 21 07:34:32.268712: |   n  48 ef
Sep 21 07:34:32.268715: |   e  03
Sep 21 07:34:32.268717: |   CKAID  61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Sep 21 07:34:32.268720: |   CKAID  8a 82 25 f1
Sep 21 07:34:32.268732: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:34:32.268738: | spent 0.161 milliseconds in whack
Sep 21 07:34:33.192571: | spent 0.00311 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Sep 21 07:34:33.192601: | *received 828 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Sep 21 07:34:33.192605: |   08 28 d1 fa  1b 14 67 5f  00 00 00 00  00 00 00 00
Sep 21 07:34:33.192608: |   21 20 22 08  00 00 00 00  00 00 03 3c  22 00 01 b4
Sep 21 07:34:33.192610: |   02 00 00 64  01 01 00 0b  03 00 00 0c  01 00 00 14
Sep 21 07:34:33.192612: |   80 0e 01 00  03 00 00 08  02 00 00 07  03 00 00 08
Sep 21 07:34:33.192615: |   02 00 00 05  03 00 00 08  04 00 00 0e  03 00 00 08
Sep 21 07:34:33.192617: |   04 00 00 0f  03 00 00 08  04 00 00 10  03 00 00 08
Sep 21 07:34:33.192619: |   04 00 00 12  03 00 00 08  04 00 00 13  03 00 00 08
Sep 21 07:34:33.192621: |   04 00 00 14  03 00 00 08  04 00 00 15  00 00 00 08
Sep 21 07:34:33.192624: |   04 00 00 1f  02 00 00 64  02 01 00 0b  03 00 00 0c
Sep 21 07:34:33.192626: |   01 00 00 14  80 0e 00 80  03 00 00 08  02 00 00 07
Sep 21 07:34:33.192628: |   03 00 00 08  02 00 00 05  03 00 00 08  04 00 00 0e
Sep 21 07:34:33.192630: |   03 00 00 08  04 00 00 0f  03 00 00 08  04 00 00 10
Sep 21 07:34:33.192632: |   03 00 00 08  04 00 00 12  03 00 00 08  04 00 00 13
Sep 21 07:34:33.192635: |   03 00 00 08  04 00 00 14  03 00 00 08  04 00 00 15
Sep 21 07:34:33.192637: |   00 00 00 08  04 00 00 1f  02 00 00 74  03 01 00 0d
Sep 21 07:34:33.192639: |   03 00 00 0c  01 00 00 0c  80 0e 01 00  03 00 00 08
Sep 21 07:34:33.192641: |   02 00 00 07  03 00 00 08  02 00 00 05  03 00 00 08
Sep 21 07:34:33.192644: |   03 00 00 0e  03 00 00 08  03 00 00 0c  03 00 00 08
Sep 21 07:34:33.192646: |   04 00 00 0e  03 00 00 08  04 00 00 0f  03 00 00 08
Sep 21 07:34:33.192648: |   04 00 00 10  03 00 00 08  04 00 00 12  03 00 00 08
Sep 21 07:34:33.192650: |   04 00 00 13  03 00 00 08  04 00 00 14  03 00 00 08
Sep 21 07:34:33.192652: |   04 00 00 15  00 00 00 08  04 00 00 1f  00 00 00 74
Sep 21 07:34:33.192655: |   04 01 00 0d  03 00 00 0c  01 00 00 0c  80 0e 00 80
Sep 21 07:34:33.192657: |   03 00 00 08  02 00 00 07  03 00 00 08  02 00 00 05
Sep 21 07:34:33.192659: |   03 00 00 08  03 00 00 0e  03 00 00 08  03 00 00 0c
Sep 21 07:34:33.192661: |   03 00 00 08  04 00 00 0e  03 00 00 08  04 00 00 0f
Sep 21 07:34:33.192664: |   03 00 00 08  04 00 00 10  03 00 00 08  04 00 00 12
Sep 21 07:34:33.192666: |   03 00 00 08  04 00 00 13  03 00 00 08  04 00 00 14
Sep 21 07:34:33.192668: |   03 00 00 08  04 00 00 15  00 00 00 08  04 00 00 1f
Sep 21 07:34:33.192670: |   28 00 01 08  00 0e 00 00  48 bd fd 69  32 a6 4a 2f
Sep 21 07:34:33.192672: |   80 80 59 83  e9 e3 9a 95  cc 01 4d ab  89 aa 4e cc
Sep 21 07:34:33.192675: |   29 3a 3c e4  d1 3c 0e 75  d4 a9 d0 9a  77 0a 74 7a
Sep 21 07:34:33.192677: |   0b 0f f1 9b  07 22 84 eb  f2 bd 03 2b  6b fb 3f c1
Sep 21 07:34:33.192679: |   51 ef ab f2  5e 39 e2 92  24 b2 30 4d  93 c9 4b 47
Sep 21 07:34:33.192682: |   09 59 a1 ef  52 4e 19 e0  c7 67 5e 15  c1 ae a1 9b
Sep 21 07:34:33.192687: |   9c f7 ed d3  c1 da ba 29  9d 0f 83 f3  ac ce 8c 51
Sep 21 07:34:33.192689: |   a8 4e 6c 94  88 12 f5 ba  52 96 a4 4f  7f ab 53 55
Sep 21 07:34:33.192692: |   09 81 b2 04  13 7f 30 41  19 f2 76 a2  59 ac 27 63
Sep 21 07:34:33.192694: |   6f f7 01 12  ae a1 61 1e  fa 1c 26 90  2a ca 08 d7
Sep 21 07:34:33.192696: |   44 20 ae f4  da bb 9f ce  91 5a 04 90  bb fe 47 15
Sep 21 07:34:33.192698: |   4b 0d 4f 6a  b4 c8 4c b0  7c b4 ba 8b  32 aa fe 87
Sep 21 07:34:33.192701: |   29 aa f6 c7  60 9f 9e b6  04 61 29 2e  5b f0 5f 0f
Sep 21 07:34:33.192703: |   91 d1 a9 d4  78 54 9d d9  66 88 61 be  d9 cd b8 fd
Sep 21 07:34:33.192705: |   64 6a b1 64  2e b6 24 52  79 7c fd c1  84 37 70 52
Sep 21 07:34:33.192707: |   21 a1 c4 30  97 bd 3b 48  2f e7 12 61  a4 a4 e6 63
Sep 21 07:34:33.192710: |   38 e7 83 61  e9 e9 b3 48  29 00 00 24  69 b2 73 7a
Sep 21 07:34:33.192712: |   c7 84 5b e0  1f e9 b0 2b  a0 ba 1e 51  bd 4c a8 fd
Sep 21 07:34:33.192714: |   bb 00 41 09  b2 6e af 32  1f ef d2 b8  29 00 00 08
Sep 21 07:34:33.192716: |   00 00 40 2e  29 00 00 1c  00 00 40 04  23 4b be d2
Sep 21 07:34:33.192719: |   b4 c9 2f 2f  37 3e 2b 97  bc 88 4d 6e  5a 23 a3 cd
Sep 21 07:34:33.192721: |   00 00 00 1c  00 00 40 05  14 9c fe 9c  c8 d3 f9 1e
Sep 21 07:34:33.192723: |   bb 90 c8 9e  4c 20 3f 6f  da bf 7b 4a
Sep 21 07:34:33.192730: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Sep 21 07:34:33.192734: | **parse ISAKMP Message:
Sep 21 07:34:33.192736: |    initiator cookie:
Sep 21 07:34:33.192739: |   08 28 d1 fa  1b 14 67 5f
Sep 21 07:34:33.192741: |    responder cookie:
Sep 21 07:34:33.192743: |   00 00 00 00  00 00 00 00
Sep 21 07:34:33.192746: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Sep 21 07:34:33.192749: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:34:33.192752: |    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
Sep 21 07:34:33.192754: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Sep 21 07:34:33.192757: |    Message ID: 0 (0x0)
Sep 21 07:34:33.192759: |    length: 828 (0x33c)
Sep 21 07:34:33.192762: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34)
Sep 21 07:34:33.192766: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request 
Sep 21 07:34:33.192769: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi)
Sep 21 07:34:33.192772: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Sep 21 07:34:33.192776: | ***parse IKEv2 Security Association Payload:
Sep 21 07:34:33.192778: |    next payload type: ISAKMP_NEXT_v2KE (0x22)
Sep 21 07:34:33.192781: |    flags: none (0x0)
Sep 21 07:34:33.192800: |    length: 436 (0x1b4)
Sep 21 07:34:33.192805: | processing payload: ISAKMP_NEXT_v2SA (len=432)
Sep 21 07:34:33.192807: | Now let's proceed with payload (ISAKMP_NEXT_v2KE)
Sep 21 07:34:33.192810: | ***parse IKEv2 Key Exchange Payload:
Sep 21 07:34:33.192813: |    next payload type: ISAKMP_NEXT_v2Ni (0x28)
Sep 21 07:34:33.192815: |    flags: none (0x0)
Sep 21 07:34:33.192818: |    length: 264 (0x108)
Sep 21 07:34:33.192820: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:34:33.192823: | processing payload: ISAKMP_NEXT_v2KE (len=256)
Sep 21 07:34:33.192825: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
Sep 21 07:34:33.192827: | ***parse IKEv2 Nonce Payload:
Sep 21 07:34:33.192830: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Sep 21 07:34:33.192832: |    flags: none (0x0)
Sep 21 07:34:33.192834: |    length: 36 (0x24)
Sep 21 07:34:33.192837: | processing payload: ISAKMP_NEXT_v2Ni (len=32)
Sep 21 07:34:33.192839: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Sep 21 07:34:33.192841: | ***parse IKEv2 Notify Payload:
Sep 21 07:34:33.192844: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Sep 21 07:34:33.192846: |    flags: none (0x0)
Sep 21 07:34:33.192848: |    length: 8 (0x8)
Sep 21 07:34:33.192851: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:34:33.192853: |    SPI size: 0 (0x0)
Sep 21 07:34:33.192856: |    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
Sep 21 07:34:33.192861: | processing payload: ISAKMP_NEXT_v2N (len=0)
Sep 21 07:34:33.192863: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Sep 21 07:34:33.192866: | ***parse IKEv2 Notify Payload:
Sep 21 07:34:33.192868: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Sep 21 07:34:33.192870: |    flags: none (0x0)
Sep 21 07:34:33.192873: |    length: 28 (0x1c)
Sep 21 07:34:33.192875: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:34:33.192877: |    SPI size: 0 (0x0)
Sep 21 07:34:33.192880: |    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Sep 21 07:34:33.192882: | processing payload: ISAKMP_NEXT_v2N (len=20)
Sep 21 07:34:33.192884: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Sep 21 07:34:33.192887: | ***parse IKEv2 Notify Payload:
Sep 21 07:34:33.192889: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:33.192891: |    flags: none (0x0)
Sep 21 07:34:33.192894: |    length: 28 (0x1c)
Sep 21 07:34:33.192896: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:34:33.192898: |    SPI size: 0 (0x0)
Sep 21 07:34:33.192901: |    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Sep 21 07:34:33.192903: | processing payload: ISAKMP_NEXT_v2N (len=20)
Sep 21 07:34:33.192906: | DDOS disabled and no cookie sent, continuing
Sep 21 07:34:33.192912: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports
Sep 21 07:34:33.192917: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Sep 21 07:34:33.192920: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW
Sep 21 07:34:33.192924: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east)
Sep 21 07:34:33.192927: | find_next_host_connection returns empty
Sep 21 07:34:33.192931: | find_host_connection local=192.1.2.23:500 remote=<none:> policy=ECDSA+IKEV2_ALLOW but ignoring ports
Sep 21 07:34:33.192934: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW
Sep 21 07:34:33.192936: | find_next_host_connection returns empty
Sep 21 07:34:33.192940: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW
Sep 21 07:34:33.192945: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports
Sep 21 07:34:33.192950: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Sep 21 07:34:33.192952: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW
Sep 21 07:34:33.192955: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east)
Sep 21 07:34:33.192958: | find_next_host_connection returns empty
Sep 21 07:34:33.192961: | find_host_connection local=192.1.2.23:500 remote=<none:> policy=RSASIG+IKEV2_ALLOW but ignoring ports
Sep 21 07:34:33.192964: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW
Sep 21 07:34:33.192966: | find_next_host_connection returns empty
Sep 21 07:34:33.192970: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW
Sep 21 07:34:33.192975: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports
Sep 21 07:34:33.192979: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Sep 21 07:34:33.192982: | find_next_host_connection policy=PSK+IKEV2_ALLOW
Sep 21 07:34:33.192985: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east)
Sep 21 07:34:33.192988: | find_next_host_connection returns east
Sep 21 07:34:33.192990: | find_next_host_connection policy=PSK+IKEV2_ALLOW
Sep 21 07:34:33.192992: | find_next_host_connection returns empty
Sep 21 07:34:33.192995: | found connection: east with policy PSK+IKEV2_ALLOW
Sep 21 07:34:33.193014: | creating state object #1 at 0x56158f90a410
Sep 21 07:34:33.193017: | State DB: adding IKEv2 state #1 in UNDEFINED
Sep 21 07:34:33.193024: | pstats #1 ikev2.ike started
Sep 21 07:34:33.193027: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0
Sep 21 07:34:33.193033: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA)
Sep 21 07:34:33.193038: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1
Sep 21 07:34:33.193048: | start processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016)
Sep 21 07:34:33.193051: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Sep 21 07:34:33.193056: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064)
Sep 21 07:34:33.193059: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000
Sep 21 07:34:33.193063: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1
Sep 21 07:34:33.193068: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0
Sep 21 07:34:33.193071: | #1 in state PARENT_R0: processing SA_INIT request
Sep 21 07:34:33.193074: | selected state microcode Respond to IKE_SA_INIT
Sep 21 07:34:33.193076: | Now let's proceed with state specific processing
Sep 21 07:34:33.193078: | calling processor Respond to IKE_SA_INIT
Sep 21 07:34:33.193085: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668)
Sep 21 07:34:33.193088: | constructing local IKE proposals for east (IKE SA responder matching remote proposals)
Sep 21 07:34:33.193098: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Sep 21 07:34:33.193106: | ...  ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Sep 21 07:34:33.193110: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Sep 21 07:34:33.193115: | ...  ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Sep 21 07:34:33.193119: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Sep 21 07:34:33.193125: | ...  ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Sep 21 07:34:33.193129: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Sep 21 07:34:33.193135: | ...  ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Sep 21 07:34:33.193146: "east": constructed local IKE proposals for east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Sep 21 07:34:33.193149: | Comparing remote proposals against IKE responder 4 local proposals
Sep 21 07:34:33.193154: | local proposal 1 type ENCR has 1 transforms
Sep 21 07:34:33.193157: | local proposal 1 type PRF has 2 transforms
Sep 21 07:34:33.193159: | local proposal 1 type INTEG has 1 transforms
Sep 21 07:34:33.193164: | local proposal 1 type DH has 8 transforms
Sep 21 07:34:33.193166: | local proposal 1 type ESN has 0 transforms
Sep 21 07:34:33.193169: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG
Sep 21 07:34:33.193172: | local proposal 2 type ENCR has 1 transforms
Sep 21 07:34:33.193174: | local proposal 2 type PRF has 2 transforms
Sep 21 07:34:33.193177: | local proposal 2 type INTEG has 1 transforms
Sep 21 07:34:33.193179: | local proposal 2 type DH has 8 transforms
Sep 21 07:34:33.193181: | local proposal 2 type ESN has 0 transforms
Sep 21 07:34:33.193184: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG
Sep 21 07:34:33.193187: | local proposal 3 type ENCR has 1 transforms
Sep 21 07:34:33.193189: | local proposal 3 type PRF has 2 transforms
Sep 21 07:34:33.193192: | local proposal 3 type INTEG has 2 transforms
Sep 21 07:34:33.193194: | local proposal 3 type DH has 8 transforms
Sep 21 07:34:33.193196: | local proposal 3 type ESN has 0 transforms
Sep 21 07:34:33.193199: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Sep 21 07:34:33.193202: | local proposal 4 type ENCR has 1 transforms
Sep 21 07:34:33.193204: | local proposal 4 type PRF has 2 transforms
Sep 21 07:34:33.193207: | local proposal 4 type INTEG has 2 transforms
Sep 21 07:34:33.193209: | local proposal 4 type DH has 8 transforms
Sep 21 07:34:33.193211: | local proposal 4 type ESN has 0 transforms
Sep 21 07:34:33.193214: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Sep 21 07:34:33.193217: | ****parse IKEv2 Proposal Substructure Payload:
Sep 21 07:34:33.193220: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:33.193222: |    length: 100 (0x64)
Sep 21 07:34:33.193225: |    prop #: 1 (0x1)
Sep 21 07:34:33.193227: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Sep 21 07:34:33.193230: |    spi size: 0 (0x0)
Sep 21 07:34:33.193232: |    # transforms: 11 (0xb)
Sep 21 07:34:33.193236: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals
Sep 21 07:34:33.193239: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193241: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193243: |    length: 12 (0xc)
Sep 21 07:34:33.193246: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:33.193248: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:34:33.193251: | ******parse IKEv2 Attribute Substructure Payload:
Sep 21 07:34:33.193253: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:33.193256: |    length/value: 256 (0x100)
Sep 21 07:34:33.193260: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Sep 21 07:34:33.193263: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193266: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193268: |    length: 8 (0x8)
Sep 21 07:34:33.193270: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:34:33.193273: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Sep 21 07:34:33.193276: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0
Sep 21 07:34:33.193280: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0
Sep 21 07:34:33.193283: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0
Sep 21 07:34:33.193286: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0
Sep 21 07:34:33.193288: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193291: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193293: |    length: 8 (0x8)
Sep 21 07:34:33.193295: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:34:33.193298: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Sep 21 07:34:33.193301: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193303: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193309: |    length: 8 (0x8)
Sep 21 07:34:33.193311: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193314: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:34:33.193317: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0
Sep 21 07:34:33.193320: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0
Sep 21 07:34:33.193323: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0
Sep 21 07:34:33.193326: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0
Sep 21 07:34:33.193329: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193331: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193333: |    length: 8 (0x8)
Sep 21 07:34:33.193336: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193338: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Sep 21 07:34:33.193341: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193343: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193345: |    length: 8 (0x8)
Sep 21 07:34:33.193348: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193350: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Sep 21 07:34:33.193353: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193355: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193358: |    length: 8 (0x8)
Sep 21 07:34:33.193360: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193362: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Sep 21 07:34:33.193365: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193367: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193370: |    length: 8 (0x8)
Sep 21 07:34:33.193372: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193374: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Sep 21 07:34:33.193377: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193380: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193382: |    length: 8 (0x8)
Sep 21 07:34:33.193384: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193386: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Sep 21 07:34:33.193389: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193392: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193394: |    length: 8 (0x8)
Sep 21 07:34:33.193396: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193398: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Sep 21 07:34:33.193401: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193404: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:33.193406: |    length: 8 (0x8)
Sep 21 07:34:33.193408: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193411: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Sep 21 07:34:33.193415: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none
Sep 21 07:34:33.193419: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH
Sep 21 07:34:33.193422: | remote proposal 1 matches local proposal 1
Sep 21 07:34:33.193429: | ****parse IKEv2 Proposal Substructure Payload:
Sep 21 07:34:33.193432: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:33.193434: |    length: 100 (0x64)
Sep 21 07:34:33.193436: |    prop #: 2 (0x2)
Sep 21 07:34:33.193439: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Sep 21 07:34:33.193441: |    spi size: 0 (0x0)
Sep 21 07:34:33.193443: |    # transforms: 11 (0xb)
Sep 21 07:34:33.193447: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals
Sep 21 07:34:33.193449: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193452: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193455: |    length: 12 (0xc)
Sep 21 07:34:33.193458: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:33.193460: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:34:33.193463: | ******parse IKEv2 Attribute Substructure Payload:
Sep 21 07:34:33.193466: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:33.193468: |    length/value: 128 (0x80)
Sep 21 07:34:33.193471: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193474: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193476: |    length: 8 (0x8)
Sep 21 07:34:33.193478: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:34:33.193481: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Sep 21 07:34:33.193484: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193486: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193488: |    length: 8 (0x8)
Sep 21 07:34:33.193491: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:34:33.193493: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Sep 21 07:34:33.193496: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193498: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193500: |    length: 8 (0x8)
Sep 21 07:34:33.193503: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193505: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:34:33.193508: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193510: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193512: |    length: 8 (0x8)
Sep 21 07:34:33.193515: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193517: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Sep 21 07:34:33.193520: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193522: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193525: |    length: 8 (0x8)
Sep 21 07:34:33.193527: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193529: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Sep 21 07:34:33.193532: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193534: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193536: |    length: 8 (0x8)
Sep 21 07:34:33.193539: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193541: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Sep 21 07:34:33.193544: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193546: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193548: |    length: 8 (0x8)
Sep 21 07:34:33.193551: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193553: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Sep 21 07:34:33.193556: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193558: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193560: |    length: 8 (0x8)
Sep 21 07:34:33.193563: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193565: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Sep 21 07:34:33.193568: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193570: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193572: |    length: 8 (0x8)
Sep 21 07:34:33.193575: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193577: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Sep 21 07:34:33.193580: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193582: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:33.193585: |    length: 8 (0x8)
Sep 21 07:34:33.193587: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193589: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Sep 21 07:34:33.193593: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH
Sep 21 07:34:33.193596: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH
Sep 21 07:34:33.193598: | ****parse IKEv2 Proposal Substructure Payload:
Sep 21 07:34:33.193602: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:33.193605: |    length: 116 (0x74)
Sep 21 07:34:33.193607: |    prop #: 3 (0x3)
Sep 21 07:34:33.193609: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Sep 21 07:34:33.193612: |    spi size: 0 (0x0)
Sep 21 07:34:33.193614: |    # transforms: 13 (0xd)
Sep 21 07:34:33.193617: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals
Sep 21 07:34:33.193620: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193622: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193625: |    length: 12 (0xc)
Sep 21 07:34:33.193627: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:33.193630: |    IKEv2 transform ID: AES_CBC (0xc)
Sep 21 07:34:33.193632: | ******parse IKEv2 Attribute Substructure Payload:
Sep 21 07:34:33.193635: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:33.193637: |    length/value: 256 (0x100)
Sep 21 07:34:33.193640: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193642: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193645: |    length: 8 (0x8)
Sep 21 07:34:33.193647: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:34:33.193649: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Sep 21 07:34:33.193652: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193654: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193657: |    length: 8 (0x8)
Sep 21 07:34:33.193659: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:34:33.193662: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Sep 21 07:34:33.193664: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193667: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193669: |    length: 8 (0x8)
Sep 21 07:34:33.193671: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:34:33.193673: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Sep 21 07:34:33.193676: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193678: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193681: |    length: 8 (0x8)
Sep 21 07:34:33.193683: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:34:33.193686: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Sep 21 07:34:33.193688: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193691: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193693: |    length: 8 (0x8)
Sep 21 07:34:33.193695: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193698: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:34:33.193701: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193703: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193705: |    length: 8 (0x8)
Sep 21 07:34:33.193708: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193710: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Sep 21 07:34:33.193712: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193715: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193717: |    length: 8 (0x8)
Sep 21 07:34:33.193719: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193722: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Sep 21 07:34:33.193725: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193727: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193729: |    length: 8 (0x8)
Sep 21 07:34:33.193732: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193734: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Sep 21 07:34:33.193737: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193739: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193741: |    length: 8 (0x8)
Sep 21 07:34:33.193744: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193746: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Sep 21 07:34:33.193749: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193753: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193755: |    length: 8 (0x8)
Sep 21 07:34:33.193758: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193760: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Sep 21 07:34:33.193763: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193765: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193768: |    length: 8 (0x8)
Sep 21 07:34:33.193770: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193772: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Sep 21 07:34:33.193775: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193777: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:33.193780: |    length: 8 (0x8)
Sep 21 07:34:33.193782: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193790: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Sep 21 07:34:33.193794: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH
Sep 21 07:34:33.193797: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH
Sep 21 07:34:33.193800: | ****parse IKEv2 Proposal Substructure Payload:
Sep 21 07:34:33.193802: |    last proposal: v2_PROPOSAL_LAST (0x0)
Sep 21 07:34:33.193804: |    length: 116 (0x74)
Sep 21 07:34:33.193806: |    prop #: 4 (0x4)
Sep 21 07:34:33.193809: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Sep 21 07:34:33.193811: |    spi size: 0 (0x0)
Sep 21 07:34:33.193814: |    # transforms: 13 (0xd)
Sep 21 07:34:33.193817: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals
Sep 21 07:34:33.193820: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193822: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193824: |    length: 12 (0xc)
Sep 21 07:34:33.193827: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:33.193829: |    IKEv2 transform ID: AES_CBC (0xc)
Sep 21 07:34:33.193832: | ******parse IKEv2 Attribute Substructure Payload:
Sep 21 07:34:33.193834: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:33.193837: |    length/value: 128 (0x80)
Sep 21 07:34:33.193839: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193842: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193844: |    length: 8 (0x8)
Sep 21 07:34:33.193847: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:34:33.193849: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Sep 21 07:34:33.193852: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193854: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193856: |    length: 8 (0x8)
Sep 21 07:34:33.193859: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:34:33.193861: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Sep 21 07:34:33.193864: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193866: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193868: |    length: 8 (0x8)
Sep 21 07:34:33.193871: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:34:33.193873: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Sep 21 07:34:33.193876: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193878: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193880: |    length: 8 (0x8)
Sep 21 07:34:33.193883: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:34:33.193885: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Sep 21 07:34:33.193888: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193890: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193892: |    length: 8 (0x8)
Sep 21 07:34:33.193895: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193897: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:34:33.193900: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193903: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193906: |    length: 8 (0x8)
Sep 21 07:34:33.193909: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193911: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Sep 21 07:34:33.193914: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193916: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193919: |    length: 8 (0x8)
Sep 21 07:34:33.193921: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193923: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Sep 21 07:34:33.193926: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193928: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193931: |    length: 8 (0x8)
Sep 21 07:34:33.193933: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193935: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Sep 21 07:34:33.193938: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193940: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193943: |    length: 8 (0x8)
Sep 21 07:34:33.193945: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193947: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Sep 21 07:34:33.193950: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193952: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193955: |    length: 8 (0x8)
Sep 21 07:34:33.193957: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193959: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Sep 21 07:34:33.193962: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193964: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.193966: |    length: 8 (0x8)
Sep 21 07:34:33.193969: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193971: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Sep 21 07:34:33.193974: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.193976: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:33.193978: |    length: 8 (0x8)
Sep 21 07:34:33.193981: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.193983: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Sep 21 07:34:33.193987: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH
Sep 21 07:34:33.193990: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH
Sep 21 07:34:33.193994: "east" #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519
Sep 21 07:34:33.193999: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048
Sep 21 07:34:33.194002: | converting proposal to internal trans attrs
Sep 21 07:34:33.194006: | natd_hash: rcookie is zero
Sep 21 07:34:33.194018: | natd_hash: hasher=0x56158ecf57a0(20)
Sep 21 07:34:33.194021: | natd_hash: icookie=  08 28 d1 fa  1b 14 67 5f
Sep 21 07:34:33.194023: | natd_hash: rcookie=  00 00 00 00  00 00 00 00
Sep 21 07:34:33.194025: | natd_hash: ip=  c0 01 02 17
Sep 21 07:34:33.194027: | natd_hash: port=  01 f4
Sep 21 07:34:33.194030: | natd_hash: hash=  14 9c fe 9c  c8 d3 f9 1e  bb 90 c8 9e  4c 20 3f 6f
Sep 21 07:34:33.194032: | natd_hash: hash=  da bf 7b 4a
Sep 21 07:34:33.194034: | natd_hash: rcookie is zero
Sep 21 07:34:33.194041: | natd_hash: hasher=0x56158ecf57a0(20)
Sep 21 07:34:33.194044: | natd_hash: icookie=  08 28 d1 fa  1b 14 67 5f
Sep 21 07:34:33.194046: | natd_hash: rcookie=  00 00 00 00  00 00 00 00
Sep 21 07:34:33.194049: | natd_hash: ip=  c0 01 02 2d
Sep 21 07:34:33.194051: | natd_hash: port=  01 f4
Sep 21 07:34:33.194053: | natd_hash: hash=  23 4b be d2  b4 c9 2f 2f  37 3e 2b 97  bc 88 4d 6e
Sep 21 07:34:33.194055: | natd_hash: hash=  5a 23 a3 cd
Sep 21 07:34:33.194058: | NAT_TRAVERSAL encaps using auto-detect
Sep 21 07:34:33.194060: | NAT_TRAVERSAL this end is NOT behind NAT
Sep 21 07:34:33.194062: | NAT_TRAVERSAL that end is NOT behind NAT
Sep 21 07:34:33.194065: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45
Sep 21 07:34:33.194071: | adding ikev2_inI1outR1 KE work-order 1 for state #1
Sep 21 07:34:33.194074: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56158f90d020
Sep 21 07:34:33.194078: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Sep 21 07:34:33.194082: | libevent_malloc: new ptr-libevent@0x56158f90d060 size 128
Sep 21 07:34:33.194093: |   #1 spent 1 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet()
Sep 21 07:34:33.194095: | crypto helper 4 resuming
Sep 21 07:34:33.194100: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:34:33.194107: | crypto helper 4 starting work-order 1 for state #1
Sep 21 07:34:33.194115: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND
Sep 21 07:34:33.194122: | crypto helper 4 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1
Sep 21 07:34:33.194128: | suspending state #1 and saving MD
Sep 21 07:34:33.194138: | #1 is busy; has a suspended MD
Sep 21 07:34:33.194143: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266)
Sep 21 07:34:33.194147: | "east" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448
Sep 21 07:34:33.194151: | stop processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
Sep 21 07:34:33.194157: | #1 spent 1.54 milliseconds in ikev2_process_packet()
Sep 21 07:34:33.194161: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Sep 21 07:34:33.194164: | processing: STOP state #0 (in process_md() at demux.c:382)
Sep 21 07:34:33.194167: | processing: STOP connection NULL (in process_md() at demux.c:383)
Sep 21 07:34:33.194171: | spent 1.56 milliseconds in comm_handle_cb() reading and processing packet
Sep 21 07:34:33.195165: | crypto helper 4 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.001042 seconds
Sep 21 07:34:33.195176: | (#1) spent 1.05 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr)
Sep 21 07:34:33.195179: | crypto helper 4 sending results from work-order 1 for state #1 to event queue
Sep 21 07:34:33.195182: | scheduling resume sending helper answer for #1
Sep 21 07:34:33.195186: | libevent_malloc: new ptr-libevent@0x7f12f8006900 size 128
Sep 21 07:34:33.195193: | crypto helper 4 waiting (nothing to do)
Sep 21 07:34:33.195201: | processing resume sending helper answer for #1
Sep 21 07:34:33.195210: | start processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797)
Sep 21 07:34:33.195213: | crypto helper 4 replies to request ID 1
Sep 21 07:34:33.195215: | calling continuation function 0x56158ec1f630
Sep 21 07:34:33.195217: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1
Sep 21 07:34:33.195242: | **emit ISAKMP Message:
Sep 21 07:34:33.195244: |    initiator cookie:
Sep 21 07:34:33.195246: |   08 28 d1 fa  1b 14 67 5f
Sep 21 07:34:33.195247: |    responder cookie:
Sep 21 07:34:33.195249: |   72 59 8d c7  25 ee 41 44
Sep 21 07:34:33.195250: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Sep 21 07:34:33.195252: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:34:33.195256: |    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
Sep 21 07:34:33.195257: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Sep 21 07:34:33.195259: |    Message ID: 0 (0x0)
Sep 21 07:34:33.195261: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Sep 21 07:34:33.195263: | Emitting ikev2_proposal ...
Sep 21 07:34:33.195264: | ***emit IKEv2 Security Association Payload:
Sep 21 07:34:33.195266: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:33.195268: |    flags: none (0x0)
Sep 21 07:34:33.195270: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Sep 21 07:34:33.195272: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:33.195274: | ****emit IKEv2 Proposal Substructure Payload:
Sep 21 07:34:33.195275: |    last proposal: v2_PROPOSAL_LAST (0x0)
Sep 21 07:34:33.195277: |    prop #: 1 (0x1)
Sep 21 07:34:33.195279: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Sep 21 07:34:33.195280: |    spi size: 0 (0x0)
Sep 21 07:34:33.195282: |    # transforms: 3 (0x3)
Sep 21 07:34:33.195283: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Sep 21 07:34:33.195285: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.195287: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.195289: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:33.195290: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:34:33.195292: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:33.195294: | ******emit IKEv2 Attribute Substructure Payload:
Sep 21 07:34:33.195296: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:33.195297: |    length/value: 256 (0x100)
Sep 21 07:34:33.195299: | emitting length of IKEv2 Transform Substructure Payload: 12
Sep 21 07:34:33.195301: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.195302: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.195304: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:34:33.195305: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Sep 21 07:34:33.195307: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.195309: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:33.195311: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:33.195312: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.195314: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:33.195315: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:33.195317: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:34:33.195319: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.195321: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:33.195322: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:33.195324: | emitting length of IKEv2 Proposal Substructure Payload: 36
Sep 21 07:34:33.195325: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Sep 21 07:34:33.195327: | emitting length of IKEv2 Security Association Payload: 40
Sep 21 07:34:33.195329: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Sep 21 07:34:33.195331: | ***emit IKEv2 Key Exchange Payload:
Sep 21 07:34:33.195332: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:33.195335: |    flags: none (0x0)
Sep 21 07:34:33.195336: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:34:33.195338: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE)
Sep 21 07:34:33.195340: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:33.195342: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
Sep 21 07:34:33.195344: | ikev2 g^x  70 30 b6 ad  5f 58 25 a0  62 49 0a 3c  ed 2c fc 01
Sep 21 07:34:33.195345: | ikev2 g^x  67 65 5f 67  60 ae 77 e0  7c 7e 25 ab  27 63 ad 52
Sep 21 07:34:33.195347: | ikev2 g^x  e2 78 fb e3  18 f4 bd 14  4a bf 29 84  3d 74 7e 6d
Sep 21 07:34:33.195348: | ikev2 g^x  84 d3 f4 66  f5 ee 9f 1a  32 9f b7 e3  42 b4 f7 94
Sep 21 07:34:33.195350: | ikev2 g^x  74 c9 2d fc  1d 86 17 de  b0 64 bf d2  d7 d9 32 c8
Sep 21 07:34:33.195351: | ikev2 g^x  f3 35 c8 b2  03 f6 bb ed  7f 57 ad 35  3a 71 a0 8d
Sep 21 07:34:33.195353: | ikev2 g^x  1d 36 0c cb  b8 3a 60 09  89 c4 89 af  82 55 ab 26
Sep 21 07:34:33.195354: | ikev2 g^x  11 88 2a 97  00 8b 47 ff  66 0d a8 80  ae ba 36 b8
Sep 21 07:34:33.195355: | ikev2 g^x  f1 16 09 01  5b a8 94 41  d5 ce e6 cc  31 52 9c 6c
Sep 21 07:34:33.195357: | ikev2 g^x  1a c4 46 e3  45 e8 b8 b1  fb 3e bc 55  e5 e2 1a 08
Sep 21 07:34:33.195358: | ikev2 g^x  32 d0 47 f2  eb b4 cd 36  03 ed 27 91  f4 41 ed 57
Sep 21 07:34:33.195360: | ikev2 g^x  c5 b4 ea fe  5e 5b 4d 10  e7 bd b3 9e  42 9d 9f 46
Sep 21 07:34:33.195361: | ikev2 g^x  5d 6e e1 f0  1b ee 9c b1  40 a3 60 8b  80 0f af 80
Sep 21 07:34:33.195363: | ikev2 g^x  de b6 2a a9  ca eb 47 6d  41 63 85 5a  b6 d0 39 26
Sep 21 07:34:33.195364: | ikev2 g^x  af 03 b0 14  70 64 d6 b9  9c 19 22 4c  9a bc 78 ff
Sep 21 07:34:33.195365: | ikev2 g^x  b0 09 55 1c  87 57 8e d4  4a 4f 45 47  3c 19 29 f8
Sep 21 07:34:33.195367: | emitting length of IKEv2 Key Exchange Payload: 264
Sep 21 07:34:33.195369: | ***emit IKEv2 Nonce Payload:
Sep 21 07:34:33.195371: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Sep 21 07:34:33.195372: |    flags: none (0x0)
Sep 21 07:34:33.195374: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N
Sep 21 07:34:33.195376: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni)
Sep 21 07:34:33.195378: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:33.195379: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
Sep 21 07:34:33.195381: | IKEv2 nonce  24 6c 9d 5b  97 f0 5e df  24 6a 9d 0b  19 c7 c3 d2
Sep 21 07:34:33.195382: | IKEv2 nonce  d1 f5 4d ed  55 4f ba 34  eb 75 06 89  aa 0e c5 eb
Sep 21 07:34:33.195384: | emitting length of IKEv2 Nonce Payload: 36
Sep 21 07:34:33.195386: | Adding a v2N Payload
Sep 21 07:34:33.195387: | ***emit IKEv2 Notify Payload:
Sep 21 07:34:33.195389: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:33.195390: |    flags: none (0x0)
Sep 21 07:34:33.195392: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:34:33.195393: |    SPI size: 0 (0x0)
Sep 21 07:34:33.195395: |    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
Sep 21 07:34:33.195397: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Sep 21 07:34:33.195399: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:33.195400: | emitting length of IKEv2 Notify Payload: 8
Sep 21 07:34:33.195402: |  NAT-Traversal support  [enabled] add v2N payloads.
Sep 21 07:34:33.195410: | natd_hash: hasher=0x56158ecf57a0(20)
Sep 21 07:34:33.195412: | natd_hash: icookie=  08 28 d1 fa  1b 14 67 5f
Sep 21 07:34:33.195413: | natd_hash: rcookie=  72 59 8d c7  25 ee 41 44
Sep 21 07:34:33.195415: | natd_hash: ip=  c0 01 02 17
Sep 21 07:34:33.195416: | natd_hash: port=  01 f4
Sep 21 07:34:33.195419: | natd_hash: hash=  84 44 aa bb  fc 06 fe db  23 0a 6e 7f  29 29 84 f0
Sep 21 07:34:33.195420: | natd_hash: hash=  e8 54 72 f2
Sep 21 07:34:33.195422: | Adding a v2N Payload
Sep 21 07:34:33.195423: | ***emit IKEv2 Notify Payload:
Sep 21 07:34:33.195425: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:33.195426: |    flags: none (0x0)
Sep 21 07:34:33.195428: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:34:33.195429: |    SPI size: 0 (0x0)
Sep 21 07:34:33.195431: |    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Sep 21 07:34:33.195433: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Sep 21 07:34:33.195434: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:33.195436: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Sep 21 07:34:33.195438: | Notify data  84 44 aa bb  fc 06 fe db  23 0a 6e 7f  29 29 84 f0
Sep 21 07:34:33.195439: | Notify data  e8 54 72 f2
Sep 21 07:34:33.195441: | emitting length of IKEv2 Notify Payload: 28
Sep 21 07:34:33.195444: | natd_hash: hasher=0x56158ecf57a0(20)
Sep 21 07:34:33.195446: | natd_hash: icookie=  08 28 d1 fa  1b 14 67 5f
Sep 21 07:34:33.195447: | natd_hash: rcookie=  72 59 8d c7  25 ee 41 44
Sep 21 07:34:33.195449: | natd_hash: ip=  c0 01 02 2d
Sep 21 07:34:33.195450: | natd_hash: port=  01 f4
Sep 21 07:34:33.195452: | natd_hash: hash=  3d c0 24 31  70 3d d5 eb  87 a4 8b c6  fb 65 e8 d5
Sep 21 07:34:33.195453: | natd_hash: hash=  4c b9 80 d8
Sep 21 07:34:33.195454: | Adding a v2N Payload
Sep 21 07:34:33.195456: | ***emit IKEv2 Notify Payload:
Sep 21 07:34:33.195457: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:33.195459: |    flags: none (0x0)
Sep 21 07:34:33.195460: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:34:33.195462: |    SPI size: 0 (0x0)
Sep 21 07:34:33.195463: |    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Sep 21 07:34:33.195465: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Sep 21 07:34:33.195467: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:33.195468: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Sep 21 07:34:33.195470: | Notify data  3d c0 24 31  70 3d d5 eb  87 a4 8b c6  fb 65 e8 d5
Sep 21 07:34:33.195471: | Notify data  4c b9 80 d8
Sep 21 07:34:33.195473: | emitting length of IKEv2 Notify Payload: 28
Sep 21 07:34:33.195474: | emitting length of ISAKMP Message: 432
Sep 21 07:34:33.195479: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:34:33.195481: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK
Sep 21 07:34:33.195483: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1
Sep 21 07:34:33.195485: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA)
Sep 21 07:34:33.195487: | Message ID: updating counters for #1 to 0 after switching state
Sep 21 07:34:33.195490: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1
Sep 21 07:34:33.195493: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1
Sep 21 07:34:33.195496: "east" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
Sep 21 07:34:33.195499: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500)
Sep 21 07:34:33.195505: | sending 432 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1)
Sep 21 07:34:33.195507: |   08 28 d1 fa  1b 14 67 5f  72 59 8d c7  25 ee 41 44
Sep 21 07:34:33.195508: |   21 20 22 20  00 00 00 00  00 00 01 b0  22 00 00 28
Sep 21 07:34:33.195510: |   00 00 00 24  01 01 00 03  03 00 00 0c  01 00 00 14
Sep 21 07:34:33.195512: |   80 0e 01 00  03 00 00 08  02 00 00 07  00 00 00 08
Sep 21 07:34:33.195513: |   04 00 00 0e  28 00 01 08  00 0e 00 00  70 30 b6 ad
Sep 21 07:34:33.195515: |   5f 58 25 a0  62 49 0a 3c  ed 2c fc 01  67 65 5f 67
Sep 21 07:34:33.195516: |   60 ae 77 e0  7c 7e 25 ab  27 63 ad 52  e2 78 fb e3
Sep 21 07:34:33.195517: |   18 f4 bd 14  4a bf 29 84  3d 74 7e 6d  84 d3 f4 66
Sep 21 07:34:33.195519: |   f5 ee 9f 1a  32 9f b7 e3  42 b4 f7 94  74 c9 2d fc
Sep 21 07:34:33.195520: |   1d 86 17 de  b0 64 bf d2  d7 d9 32 c8  f3 35 c8 b2
Sep 21 07:34:33.195522: |   03 f6 bb ed  7f 57 ad 35  3a 71 a0 8d  1d 36 0c cb
Sep 21 07:34:33.195523: |   b8 3a 60 09  89 c4 89 af  82 55 ab 26  11 88 2a 97
Sep 21 07:34:33.195524: |   00 8b 47 ff  66 0d a8 80  ae ba 36 b8  f1 16 09 01
Sep 21 07:34:33.195526: |   5b a8 94 41  d5 ce e6 cc  31 52 9c 6c  1a c4 46 e3
Sep 21 07:34:33.195527: |   45 e8 b8 b1  fb 3e bc 55  e5 e2 1a 08  32 d0 47 f2
Sep 21 07:34:33.195529: |   eb b4 cd 36  03 ed 27 91  f4 41 ed 57  c5 b4 ea fe
Sep 21 07:34:33.195530: |   5e 5b 4d 10  e7 bd b3 9e  42 9d 9f 46  5d 6e e1 f0
Sep 21 07:34:33.195531: |   1b ee 9c b1  40 a3 60 8b  80 0f af 80  de b6 2a a9
Sep 21 07:34:33.195533: |   ca eb 47 6d  41 63 85 5a  b6 d0 39 26  af 03 b0 14
Sep 21 07:34:33.195534: |   70 64 d6 b9  9c 19 22 4c  9a bc 78 ff  b0 09 55 1c
Sep 21 07:34:33.195536: |   87 57 8e d4  4a 4f 45 47  3c 19 29 f8  29 00 00 24
Sep 21 07:34:33.195537: |   24 6c 9d 5b  97 f0 5e df  24 6a 9d 0b  19 c7 c3 d2
Sep 21 07:34:33.195538: |   d1 f5 4d ed  55 4f ba 34  eb 75 06 89  aa 0e c5 eb
Sep 21 07:34:33.195540: |   29 00 00 08  00 00 40 2e  29 00 00 1c  00 00 40 04
Sep 21 07:34:33.195541: |   84 44 aa bb  fc 06 fe db  23 0a 6e 7f  29 29 84 f0
Sep 21 07:34:33.195543: |   e8 54 72 f2  00 00 00 1c  00 00 40 05  3d c0 24 31
Sep 21 07:34:33.195544: |   70 3d d5 eb  87 a4 8b c6  fb 65 e8 d5  4c b9 80 d8
Sep 21 07:34:33.195571: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Sep 21 07:34:33.195574: | libevent_free: release ptr-libevent@0x56158f90d060
Sep 21 07:34:33.195576: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56158f90d020
Sep 21 07:34:33.195578: | event_schedule: new EVENT_SO_DISCARD-pe@0x56158f90d020
Sep 21 07:34:33.195581: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1
Sep 21 07:34:33.195582: | libevent_malloc: new ptr-libevent@0x56158f90d060 size 128
Sep 21 07:34:33.195585: | resume sending helper answer for #1 suppresed complete_v2_state_transition()
Sep 21 07:34:33.195589: | #1 spent 0.363 milliseconds in resume sending helper answer
Sep 21 07:34:33.195592: | stop processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833)
Sep 21 07:34:33.195594: | libevent_free: release ptr-libevent@0x7f12f8006900
Sep 21 07:34:33.198279: | spent 0.00238 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Sep 21 07:34:33.198300: | *received 365 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Sep 21 07:34:33.198303: |   08 28 d1 fa  1b 14 67 5f  72 59 8d c7  25 ee 41 44
Sep 21 07:34:33.198306: |   2e 20 23 08  00 00 00 01  00 00 01 6d  23 00 01 51
Sep 21 07:34:33.198308: |   3b 16 dd 03  d0 17 1d 08  d8 5c 40 58  38 a4 91 0a
Sep 21 07:34:33.198311: |   e8 97 2b 3f  09 52 55 cb  51 8c 10 f9  72 8f e8 fb
Sep 21 07:34:33.198313: |   c7 da 00 3e  6f fe e9 5f  98 22 fc 92  36 94 1d 18
Sep 21 07:34:33.198315: |   d0 97 06 4e  b1 c5 74 70  67 be c8 50  17 2a 07 81
Sep 21 07:34:33.198318: |   d2 ed 5d 48  78 3f e0 8e  65 db 6b d9  a3 5c 7d 7b
Sep 21 07:34:33.198320: |   01 22 6a a1  8b 88 32 9e  60 c6 d6 e3  08 f2 bd 2c
Sep 21 07:34:33.198322: |   2c 8d 40 61  6f 73 0e 5a  88 8f ba 9c  04 1c aa 1a
Sep 21 07:34:33.198324: |   1e e2 b5 35  21 bc 72 9e  09 30 ae df  69 f0 1e 0b
Sep 21 07:34:33.198327: |   a7 f5 45 b2  1f 8e 57 19  d1 bb 46 20  ac d2 f6 39
Sep 21 07:34:33.198329: |   c9 c1 86 7b  4d c0 53 39  5e 9d 1e 63  d5 e7 3f 84
Sep 21 07:34:33.198331: |   0c 97 cd c2  e2 9d 6f 97  f3 99 a2 dd  d4 df 6c 97
Sep 21 07:34:33.198336: |   3e f7 5f 63  a6 12 d3 4e  40 d7 f6 78  cb 5b 4b df
Sep 21 07:34:33.198339: |   93 29 be 82  cb 2b 24 61  b9 fe 6c f6  e6 c8 b0 d3
Sep 21 07:34:33.198341: |   a1 16 e1 89  7c 42 7c 2c  0c 35 a4 0c  d3 d6 81 8e
Sep 21 07:34:33.198343: |   46 35 9a ba  b6 f2 50 fc  31 ac 2f 01  b7 be ee b0
Sep 21 07:34:33.198345: |   9b 3e 37 9d  a9 e3 67 07  af 01 6a 25  a3 12 78 f7
Sep 21 07:34:33.198348: |   ce 68 4e 83  1d 94 24 a6  f6 9a da 2d  83 ee 5c 3b
Sep 21 07:34:33.198350: |   99 5b d0 f3  00 08 0a 9b  b5 e6 f7 5b  dd 6c 34 a1
Sep 21 07:34:33.198352: |   ee 76 84 b3  8e d2 28 be  ca 86 01 98  8c e8 6f d1
Sep 21 07:34:33.198355: |   ea 46 d8 d5  6f f5 ed 37  87 b2 e7 27  b2 d2 28 f0
Sep 21 07:34:33.198357: |   c8 5f e1 bb  40 6a 1f 9d  3f a0 cd 2e  6a
Sep 21 07:34:33.198362: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Sep 21 07:34:33.198365: | **parse ISAKMP Message:
Sep 21 07:34:33.198368: |    initiator cookie:
Sep 21 07:34:33.198370: |   08 28 d1 fa  1b 14 67 5f
Sep 21 07:34:33.198372: |    responder cookie:
Sep 21 07:34:33.198375: |   72 59 8d c7  25 ee 41 44
Sep 21 07:34:33.198377: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Sep 21 07:34:33.198380: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:34:33.198383: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Sep 21 07:34:33.198385: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Sep 21 07:34:33.198388: |    Message ID: 1 (0x1)
Sep 21 07:34:33.198390: |    length: 365 (0x16d)
Sep 21 07:34:33.198393: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35)
Sep 21 07:34:33.198396: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request 
Sep 21 07:34:33.198400: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa)
Sep 21 07:34:33.198406: | start processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016)
Sep 21 07:34:33.198409: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Sep 21 07:34:33.198413: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064)
Sep 21 07:34:33.198416: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001
Sep 21 07:34:33.198421: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0
Sep 21 07:34:33.198423: | unpacking clear payload
Sep 21 07:34:33.198425: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
Sep 21 07:34:33.198428: | ***parse IKEv2 Encryption Payload:
Sep 21 07:34:33.198431: |    next payload type: ISAKMP_NEXT_v2IDi (0x23)
Sep 21 07:34:33.198434: |    flags: none (0x0)
Sep 21 07:34:33.198436: |    length: 337 (0x151)
Sep 21 07:34:33.198439: | processing payload: ISAKMP_NEXT_v2SK (len=333)
Sep 21 07:34:33.198443: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1
Sep 21 07:34:33.198446: | #1 in state PARENT_R1: received v2I1, sent v2R1
Sep 21 07:34:33.198449: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED)
Sep 21 07:34:33.198452: | Now let's proceed with state specific processing
Sep 21 07:34:33.198454: | calling processor Responder: process IKE_AUTH request (no SKEYSEED)
Sep 21 07:34:33.198457: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2
Sep 21 07:34:33.198461: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16
Sep 21 07:34:33.198464: | adding ikev2_inI2outR2 KE work-order 2 for state #1
Sep 21 07:34:33.198467: | state #1 requesting EVENT_SO_DISCARD to be deleted
Sep 21 07:34:33.198470: | libevent_free: release ptr-libevent@0x56158f90d060
Sep 21 07:34:33.198473: | free_event_entry: release EVENT_SO_DISCARD-pe@0x56158f90d020
Sep 21 07:34:33.198476: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56158f90d020
Sep 21 07:34:33.198480: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Sep 21 07:34:33.198484: | libevent_malloc: new ptr-libevent@0x56158f90d060 size 128
Sep 21 07:34:33.198494: |   #1 spent 0.035 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet()
Sep 21 07:34:33.198495: | crypto helper 5 resuming
Sep 21 07:34:33.198499: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:34:33.198502: | crypto helper 5 starting work-order 2 for state #1
Sep 21 07:34:33.198503: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND
Sep 21 07:34:33.198505: | crypto helper 5 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2
Sep 21 07:34:33.198506: | suspending state #1 and saving MD
Sep 21 07:34:33.198514: | #1 is busy; has a suspended MD
Sep 21 07:34:33.198519: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266)
Sep 21 07:34:33.198522: | "east" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448
Sep 21 07:34:33.198527: | stop processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
Sep 21 07:34:33.198531: | #1 spent 0.24 milliseconds in ikev2_process_packet()
Sep 21 07:34:33.198535: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Sep 21 07:34:33.198537: | processing: STOP state #0 (in process_md() at demux.c:382)
Sep 21 07:34:33.198540: | processing: STOP connection NULL (in process_md() at demux.c:383)
Sep 21 07:34:33.198544: | spent 0.253 milliseconds in comm_handle_cb() reading and processing packet
Sep 21 07:34:33.199176: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4
Sep 21 07:34:33.199449: | crypto helper 5 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.000944 seconds
Sep 21 07:34:33.199455: | (#1) spent 0.905 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr)
Sep 21 07:34:33.199457: | crypto helper 5 sending results from work-order 2 for state #1 to event queue
Sep 21 07:34:33.199459: | scheduling resume sending helper answer for #1
Sep 21 07:34:33.199461: | libevent_malloc: new ptr-libevent@0x7f12f0006b90 size 128
Sep 21 07:34:33.199467: | crypto helper 5 waiting (nothing to do)
Sep 21 07:34:33.199476: | processing resume sending helper answer for #1
Sep 21 07:34:33.199485: | start processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797)
Sep 21 07:34:33.199490: | crypto helper 5 replies to request ID 2
Sep 21 07:34:33.199492: | calling continuation function 0x56158ec1f630
Sep 21 07:34:33.199495: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2
Sep 21 07:34:33.199498: | #1 in state PARENT_R1: received v2I1, sent v2R1
Sep 21 07:34:33.199511: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success
Sep 21 07:34:33.199514: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi)
Sep 21 07:34:33.199517: | **parse IKEv2 Identification - Initiator - Payload:
Sep 21 07:34:33.199520: |    next payload type: ISAKMP_NEXT_v2IDr (0x24)
Sep 21 07:34:33.199522: |    flags: none (0x0)
Sep 21 07:34:33.199525: |    length: 12 (0xc)
Sep 21 07:34:33.199527: |    ID type: ID_FQDN (0x2)
Sep 21 07:34:33.199530: | processing payload: ISAKMP_NEXT_v2IDi (len=4)
Sep 21 07:34:33.199532: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr)
Sep 21 07:34:33.199535: | **parse IKEv2 Identification - Responder - Payload:
Sep 21 07:34:33.199537: |    next payload type: ISAKMP_NEXT_v2AUTH (0x27)
Sep 21 07:34:33.199540: |    flags: none (0x0)
Sep 21 07:34:33.199542: |    length: 12 (0xc)
Sep 21 07:34:33.199544: |    ID type: ID_FQDN (0x2)
Sep 21 07:34:33.199547: | processing payload: ISAKMP_NEXT_v2IDr (len=4)
Sep 21 07:34:33.199549: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH)
Sep 21 07:34:33.199552: | **parse IKEv2 Authentication Payload:
Sep 21 07:34:33.199554: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Sep 21 07:34:33.199556: |    flags: none (0x0)
Sep 21 07:34:33.199561: |    length: 72 (0x48)
Sep 21 07:34:33.199564: |    auth method: IKEv2_AUTH_SHARED (0x2)
Sep 21 07:34:33.199566: | processing payload: ISAKMP_NEXT_v2AUTH (len=64)
Sep 21 07:34:33.199568: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Sep 21 07:34:33.199571: | **parse IKEv2 Security Association Payload:
Sep 21 07:34:33.199573: |    next payload type: ISAKMP_NEXT_v2TSi (0x2c)
Sep 21 07:34:33.199576: |    flags: none (0x0)
Sep 21 07:34:33.199578: |    length: 164 (0xa4)
Sep 21 07:34:33.199580: | processing payload: ISAKMP_NEXT_v2SA (len=160)
Sep 21 07:34:33.199583: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi)
Sep 21 07:34:33.199585: | **parse IKEv2 Traffic Selector - Initiator - Payload:
Sep 21 07:34:33.199588: |    next payload type: ISAKMP_NEXT_v2TSr (0x2d)
Sep 21 07:34:33.199590: |    flags: none (0x0)
Sep 21 07:34:33.199592: |    length: 24 (0x18)
Sep 21 07:34:33.199594: |    number of TS: 1 (0x1)
Sep 21 07:34:33.199597: | processing payload: ISAKMP_NEXT_v2TSi (len=16)
Sep 21 07:34:33.199599: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr)
Sep 21 07:34:33.199601: | **parse IKEv2 Traffic Selector - Responder - Payload:
Sep 21 07:34:33.199604: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:33.199606: |    flags: none (0x0)
Sep 21 07:34:33.199609: |    length: 24 (0x18)
Sep 21 07:34:33.199611: |    number of TS: 1 (0x1)
Sep 21 07:34:33.199613: | processing payload: ISAKMP_NEXT_v2TSr (len=16)
Sep 21 07:34:33.199616: | selected state microcode Responder: process IKE_AUTH request
Sep 21 07:34:33.199618: | Now let's proceed with state specific processing
Sep 21 07:34:33.199620: | calling processor Responder: process IKE_AUTH request
Sep 21 07:34:33.199625: "east" #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr}
Sep 21 07:34:33.199631: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668)
Sep 21 07:34:33.199634: | received IDr payload - extracting our alleged ID
Sep 21 07:34:33.199638: | refine_host_connection for IKEv2: starting with "east"
Sep 21 07:34:33.199642: |    match_id a=@west
Sep 21 07:34:33.199644: |             b=@west
Sep 21 07:34:33.199646: |    results  matched
Sep 21 07:34:33.199650: | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0))
Sep 21 07:34:33.199653: | Warning: not switching back to template of current instance
Sep 21 07:34:33.199655: | Peer expects us to be @east (ID_FQDN) according to its IDr payload
Sep 21 07:34:33.199658: | This connection's local id is @east (ID_FQDN)
Sep 21 07:34:33.199661: | refine_host_connection: checked east against east, now for see if best
Sep 21 07:34:33.199665: | started looking for secret for @east->@west of kind PKK_PSK
Sep 21 07:34:33.199668: | actually looking for secret for @east->@west of kind PKK_PSK
Sep 21 07:34:33.199671: | line 1: key type PKK_PSK(@east) to type PKK_PSK
Sep 21 07:34:33.199674: | 1: compared key @east to @east / @west -> 010
Sep 21 07:34:33.199678: | 2: compared key @west to @east / @west -> 014
Sep 21 07:34:33.199680: | line 1: match=014
Sep 21 07:34:33.199683: | match 014 beats previous best_match 000 match=0x56158f8fc130 (line=1)
Sep 21 07:34:33.199686: | concluding with best_match=014 best=0x56158f8fc130 (lineno=1)
Sep 21 07:34:33.199688: | returning because exact peer id match
Sep 21 07:34:33.199691: | offered CA: '%none'
Sep 21 07:34:33.199694: "east" #1: IKEv2 mode peer ID is ID_FQDN: '@west'
Sep 21 07:34:33.199714: | verifying AUTH payload
Sep 21 07:34:33.199717: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret
Sep 21 07:34:33.199721: | started looking for secret for @east->@west of kind PKK_PSK
Sep 21 07:34:33.199723: | actually looking for secret for @east->@west of kind PKK_PSK
Sep 21 07:34:33.199726: | line 1: key type PKK_PSK(@east) to type PKK_PSK
Sep 21 07:34:33.199729: | 1: compared key @east to @east / @west -> 010
Sep 21 07:34:33.199733: | 2: compared key @west to @east / @west -> 014
Sep 21 07:34:33.199736: | line 1: match=014
Sep 21 07:34:33.199739: | match 014 beats previous best_match 000 match=0x56158f8fc130 (line=1)
Sep 21 07:34:33.199742: | concluding with best_match=014 best=0x56158f8fc130 (lineno=1)
Sep 21 07:34:33.199808: "east" #1: Authenticated using authby=secret
Sep 21 07:34:33.199814: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA)
Sep 21 07:34:33.199819: | #1 will start re-keying in 3598 seconds with margin of 2 seconds (attempting re-key)
Sep 21 07:34:33.199821: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Sep 21 07:34:33.199824: | libevent_free: release ptr-libevent@0x56158f90d060
Sep 21 07:34:33.199827: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56158f90d020
Sep 21 07:34:33.199830: | event_schedule: new EVENT_SA_REKEY-pe@0x56158f90d020
Sep 21 07:34:33.199833: | inserting event EVENT_SA_REKEY, timeout in 3598 seconds for #1
Sep 21 07:34:33.199836: | libevent_malloc: new ptr-libevent@0x56158f90d060 size 128
Sep 21 07:34:33.199922: | pstats #1 ikev2.ike established
Sep 21 07:34:33.199929: | **emit ISAKMP Message:
Sep 21 07:34:33.199932: |    initiator cookie:
Sep 21 07:34:33.199934: |   08 28 d1 fa  1b 14 67 5f
Sep 21 07:34:33.199936: |    responder cookie:
Sep 21 07:34:33.199939: |   72 59 8d c7  25 ee 41 44
Sep 21 07:34:33.199941: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Sep 21 07:34:33.199944: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:34:33.199946: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Sep 21 07:34:33.199949: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Sep 21 07:34:33.199951: |    Message ID: 1 (0x1)
Sep 21 07:34:33.199954: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Sep 21 07:34:33.199957: | IKEv2 CERT: send a certificate?
Sep 21 07:34:33.199960: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK
Sep 21 07:34:33.199963: | ***emit IKEv2 Encryption Payload:
Sep 21 07:34:33.199965: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:33.199968: |    flags: none (0x0)
Sep 21 07:34:33.199971: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Sep 21 07:34:33.199973: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:33.199977: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Sep 21 07:34:33.199985: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED
Sep 21 07:34:33.199997: | ****emit IKEv2 Identification - Responder - Payload:
Sep 21 07:34:33.200000: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:33.200002: |    flags: none (0x0)
Sep 21 07:34:33.200004: |    ID type: ID_FQDN (0x2)
Sep 21 07:34:33.200008: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr)
Sep 21 07:34:33.200010: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:33.200013: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload
Sep 21 07:34:33.200016: | my identity  65 61 73 74
Sep 21 07:34:33.200018: | emitting length of IKEv2 Identification - Responder - Payload: 12
Sep 21 07:34:33.200026: | assembled IDr payload
Sep 21 07:34:33.200028: | CHILD SA proposals received
Sep 21 07:34:33.200031: | going to assemble AUTH payload
Sep 21 07:34:33.200033: | ****emit IKEv2 Authentication Payload:
Sep 21 07:34:33.200036: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Sep 21 07:34:33.200038: |    flags: none (0x0)
Sep 21 07:34:33.200040: |    auth method: IKEv2_AUTH_SHARED (0x2)
Sep 21 07:34:33.200043: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA
Sep 21 07:34:33.200046: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH)
Sep 21 07:34:33.200051: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:33.200055: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret
Sep 21 07:34:33.200058: | started looking for secret for @east->@west of kind PKK_PSK
Sep 21 07:34:33.200061: | actually looking for secret for @east->@west of kind PKK_PSK
Sep 21 07:34:33.200064: | line 1: key type PKK_PSK(@east) to type PKK_PSK
Sep 21 07:34:33.200067: | 1: compared key @east to @east / @west -> 010
Sep 21 07:34:33.200071: | 2: compared key @west to @east / @west -> 014
Sep 21 07:34:33.200073: | line 1: match=014
Sep 21 07:34:33.200076: | match 014 beats previous best_match 000 match=0x56158f8fc130 (line=1)
Sep 21 07:34:33.200078: | concluding with best_match=014 best=0x56158f8fc130 (lineno=1)
Sep 21 07:34:33.200132: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload
Sep 21 07:34:33.200135: | PSK auth  fb 48 48 e3  ac f5 20 b4  d4 a9 f7 1c  70 90 4e e9
Sep 21 07:34:33.200138: | PSK auth  e1 46 f8 a0  77 01 6e e6  ca 65 51 2e  21 fc 47 e2
Sep 21 07:34:33.200140: | PSK auth  4a 4c ef 92  42 fb 5d b1  9d c0 0e c2  1d 6b f4 50
Sep 21 07:34:33.200142: | PSK auth  5e 26 16 96  27 e8 ab 5b  95 3a bb 93  ea 91 ed 09
Sep 21 07:34:33.200145: | emitting length of IKEv2 Authentication Payload: 72
Sep 21 07:34:33.200153: | creating state object #2 at 0x56158f90dbc0
Sep 21 07:34:33.200156: | State DB: adding IKEv2 state #2 in UNDEFINED
Sep 21 07:34:33.200160: | pstats #2 ikev2.child started
Sep 21 07:34:33.200163: | duplicating state object #1 "east" as #2 for IPSEC SA
Sep 21 07:34:33.200168: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1481)
Sep 21 07:34:33.200174: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1
Sep 21 07:34:33.200178: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1
Sep 21 07:34:33.200183: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1
Sep 21 07:34:33.200186: | Child SA TS Request has ike->sa == md->st; so using parent connection
Sep 21 07:34:33.200188: | TSi: parsing 1 traffic selectors
Sep 21 07:34:33.200191: | ***parse IKEv2 Traffic Selector:
Sep 21 07:34:33.200194: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Sep 21 07:34:33.200196: |    IP Protocol ID: 0 (0x0)
Sep 21 07:34:33.200199: |    length: 16 (0x10)
Sep 21 07:34:33.200201: |    start port: 0 (0x0)
Sep 21 07:34:33.200203: |    end port: 65535 (0xffff)
Sep 21 07:34:33.200206: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Sep 21 07:34:33.200209: | TS low  c0 00 01 00
Sep 21 07:34:33.200211: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Sep 21 07:34:33.200214: | TS high  c0 00 01 ff
Sep 21 07:34:33.200216: | TSi: parsed 1 traffic selectors
Sep 21 07:34:33.200219: | TSr: parsing 1 traffic selectors
Sep 21 07:34:33.200221: | ***parse IKEv2 Traffic Selector:
Sep 21 07:34:33.200223: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Sep 21 07:34:33.200226: |    IP Protocol ID: 0 (0x0)
Sep 21 07:34:33.200228: |    length: 16 (0x10)
Sep 21 07:34:33.200230: |    start port: 0 (0x0)
Sep 21 07:34:33.200233: |    end port: 65535 (0xffff)
Sep 21 07:34:33.200235: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Sep 21 07:34:33.200237: | TS low  c0 00 02 00
Sep 21 07:34:33.200240: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Sep 21 07:34:33.200242: | TS high  c0 00 02 ff
Sep 21 07:34:33.200244: | TSr: parsed 1 traffic selectors
Sep 21 07:34:33.200246: | looking for best SPD in current connection
Sep 21 07:34:33.200252: | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their:
Sep 21 07:34:33.200259: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Sep 21 07:34:33.200266: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Sep 21 07:34:33.200269: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Sep 21 07:34:33.200272: |           TSi[0] port match: YES fitness 65536
Sep 21 07:34:33.200274: |         narrow protocol end=*0 == TSi[0]=*0: 0
Sep 21 07:34:33.200278: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Sep 21 07:34:33.200282: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Sep 21 07:34:33.200288: |         match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32
Sep 21 07:34:33.200291: |         narrow port end=0..65535 == TSr[0]=0..65535: 0
Sep 21 07:34:33.200293: |           TSr[0] port match: YES fitness 65536
Sep 21 07:34:33.200296: |         narrow protocol end=*0 == TSr[0]=*0: 0
Sep 21 07:34:33.200299: |         match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255
Sep 21 07:34:33.200301: | best fit so far: TSi[0] TSr[0]
Sep 21 07:34:33.200304: |     found better spd route for TSi[0],TSr[0]
Sep 21 07:34:33.200306: | looking for better host pair
Sep 21 07:34:33.200311: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Sep 21 07:34:33.200316: |   checking hostpair 192.0.2.0/24:0 -> 192.0.1.0/24:0 is found
Sep 21 07:34:33.200318: |   investigating connection "east" as a better match
Sep 21 07:34:33.200321: |    match_id a=@west
Sep 21 07:34:33.200323: |             b=@west
Sep 21 07:34:33.200325: |    results  matched
Sep 21 07:34:33.200331: | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their:
Sep 21 07:34:33.200335: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Sep 21 07:34:33.200341: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Sep 21 07:34:33.200344: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Sep 21 07:34:33.200346: |           TSi[0] port match: YES fitness 65536
Sep 21 07:34:33.200349: |         narrow protocol end=*0 == TSi[0]=*0: 0
Sep 21 07:34:33.200352: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Sep 21 07:34:33.200356: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Sep 21 07:34:33.200361: |         match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32
Sep 21 07:34:33.200364: |         narrow port end=0..65535 == TSr[0]=0..65535: 0
Sep 21 07:34:33.200367: |           TSr[0] port match: YES fitness 65536
Sep 21 07:34:33.200369: |         narrow protocol end=*0 == TSr[0]=*0: 0
Sep 21 07:34:33.200372: |         match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255
Sep 21 07:34:33.200374: | best fit so far: TSi[0] TSr[0]
Sep 21 07:34:33.200377: |   did not find a better connection using host pair
Sep 21 07:34:33.200379: | printing contents struct traffic_selector
Sep 21 07:34:33.200382: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Sep 21 07:34:33.200384: |   ipprotoid: 0
Sep 21 07:34:33.200386: |   port range: 0-65535
Sep 21 07:34:33.200390: |   ip range: 192.0.2.0-192.0.2.255
Sep 21 07:34:33.200392: | printing contents struct traffic_selector
Sep 21 07:34:33.200395: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Sep 21 07:34:33.200397: |   ipprotoid: 0
Sep 21 07:34:33.200399: |   port range: 0-65535
Sep 21 07:34:33.200403: |   ip range: 192.0.1.0-192.0.1.255
Sep 21 07:34:33.200407: | constructing ESP/AH proposals with all DH removed  for east (IKE_AUTH responder matching remote ESP/AH proposals)
Sep 21 07:34:33.200413: | converting proposal AES_GCM_16_256-NONE to ikev2 ...
Sep 21 07:34:33.200419: | ...  ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED
Sep 21 07:34:33.200421: | converting proposal AES_GCM_16_128-NONE to ikev2 ...
Sep 21 07:34:33.200425: | ...  ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED
Sep 21 07:34:33.200430: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Sep 21 07:34:33.200434: | ...  ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Sep 21 07:34:33.200437: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Sep 21 07:34:33.200441: | ...  ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Sep 21 07:34:33.200449: "east": constructed local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Sep 21 07:34:33.200453: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals
Sep 21 07:34:33.200456: | local proposal 1 type ENCR has 1 transforms
Sep 21 07:34:33.200458: | local proposal 1 type PRF has 0 transforms
Sep 21 07:34:33.200461: | local proposal 1 type INTEG has 1 transforms
Sep 21 07:34:33.200463: | local proposal 1 type DH has 1 transforms
Sep 21 07:34:33.200466: | local proposal 1 type ESN has 1 transforms
Sep 21 07:34:33.200469: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH
Sep 21 07:34:33.200472: | local proposal 2 type ENCR has 1 transforms
Sep 21 07:34:33.200474: | local proposal 2 type PRF has 0 transforms
Sep 21 07:34:33.200476: | local proposal 2 type INTEG has 1 transforms
Sep 21 07:34:33.200479: | local proposal 2 type DH has 1 transforms
Sep 21 07:34:33.200481: | local proposal 2 type ESN has 1 transforms
Sep 21 07:34:33.200484: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH
Sep 21 07:34:33.200487: | local proposal 3 type ENCR has 1 transforms
Sep 21 07:34:33.200489: | local proposal 3 type PRF has 0 transforms
Sep 21 07:34:33.200491: | local proposal 3 type INTEG has 2 transforms
Sep 21 07:34:33.200494: | local proposal 3 type DH has 1 transforms
Sep 21 07:34:33.200496: | local proposal 3 type ESN has 1 transforms
Sep 21 07:34:33.200499: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH
Sep 21 07:34:33.200502: | local proposal 4 type ENCR has 1 transforms
Sep 21 07:34:33.200504: | local proposal 4 type PRF has 0 transforms
Sep 21 07:34:33.200507: | local proposal 4 type INTEG has 2 transforms
Sep 21 07:34:33.200509: | local proposal 4 type DH has 1 transforms
Sep 21 07:34:33.200511: | local proposal 4 type ESN has 1 transforms
Sep 21 07:34:33.200514: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH
Sep 21 07:34:33.200517: | ***parse IKEv2 Proposal Substructure Payload:
Sep 21 07:34:33.200520: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:33.200522: |    length: 32 (0x20)
Sep 21 07:34:33.200525: |    prop #: 1 (0x1)
Sep 21 07:34:33.200527: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:34:33.200530: |    spi size: 4 (0x4)
Sep 21 07:34:33.200532: |    # transforms: 2 (0x2)
Sep 21 07:34:33.200535: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Sep 21 07:34:33.200538: | remote SPI  17 37 e3 55
Sep 21 07:34:33.200541: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals
Sep 21 07:34:33.200543: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.200546: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.200548: |    length: 12 (0xc)
Sep 21 07:34:33.200551: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:33.200553: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:34:33.200556: | *****parse IKEv2 Attribute Substructure Payload:
Sep 21 07:34:33.200558: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:33.200561: |    length/value: 256 (0x100)
Sep 21 07:34:33.200565: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Sep 21 07:34:33.200569: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.200571: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:33.200574: |    length: 8 (0x8)
Sep 21 07:34:33.200576: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:34:33.200579: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:34:33.200582: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0
Sep 21 07:34:33.200585: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0
Sep 21 07:34:33.200588: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0
Sep 21 07:34:33.200591: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0
Sep 21 07:34:33.200595: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none
Sep 21 07:34:33.200599: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN
Sep 21 07:34:33.200602: | remote proposal 1 matches local proposal 1
Sep 21 07:34:33.200604: | ***parse IKEv2 Proposal Substructure Payload:
Sep 21 07:34:33.200607: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:33.200609: |    length: 32 (0x20)
Sep 21 07:34:33.200611: |    prop #: 2 (0x2)
Sep 21 07:34:33.200614: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:34:33.200616: |    spi size: 4 (0x4)
Sep 21 07:34:33.200618: |    # transforms: 2 (0x2)
Sep 21 07:34:33.200621: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Sep 21 07:34:33.200624: | remote SPI  17 37 e3 55
Sep 21 07:34:33.200627: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals
Sep 21 07:34:33.200629: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.200632: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.200634: |    length: 12 (0xc)
Sep 21 07:34:33.200636: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:33.200639: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:34:33.200641: | *****parse IKEv2 Attribute Substructure Payload:
Sep 21 07:34:33.200644: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:33.200646: |    length/value: 128 (0x80)
Sep 21 07:34:33.200649: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.200651: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:33.200653: |    length: 8 (0x8)
Sep 21 07:34:33.200656: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:34:33.200659: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:34:33.200662: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN
Sep 21 07:34:33.200665: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN
Sep 21 07:34:33.200667: | ***parse IKEv2 Proposal Substructure Payload:
Sep 21 07:34:33.200670: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:33.200672: |    length: 48 (0x30)
Sep 21 07:34:33.200675: |    prop #: 3 (0x3)
Sep 21 07:34:33.200677: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:34:33.200679: |    spi size: 4 (0x4)
Sep 21 07:34:33.200681: |    # transforms: 4 (0x4)
Sep 21 07:34:33.200684: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Sep 21 07:34:33.200686: | remote SPI  17 37 e3 55
Sep 21 07:34:33.200689: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals
Sep 21 07:34:33.200692: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.200694: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.200696: |    length: 12 (0xc)
Sep 21 07:34:33.200699: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:33.200701: |    IKEv2 transform ID: AES_CBC (0xc)
Sep 21 07:34:33.200704: | *****parse IKEv2 Attribute Substructure Payload:
Sep 21 07:34:33.200706: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:33.200708: |    length/value: 256 (0x100)
Sep 21 07:34:33.200713: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.200715: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.200717: |    length: 8 (0x8)
Sep 21 07:34:33.200720: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:34:33.200722: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Sep 21 07:34:33.200725: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.200728: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.200730: |    length: 8 (0x8)
Sep 21 07:34:33.200732: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:34:33.200735: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Sep 21 07:34:33.200737: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.200740: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:33.200742: |    length: 8 (0x8)
Sep 21 07:34:33.200744: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:34:33.200747: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:34:33.200750: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN
Sep 21 07:34:33.200753: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN
Sep 21 07:34:33.200755: | ***parse IKEv2 Proposal Substructure Payload:
Sep 21 07:34:33.200758: |    last proposal: v2_PROPOSAL_LAST (0x0)
Sep 21 07:34:33.200760: |    length: 48 (0x30)
Sep 21 07:34:33.200762: |    prop #: 4 (0x4)
Sep 21 07:34:33.200765: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:34:33.200767: |    spi size: 4 (0x4)
Sep 21 07:34:33.200769: |    # transforms: 4 (0x4)
Sep 21 07:34:33.200772: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Sep 21 07:34:33.200774: | remote SPI  17 37 e3 55
Sep 21 07:34:33.200777: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals
Sep 21 07:34:33.200779: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.200782: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.200793: |    length: 12 (0xc)
Sep 21 07:34:33.200796: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:33.200798: |    IKEv2 transform ID: AES_CBC (0xc)
Sep 21 07:34:33.200801: | *****parse IKEv2 Attribute Substructure Payload:
Sep 21 07:34:33.200803: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:33.200806: |    length/value: 128 (0x80)
Sep 21 07:34:33.200809: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.200811: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.200813: |    length: 8 (0x8)
Sep 21 07:34:33.200816: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:34:33.200818: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Sep 21 07:34:33.200821: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.200823: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.200825: |    length: 8 (0x8)
Sep 21 07:34:33.200828: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:34:33.200830: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Sep 21 07:34:33.200833: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.200835: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:33.200837: |    length: 8 (0x8)
Sep 21 07:34:33.200840: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:34:33.200842: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:34:33.200846: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN
Sep 21 07:34:33.200848: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN
Sep 21 07:34:33.200853: "east" #1: proposal 1:ESP:SPI=1737e355;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED
Sep 21 07:34:33.200860: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=1737e355;ENCR=AES_GCM_C_256;ESN=DISABLED
Sep 21 07:34:33.200862: | converting proposal to internal trans attrs
Sep 21 07:34:33.200880: | netlink_get_spi: allocated 0x6d5ced15 for esp.0@192.1.2.23
Sep 21 07:34:33.200883: | Emitting ikev2_proposal ...
Sep 21 07:34:33.200886: | ****emit IKEv2 Security Association Payload:
Sep 21 07:34:33.200888: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:33.200890: |    flags: none (0x0)
Sep 21 07:34:33.200894: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Sep 21 07:34:33.200897: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:33.200899: | *****emit IKEv2 Proposal Substructure Payload:
Sep 21 07:34:33.200902: |    last proposal: v2_PROPOSAL_LAST (0x0)
Sep 21 07:34:33.200904: |    prop #: 1 (0x1)
Sep 21 07:34:33.200907: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:34:33.200909: |    spi size: 4 (0x4)
Sep 21 07:34:33.200911: |    # transforms: 2 (0x2)
Sep 21 07:34:33.200914: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Sep 21 07:34:33.200918: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Sep 21 07:34:33.200920: | our spi  6d 5c ed 15
Sep 21 07:34:33.200922: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.200925: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.200927: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:33.200930: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:34:33.200932: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:33.200935: | *******emit IKEv2 Attribute Substructure Payload:
Sep 21 07:34:33.200938: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:33.200940: |    length/value: 256 (0x100)
Sep 21 07:34:33.200943: | emitting length of IKEv2 Transform Substructure Payload: 12
Sep 21 07:34:33.200945: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:33.200948: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:33.200950: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:34:33.200953: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:34:33.200956: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:33.200958: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:33.200961: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:33.200964: | emitting length of IKEv2 Proposal Substructure Payload: 32
Sep 21 07:34:33.200966: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Sep 21 07:34:33.200969: | emitting length of IKEv2 Security Association Payload: 36
Sep 21 07:34:33.200972: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Sep 21 07:34:33.200974: | ****emit IKEv2 Traffic Selector - Initiator - Payload:
Sep 21 07:34:33.200977: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:33.200979: |    flags: none (0x0)
Sep 21 07:34:33.200982: |    number of TS: 1 (0x1)
Sep 21 07:34:33.200985: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi)
Sep 21 07:34:33.200988: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:33.200991: | *****emit IKEv2 Traffic Selector:
Sep 21 07:34:33.200993: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Sep 21 07:34:33.200997: |    IP Protocol ID: 0 (0x0)
Sep 21 07:34:33.200999: |    start port: 0 (0x0)
Sep 21 07:34:33.201002: |    end port: 65535 (0xffff)
Sep 21 07:34:33.201005: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector
Sep 21 07:34:33.201007: | IP start  c0 00 01 00
Sep 21 07:34:33.201010: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector
Sep 21 07:34:33.201012: | IP end  c0 00 01 ff
Sep 21 07:34:33.201014: | emitting length of IKEv2 Traffic Selector: 16
Sep 21 07:34:33.201017: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24
Sep 21 07:34:33.201019: | ****emit IKEv2 Traffic Selector - Responder - Payload:
Sep 21 07:34:33.201022: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:33.201024: |    flags: none (0x0)
Sep 21 07:34:33.201026: |    number of TS: 1 (0x1)
Sep 21 07:34:33.201030: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr)
Sep 21 07:34:33.201032: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:33.201035: | *****emit IKEv2 Traffic Selector:
Sep 21 07:34:33.201037: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Sep 21 07:34:33.201039: |    IP Protocol ID: 0 (0x0)
Sep 21 07:34:33.201042: |    start port: 0 (0x0)
Sep 21 07:34:33.201044: |    end port: 65535 (0xffff)
Sep 21 07:34:33.201047: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector
Sep 21 07:34:33.201049: | IP start  c0 00 02 00
Sep 21 07:34:33.201052: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector
Sep 21 07:34:33.201054: | IP end  c0 00 02 ff
Sep 21 07:34:33.201056: | emitting length of IKEv2 Traffic Selector: 16
Sep 21 07:34:33.201059: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24
Sep 21 07:34:33.201061: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED
Sep 21 07:34:33.201065: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36
Sep 21 07:34:33.201226: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established
Sep 21 07:34:33.201234: |     #1 spent 1.59 milliseconds
Sep 21 07:34:33.201236: | install_ipsec_sa() for #2: inbound and outbound
Sep 21 07:34:33.201239: | could_route called for east (kind=CK_PERMANENT)
Sep 21 07:34:33.201242: | FOR_EACH_CONNECTION_... in route_owner
Sep 21 07:34:33.201245: |  conn east mark 0/00000000, 0/00000000 vs
Sep 21 07:34:33.201247: |  conn east mark 0/00000000, 0/00000000
Sep 21 07:34:33.201253: | route owner of "east" unrouted: NULL; eroute owner: NULL
Sep 21 07:34:33.201256: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Sep 21 07:34:33.201260: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Sep 21 07:34:33.201263: | AES_GCM_16 requires 4 salt bytes
Sep 21 07:34:33.201265: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Sep 21 07:34:33.201269: | setting IPsec SA replay-window to 32
Sep 21 07:34:33.201272: | NIC esp-hw-offload not for connection 'east' not available on interface eth1
Sep 21 07:34:33.201275: | netlink: enabling tunnel mode
Sep 21 07:34:33.201277: | netlink: setting IPsec SA replay-window to 32 using old-style req
Sep 21 07:34:33.201281: | netlink: esp-hw-offload not set for IPsec SA
Sep 21 07:34:33.201359: | netlink response for Add SA esp.1737e355@192.1.2.45 included non-error error
Sep 21 07:34:33.201362: | set up outgoing SA, ref=0/0
Sep 21 07:34:33.201365: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Sep 21 07:34:33.201368: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Sep 21 07:34:33.201371: | AES_GCM_16 requires 4 salt bytes
Sep 21 07:34:33.201373: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Sep 21 07:34:33.201377: | setting IPsec SA replay-window to 32
Sep 21 07:34:33.201379: | NIC esp-hw-offload not for connection 'east' not available on interface eth1
Sep 21 07:34:33.201384: | netlink: enabling tunnel mode
Sep 21 07:34:33.201386: | netlink: setting IPsec SA replay-window to 32 using old-style req
Sep 21 07:34:33.201389: | netlink: esp-hw-offload not set for IPsec SA
Sep 21 07:34:33.201430: | netlink response for Add SA esp.6d5ced15@192.1.2.23 included non-error error
Sep 21 07:34:33.201434: | priority calculation of connection "east" is 0xfe7e7
Sep 21 07:34:33.201441: | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute)
Sep 21 07:34:33.201444: | IPsec Sa SPD priority set to 1042407
Sep 21 07:34:33.201489: | raw_eroute result=success
Sep 21 07:34:33.201493: | set up incoming SA, ref=0/0
Sep 21 07:34:33.201495: | sr for #2: unrouted
Sep 21 07:34:33.201498: | route_and_eroute() for proto 0, and source port 0 dest port 0
Sep 21 07:34:33.201500: | FOR_EACH_CONNECTION_... in route_owner
Sep 21 07:34:33.201503: |  conn east mark 0/00000000, 0/00000000 vs
Sep 21 07:34:33.201505: |  conn east mark 0/00000000, 0/00000000
Sep 21 07:34:33.201508: | route owner of "east" unrouted: NULL; eroute owner: NULL
Sep 21 07:34:33.201511: | route_and_eroute with c: east (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2
Sep 21 07:34:33.201515: | priority calculation of connection "east" is 0xfe7e7
Sep 21 07:34:33.201521: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45 (raw_eroute)
Sep 21 07:34:33.201524: | IPsec Sa SPD priority set to 1042407
Sep 21 07:34:33.201548: | raw_eroute result=success
Sep 21 07:34:33.201552: | running updown command "ipsec _updown" for verb up 
Sep 21 07:34:33.201554: | command executing up-client
Sep 21 07:34:33.201582: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x1737e355 SPI_OUT=0x6d5
Sep 21 07:34:33.201586: | popen cmd is 1020 chars long
Sep 21 07:34:33.201589: | cmd(   0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFA:
Sep 21 07:34:33.201592: | cmd(  80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' :
Sep 21 07:34:33.201594: | cmd( 160):PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_M:
Sep 21 07:34:33.201597: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638:
Sep 21 07:34:33.201600: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_:
Sep 21 07:34:33.201603: | cmd( 400):CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK=':
Sep 21 07:34:33.201606: | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT:
Sep 21 07:34:33.201609: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKE:
Sep 21 07:34:33.201612: | cmd( 640):V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO:
Sep 21 07:34:33.201615: | cmd( 720):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN:
Sep 21 07:34:33.201617: | cmd( 800):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_:
Sep 21 07:34:33.201623: | cmd( 880):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=:
Sep 21 07:34:33.201626: | cmd( 960):'no' SPI_IN=0x1737e355 SPI_OUT=0x6d5ced15 ipsec _updown 2>&1:
Sep 21 07:34:33.210200: | route_and_eroute: firewall_notified: true
Sep 21 07:34:33.210218: | running updown command "ipsec _updown" for verb prepare 
Sep 21 07:34:33.210222: | command executing prepare-client
Sep 21 07:34:33.210256: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x1737e355 SPI
Sep 21 07:34:33.210260: | popen cmd is 1025 chars long
Sep 21 07:34:33.210263: | cmd(   0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_IN:
Sep 21 07:34:33.210266: | cmd(  80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@e:
Sep 21 07:34:33.210268: | cmd( 160):ast' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLI:
Sep 21 07:34:33.210271: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=:
Sep 21 07:34:33.210273: | cmd( 320):'16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_:
Sep 21 07:34:33.210276: | cmd( 400):PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_M:
Sep 21 07:34:33.210278: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='':
Sep 21 07:34:33.210281: | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF:
Sep 21 07:34:33.210283: | cmd( 640):S+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' :
Sep 21 07:34:33.210285: | cmd( 720):PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_D:
Sep 21 07:34:33.210288: | cmd( 800):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' P:
Sep 21 07:34:33.210290: | cmd( 880):LUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH:
Sep 21 07:34:33.210293: | cmd( 960):ARED='no' SPI_IN=0x1737e355 SPI_OUT=0x6d5ced15 ipsec _updown 2>&1:
Sep 21 07:34:33.223058: | running updown command "ipsec _updown" for verb route 
Sep 21 07:34:33.223079: | command executing route-client
Sep 21 07:34:33.223110: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x1737e355 SPI_OUT
Sep 21 07:34:33.223118: | popen cmd is 1023 chars long
Sep 21 07:34:33.223121: | cmd(   0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTE:
Sep 21 07:34:33.223124: | cmd(  80):RFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@eas:
Sep 21 07:34:33.223126: | cmd( 160):t' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIEN:
Sep 21 07:34:33.223129: | cmd( 240):T_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1:
Sep 21 07:34:33.223132: | cmd( 320):6388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PE:
Sep 21 07:34:33.223134: | cmd( 400):ER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MAS:
Sep 21 07:34:33.223137: | cmd( 480):K='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' P:
Sep 21 07:34:33.223140: | cmd( 560):LUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+:
Sep 21 07:34:33.223142: | cmd( 640):IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL:
Sep 21 07:34:33.223145: | cmd( 720):UTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS:
Sep 21 07:34:33.223147: | cmd( 800):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU:
Sep 21 07:34:33.223150: | cmd( 880):TO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR:
Sep 21 07:34:33.223152: | cmd( 960):ED='no' SPI_IN=0x1737e355 SPI_OUT=0x6d5ced15 ipsec _updown 2>&1:
Sep 21 07:34:33.245701: | route_and_eroute: instance "east", setting eroute_owner {spd=0x56158f907ac0,sr=0x56158f907ac0} to #2 (was #0) (newest_ipsec_sa=#0)
Sep 21 07:34:33.245777: |     #1 spent 0.894 milliseconds in install_ipsec_sa()
Sep 21 07:34:33.245786: | ISAKMP_v2_IKE_AUTH: instance east[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1
Sep 21 07:34:33.245791: | adding 1 bytes of padding (including 1 byte padding-length)
Sep 21 07:34:33.245794: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Sep 21 07:34:33.245796: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Sep 21 07:34:33.245798: | emitting length of IKEv2 Encryption Payload: 197
Sep 21 07:34:33.245799: | emitting length of ISAKMP Message: 225
Sep 21 07:34:33.245818: | ikev2_parent_inI2outR2_continue_tail returned STF_OK
Sep 21 07:34:33.245822: |   #1 spent 2.53 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet()
Sep 21 07:34:33.245826: | suspend processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:34:33.245830: | start processing: state #2 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:34:33.245833: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK
Sep 21 07:34:33.245835: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R
Sep 21 07:34:33.245838: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA)
Sep 21 07:34:33.245841: | Message ID: updating counters for #2 to 1 after switching state
Sep 21 07:34:33.245850: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1
Sep 21 07:34:33.245857: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1
Sep 21 07:34:33.245861: | pstats #2 ikev2.child established
Sep 21 07:34:33.245870: "east" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0]
Sep 21 07:34:33.245874: | NAT-T: encaps is 'auto'
Sep 21 07:34:33.245881: "east" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x1737e355 <0x6d5ced15 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive}
Sep 21 07:34:33.245891: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500)
Sep 21 07:34:33.245896: | sending 225 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1)
Sep 21 07:34:33.245898: |   08 28 d1 fa  1b 14 67 5f  72 59 8d c7  25 ee 41 44
Sep 21 07:34:33.245899: |   2e 20 23 20  00 00 00 01  00 00 00 e1  24 00 00 c5
Sep 21 07:34:33.245900: |   0c 44 a4 ba  52 07 bb d3  05 4a 10 20  fd 72 df 3c
Sep 21 07:34:33.245902: |   b1 9f 7f 08  15 36 7d 12  e2 83 09 87  5a a0 36 ee
Sep 21 07:34:33.245903: |   7d 6b e6 b9  5d 0b 46 8f  52 c2 7e 26  01 04 19 4a
Sep 21 07:34:33.245905: |   95 d4 f2 9b  9f 94 bd ea  93 b0 b8 5a  d6 04 df b8
Sep 21 07:34:33.245906: |   e6 21 f0 e1  6b fc ed 2d  38 26 51 89  5d 54 05 29
Sep 21 07:34:33.245908: |   65 f3 32 2e  5d 82 61 b4  7a 34 45 42  b6 35 93 6d
Sep 21 07:34:33.245909: |   93 d9 62 a4  f9 38 8f 55  91 46 8f e6  0c a8 9f d3
Sep 21 07:34:33.245910: |   70 38 0b f6  75 fd 58 a4  de 87 e7 f1  a5 3c bf 0c
Sep 21 07:34:33.245912: |   16 c4 a6 de  a7 73 a6 74  79 a3 81 fd  82 e3 ca b1
Sep 21 07:34:33.245913: |   8c 0a 52 17  49 af 90 11  0a 71 91 fb  8b 16 c4 54
Sep 21 07:34:33.245915: |   db f2 2a 49  bb 3b 8b 9a  6f 26 cb 3c  35 24 59 f0
Sep 21 07:34:33.245916: |   8e 34 f4 e1  f4 49 63 1c  7b be e5 d0  3a 13 f9 40
Sep 21 07:34:33.245917: |   2d
Sep 21 07:34:33.245953: | releasing whack for #2 (sock=fd@-1)
Sep 21 07:34:33.245956: | releasing whack and unpending for parent #1
Sep 21 07:34:33.245958: | unpending state #1 connection "east"
Sep 21 07:34:33.245961: | #2 will start re-keying in 28 seconds with margin of 2 seconds (attempting re-key)
Sep 21 07:34:33.245964: | event_schedule: new EVENT_SA_REKEY-pe@0x7f12f8002b20
Sep 21 07:34:33.245966: | inserting event EVENT_SA_REKEY, timeout in 28 seconds for #2
Sep 21 07:34:33.245969: | libevent_malloc: new ptr-libevent@0x56158f9116a0 size 128
Sep 21 07:34:33.245973: | resume sending helper answer for #1 suppresed complete_v2_state_transition()
Sep 21 07:34:33.245977: | #1 spent 2.81 milliseconds in resume sending helper answer
Sep 21 07:34:33.245981: | stop processing: state #2 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833)
Sep 21 07:34:33.245984: | libevent_free: release ptr-libevent@0x7f12f0006b90
Sep 21 07:34:33.245991: | processing signal PLUTO_SIGCHLD
Sep 21 07:34:33.245995: | waitpid returned ECHILD (no child processes left)
Sep 21 07:34:33.245998: | spent 0.0039 milliseconds in signal handler PLUTO_SIGCHLD
Sep 21 07:34:33.246000: | processing signal PLUTO_SIGCHLD
Sep 21 07:34:33.246002: | waitpid returned ECHILD (no child processes left)
Sep 21 07:34:33.246004: | spent 0.00231 milliseconds in signal handler PLUTO_SIGCHLD
Sep 21 07:34:33.246006: | processing signal PLUTO_SIGCHLD
Sep 21 07:34:33.246008: | waitpid returned ECHILD (no child processes left)
Sep 21 07:34:33.246010: | spent 0.0023 milliseconds in signal handler PLUTO_SIGCHLD