Sep 21 07:34:32.899117: FIPS Product: YES Sep 21 07:34:32.899153: FIPS Kernel: NO Sep 21 07:34:32.899156: FIPS Mode: NO Sep 21 07:34:32.899158: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:34:32.899323: Initializing NSS Sep 21 07:34:32.899326: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:34:32.937043: NSS initialized Sep 21 07:34:32.937061: NSS crypto library initialized Sep 21 07:34:32.937064: FIPS HMAC integrity support [enabled] Sep 21 07:34:32.937066: FIPS mode disabled for pluto daemon Sep 21 07:34:32.981716: FIPS HMAC integrity verification self-test FAILED Sep 21 07:34:32.981826: libcap-ng support [enabled] Sep 21 07:34:32.981840: Linux audit support [enabled] Sep 21 07:34:32.981865: Linux audit activated Sep 21 07:34:32.981876: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:12198 Sep 21 07:34:32.981879: core dump dir: /tmp Sep 21 07:34:32.981882: secrets file: /etc/ipsec.secrets Sep 21 07:34:32.981884: leak-detective disabled Sep 21 07:34:32.981886: NSS crypto [enabled] Sep 21 07:34:32.981888: XAUTH PAM support [enabled] Sep 21 07:34:32.981966: | libevent is using pluto's memory allocator Sep 21 07:34:32.981971: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:34:32.981982: | libevent_malloc: new ptr-libevent@0x5587b8ab2210 size 40 Sep 21 07:34:32.981986: | libevent_malloc: new ptr-libevent@0x5587b8ab34c0 size 40 Sep 21 07:34:32.981989: | libevent_malloc: new ptr-libevent@0x5587b8ab34f0 size 40 Sep 21 07:34:32.981990: | creating event base Sep 21 07:34:32.981992: | libevent_malloc: new ptr-libevent@0x5587b8ab3480 size 56 Sep 21 07:34:32.981994: | libevent_malloc: new ptr-libevent@0x5587b8ab3520 size 664 Sep 21 07:34:32.982004: | libevent_malloc: new ptr-libevent@0x5587b8ab37c0 size 24 Sep 21 07:34:32.982007: | libevent_malloc: new ptr-libevent@0x5587b8aa4f50 size 384 Sep 21 07:34:32.982015: | libevent_malloc: new ptr-libevent@0x5587b8ab37e0 size 16 Sep 21 07:34:32.982016: | libevent_malloc: new ptr-libevent@0x5587b8ab3800 size 40 Sep 21 07:34:32.982018: | libevent_malloc: new ptr-libevent@0x5587b8ab3830 size 48 Sep 21 07:34:32.982023: | libevent_realloc: new ptr-libevent@0x5587b8a35370 size 256 Sep 21 07:34:32.982025: | libevent_malloc: new ptr-libevent@0x5587b8ab3870 size 16 Sep 21 07:34:32.982029: | libevent_free: release ptr-libevent@0x5587b8ab3480 Sep 21 07:34:32.982031: | libevent initialized Sep 21 07:34:32.982033: | libevent_realloc: new ptr-libevent@0x5587b8ab3890 size 64 Sep 21 07:34:32.982036: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:34:32.982050: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:34:32.982052: NAT-Traversal support [enabled] Sep 21 07:34:32.982053: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:34:32.982058: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:34:32.982060: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:34:32.982093: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:34:32.982095: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:34:32.982097: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:34:32.982132: Encryption algorithms: Sep 21 07:34:32.982139: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:34:32.982141: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:34:32.982143: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:34:32.982145: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:34:32.982147: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:34:32.982155: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:34:32.982157: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:34:32.982159: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:34:32.982161: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:34:32.982163: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:34:32.982165: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:34:32.982167: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:34:32.982169: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:34:32.982171: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:34:32.982173: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:34:32.982175: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:34:32.982177: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:34:32.982181: Hash algorithms: Sep 21 07:34:32.982183: MD5 IKEv1: IKE IKEv2: Sep 21 07:34:32.982185: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:34:32.982187: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:34:32.982189: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:34:32.982190: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:34:32.982199: PRF algorithms: Sep 21 07:34:32.982201: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:34:32.982203: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:34:32.982205: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:34:32.982206: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:34:32.982208: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:34:32.982210: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:34:32.982225: Integrity algorithms: Sep 21 07:34:32.982227: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:34:32.982229: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:34:32.982231: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:34:32.982234: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:34:32.982236: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:34:32.982237: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:34:32.982240: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:34:32.982241: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:34:32.982243: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:34:32.982251: DH algorithms: Sep 21 07:34:32.982253: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:34:32.982254: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:34:32.982256: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:34:32.982259: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:34:32.982261: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:34:32.982262: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:34:32.982264: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:34:32.982266: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:34:32.982268: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:34:32.982270: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:34:32.982271: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:34:32.982273: testing CAMELLIA_CBC: Sep 21 07:34:32.982274: Camellia: 16 bytes with 128-bit key Sep 21 07:34:32.982368: Camellia: 16 bytes with 128-bit key Sep 21 07:34:32.982387: Camellia: 16 bytes with 256-bit key Sep 21 07:34:32.982405: Camellia: 16 bytes with 256-bit key Sep 21 07:34:32.982422: testing AES_GCM_16: Sep 21 07:34:32.982424: empty string Sep 21 07:34:32.982442: one block Sep 21 07:34:32.982457: two blocks Sep 21 07:34:32.982473: two blocks with associated data Sep 21 07:34:32.982489: testing AES_CTR: Sep 21 07:34:32.982491: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:34:32.982507: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:34:32.982523: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:34:32.982540: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:34:32.982555: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:34:32.982572: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:34:32.982589: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:34:32.982605: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:34:32.982621: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:34:32.982637: testing AES_CBC: Sep 21 07:34:32.982639: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:34:32.982654: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:34:32.982672: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:34:32.982691: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:34:32.982724: testing AES_XCBC: Sep 21 07:34:32.982730: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:34:32.982844: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:34:32.982930: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:34:32.983005: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:34:32.983080: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:34:32.983156: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:34:32.983234: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:34:32.983402: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:34:32.983478: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:34:32.983559: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:34:32.983703: testing HMAC_MD5: Sep 21 07:34:32.983705: RFC 2104: MD5_HMAC test 1 Sep 21 07:34:32.983835: RFC 2104: MD5_HMAC test 2 Sep 21 07:34:32.983935: RFC 2104: MD5_HMAC test 3 Sep 21 07:34:32.984053: 8 CPU cores online Sep 21 07:34:32.984056: starting up 7 crypto helpers Sep 21 07:34:32.984090: started thread for crypto helper 0 Sep 21 07:34:32.984097: | starting up helper thread 0 Sep 21 07:34:32.984111: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:34:32.984114: | crypto helper 0 waiting (nothing to do) Sep 21 07:34:32.984130: started thread for crypto helper 1 Sep 21 07:34:32.984134: | starting up helper thread 1 Sep 21 07:34:32.984160: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:34:32.984164: | crypto helper 1 waiting (nothing to do) Sep 21 07:34:32.984166: started thread for crypto helper 2 Sep 21 07:34:32.984180: | starting up helper thread 2 Sep 21 07:34:32.984193: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:34:32.984185: started thread for crypto helper 3 Sep 21 07:34:32.984198: | crypto helper 2 waiting (nothing to do) Sep 21 07:34:32.984192: | starting up helper thread 3 Sep 21 07:34:32.984217: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:34:32.984219: started thread for crypto helper 4 Sep 21 07:34:32.984221: | crypto helper 3 waiting (nothing to do) Sep 21 07:34:32.984265: started thread for crypto helper 5 Sep 21 07:34:32.984268: | starting up helper thread 5 Sep 21 07:34:32.984278: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:34:32.984281: | crypto helper 5 waiting (nothing to do) Sep 21 07:34:32.984295: started thread for crypto helper 6 Sep 21 07:34:32.984300: | checking IKEv1 state table Sep 21 07:34:32.984308: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:34:32.984310: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:34:32.984313: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:34:32.984315: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:34:32.984318: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:34:32.984320: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:34:32.984323: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:34:32.984324: | starting up helper thread 6 Sep 21 07:34:32.984325: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:34:32.984332: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:34:32.984343: | crypto helper 6 waiting (nothing to do) Sep 21 07:34:32.984339: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:34:32.984351: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:34:32.984356: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:34:32.984343: | starting up helper thread 4 Sep 21 07:34:32.984358: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:34:32.984381: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:34:32.984382: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:34:32.984390: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:34:32.984386: | crypto helper 4 waiting (nothing to do) Sep 21 07:34:32.984392: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:34:32.984400: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:34:32.984402: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:34:32.984405: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:34:32.984407: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:34:32.984409: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:34:32.984411: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:34:32.984414: | -> UNDEFINED EVENT_NULL Sep 21 07:34:32.984416: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:34:32.984418: | -> UNDEFINED EVENT_NULL Sep 21 07:34:32.984421: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:34:32.984423: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:34:32.984426: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:34:32.984428: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:34:32.984430: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:34:32.984432: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:34:32.984435: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:34:32.984437: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:34:32.984439: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:34:32.984441: | -> UNDEFINED EVENT_NULL Sep 21 07:34:32.984444: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:34:32.984446: | -> UNDEFINED EVENT_NULL Sep 21 07:34:32.984448: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:34:32.984453: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:34:32.984456: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:34:32.984458: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:34:32.984461: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:34:32.984463: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:34:32.984465: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:34:32.984468: | -> UNDEFINED EVENT_NULL Sep 21 07:34:32.984470: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:34:32.984472: | -> UNDEFINED EVENT_NULL Sep 21 07:34:32.984475: | INFO: category: informational flags: 0: Sep 21 07:34:32.984477: | -> UNDEFINED EVENT_NULL Sep 21 07:34:32.984480: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:34:32.984482: | -> UNDEFINED EVENT_NULL Sep 21 07:34:32.984484: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:34:32.984487: | -> XAUTH_R1 EVENT_NULL Sep 21 07:34:32.984489: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:34:32.984491: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:34:32.984494: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:34:32.984496: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:34:32.984499: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:34:32.984501: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:34:32.984503: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:34:32.984505: | -> UNDEFINED EVENT_NULL Sep 21 07:34:32.984521: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:34:32.984523: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:34:32.984526: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:34:32.984528: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:34:32.984531: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:34:32.984533: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:34:32.984539: | checking IKEv2 state table Sep 21 07:34:32.984545: | PARENT_I0: category: ignore flags: 0: Sep 21 07:34:32.984548: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:34:32.984551: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:34:32.984554: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:34:32.984556: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:34:32.984559: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:34:32.984562: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:34:32.984564: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:34:32.984567: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:34:32.984569: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:34:32.984572: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:34:32.984574: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:34:32.984577: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:34:32.984579: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:34:32.984582: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:34:32.984584: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:34:32.984587: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:34:32.984589: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:34:32.984592: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:34:32.984595: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:34:32.984597: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:34:32.984600: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:34:32.984606: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:34:32.984609: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:34:32.984611: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:34:32.984613: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:34:32.984616: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:34:32.984619: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:34:32.984621: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:34:32.984624: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:34:32.984627: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:34:32.984629: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:34:32.984632: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:34:32.984635: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:34:32.984637: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:34:32.984640: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:34:32.984643: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:34:32.984646: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:34:32.984648: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:34:32.984651: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:34:32.984653: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:34:32.984656: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:34:32.984659: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:34:32.984662: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:34:32.984664: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:34:32.984667: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:34:32.984669: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:34:32.984717: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:34:32.984776: | Hard-wiring algorithms Sep 21 07:34:32.984779: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:34:32.984787: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:34:32.984793: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:34:32.984796: | adding 3DES_CBC to kernel algorithm db Sep 21 07:34:32.984798: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:34:32.984800: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:34:32.984803: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:34:32.984805: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:34:32.984820: | adding AES_CTR to kernel algorithm db Sep 21 07:34:32.984822: | adding AES_CBC to kernel algorithm db Sep 21 07:34:32.984824: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:34:32.984827: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:34:32.984829: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:34:32.984831: | adding NULL to kernel algorithm db Sep 21 07:34:32.984833: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:34:32.984836: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:34:32.984838: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:34:32.984840: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:34:32.984843: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:34:32.984845: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:34:32.984847: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:34:32.984850: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:34:32.984852: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:34:32.984855: | adding NONE to kernel algorithm db Sep 21 07:34:32.984877: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:34:32.984883: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:34:32.984885: | setup kernel fd callback Sep 21 07:34:32.984888: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x5587b8ab8ea0 Sep 21 07:34:32.984893: | libevent_malloc: new ptr-libevent@0x5587b8ac4fc0 size 128 Sep 21 07:34:32.984896: | libevent_malloc: new ptr-libevent@0x5587b8ab8180 size 16 Sep 21 07:34:32.984902: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x5587b8ab8e60 Sep 21 07:34:32.984905: | libevent_malloc: new ptr-libevent@0x5587b8ac5050 size 128 Sep 21 07:34:32.984907: | libevent_malloc: new ptr-libevent@0x5587b8ab81a0 size 16 Sep 21 07:34:32.985234: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:34:32.985255: selinux support is enabled. Sep 21 07:34:32.985334: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:34:32.985502: | unbound context created - setting debug level to 5 Sep 21 07:34:32.985528: | /etc/hosts lookups activated Sep 21 07:34:32.985545: | /etc/resolv.conf usage activated Sep 21 07:34:32.985607: | outgoing-port-avoid set 0-65535 Sep 21 07:34:32.985636: | outgoing-port-permit set 32768-60999 Sep 21 07:34:32.985639: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:34:32.985642: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:34:32.985645: | Setting up events, loop start Sep 21 07:34:32.985647: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x5587b8ab3480 Sep 21 07:34:32.985650: | libevent_malloc: new ptr-libevent@0x5587b8acf540 size 128 Sep 21 07:34:32.985653: | libevent_malloc: new ptr-libevent@0x5587b8acf5d0 size 16 Sep 21 07:34:32.985658: | libevent_realloc: new ptr-libevent@0x5587b8a336c0 size 256 Sep 21 07:34:32.985661: | libevent_malloc: new ptr-libevent@0x5587b8acf5f0 size 8 Sep 21 07:34:32.985664: | libevent_realloc: new ptr-libevent@0x5587b8ac43c0 size 144 Sep 21 07:34:32.985666: | libevent_malloc: new ptr-libevent@0x5587b8acf610 size 152 Sep 21 07:34:32.985670: | libevent_malloc: new ptr-libevent@0x5587b8acf6b0 size 16 Sep 21 07:34:32.985673: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:34:32.985676: | libevent_malloc: new ptr-libevent@0x5587b8acf6d0 size 8 Sep 21 07:34:32.985678: | libevent_malloc: new ptr-libevent@0x5587b8acf6f0 size 152 Sep 21 07:34:32.985681: | signal event handler PLUTO_SIGTERM installed Sep 21 07:34:32.985683: | libevent_malloc: new ptr-libevent@0x5587b8acf790 size 8 Sep 21 07:34:32.985686: | libevent_malloc: new ptr-libevent@0x5587b8acf7b0 size 152 Sep 21 07:34:32.985688: | signal event handler PLUTO_SIGHUP installed Sep 21 07:34:32.985691: | libevent_malloc: new ptr-libevent@0x5587b8acf850 size 8 Sep 21 07:34:32.985693: | libevent_realloc: release ptr-libevent@0x5587b8ac43c0 Sep 21 07:34:32.985696: | libevent_realloc: new ptr-libevent@0x5587b8acf870 size 256 Sep 21 07:34:32.985698: | libevent_malloc: new ptr-libevent@0x5587b8ac43c0 size 152 Sep 21 07:34:32.985701: | signal event handler PLUTO_SIGSYS installed Sep 21 07:34:32.986074: | created addconn helper (pid:12295) using fork+execve Sep 21 07:34:32.986093: | forked child 12295 Sep 21 07:34:32.986126: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:32.986138: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:34:32.986158: listening for IKE messages Sep 21 07:34:32.986220: | Inspecting interface lo Sep 21 07:34:32.986226: | found lo with address 127.0.0.1 Sep 21 07:34:32.986228: | Inspecting interface eth0 Sep 21 07:34:32.986232: | found eth0 with address 192.0.1.254 Sep 21 07:34:32.986235: | Inspecting interface eth1 Sep 21 07:34:32.986238: | found eth1 with address 192.1.2.45 Sep 21 07:34:32.986294: Kernel supports NIC esp-hw-offload Sep 21 07:34:32.986304: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 Sep 21 07:34:32.986338: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:34:32.986358: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:34:32.986361: adding interface eth1/eth1 192.1.2.45:4500 Sep 21 07:34:32.986399: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 Sep 21 07:34:32.986419: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:34:32.986423: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:34:32.986427: adding interface eth0/eth0 192.0.1.254:4500 Sep 21 07:34:32.986452: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:34:32.986473: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:34:32.986476: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:34:32.986480: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:34:32.986529: | no interfaces to sort Sep 21 07:34:32.986533: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:34:32.986541: | add_fd_read_event_handler: new ethX-pe@0x5587b8acfbe0 Sep 21 07:34:32.986544: | libevent_malloc: new ptr-libevent@0x5587b8acfc20 size 128 Sep 21 07:34:32.986547: | libevent_malloc: new ptr-libevent@0x5587b8acfcb0 size 16 Sep 21 07:34:32.986554: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:34:32.986556: | add_fd_read_event_handler: new ethX-pe@0x5587b8acfcd0 Sep 21 07:34:32.986559: | libevent_malloc: new ptr-libevent@0x5587b8acfd10 size 128 Sep 21 07:34:32.986561: | libevent_malloc: new ptr-libevent@0x5587b8acfda0 size 16 Sep 21 07:34:32.986566: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:34:32.986568: | add_fd_read_event_handler: new ethX-pe@0x5587b8acfdc0 Sep 21 07:34:32.986571: | libevent_malloc: new ptr-libevent@0x5587b8acfe00 size 128 Sep 21 07:34:32.986573: | libevent_malloc: new ptr-libevent@0x5587b8acfe90 size 16 Sep 21 07:34:32.986578: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Sep 21 07:34:32.986580: | add_fd_read_event_handler: new ethX-pe@0x5587b8acfeb0 Sep 21 07:34:32.986583: | libevent_malloc: new ptr-libevent@0x5587b8acfef0 size 128 Sep 21 07:34:32.986585: | libevent_malloc: new ptr-libevent@0x5587b8acff80 size 16 Sep 21 07:34:32.986590: | setup callback for interface eth0 192.0.1.254:500 fd 19 Sep 21 07:34:32.986592: | add_fd_read_event_handler: new ethX-pe@0x5587b8acffa0 Sep 21 07:34:32.986595: | libevent_malloc: new ptr-libevent@0x5587b8acffe0 size 128 Sep 21 07:34:32.986597: | libevent_malloc: new ptr-libevent@0x5587b8ad0070 size 16 Sep 21 07:34:32.986602: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Sep 21 07:34:32.986604: | add_fd_read_event_handler: new ethX-pe@0x5587b8ad0090 Sep 21 07:34:32.986607: | libevent_malloc: new ptr-libevent@0x5587b8ad00d0 size 128 Sep 21 07:34:32.986609: | libevent_malloc: new ptr-libevent@0x5587b8ad0160 size 16 Sep 21 07:34:32.986614: | setup callback for interface eth1 192.1.2.45:500 fd 17 Sep 21 07:34:32.986618: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:34:32.986621: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:34:32.986639: loading secrets from "/etc/ipsec.secrets" Sep 21 07:34:32.986649: | id type added to secret(0x5587b8ac5180) PKK_PSK: @west Sep 21 07:34:32.986652: | id type added to secret(0x5587b8ac5180) PKK_PSK: @east Sep 21 07:34:32.986657: | Processing PSK at line 1: passed Sep 21 07:34:32.986659: | certs and keys locked by 'process_secret' Sep 21 07:34:32.986662: | certs and keys unlocked by 'process_secret' Sep 21 07:34:32.986667: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:34:32.986674: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:34:32.986679: | spent 0.562 milliseconds in whack Sep 21 07:34:33.013397: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:33.013431: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:34:33.013435: listening for IKE messages Sep 21 07:34:33.013492: | Inspecting interface lo Sep 21 07:34:33.013503: | found lo with address 127.0.0.1 Sep 21 07:34:33.013505: | Inspecting interface eth0 Sep 21 07:34:33.013508: | found eth0 with address 192.0.1.254 Sep 21 07:34:33.013509: | Inspecting interface eth1 Sep 21 07:34:33.013511: | found eth1 with address 192.1.2.45 Sep 21 07:34:33.013558: | no interfaces to sort Sep 21 07:34:33.013564: | libevent_free: release ptr-libevent@0x5587b8acfc20 Sep 21 07:34:33.013566: | free_event_entry: release EVENT_NULL-pe@0x5587b8acfbe0 Sep 21 07:34:33.013568: | add_fd_read_event_handler: new ethX-pe@0x5587b8acfbe0 Sep 21 07:34:33.013570: | libevent_malloc: new ptr-libevent@0x5587b8acfc20 size 128 Sep 21 07:34:33.013576: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:34:33.013578: | libevent_free: release ptr-libevent@0x5587b8acfd10 Sep 21 07:34:33.013580: | free_event_entry: release EVENT_NULL-pe@0x5587b8acfcd0 Sep 21 07:34:33.013581: | add_fd_read_event_handler: new ethX-pe@0x5587b8acfcd0 Sep 21 07:34:33.013583: | libevent_malloc: new ptr-libevent@0x5587b8acfd10 size 128 Sep 21 07:34:33.013586: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:34:33.013588: | libevent_free: release ptr-libevent@0x5587b8acfe00 Sep 21 07:34:33.013590: | free_event_entry: release EVENT_NULL-pe@0x5587b8acfdc0 Sep 21 07:34:33.013591: | add_fd_read_event_handler: new ethX-pe@0x5587b8acfdc0 Sep 21 07:34:33.013593: | libevent_malloc: new ptr-libevent@0x5587b8acfe00 size 128 Sep 21 07:34:33.013596: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Sep 21 07:34:33.013598: | libevent_free: release ptr-libevent@0x5587b8acfef0 Sep 21 07:34:33.013600: | free_event_entry: release EVENT_NULL-pe@0x5587b8acfeb0 Sep 21 07:34:33.013601: | add_fd_read_event_handler: new ethX-pe@0x5587b8acfeb0 Sep 21 07:34:33.013603: | libevent_malloc: new ptr-libevent@0x5587b8acfef0 size 128 Sep 21 07:34:33.013606: | setup callback for interface eth0 192.0.1.254:500 fd 19 Sep 21 07:34:33.013608: | libevent_free: release ptr-libevent@0x5587b8acffe0 Sep 21 07:34:33.013610: | free_event_entry: release EVENT_NULL-pe@0x5587b8acffa0 Sep 21 07:34:33.013611: | add_fd_read_event_handler: new ethX-pe@0x5587b8acffa0 Sep 21 07:34:33.013613: | libevent_malloc: new ptr-libevent@0x5587b8acffe0 size 128 Sep 21 07:34:33.013616: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Sep 21 07:34:33.013618: | libevent_free: release ptr-libevent@0x5587b8ad00d0 Sep 21 07:34:33.013620: | free_event_entry: release EVENT_NULL-pe@0x5587b8ad0090 Sep 21 07:34:33.013621: | add_fd_read_event_handler: new ethX-pe@0x5587b8ad0090 Sep 21 07:34:33.013623: | libevent_malloc: new ptr-libevent@0x5587b8ad00d0 size 128 Sep 21 07:34:33.013626: | setup callback for interface eth1 192.1.2.45:500 fd 17 Sep 21 07:34:33.013628: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:34:33.013629: forgetting secrets Sep 21 07:34:33.013635: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:34:33.013645: loading secrets from "/etc/ipsec.secrets" Sep 21 07:34:33.013651: | id type added to secret(0x5587b8ac5180) PKK_PSK: @west Sep 21 07:34:33.013653: | id type added to secret(0x5587b8ac5180) PKK_PSK: @east Sep 21 07:34:33.013656: | Processing PSK at line 1: passed Sep 21 07:34:33.013657: | certs and keys locked by 'process_secret' Sep 21 07:34:33.013659: | certs and keys unlocked by 'process_secret' Sep 21 07:34:33.013662: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:34:33.013668: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:34:33.013673: | spent 0.297 milliseconds in whack Sep 21 07:34:33.014119: | processing signal PLUTO_SIGCHLD Sep 21 07:34:33.014134: | waitpid returned pid 12295 (exited with status 0) Sep 21 07:34:33.014137: | reaped addconn helper child (status 0) Sep 21 07:34:33.014140: | waitpid returned ECHILD (no child processes left) Sep 21 07:34:33.014143: | spent 0.0142 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:34:33.073229: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:33.073256: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:34:33.073260: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:34:33.073262: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:34:33.073264: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:34:33.073268: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:34:33.073275: | Added new connection west with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:34:33.073329: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:34:33.073333: | from whack: got --esp= Sep 21 07:34:33.073367: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:34:33.073372: | counting wild cards for @west is 0 Sep 21 07:34:33.073375: | counting wild cards for @east is 0 Sep 21 07:34:33.073384: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:34:33.073387: | new hp@0x5587b8a9c7c0 Sep 21 07:34:33.073391: added connection description "west" Sep 21 07:34:33.073401: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:34:33.073411: | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Sep 21 07:34:33.073418: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:34:33.073424: | spent 0.203 milliseconds in whack Sep 21 07:34:33.073471: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:33.073480: add keyid @west Sep 21 07:34:33.073483: | add pubkey 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 Sep 21 07:34:33.073486: | add pubkey 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e Sep 21 07:34:33.073488: | add pubkey b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 Sep 21 07:34:33.073490: | add pubkey 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 Sep 21 07:34:33.073492: | add pubkey 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 Sep 21 07:34:33.073494: | add pubkey f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c Sep 21 07:34:33.073497: | add pubkey ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a Sep 21 07:34:33.073499: | add pubkey 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 Sep 21 07:34:33.073501: | add pubkey b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 Sep 21 07:34:33.073503: | add pubkey 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a Sep 21 07:34:33.073506: | add pubkey 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 Sep 21 07:34:33.073508: | add pubkey ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc Sep 21 07:34:33.073510: | add pubkey 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e Sep 21 07:34:33.073512: | add pubkey d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 Sep 21 07:34:33.073514: | add pubkey 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d Sep 21 07:34:33.073517: | add pubkey 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f Sep 21 07:34:33.073519: | add pubkey c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 Sep 21 07:34:33.073522: | add pubkey 15 04 37 f9 Sep 21 07:34:33.073559: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:34:33.073562: | computed rsa CKAID 7f 0f 03 50 Sep 21 07:34:33.073569: | keyid: *AQOm9dY/4 Sep 21 07:34:33.073571: | n a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 8b 49 Sep 21 07:34:33.073573: | n 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e b3 96 Sep 21 07:34:33.073578: | n 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 09 f0 Sep 21 07:34:33.073581: | n c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 8f 95 Sep 21 07:34:33.073583: | n 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 f5 99 Sep 21 07:34:33.073585: | n f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c ac 34 Sep 21 07:34:33.073587: | n ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a 94 d3 Sep 21 07:34:33.073589: | n d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 b2 2b Sep 21 07:34:33.073592: | n 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 7d 7a Sep 21 07:34:33.073594: | n 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a 8f 52 Sep 21 07:34:33.073596: | n a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 ca 80 Sep 21 07:34:33.073598: | n db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc 2a b3 Sep 21 07:34:33.073600: | n 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e d3 3a Sep 21 07:34:33.073603: | n 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 87 33 Sep 21 07:34:33.073605: | n 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d 6e e8 Sep 21 07:34:33.073607: | n 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f c9 20 Sep 21 07:34:33.073609: | n 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 15 04 Sep 21 07:34:33.073611: | n 37 f9 Sep 21 07:34:33.073613: | e 03 Sep 21 07:34:33.073615: | CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:34:33.073617: | CKAID 7f 0f 03 50 Sep 21 07:34:33.073625: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:34:33.073630: | spent 0.162 milliseconds in whack Sep 21 07:34:33.073655: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:33.073663: add keyid @east Sep 21 07:34:33.073666: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Sep 21 07:34:33.073668: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Sep 21 07:34:33.073670: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Sep 21 07:34:33.073672: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Sep 21 07:34:33.073674: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Sep 21 07:34:33.073677: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Sep 21 07:34:33.073679: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Sep 21 07:34:33.073681: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Sep 21 07:34:33.073683: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Sep 21 07:34:33.073686: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Sep 21 07:34:33.073688: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Sep 21 07:34:33.073690: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Sep 21 07:34:33.073692: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Sep 21 07:34:33.073694: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Sep 21 07:34:33.073697: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Sep 21 07:34:33.073699: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Sep 21 07:34:33.073701: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Sep 21 07:34:33.073703: | add pubkey 51 51 48 ef Sep 21 07:34:33.073713: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:34:33.073715: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:34:33.073720: | keyid: *AQO9bJbr3 Sep 21 07:34:33.073722: | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Sep 21 07:34:33.073724: | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Sep 21 07:34:33.073726: | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Sep 21 07:34:33.073729: | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Sep 21 07:34:33.073731: | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Sep 21 07:34:33.073733: | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Sep 21 07:34:33.073735: | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Sep 21 07:34:33.073740: | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Sep 21 07:34:33.073742: | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Sep 21 07:34:33.073744: | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Sep 21 07:34:33.073746: | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Sep 21 07:34:33.073749: | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Sep 21 07:34:33.073751: | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Sep 21 07:34:33.073753: | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Sep 21 07:34:33.073755: | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Sep 21 07:34:33.073757: | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Sep 21 07:34:33.073759: | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Sep 21 07:34:33.073761: | n 48 ef Sep 21 07:34:33.073763: | e 03 Sep 21 07:34:33.073766: | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:34:33.073768: | CKAID 8a 82 25 f1 Sep 21 07:34:33.073792: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:34:33.073799: | spent 0.145 milliseconds in whack Sep 21 07:34:33.189590: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:33.189631: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Sep 21 07:34:33.189639: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:34:33.189646: | start processing: connection "west" (in initiate_a_connection() at initiate.c:186) Sep 21 07:34:33.189650: | connection 'west' +POLICY_UP Sep 21 07:34:33.189653: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Sep 21 07:34:33.189657: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:33.189681: | creating state object #1 at 0x5587b8ad1b30 Sep 21 07:34:33.189685: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:34:33.189693: | pstats #1 ikev2.ike started Sep 21 07:34:33.189696: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:34:33.189699: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:34:33.189705: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:34:33.189713: | suspend processing: connection "west" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:34:33.189718: | start processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:34:33.189722: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:34:33.189726: | Queuing pending IPsec SA negotiating with 192.1.2.23 "west" IKE SA #1 "west" Sep 21 07:34:33.189730: "west" #1: initiating v2 parent SA Sep 21 07:34:33.189740: | constructing local IKE proposals for west (IKE SA initiator selecting KE) Sep 21 07:34:33.189749: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:34:33.189757: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:34:33.189761: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:34:33.189767: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:34:33.189770: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:34:33.189776: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:34:33.189780: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:34:33.189798: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:34:33.189814: "west": constructed local IKE proposals for west (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:34:33.189823: | adding ikev2_outI1 KE work-order 1 for state #1 Sep 21 07:34:33.189827: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5587b8ad41e0 Sep 21 07:34:33.189831: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:34:33.189835: | libevent_malloc: new ptr-libevent@0x5587b8ad4220 size 128 Sep 21 07:34:33.189850: | #1 spent 0.196 milliseconds in ikev2_parent_outI1() Sep 21 07:34:33.189853: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:34:33.189854: | crypto helper 0 resuming Sep 21 07:34:33.189858: | RESET processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:34:33.189866: | crypto helper 0 starting work-order 1 for state #1 Sep 21 07:34:33.189872: | RESET processing: connection "west" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:34:33.189879: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Sep 21 07:34:33.189884: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:34:33.189894: | close_any(fd@23) (in initiate_connection() at initiate.c:372) Sep 21 07:34:33.189897: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:34:33.189902: | spent 0.303 milliseconds in whack Sep 21 07:34:33.190928: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.001049 seconds Sep 21 07:34:33.190940: | (#1) spent 1.05 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Sep 21 07:34:33.190943: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Sep 21 07:34:33.190946: | scheduling resume sending helper answer for #1 Sep 21 07:34:33.190950: | libevent_malloc: new ptr-libevent@0x7f8244006900 size 128 Sep 21 07:34:33.190958: | crypto helper 0 waiting (nothing to do) Sep 21 07:34:33.190970: | processing resume sending helper answer for #1 Sep 21 07:34:33.190981: | start processing: state #1 connection "west" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:34:33.190986: | crypto helper 0 replies to request ID 1 Sep 21 07:34:33.190989: | calling continuation function 0x5587b6ce7630 Sep 21 07:34:33.190991: | ikev2_parent_outI1_continue for #1 Sep 21 07:34:33.191022: | **emit ISAKMP Message: Sep 21 07:34:33.191025: | initiator cookie: Sep 21 07:34:33.191028: | 08 28 d1 fa 1b 14 67 5f Sep 21 07:34:33.191030: | responder cookie: Sep 21 07:34:33.191032: | 00 00 00 00 00 00 00 00 Sep 21 07:34:33.191035: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.191038: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:34:33.191041: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:34:33.191044: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:34:33.191046: | Message ID: 0 (0x0) Sep 21 07:34:33.191049: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:33.191066: | using existing local IKE proposals for connection west (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:34:33.191072: | Emitting ikev2_proposals ... Sep 21 07:34:33.191076: | ***emit IKEv2 Security Association Payload: Sep 21 07:34:33.191079: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:33.191081: | flags: none (0x0) Sep 21 07:34:33.191084: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:34:33.191087: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:34:33.191090: | discarding INTEG=NONE Sep 21 07:34:33.191092: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:34:33.191095: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:33.191097: | prop #: 1 (0x1) Sep 21 07:34:33.191099: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:34:33.191102: | spi size: 0 (0x0) Sep 21 07:34:33.191104: | # transforms: 11 (0xb) Sep 21 07:34:33.191107: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:34:33.191110: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191112: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191114: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:33.191117: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:34:33.191120: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191122: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:34:33.191125: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:33.191127: | length/value: 256 (0x100) Sep 21 07:34:33.191130: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:34:33.191133: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191135: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191137: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:34:33.191140: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:34:33.191143: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191146: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191148: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191151: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191153: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191155: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:34:33.191158: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:34:33.191161: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191164: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191166: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191168: | discarding INTEG=NONE Sep 21 07:34:33.191170: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191175: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191177: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.191180: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:34:33.191183: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191185: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191188: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191190: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191193: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191195: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.191197: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:34:33.191200: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191203: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191205: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191208: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191210: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191212: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.191215: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:34:33.191217: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191220: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191223: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191225: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191227: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191230: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.191232: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:34:33.191235: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191238: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191240: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191242: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191245: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191247: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.191249: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:34:33.191252: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191255: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191257: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191260: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191262: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191264: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.191267: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:34:33.191269: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191272: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191277: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191279: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191281: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191283: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.191286: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:34:33.191289: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191291: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191294: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191296: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191298: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:33.191301: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.191303: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:34:33.191306: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191308: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191311: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191313: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:34:33.191316: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:34:33.191318: | discarding INTEG=NONE Sep 21 07:34:33.191321: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:34:33.191323: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:33.191325: | prop #: 2 (0x2) Sep 21 07:34:33.191328: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:34:33.191330: | spi size: 0 (0x0) Sep 21 07:34:33.191332: | # transforms: 11 (0xb) Sep 21 07:34:33.191335: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:33.191338: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:34:33.191341: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191343: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191345: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:33.191348: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:34:33.191350: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191353: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:34:33.191355: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:33.191358: | length/value: 128 (0x80) Sep 21 07:34:33.191360: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:34:33.191363: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191365: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191367: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:34:33.191370: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:34:33.191372: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191375: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191378: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191380: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191382: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191388: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:34:33.191391: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:34:33.191394: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191397: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191399: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191401: | discarding INTEG=NONE Sep 21 07:34:33.191403: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191406: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191408: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.191410: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:34:33.191413: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191416: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191418: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191420: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191423: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191425: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.191427: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:34:33.191430: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191432: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191435: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191437: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191439: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191442: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.191444: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:34:33.191447: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191450: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191452: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191455: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191457: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191459: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.191462: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:34:33.191464: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191467: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191470: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191472: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191474: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191476: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.191479: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:34:33.191482: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191484: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191488: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191491: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191493: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191495: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.191498: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:34:33.191500: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191503: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191506: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191508: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191510: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191512: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.191515: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:34:33.191518: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191520: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191523: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191525: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191527: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:33.191530: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.191532: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:34:33.191535: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191537: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191540: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191542: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:34:33.191545: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:34:33.191548: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:34:33.191550: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:33.191552: | prop #: 3 (0x3) Sep 21 07:34:33.191555: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:34:33.191557: | spi size: 0 (0x0) Sep 21 07:34:33.191559: | # transforms: 13 (0xd) Sep 21 07:34:33.191562: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:33.191565: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:34:33.191568: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191570: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191572: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:33.191574: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:34:33.191577: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191580: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:34:33.191582: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:33.191585: | length/value: 256 (0x100) Sep 21 07:34:33.191587: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:34:33.191589: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191592: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191594: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:34:33.191596: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:34:33.191600: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191603: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191606: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191608: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191610: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191613: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:34:33.191615: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:34:33.191618: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191621: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191623: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191625: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191628: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191630: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:34:33.191632: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:34:33.191635: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191638: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191640: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191643: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191645: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191647: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:34:33.191650: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:34:33.191652: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191655: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191658: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191660: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191662: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191665: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.191667: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:34:33.191670: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191672: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191675: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191677: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191679: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191682: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.191684: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:34:33.191687: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191689: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191692: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191694: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191698: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191700: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.191702: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:34:33.191705: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191708: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191710: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191713: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191715: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191717: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.191720: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:34:33.191722: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191725: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191728: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191730: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191732: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191734: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.191737: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:34:33.191740: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191742: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191745: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191747: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191749: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191751: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.191754: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:34:33.191757: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191759: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191762: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191764: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191766: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191769: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.191771: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:34:33.191774: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191777: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191779: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191781: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191790: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:33.191793: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.191795: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:34:33.191798: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191801: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191805: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191807: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:34:33.191810: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:34:33.191813: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:34:33.191815: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:34:33.191817: | prop #: 4 (0x4) Sep 21 07:34:33.191820: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:34:33.191822: | spi size: 0 (0x0) Sep 21 07:34:33.191824: | # transforms: 13 (0xd) Sep 21 07:34:33.191827: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:33.191830: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:34:33.191832: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191835: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191837: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:33.191839: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:34:33.191842: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191844: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:34:33.191847: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:33.191849: | length/value: 128 (0x80) Sep 21 07:34:33.191852: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:34:33.191854: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191856: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191859: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:34:33.191861: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:34:33.191864: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191866: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191869: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191871: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191873: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191876: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:34:33.191878: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:34:33.191881: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191884: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191886: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191888: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191891: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191893: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:34:33.191895: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:34:33.191898: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191901: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191903: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191906: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191908: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191910: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:34:33.191914: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:34:33.191917: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191920: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191922: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191924: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191927: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191929: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.191931: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:34:33.191934: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191937: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191939: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191942: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191944: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191946: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.191949: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:34:33.191951: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191954: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191956: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191959: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191961: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191963: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.191966: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:34:33.191969: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191971: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191974: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191976: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191978: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191981: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.191983: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:34:33.191986: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191989: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.191991: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.191993: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.191996: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.191998: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.192001: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:34:33.192003: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.192006: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.192009: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.192012: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.192014: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.192017: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.192019: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:34:33.192022: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.192025: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.192027: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.192029: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.192032: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.192034: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.192036: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:34:33.192039: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.192042: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.192044: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.192047: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.192049: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:33.192051: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.192054: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:34:33.192057: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.192059: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.192062: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.192064: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:34:33.192067: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:34:33.192069: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:34:33.192071: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:34:33.192074: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:34:33.192076: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:33.192079: | flags: none (0x0) Sep 21 07:34:33.192081: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:34:33.192084: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:34:33.192087: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:34:33.192090: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:34:33.192093: | ikev2 g^x 48 bd fd 69 32 a6 4a 2f 80 80 59 83 e9 e3 9a 95 Sep 21 07:34:33.192095: | ikev2 g^x cc 01 4d ab 89 aa 4e cc 29 3a 3c e4 d1 3c 0e 75 Sep 21 07:34:33.192098: | ikev2 g^x d4 a9 d0 9a 77 0a 74 7a 0b 0f f1 9b 07 22 84 eb Sep 21 07:34:33.192100: | ikev2 g^x f2 bd 03 2b 6b fb 3f c1 51 ef ab f2 5e 39 e2 92 Sep 21 07:34:33.192102: | ikev2 g^x 24 b2 30 4d 93 c9 4b 47 09 59 a1 ef 52 4e 19 e0 Sep 21 07:34:33.192104: | ikev2 g^x c7 67 5e 15 c1 ae a1 9b 9c f7 ed d3 c1 da ba 29 Sep 21 07:34:33.192107: | ikev2 g^x 9d 0f 83 f3 ac ce 8c 51 a8 4e 6c 94 88 12 f5 ba Sep 21 07:34:33.192109: | ikev2 g^x 52 96 a4 4f 7f ab 53 55 09 81 b2 04 13 7f 30 41 Sep 21 07:34:33.192111: | ikev2 g^x 19 f2 76 a2 59 ac 27 63 6f f7 01 12 ae a1 61 1e Sep 21 07:34:33.192113: | ikev2 g^x fa 1c 26 90 2a ca 08 d7 44 20 ae f4 da bb 9f ce Sep 21 07:34:33.192117: | ikev2 g^x 91 5a 04 90 bb fe 47 15 4b 0d 4f 6a b4 c8 4c b0 Sep 21 07:34:33.192119: | ikev2 g^x 7c b4 ba 8b 32 aa fe 87 29 aa f6 c7 60 9f 9e b6 Sep 21 07:34:33.192121: | ikev2 g^x 04 61 29 2e 5b f0 5f 0f 91 d1 a9 d4 78 54 9d d9 Sep 21 07:34:33.192123: | ikev2 g^x 66 88 61 be d9 cd b8 fd 64 6a b1 64 2e b6 24 52 Sep 21 07:34:33.192125: | ikev2 g^x 79 7c fd c1 84 37 70 52 21 a1 c4 30 97 bd 3b 48 Sep 21 07:34:33.192128: | ikev2 g^x 2f e7 12 61 a4 a4 e6 63 38 e7 83 61 e9 e9 b3 48 Sep 21 07:34:33.192130: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:34:33.192133: | ***emit IKEv2 Nonce Payload: Sep 21 07:34:33.192135: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:34:33.192137: | flags: none (0x0) Sep 21 07:34:33.192140: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:34:33.192143: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:34:33.192146: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:34:33.192148: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:34:33.192151: | IKEv2 nonce 69 b2 73 7a c7 84 5b e0 1f e9 b0 2b a0 ba 1e 51 Sep 21 07:34:33.192153: | IKEv2 nonce bd 4c a8 fd bb 00 41 09 b2 6e af 32 1f ef d2 b8 Sep 21 07:34:33.192156: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:34:33.192158: | Adding a v2N Payload Sep 21 07:34:33.192160: | ***emit IKEv2 Notify Payload: Sep 21 07:34:33.192163: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:33.192165: | flags: none (0x0) Sep 21 07:34:33.192168: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:34:33.192170: | SPI size: 0 (0x0) Sep 21 07:34:33.192173: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:34:33.192176: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:34:33.192179: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:34:33.192181: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:34:33.192185: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:34:33.192187: | natd_hash: rcookie is zero Sep 21 07:34:33.192200: | natd_hash: hasher=0x5587b6dbd7a0(20) Sep 21 07:34:33.192203: | natd_hash: icookie= 08 28 d1 fa 1b 14 67 5f Sep 21 07:34:33.192205: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:34:33.192207: | natd_hash: ip= c0 01 02 2d Sep 21 07:34:33.192210: | natd_hash: port= 01 f4 Sep 21 07:34:33.192212: | natd_hash: hash= 23 4b be d2 b4 c9 2f 2f 37 3e 2b 97 bc 88 4d 6e Sep 21 07:34:33.192214: | natd_hash: hash= 5a 23 a3 cd Sep 21 07:34:33.192216: | Adding a v2N Payload Sep 21 07:34:33.192219: | ***emit IKEv2 Notify Payload: Sep 21 07:34:33.192221: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:33.192223: | flags: none (0x0) Sep 21 07:34:33.192226: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:34:33.192228: | SPI size: 0 (0x0) Sep 21 07:34:33.192230: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:34:33.192233: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:34:33.192236: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:34:33.192239: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:34:33.192241: | Notify data 23 4b be d2 b4 c9 2f 2f 37 3e 2b 97 bc 88 4d 6e Sep 21 07:34:33.192243: | Notify data 5a 23 a3 cd Sep 21 07:34:33.192246: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:34:33.192248: | natd_hash: rcookie is zero Sep 21 07:34:33.192254: | natd_hash: hasher=0x5587b6dbd7a0(20) Sep 21 07:34:33.192258: | natd_hash: icookie= 08 28 d1 fa 1b 14 67 5f Sep 21 07:34:33.192261: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:34:33.192263: | natd_hash: ip= c0 01 02 17 Sep 21 07:34:33.192265: | natd_hash: port= 01 f4 Sep 21 07:34:33.192267: | natd_hash: hash= 14 9c fe 9c c8 d3 f9 1e bb 90 c8 9e 4c 20 3f 6f Sep 21 07:34:33.192270: | natd_hash: hash= da bf 7b 4a Sep 21 07:34:33.192272: | Adding a v2N Payload Sep 21 07:34:33.192274: | ***emit IKEv2 Notify Payload: Sep 21 07:34:33.192276: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:33.192279: | flags: none (0x0) Sep 21 07:34:33.192281: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:34:33.192283: | SPI size: 0 (0x0) Sep 21 07:34:33.192286: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:34:33.192289: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:34:33.192291: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:34:33.192294: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:34:33.192296: | Notify data 14 9c fe 9c c8 d3 f9 1e bb 90 c8 9e 4c 20 3f 6f Sep 21 07:34:33.192298: | Notify data da bf 7b 4a Sep 21 07:34:33.192301: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:34:33.192303: | emitting length of ISAKMP Message: 828 Sep 21 07:34:33.192310: | stop processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:34:33.192319: | start processing: state #1 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:34:33.192323: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:34:33.192326: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:34:33.192330: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:34:33.192332: | Message ID: updating counters for #1 to 4294967295 after switching state Sep 21 07:34:33.192335: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:34:33.192340: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:34:33.192344: "west" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:34:33.192355: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Sep 21 07:34:33.192367: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:34:33.192370: | 08 28 d1 fa 1b 14 67 5f 00 00 00 00 00 00 00 00 Sep 21 07:34:33.192372: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:34:33.192374: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:34:33.192376: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:34:33.192379: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:34:33.192381: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:34:33.192383: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:34:33.192385: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:34:33.192387: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:34:33.192389: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:34:33.192392: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:34:33.192394: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:34:33.192396: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:34:33.192398: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:34:33.192400: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:34:33.192403: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:34:33.192405: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:34:33.192407: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:34:33.192411: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:34:33.192413: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:34:33.192415: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:34:33.192417: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:34:33.192420: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:34:33.192422: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:34:33.192424: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:34:33.192426: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:34:33.192428: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:34:33.192431: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:34:33.192433: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:34:33.192435: | 28 00 01 08 00 0e 00 00 48 bd fd 69 32 a6 4a 2f Sep 21 07:34:33.192437: | 80 80 59 83 e9 e3 9a 95 cc 01 4d ab 89 aa 4e cc Sep 21 07:34:33.192439: | 29 3a 3c e4 d1 3c 0e 75 d4 a9 d0 9a 77 0a 74 7a Sep 21 07:34:33.192442: | 0b 0f f1 9b 07 22 84 eb f2 bd 03 2b 6b fb 3f c1 Sep 21 07:34:33.192444: | 51 ef ab f2 5e 39 e2 92 24 b2 30 4d 93 c9 4b 47 Sep 21 07:34:33.192446: | 09 59 a1 ef 52 4e 19 e0 c7 67 5e 15 c1 ae a1 9b Sep 21 07:34:33.192448: | 9c f7 ed d3 c1 da ba 29 9d 0f 83 f3 ac ce 8c 51 Sep 21 07:34:33.192450: | a8 4e 6c 94 88 12 f5 ba 52 96 a4 4f 7f ab 53 55 Sep 21 07:34:33.192453: | 09 81 b2 04 13 7f 30 41 19 f2 76 a2 59 ac 27 63 Sep 21 07:34:33.192455: | 6f f7 01 12 ae a1 61 1e fa 1c 26 90 2a ca 08 d7 Sep 21 07:34:33.192457: | 44 20 ae f4 da bb 9f ce 91 5a 04 90 bb fe 47 15 Sep 21 07:34:33.192459: | 4b 0d 4f 6a b4 c8 4c b0 7c b4 ba 8b 32 aa fe 87 Sep 21 07:34:33.192461: | 29 aa f6 c7 60 9f 9e b6 04 61 29 2e 5b f0 5f 0f Sep 21 07:34:33.192463: | 91 d1 a9 d4 78 54 9d d9 66 88 61 be d9 cd b8 fd Sep 21 07:34:33.192466: | 64 6a b1 64 2e b6 24 52 79 7c fd c1 84 37 70 52 Sep 21 07:34:33.192468: | 21 a1 c4 30 97 bd 3b 48 2f e7 12 61 a4 a4 e6 63 Sep 21 07:34:33.192470: | 38 e7 83 61 e9 e9 b3 48 29 00 00 24 69 b2 73 7a Sep 21 07:34:33.192472: | c7 84 5b e0 1f e9 b0 2b a0 ba 1e 51 bd 4c a8 fd Sep 21 07:34:33.192475: | bb 00 41 09 b2 6e af 32 1f ef d2 b8 29 00 00 08 Sep 21 07:34:33.192477: | 00 00 40 2e 29 00 00 1c 00 00 40 04 23 4b be d2 Sep 21 07:34:33.192479: | b4 c9 2f 2f 37 3e 2b 97 bc 88 4d 6e 5a 23 a3 cd Sep 21 07:34:33.192481: | 00 00 00 1c 00 00 40 05 14 9c fe 9c c8 d3 f9 1e Sep 21 07:34:33.192483: | bb 90 c8 9e 4c 20 3f 6f da bf 7b 4a Sep 21 07:34:33.192554: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:33.192559: | libevent_free: release ptr-libevent@0x5587b8ad4220 Sep 21 07:34:33.192562: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5587b8ad41e0 Sep 21 07:34:33.192565: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:34:33.192569: | event_schedule: new EVENT_RETRANSMIT-pe@0x5587b8ad41e0 Sep 21 07:34:33.192572: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Sep 21 07:34:33.192575: | libevent_malloc: new ptr-libevent@0x5587b8ad4220 size 128 Sep 21 07:34:33.192581: | #1 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49919.560833 Sep 21 07:34:33.192584: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Sep 21 07:34:33.192590: | #1 spent 1.56 milliseconds in resume sending helper answer Sep 21 07:34:33.192595: | stop processing: state #1 connection "west" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:34:33.192598: | libevent_free: release ptr-libevent@0x7f8244006900 Sep 21 07:34:33.195583: | spent 0.00237 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:33.195603: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:34:33.195606: | 08 28 d1 fa 1b 14 67 5f 72 59 8d c7 25 ee 41 44 Sep 21 07:34:33.195611: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Sep 21 07:34:33.195613: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:34:33.195615: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:34:33.195618: | 04 00 00 0e 28 00 01 08 00 0e 00 00 70 30 b6 ad Sep 21 07:34:33.195620: | 5f 58 25 a0 62 49 0a 3c ed 2c fc 01 67 65 5f 67 Sep 21 07:34:33.195622: | 60 ae 77 e0 7c 7e 25 ab 27 63 ad 52 e2 78 fb e3 Sep 21 07:34:33.195624: | 18 f4 bd 14 4a bf 29 84 3d 74 7e 6d 84 d3 f4 66 Sep 21 07:34:33.195626: | f5 ee 9f 1a 32 9f b7 e3 42 b4 f7 94 74 c9 2d fc Sep 21 07:34:33.195629: | 1d 86 17 de b0 64 bf d2 d7 d9 32 c8 f3 35 c8 b2 Sep 21 07:34:33.195631: | 03 f6 bb ed 7f 57 ad 35 3a 71 a0 8d 1d 36 0c cb Sep 21 07:34:33.195633: | b8 3a 60 09 89 c4 89 af 82 55 ab 26 11 88 2a 97 Sep 21 07:34:33.195635: | 00 8b 47 ff 66 0d a8 80 ae ba 36 b8 f1 16 09 01 Sep 21 07:34:33.195637: | 5b a8 94 41 d5 ce e6 cc 31 52 9c 6c 1a c4 46 e3 Sep 21 07:34:33.195640: | 45 e8 b8 b1 fb 3e bc 55 e5 e2 1a 08 32 d0 47 f2 Sep 21 07:34:33.195642: | eb b4 cd 36 03 ed 27 91 f4 41 ed 57 c5 b4 ea fe Sep 21 07:34:33.195644: | 5e 5b 4d 10 e7 bd b3 9e 42 9d 9f 46 5d 6e e1 f0 Sep 21 07:34:33.195646: | 1b ee 9c b1 40 a3 60 8b 80 0f af 80 de b6 2a a9 Sep 21 07:34:33.195648: | ca eb 47 6d 41 63 85 5a b6 d0 39 26 af 03 b0 14 Sep 21 07:34:33.195651: | 70 64 d6 b9 9c 19 22 4c 9a bc 78 ff b0 09 55 1c Sep 21 07:34:33.195653: | 87 57 8e d4 4a 4f 45 47 3c 19 29 f8 29 00 00 24 Sep 21 07:34:33.195655: | 24 6c 9d 5b 97 f0 5e df 24 6a 9d 0b 19 c7 c3 d2 Sep 21 07:34:33.195657: | d1 f5 4d ed 55 4f ba 34 eb 75 06 89 aa 0e c5 eb Sep 21 07:34:33.195660: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:34:33.195662: | 84 44 aa bb fc 06 fe db 23 0a 6e 7f 29 29 84 f0 Sep 21 07:34:33.195664: | e8 54 72 f2 00 00 00 1c 00 00 40 05 3d c0 24 31 Sep 21 07:34:33.195666: | 70 3d d5 eb 87 a4 8b c6 fb 65 e8 d5 4c b9 80 d8 Sep 21 07:34:33.195671: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:33.195674: | **parse ISAKMP Message: Sep 21 07:34:33.195677: | initiator cookie: Sep 21 07:34:33.195679: | 08 28 d1 fa 1b 14 67 5f Sep 21 07:34:33.195681: | responder cookie: Sep 21 07:34:33.195683: | 72 59 8d c7 25 ee 41 44 Sep 21 07:34:33.195686: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:34:33.195688: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:34:33.195691: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:34:33.195693: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:34:33.195696: | Message ID: 0 (0x0) Sep 21 07:34:33.195698: | length: 432 (0x1b0) Sep 21 07:34:33.195701: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:34:33.195704: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Sep 21 07:34:33.195707: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Sep 21 07:34:33.195713: | start processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:34:33.195717: | [RE]START processing: state #1 connection "west" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:34:33.195720: | #1 is idle Sep 21 07:34:33.195722: | #1 idle Sep 21 07:34:33.195724: | unpacking clear payload Sep 21 07:34:33.195727: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:34:33.195730: | ***parse IKEv2 Security Association Payload: Sep 21 07:34:33.195732: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:34:33.195735: | flags: none (0x0) Sep 21 07:34:33.195737: | length: 40 (0x28) Sep 21 07:34:33.195739: | processing payload: ISAKMP_NEXT_v2SA (len=36) Sep 21 07:34:33.195742: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:34:33.195744: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:34:33.195747: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:34:33.195750: | flags: none (0x0) Sep 21 07:34:33.195753: | length: 264 (0x108) Sep 21 07:34:33.195755: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:34:33.195757: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:34:33.195760: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:34:33.195762: | ***parse IKEv2 Nonce Payload: Sep 21 07:34:33.195764: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:34:33.195767: | flags: none (0x0) Sep 21 07:34:33.195769: | length: 36 (0x24) Sep 21 07:34:33.195771: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:34:33.195773: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:34:33.195776: | ***parse IKEv2 Notify Payload: Sep 21 07:34:33.195778: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:34:33.195780: | flags: none (0x0) Sep 21 07:34:33.195791: | length: 8 (0x8) Sep 21 07:34:33.195796: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:34:33.195798: | SPI size: 0 (0x0) Sep 21 07:34:33.195801: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:34:33.195804: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:34:33.195806: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:34:33.195808: | ***parse IKEv2 Notify Payload: Sep 21 07:34:33.195811: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:34:33.195813: | flags: none (0x0) Sep 21 07:34:33.195815: | length: 28 (0x1c) Sep 21 07:34:33.195817: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:34:33.195820: | SPI size: 0 (0x0) Sep 21 07:34:33.195822: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:34:33.195824: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:34:33.195827: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:34:33.195829: | ***parse IKEv2 Notify Payload: Sep 21 07:34:33.195831: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:33.195833: | flags: none (0x0) Sep 21 07:34:33.195836: | length: 28 (0x1c) Sep 21 07:34:33.195838: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:34:33.195840: | SPI size: 0 (0x0) Sep 21 07:34:33.195843: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:34:33.195845: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:34:33.195847: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Sep 21 07:34:33.195852: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:34:33.195855: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:34:33.195858: | Now let's proceed with state specific processing Sep 21 07:34:33.195860: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:34:33.195864: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Sep 21 07:34:33.195881: | using existing local IKE proposals for connection west (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:34:33.195884: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Sep 21 07:34:33.195887: | local proposal 1 type ENCR has 1 transforms Sep 21 07:34:33.195890: | local proposal 1 type PRF has 2 transforms Sep 21 07:34:33.195892: | local proposal 1 type INTEG has 1 transforms Sep 21 07:34:33.195895: | local proposal 1 type DH has 8 transforms Sep 21 07:34:33.195897: | local proposal 1 type ESN has 0 transforms Sep 21 07:34:33.195902: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:34:33.195904: | local proposal 2 type ENCR has 1 transforms Sep 21 07:34:33.195906: | local proposal 2 type PRF has 2 transforms Sep 21 07:34:33.195909: | local proposal 2 type INTEG has 1 transforms Sep 21 07:34:33.195911: | local proposal 2 type DH has 8 transforms Sep 21 07:34:33.195913: | local proposal 2 type ESN has 0 transforms Sep 21 07:34:33.195916: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:34:33.195919: | local proposal 3 type ENCR has 1 transforms Sep 21 07:34:33.195921: | local proposal 3 type PRF has 2 transforms Sep 21 07:34:33.195923: | local proposal 3 type INTEG has 2 transforms Sep 21 07:34:33.195926: | local proposal 3 type DH has 8 transforms Sep 21 07:34:33.195928: | local proposal 3 type ESN has 0 transforms Sep 21 07:34:33.195931: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:34:33.195933: | local proposal 4 type ENCR has 1 transforms Sep 21 07:34:33.195936: | local proposal 4 type PRF has 2 transforms Sep 21 07:34:33.195938: | local proposal 4 type INTEG has 2 transforms Sep 21 07:34:33.195940: | local proposal 4 type DH has 8 transforms Sep 21 07:34:33.195942: | local proposal 4 type ESN has 0 transforms Sep 21 07:34:33.195945: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:34:33.195948: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:34:33.195950: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:34:33.195953: | length: 36 (0x24) Sep 21 07:34:33.195955: | prop #: 1 (0x1) Sep 21 07:34:33.195957: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:34:33.195959: | spi size: 0 (0x0) Sep 21 07:34:33.195962: | # transforms: 3 (0x3) Sep 21 07:34:33.195965: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:34:33.195968: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:34:33.195970: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.195972: | length: 12 (0xc) Sep 21 07:34:33.195975: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:33.195977: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:34:33.195980: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:34:33.195982: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:33.195985: | length/value: 256 (0x100) Sep 21 07:34:33.195989: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:34:33.195992: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:34:33.195994: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.195996: | length: 8 (0x8) Sep 21 07:34:33.195999: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:34:33.196001: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:34:33.196004: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:34:33.196007: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:34:33.196009: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:33.196012: | length: 8 (0x8) Sep 21 07:34:33.196014: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:33.196016: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:34:33.196019: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:34:33.196023: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:34:33.196027: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:34:33.196030: | remote proposal 1 matches local proposal 1 Sep 21 07:34:33.196033: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Sep 21 07:34:33.196035: | converting proposal to internal trans attrs Sep 21 07:34:33.196051: | natd_hash: hasher=0x5587b6dbd7a0(20) Sep 21 07:34:33.196053: | natd_hash: icookie= 08 28 d1 fa 1b 14 67 5f Sep 21 07:34:33.196056: | natd_hash: rcookie= 72 59 8d c7 25 ee 41 44 Sep 21 07:34:33.196058: | natd_hash: ip= c0 01 02 2d Sep 21 07:34:33.196060: | natd_hash: port= 01 f4 Sep 21 07:34:33.196063: | natd_hash: hash= 3d c0 24 31 70 3d d5 eb 87 a4 8b c6 fb 65 e8 d5 Sep 21 07:34:33.196065: | natd_hash: hash= 4c b9 80 d8 Sep 21 07:34:33.196070: | natd_hash: hasher=0x5587b6dbd7a0(20) Sep 21 07:34:33.196073: | natd_hash: icookie= 08 28 d1 fa 1b 14 67 5f Sep 21 07:34:33.196075: | natd_hash: rcookie= 72 59 8d c7 25 ee 41 44 Sep 21 07:34:33.196077: | natd_hash: ip= c0 01 02 17 Sep 21 07:34:33.196079: | natd_hash: port= 01 f4 Sep 21 07:34:33.196082: | natd_hash: hash= 84 44 aa bb fc 06 fe db 23 0a 6e 7f 29 29 84 f0 Sep 21 07:34:33.196084: | natd_hash: hash= e8 54 72 f2 Sep 21 07:34:33.196086: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:34:33.196088: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:34:33.196090: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:34:33.196093: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:34:33.196099: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:34:33.196103: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Sep 21 07:34:33.196105: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:34:33.196108: | #1 STATE_PARENT_I1: retransmits: cleared Sep 21 07:34:33.196111: | libevent_free: release ptr-libevent@0x5587b8ad4220 Sep 21 07:34:33.196114: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5587b8ad41e0 Sep 21 07:34:33.196117: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5587b8ad41e0 Sep 21 07:34:33.196120: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:34:33.196123: | libevent_malloc: new ptr-libevent@0x5587b8ad4220 size 128 Sep 21 07:34:33.196133: | #1 spent 0.268 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Sep 21 07:34:33.196138: | [RE]START processing: state #1 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:34:33.196140: | crypto helper 1 resuming Sep 21 07:34:33.196142: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Sep 21 07:34:33.196152: | crypto helper 1 starting work-order 2 for state #1 Sep 21 07:34:33.196158: | suspending state #1 and saving MD Sep 21 07:34:33.196165: | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Sep 21 07:34:33.196170: | #1 is busy; has a suspended MD Sep 21 07:34:33.196180: | [RE]START processing: state #1 connection "west" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:34:33.196184: | "west" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:34:33.196188: | stop processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:34:33.196193: | #1 spent 0.581 milliseconds in ikev2_process_packet() Sep 21 07:34:33.196197: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:34:33.196199: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:34:33.196202: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:33.196206: | spent 0.594 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:33.197045: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:34:33.197386: | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001221 seconds Sep 21 07:34:33.197393: | (#1) spent 1.22 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Sep 21 07:34:33.197395: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Sep 21 07:34:33.197397: | scheduling resume sending helper answer for #1 Sep 21 07:34:33.197401: | libevent_malloc: new ptr-libevent@0x7f823c006b90 size 128 Sep 21 07:34:33.197408: | crypto helper 1 waiting (nothing to do) Sep 21 07:34:33.197416: | processing resume sending helper answer for #1 Sep 21 07:34:33.197421: | start processing: state #1 connection "west" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:34:33.197424: | crypto helper 1 replies to request ID 2 Sep 21 07:34:33.197426: | calling continuation function 0x5587b6ce7630 Sep 21 07:34:33.197428: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Sep 21 07:34:33.197433: | creating state object #2 at 0x5587b8ad6a80 Sep 21 07:34:33.197435: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:34:33.197437: | pstats #2 ikev2.child started Sep 21 07:34:33.197439: | duplicating state object #1 "west" as #2 for IPSEC SA Sep 21 07:34:33.197442: | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:34:33.197448: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:34:33.197452: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Sep 21 07:34:33.197457: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Sep 21 07:34:33.197460: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:33.197463: | libevent_free: release ptr-libevent@0x5587b8ad4220 Sep 21 07:34:33.197466: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5587b8ad41e0 Sep 21 07:34:33.197469: | event_schedule: new EVENT_SA_REPLACE-pe@0x5587b8ad41e0 Sep 21 07:34:33.197473: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Sep 21 07:34:33.197475: | libevent_malloc: new ptr-libevent@0x5587b8ad4220 size 128 Sep 21 07:34:33.197479: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Sep 21 07:34:33.197485: | **emit ISAKMP Message: Sep 21 07:34:33.197488: | initiator cookie: Sep 21 07:34:33.197490: | 08 28 d1 fa 1b 14 67 5f Sep 21 07:34:33.197493: | responder cookie: Sep 21 07:34:33.197495: | 72 59 8d c7 25 ee 41 44 Sep 21 07:34:33.197498: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.197501: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:34:33.197503: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:34:33.197506: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:34:33.197509: | Message ID: 1 (0x1) Sep 21 07:34:33.197512: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:33.197515: | ***emit IKEv2 Encryption Payload: Sep 21 07:34:33.197517: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:33.197520: | flags: none (0x0) Sep 21 07:34:33.197523: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:34:33.197526: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:34:33.197529: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:34:33.197537: | IKEv2 CERT: send a certificate? Sep 21 07:34:33.197541: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Sep 21 07:34:33.197543: | IDr payload will be sent Sep 21 07:34:33.197557: | ****emit IKEv2 Identification - Initiator - Payload: Sep 21 07:34:33.197561: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:33.197563: | flags: none (0x0) Sep 21 07:34:33.197566: | ID type: ID_FQDN (0x2) Sep 21 07:34:33.197569: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Sep 21 07:34:33.197572: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:34:33.197578: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Sep 21 07:34:33.197580: | my identity 77 65 73 74 Sep 21 07:34:33.197583: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Sep 21 07:34:33.197591: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:34:33.197595: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:34:33.197597: | flags: none (0x0) Sep 21 07:34:33.197600: | ID type: ID_FQDN (0x2) Sep 21 07:34:33.197602: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Sep 21 07:34:33.197605: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:34:33.197608: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:34:33.197611: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Sep 21 07:34:33.197614: | IDr 65 61 73 74 Sep 21 07:34:33.197616: | emitting length of IKEv2 Identification - Responder - Payload: 12 Sep 21 07:34:33.197618: | not sending INITIAL_CONTACT Sep 21 07:34:33.197621: | ****emit IKEv2 Authentication Payload: Sep 21 07:34:33.197624: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:33.197626: | flags: none (0x0) Sep 21 07:34:33.197629: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:34:33.197631: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:34:33.197634: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:34:33.197638: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Sep 21 07:34:33.197642: | started looking for secret for @west->@east of kind PKK_PSK Sep 21 07:34:33.197645: | actually looking for secret for @west->@east of kind PKK_PSK Sep 21 07:34:33.197648: | line 1: key type PKK_PSK(@west) to type PKK_PSK Sep 21 07:34:33.197653: | 1: compared key @east to @west / @east -> 004 Sep 21 07:34:33.197656: | 2: compared key @west to @west / @east -> 014 Sep 21 07:34:33.197658: | line 1: match=014 Sep 21 07:34:33.197661: | match 014 beats previous best_match 000 match=0x5587b8ac5180 (line=1) Sep 21 07:34:33.197664: | concluding with best_match=014 best=0x5587b8ac5180 (lineno=1) Sep 21 07:34:33.197728: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Sep 21 07:34:33.197732: | PSK auth 99 90 9b e4 46 6b 2f 93 a3 f6 e7 3e d2 82 fd 0e Sep 21 07:34:33.197734: | PSK auth 8c 32 2a 20 34 ff 6c 4a c7 43 b3 bb 69 1b d4 c4 Sep 21 07:34:33.197737: | PSK auth e0 d8 a3 24 1f 45 17 67 a3 99 f7 4a 0f 1d 84 6d Sep 21 07:34:33.197739: | PSK auth ec d6 57 8a 04 07 d2 71 32 08 80 8b 63 ee 81 24 Sep 21 07:34:33.197741: | emitting length of IKEv2 Authentication Payload: 72 Sep 21 07:34:33.197744: | getting first pending from state #1 Sep 21 07:34:33.197762: | netlink_get_spi: allocated 0x1737e355 for esp.0@192.1.2.45 Sep 21 07:34:33.197766: | constructing ESP/AH proposals with all DH removed for west (IKE SA initiator emitting ESP/AH proposals) Sep 21 07:34:33.197772: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:34:33.197778: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:34:33.197781: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:34:33.197788: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:34:33.197795: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:34:33.197800: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:34:33.197805: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:34:33.197809: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:34:33.197814: "west": constructed local ESP/AH proposals for west (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:34:33.197822: | Emitting ikev2_proposals ... Sep 21 07:34:33.197824: | ****emit IKEv2 Security Association Payload: Sep 21 07:34:33.197826: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:33.197828: | flags: none (0x0) Sep 21 07:34:33.197831: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:34:33.197834: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:34:33.197837: | discarding INTEG=NONE Sep 21 07:34:33.197839: | discarding DH=NONE Sep 21 07:34:33.197841: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:34:33.197843: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:33.197844: | prop #: 1 (0x1) Sep 21 07:34:33.197846: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:34:33.197847: | spi size: 4 (0x4) Sep 21 07:34:33.197848: | # transforms: 2 (0x2) Sep 21 07:34:33.197850: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:34:33.197852: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:34:33.197854: | our spi 17 37 e3 55 Sep 21 07:34:33.197855: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.197857: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.197858: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:33.197860: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:34:33.197862: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.197863: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:34:33.197865: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:33.197867: | length/value: 256 (0x100) Sep 21 07:34:33.197868: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:34:33.197870: | discarding INTEG=NONE Sep 21 07:34:33.197871: | discarding DH=NONE Sep 21 07:34:33.197873: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.197874: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:33.197876: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:34:33.197877: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:34:33.197879: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.197881: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.197882: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.197884: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:34:33.197885: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:34:33.197887: | discarding INTEG=NONE Sep 21 07:34:33.197888: | discarding DH=NONE Sep 21 07:34:33.197890: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:34:33.197891: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:33.197893: | prop #: 2 (0x2) Sep 21 07:34:33.197894: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:34:33.197895: | spi size: 4 (0x4) Sep 21 07:34:33.197898: | # transforms: 2 (0x2) Sep 21 07:34:33.197900: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:33.197902: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:34:33.197904: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:34:33.197905: | our spi 17 37 e3 55 Sep 21 07:34:33.197907: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.197908: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.197909: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:33.197911: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:34:33.197913: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.197914: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:34:33.197916: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:33.197917: | length/value: 128 (0x80) Sep 21 07:34:33.197919: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:34:33.197920: | discarding INTEG=NONE Sep 21 07:34:33.197921: | discarding DH=NONE Sep 21 07:34:33.197923: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.197924: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:33.197926: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:34:33.197927: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:34:33.197929: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.197931: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.197932: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.197934: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:34:33.197935: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:34:33.197937: | discarding DH=NONE Sep 21 07:34:33.197938: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:34:33.197939: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:33.197941: | prop #: 3 (0x3) Sep 21 07:34:33.197942: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:34:33.197944: | spi size: 4 (0x4) Sep 21 07:34:33.197945: | # transforms: 4 (0x4) Sep 21 07:34:33.197947: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:33.197949: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:34:33.197950: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:34:33.197952: | our spi 17 37 e3 55 Sep 21 07:34:33.197953: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.197954: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.197956: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:33.197957: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:34:33.197959: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.197961: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:34:33.197962: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:33.197963: | length/value: 256 (0x100) Sep 21 07:34:33.197965: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:34:33.197966: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.197968: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.197969: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:34:33.197971: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:34:33.197973: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.197975: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.197977: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.197978: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.197979: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.197981: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:34:33.197982: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:34:33.197984: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.197986: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.197987: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.197989: | discarding DH=NONE Sep 21 07:34:33.197990: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.197991: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:33.197993: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:34:33.197994: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:34:33.197996: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.197998: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.197999: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.198001: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:34:33.198002: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:34:33.198004: | discarding DH=NONE Sep 21 07:34:33.198005: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:34:33.198006: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:34:33.198008: | prop #: 4 (0x4) Sep 21 07:34:33.198009: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:34:33.198011: | spi size: 4 (0x4) Sep 21 07:34:33.198012: | # transforms: 4 (0x4) Sep 21 07:34:33.198014: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:33.198016: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:34:33.198017: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:34:33.198019: | our spi 17 37 e3 55 Sep 21 07:34:33.198020: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.198021: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.198023: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:33.198024: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:34:33.198026: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.198027: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:34:33.198029: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:33.198030: | length/value: 128 (0x80) Sep 21 07:34:33.198032: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:34:33.198033: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.198035: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.198036: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:34:33.198037: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:34:33.198040: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.198042: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.198043: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.198045: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.198046: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.198047: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:34:33.198049: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:34:33.198051: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.198052: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.198054: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.198055: | discarding DH=NONE Sep 21 07:34:33.198056: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:33.198058: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:33.198059: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:34:33.198061: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:34:33.198062: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.198064: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:33.198066: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:33.198067: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:34:33.198069: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:34:33.198070: | emitting length of IKEv2 Security Association Payload: 164 Sep 21 07:34:33.198072: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:34:33.198074: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:34:33.198076: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:33.198077: | flags: none (0x0) Sep 21 07:34:33.198079: | number of TS: 1 (0x1) Sep 21 07:34:33.198081: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:34:33.198082: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:34:33.198084: | *****emit IKEv2 Traffic Selector: Sep 21 07:34:33.198086: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:34:33.198087: | IP Protocol ID: 0 (0x0) Sep 21 07:34:33.198089: | start port: 0 (0x0) Sep 21 07:34:33.198090: | end port: 65535 (0xffff) Sep 21 07:34:33.198092: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:34:33.198093: | IP start c0 00 01 00 Sep 21 07:34:33.198095: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:34:33.198096: | IP end c0 00 01 ff Sep 21 07:34:33.198098: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:34:33.198099: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:34:33.198101: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:34:33.198102: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:33.198104: | flags: none (0x0) Sep 21 07:34:33.198105: | number of TS: 1 (0x1) Sep 21 07:34:33.198107: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:34:33.198110: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:34:33.198111: | *****emit IKEv2 Traffic Selector: Sep 21 07:34:33.198113: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:34:33.198114: | IP Protocol ID: 0 (0x0) Sep 21 07:34:33.198115: | start port: 0 (0x0) Sep 21 07:34:33.198117: | end port: 65535 (0xffff) Sep 21 07:34:33.198118: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:34:33.198120: | IP start c0 00 02 00 Sep 21 07:34:33.198121: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:34:33.198123: | IP end c0 00 02 ff Sep 21 07:34:33.198124: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:34:33.198125: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:34:33.198127: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:34:33.198129: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:34:33.198131: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:34:33.198132: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:34:33.198134: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:34:33.198136: | emitting length of IKEv2 Encryption Payload: 337 Sep 21 07:34:33.198137: | emitting length of ISAKMP Message: 365 Sep 21 07:34:33.198150: | suspend processing: state #1 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:34:33.198153: | start processing: state #2 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:34:33.198156: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Sep 21 07:34:33.198157: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Sep 21 07:34:33.198160: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Sep 21 07:34:33.198161: | Message ID: updating counters for #2 to 0 after switching state Sep 21 07:34:33.198164: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Sep 21 07:34:33.198167: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Sep 21 07:34:33.198170: "west" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:34:33.198178: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Sep 21 07:34:33.198183: | sending 365 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:34:33.198186: | 08 28 d1 fa 1b 14 67 5f 72 59 8d c7 25 ee 41 44 Sep 21 07:34:33.198188: | 2e 20 23 08 00 00 00 01 00 00 01 6d 23 00 01 51 Sep 21 07:34:33.198190: | 3b 16 dd 03 d0 17 1d 08 d8 5c 40 58 38 a4 91 0a Sep 21 07:34:33.198192: | e8 97 2b 3f 09 52 55 cb 51 8c 10 f9 72 8f e8 fb Sep 21 07:34:33.198194: | c7 da 00 3e 6f fe e9 5f 98 22 fc 92 36 94 1d 18 Sep 21 07:34:33.198196: | d0 97 06 4e b1 c5 74 70 67 be c8 50 17 2a 07 81 Sep 21 07:34:33.198198: | d2 ed 5d 48 78 3f e0 8e 65 db 6b d9 a3 5c 7d 7b Sep 21 07:34:33.198199: | 01 22 6a a1 8b 88 32 9e 60 c6 d6 e3 08 f2 bd 2c Sep 21 07:34:33.198202: | 2c 8d 40 61 6f 73 0e 5a 88 8f ba 9c 04 1c aa 1a Sep 21 07:34:33.198203: | 1e e2 b5 35 21 bc 72 9e 09 30 ae df 69 f0 1e 0b Sep 21 07:34:33.198206: | a7 f5 45 b2 1f 8e 57 19 d1 bb 46 20 ac d2 f6 39 Sep 21 07:34:33.198208: | c9 c1 86 7b 4d c0 53 39 5e 9d 1e 63 d5 e7 3f 84 Sep 21 07:34:33.198210: | 0c 97 cd c2 e2 9d 6f 97 f3 99 a2 dd d4 df 6c 97 Sep 21 07:34:33.198212: | 3e f7 5f 63 a6 12 d3 4e 40 d7 f6 78 cb 5b 4b df Sep 21 07:34:33.198215: | 93 29 be 82 cb 2b 24 61 b9 fe 6c f6 e6 c8 b0 d3 Sep 21 07:34:33.198218: | a1 16 e1 89 7c 42 7c 2c 0c 35 a4 0c d3 d6 81 8e Sep 21 07:34:33.198220: | 46 35 9a ba b6 f2 50 fc 31 ac 2f 01 b7 be ee b0 Sep 21 07:34:33.198222: | 9b 3e 37 9d a9 e3 67 07 af 01 6a 25 a3 12 78 f7 Sep 21 07:34:33.198224: | ce 68 4e 83 1d 94 24 a6 f6 9a da 2d 83 ee 5c 3b Sep 21 07:34:33.198226: | 99 5b d0 f3 00 08 0a 9b b5 e6 f7 5b dd 6c 34 a1 Sep 21 07:34:33.198227: | ee 76 84 b3 8e d2 28 be ca 86 01 98 8c e8 6f d1 Sep 21 07:34:33.198229: | ea 46 d8 d5 6f f5 ed 37 87 b2 e7 27 b2 d2 28 f0 Sep 21 07:34:33.198231: | c8 5f e1 bb 40 6a 1f 9d 3f a0 cd 2e 6a Sep 21 07:34:33.198267: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:34:33.198272: | event_schedule: new EVENT_RETRANSMIT-pe@0x5587b8ad3e80 Sep 21 07:34:33.198276: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Sep 21 07:34:33.198280: | libevent_malloc: new ptr-libevent@0x5587b8ad7540 size 128 Sep 21 07:34:33.198285: | #2 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49919.566536 Sep 21 07:34:33.198288: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:34:33.198294: | #1 spent 0.848 milliseconds in resume sending helper answer Sep 21 07:34:33.198297: | stop processing: state #2 connection "west" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:34:33.198299: | libevent_free: release ptr-libevent@0x7f823c006b90 Sep 21 07:34:33.245972: | spent 0.00293 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:33.245992: | *received 225 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:34:33.245996: | 08 28 d1 fa 1b 14 67 5f 72 59 8d c7 25 ee 41 44 Sep 21 07:34:33.245999: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Sep 21 07:34:33.246001: | 0c 44 a4 ba 52 07 bb d3 05 4a 10 20 fd 72 df 3c Sep 21 07:34:33.246003: | b1 9f 7f 08 15 36 7d 12 e2 83 09 87 5a a0 36 ee Sep 21 07:34:33.246006: | 7d 6b e6 b9 5d 0b 46 8f 52 c2 7e 26 01 04 19 4a Sep 21 07:34:33.246008: | 95 d4 f2 9b 9f 94 bd ea 93 b0 b8 5a d6 04 df b8 Sep 21 07:34:33.246010: | e6 21 f0 e1 6b fc ed 2d 38 26 51 89 5d 54 05 29 Sep 21 07:34:33.246013: | 65 f3 32 2e 5d 82 61 b4 7a 34 45 42 b6 35 93 6d Sep 21 07:34:33.246015: | 93 d9 62 a4 f9 38 8f 55 91 46 8f e6 0c a8 9f d3 Sep 21 07:34:33.246017: | 70 38 0b f6 75 fd 58 a4 de 87 e7 f1 a5 3c bf 0c Sep 21 07:34:33.246020: | 16 c4 a6 de a7 73 a6 74 79 a3 81 fd 82 e3 ca b1 Sep 21 07:34:33.246022: | 8c 0a 52 17 49 af 90 11 0a 71 91 fb 8b 16 c4 54 Sep 21 07:34:33.246024: | db f2 2a 49 bb 3b 8b 9a 6f 26 cb 3c 35 24 59 f0 Sep 21 07:34:33.246027: | 8e 34 f4 e1 f4 49 63 1c 7b be e5 d0 3a 13 f9 40 Sep 21 07:34:33.246029: | 2d Sep 21 07:34:33.246034: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:33.246050: | **parse ISAKMP Message: Sep 21 07:34:33.246052: | initiator cookie: Sep 21 07:34:33.246055: | 08 28 d1 fa 1b 14 67 5f Sep 21 07:34:33.246057: | responder cookie: Sep 21 07:34:33.246059: | 72 59 8d c7 25 ee 41 44 Sep 21 07:34:33.246062: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:34:33.246064: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:34:33.246067: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:34:33.246069: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:34:33.246072: | Message ID: 1 (0x1) Sep 21 07:34:33.246074: | length: 225 (0xe1) Sep 21 07:34:33.246077: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:34:33.246080: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:34:33.246083: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:34:33.246089: | start processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:34:33.246095: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:34:33.246099: | suspend processing: state #1 connection "west" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:34:33.246104: | start processing: state #2 connection "west" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:34:33.246106: | #2 is idle Sep 21 07:34:33.246108: | #2 idle Sep 21 07:34:33.246110: | unpacking clear payload Sep 21 07:34:33.246113: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:34:33.246116: | ***parse IKEv2 Encryption Payload: Sep 21 07:34:33.246118: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:34:33.246120: | flags: none (0x0) Sep 21 07:34:33.246122: | length: 197 (0xc5) Sep 21 07:34:33.246125: | processing payload: ISAKMP_NEXT_v2SK (len=193) Sep 21 07:34:33.246127: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:34:33.246142: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:34:33.246145: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:34:33.246147: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:34:33.246150: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:34:33.246152: | flags: none (0x0) Sep 21 07:34:33.246154: | length: 12 (0xc) Sep 21 07:34:33.246156: | ID type: ID_FQDN (0x2) Sep 21 07:34:33.246159: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Sep 21 07:34:33.246161: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:34:33.246163: | **parse IKEv2 Authentication Payload: Sep 21 07:34:33.246166: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:34:33.246168: | flags: none (0x0) Sep 21 07:34:33.246170: | length: 72 (0x48) Sep 21 07:34:33.246172: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:34:33.246175: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Sep 21 07:34:33.246177: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:34:33.246179: | **parse IKEv2 Security Association Payload: Sep 21 07:34:33.246182: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:34:33.246184: | flags: none (0x0) Sep 21 07:34:33.246186: | length: 36 (0x24) Sep 21 07:34:33.246188: | processing payload: ISAKMP_NEXT_v2SA (len=32) Sep 21 07:34:33.246190: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:34:33.246193: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:34:33.246195: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:34:33.246197: | flags: none (0x0) Sep 21 07:34:33.246199: | length: 24 (0x18) Sep 21 07:34:33.246201: | number of TS: 1 (0x1) Sep 21 07:34:33.246204: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:34:33.246206: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:34:33.246208: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:34:33.246210: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:33.246213: | flags: none (0x0) Sep 21 07:34:33.246215: | length: 24 (0x18) Sep 21 07:34:33.246217: | number of TS: 1 (0x1) Sep 21 07:34:33.246219: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:34:33.246222: | selected state microcode Initiator: process IKE_AUTH response Sep 21 07:34:33.246224: | Now let's proceed with state specific processing Sep 21 07:34:33.246227: | calling processor Initiator: process IKE_AUTH response Sep 21 07:34:33.246232: | offered CA: '%none' Sep 21 07:34:33.246235: "west" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Sep 21 07:34:33.246285: | verifying AUTH payload Sep 21 07:34:33.246289: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Sep 21 07:34:33.246294: | started looking for secret for @west->@east of kind PKK_PSK Sep 21 07:34:33.246296: | actually looking for secret for @west->@east of kind PKK_PSK Sep 21 07:34:33.246300: | line 1: key type PKK_PSK(@west) to type PKK_PSK Sep 21 07:34:33.246303: | 1: compared key @east to @west / @east -> 004 Sep 21 07:34:33.246307: | 2: compared key @west to @west / @east -> 014 Sep 21 07:34:33.246324: | line 1: match=014 Sep 21 07:34:33.246326: | match 014 beats previous best_match 000 match=0x5587b8ac5180 (line=1) Sep 21 07:34:33.246329: | concluding with best_match=014 best=0x5587b8ac5180 (lineno=1) Sep 21 07:34:33.246389: "west" #2: Authenticated using authby=secret Sep 21 07:34:33.246398: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Sep 21 07:34:33.246415: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Sep 21 07:34:33.246418: | state #1 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:34:33.246421: | libevent_free: release ptr-libevent@0x5587b8ad4220 Sep 21 07:34:33.246424: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5587b8ad41e0 Sep 21 07:34:33.246427: | event_schedule: new EVENT_SA_REKEY-pe@0x5587b8ad41e0 Sep 21 07:34:33.246430: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Sep 21 07:34:33.246433: | libevent_malloc: new ptr-libevent@0x5587b8ad4220 size 128 Sep 21 07:34:33.246519: | pstats #1 ikev2.ike established Sep 21 07:34:33.246524: | TSi: parsing 1 traffic selectors Sep 21 07:34:33.246527: | ***parse IKEv2 Traffic Selector: Sep 21 07:34:33.246530: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:34:33.246532: | IP Protocol ID: 0 (0x0) Sep 21 07:34:33.246534: | length: 16 (0x10) Sep 21 07:34:33.246536: | start port: 0 (0x0) Sep 21 07:34:33.246539: | end port: 65535 (0xffff) Sep 21 07:34:33.246542: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:34:33.246544: | TS low c0 00 01 00 Sep 21 07:34:33.246546: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:34:33.246549: | TS high c0 00 01 ff Sep 21 07:34:33.246551: | TSi: parsed 1 traffic selectors Sep 21 07:34:33.246553: | TSr: parsing 1 traffic selectors Sep 21 07:34:33.246556: | ***parse IKEv2 Traffic Selector: Sep 21 07:34:33.246558: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:34:33.246560: | IP Protocol ID: 0 (0x0) Sep 21 07:34:33.246563: | length: 16 (0x10) Sep 21 07:34:33.246565: | start port: 0 (0x0) Sep 21 07:34:33.246567: | end port: 65535 (0xffff) Sep 21 07:34:33.246569: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:34:33.246571: | TS low c0 00 02 00 Sep 21 07:34:33.246574: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:34:33.246576: | TS high c0 00 02 ff Sep 21 07:34:33.246578: | TSr: parsed 1 traffic selectors Sep 21 07:34:33.246584: | evaluating our conn="west" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:34:33.246589: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:34:33.246596: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Sep 21 07:34:33.246599: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:34:33.246601: | TSi[0] port match: YES fitness 65536 Sep 21 07:34:33.246604: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:34:33.246607: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:34:33.246612: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:34:33.246617: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:34:33.246620: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:34:33.246622: | TSr[0] port match: YES fitness 65536 Sep 21 07:34:33.246625: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:34:33.246628: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:34:33.246630: | best fit so far: TSi[0] TSr[0] Sep 21 07:34:33.246632: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:34:33.246635: | printing contents struct traffic_selector Sep 21 07:34:33.246637: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:34:33.246639: | ipprotoid: 0 Sep 21 07:34:33.246641: | port range: 0-65535 Sep 21 07:34:33.246647: | ip range: 192.0.1.0-192.0.1.255 Sep 21 07:34:33.246649: | printing contents struct traffic_selector Sep 21 07:34:33.246651: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:34:33.246654: | ipprotoid: 0 Sep 21 07:34:33.246656: | port range: 0-65535 Sep 21 07:34:33.246660: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:34:33.246672: | using existing local ESP/AH proposals for west (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:34:33.246675: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Sep 21 07:34:33.246679: | local proposal 1 type ENCR has 1 transforms Sep 21 07:34:33.246681: | local proposal 1 type PRF has 0 transforms Sep 21 07:34:33.246684: | local proposal 1 type INTEG has 1 transforms Sep 21 07:34:33.246686: | local proposal 1 type DH has 1 transforms Sep 21 07:34:33.246688: | local proposal 1 type ESN has 1 transforms Sep 21 07:34:33.246692: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:34:33.246694: | local proposal 2 type ENCR has 1 transforms Sep 21 07:34:33.246697: | local proposal 2 type PRF has 0 transforms Sep 21 07:34:33.246706: | local proposal 2 type INTEG has 1 transforms Sep 21 07:34:33.246708: | local proposal 2 type DH has 1 transforms Sep 21 07:34:33.246711: | local proposal 2 type ESN has 1 transforms Sep 21 07:34:33.246715: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:34:33.246718: | local proposal 3 type ENCR has 1 transforms Sep 21 07:34:33.246720: | local proposal 3 type PRF has 0 transforms Sep 21 07:34:33.246723: | local proposal 3 type INTEG has 2 transforms Sep 21 07:34:33.246725: | local proposal 3 type DH has 1 transforms Sep 21 07:34:33.246727: | local proposal 3 type ESN has 1 transforms Sep 21 07:34:33.246730: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:34:33.246732: | local proposal 4 type ENCR has 1 transforms Sep 21 07:34:33.246735: | local proposal 4 type PRF has 0 transforms Sep 21 07:34:33.246737: | local proposal 4 type INTEG has 2 transforms Sep 21 07:34:33.246739: | local proposal 4 type DH has 1 transforms Sep 21 07:34:33.246742: | local proposal 4 type ESN has 1 transforms Sep 21 07:34:33.246744: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:34:33.246747: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:34:33.246750: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:34:33.246752: | length: 32 (0x20) Sep 21 07:34:33.246754: | prop #: 1 (0x1) Sep 21 07:34:33.246757: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:34:33.246759: | spi size: 4 (0x4) Sep 21 07:34:33.246761: | # transforms: 2 (0x2) Sep 21 07:34:33.246765: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:34:33.246767: | remote SPI 6d 5c ed 15 Sep 21 07:34:33.246770: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:34:33.246773: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:34:33.246775: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:33.246777: | length: 12 (0xc) Sep 21 07:34:33.246780: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:33.246782: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:34:33.246805: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:34:33.246808: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:33.246822: | length/value: 256 (0x100) Sep 21 07:34:33.246827: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:34:33.246829: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:34:33.246832: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:33.246837: | length: 8 (0x8) Sep 21 07:34:33.246840: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:34:33.246842: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:34:33.246845: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:34:33.246848: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Sep 21 07:34:33.246852: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Sep 21 07:34:33.246855: | remote proposal 1 matches local proposal 1 Sep 21 07:34:33.246858: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Sep 21 07:34:33.246862: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=6d5ced15;ENCR=AES_GCM_C_256;ESN=DISABLED Sep 21 07:34:33.246865: | converting proposal to internal trans attrs Sep 21 07:34:33.246870: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:34:33.247057: | #1 spent 1.05 milliseconds Sep 21 07:34:33.247060: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:34:33.247063: | could_route called for west (kind=CK_PERMANENT) Sep 21 07:34:33.247066: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:33.247069: | conn west mark 0/00000000, 0/00000000 vs Sep 21 07:34:33.247071: | conn west mark 0/00000000, 0/00000000 Sep 21 07:34:33.247076: | route owner of "west" unrouted: NULL; eroute owner: NULL Sep 21 07:34:33.247080: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:34:33.247083: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:34:33.247085: | AES_GCM_16 requires 4 salt bytes Sep 21 07:34:33.247088: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:34:33.247092: | setting IPsec SA replay-window to 32 Sep 21 07:34:33.247095: | NIC esp-hw-offload not for connection 'west' not available on interface eth1 Sep 21 07:34:33.247098: | netlink: enabling tunnel mode Sep 21 07:34:33.247100: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:33.247103: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:33.247184: | netlink response for Add SA esp.6d5ced15@192.1.2.23 included non-error error Sep 21 07:34:33.247203: | set up outgoing SA, ref=0/0 Sep 21 07:34:33.247206: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:34:33.247209: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:34:33.247211: | AES_GCM_16 requires 4 salt bytes Sep 21 07:34:33.247214: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:34:33.247217: | setting IPsec SA replay-window to 32 Sep 21 07:34:33.247219: | NIC esp-hw-offload not for connection 'west' not available on interface eth1 Sep 21 07:34:33.247222: | netlink: enabling tunnel mode Sep 21 07:34:33.247224: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:33.247227: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:33.247275: | netlink response for Add SA esp.1737e355@192.1.2.45 included non-error error Sep 21 07:34:33.247279: | priority calculation of connection "west" is 0xfe7e7 Sep 21 07:34:33.247298: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) Sep 21 07:34:33.247301: | IPsec Sa SPD priority set to 1042407 Sep 21 07:34:33.247359: | raw_eroute result=success Sep 21 07:34:33.247362: | set up incoming SA, ref=0/0 Sep 21 07:34:33.247364: | sr for #2: unrouted Sep 21 07:34:33.247380: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:34:33.247382: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:33.247385: | conn west mark 0/00000000, 0/00000000 vs Sep 21 07:34:33.247400: | conn west mark 0/00000000, 0/00000000 Sep 21 07:34:33.247403: | route owner of "west" unrouted: NULL; eroute owner: NULL Sep 21 07:34:33.247407: | route_and_eroute with c: west (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:34:33.247412: | priority calculation of connection "west" is 0xfe7e7 Sep 21 07:34:33.247419: | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:34:33.247422: | IPsec Sa SPD priority set to 1042407 Sep 21 07:34:33.247444: | raw_eroute result=success Sep 21 07:34:33.247447: | running updown command "ipsec _updown" for verb up Sep 21 07:34:33.247450: | command executing up-client Sep 21 07:34:33.247476: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6d5ced15 SPI_OUT=0x Sep 21 07:34:33.247479: | popen cmd is 1023 chars long Sep 21 07:34:33.247482: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTERFA: Sep 21 07:34:33.247484: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' : Sep 21 07:34:33.247487: | cmd( 160):PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_M: Sep 21 07:34:33.247489: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638: Sep 21 07:34:33.247492: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_: Sep 21 07:34:33.247494: | cmd( 400):CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK=': Sep 21 07:34:33.247497: | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: Sep 21 07:34:33.247499: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+: Sep 21 07:34:33.247502: | cmd( 640):IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL: Sep 21 07:34:33.247504: | cmd( 720):UTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS: Sep 21 07:34:33.247507: | cmd( 800):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU: Sep 21 07:34:33.247509: | cmd( 880):TO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR: Sep 21 07:34:33.247512: | cmd( 960):ED='no' SPI_IN=0x6d5ced15 SPI_OUT=0x1737e355 ipsec _updown 2>&1: Sep 21 07:34:33.258275: | route_and_eroute: firewall_notified: true Sep 21 07:34:33.258285: | running updown command "ipsec _updown" for verb prepare Sep 21 07:34:33.258288: | command executing prepare-client Sep 21 07:34:33.258309: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6d5ced15 Sep 21 07:34:33.258314: | popen cmd is 1028 chars long Sep 21 07:34:33.258316: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_IN: Sep 21 07:34:33.258318: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: Sep 21 07:34:33.258319: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: Sep 21 07:34:33.258321: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: Sep 21 07:34:33.258322: | cmd( 320):'16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_: Sep 21 07:34:33.258324: | cmd( 400):PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_M: Sep 21 07:34:33.258325: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': Sep 21 07:34:33.258327: | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: Sep 21 07:34:33.258328: | cmd( 640):S+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: Sep 21 07:34:33.258330: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: Sep 21 07:34:33.258331: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: Sep 21 07:34:33.258333: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: Sep 21 07:34:33.258334: | cmd( 960):_SHARED='no' SPI_IN=0x6d5ced15 SPI_OUT=0x1737e355 ipsec _updown 2>&1: Sep 21 07:34:33.267818: | running updown command "ipsec _updown" for verb route Sep 21 07:34:33.267837: | command executing route-client Sep 21 07:34:33.267869: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6d5ced15 SPI_ Sep 21 07:34:33.267872: | popen cmd is 1026 chars long Sep 21 07:34:33.267875: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTE: Sep 21 07:34:33.267878: | cmd( 80):RFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@wes: Sep 21 07:34:33.267880: | cmd( 160):t' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIEN: Sep 21 07:34:33.267883: | cmd( 240):T_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1: Sep 21 07:34:33.267885: | cmd( 320):6388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PE: Sep 21 07:34:33.267888: | cmd( 400):ER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MAS: Sep 21 07:34:33.267890: | cmd( 480):K='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' P: Sep 21 07:34:33.267893: | cmd( 560):LUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+: Sep 21 07:34:33.267899: | cmd( 640):UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT': Sep 21 07:34:33.267902: | cmd( 720): PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: Sep 21 07:34:33.267904: | cmd( 800):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : Sep 21 07:34:33.267907: | cmd( 880):PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: Sep 21 07:34:33.267909: | cmd( 960):HARED='no' SPI_IN=0x6d5ced15 SPI_OUT=0x1737e355 ipsec _updown 2>&1: Sep 21 07:34:33.285135: | route_and_eroute: instance "west", setting eroute_owner {spd=0x5587b8ad0ab0,sr=0x5587b8ad0ab0} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:34:33.285230: | #1 spent 0.954 milliseconds in install_ipsec_sa() Sep 21 07:34:33.285237: | inR2: instance west[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:34:33.285240: | state #2 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:34:33.285243: | #2 STATE_PARENT_I2: retransmits: cleared Sep 21 07:34:33.285248: | libevent_free: release ptr-libevent@0x5587b8ad7540 Sep 21 07:34:33.285251: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5587b8ad3e80 Sep 21 07:34:33.285256: | #2 spent 1.78 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Sep 21 07:34:33.285263: | [RE]START processing: state #2 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:34:33.285267: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Sep 21 07:34:33.285270: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Sep 21 07:34:33.285273: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:34:33.285276: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:34:33.285282: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Sep 21 07:34:33.285287: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:34:33.285289: | pstats #2 ikev2.child established Sep 21 07:34:33.285298: "west" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Sep 21 07:34:33.285309: | NAT-T: encaps is 'auto' Sep 21 07:34:33.285314: "west" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x6d5ced15 <0x1737e355 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Sep 21 07:34:33.285318: | releasing whack for #2 (sock=fd@25) Sep 21 07:34:33.285322: | close_any(fd@25) (in release_whack() at state.c:654) Sep 21 07:34:33.285324: | releasing whack and unpending for parent #1 Sep 21 07:34:33.285327: | unpending state #1 connection "west" Sep 21 07:34:33.285332: | delete from pending Child SA with 192.1.2.23 "west" Sep 21 07:34:33.285335: | removing pending policy for no connection {0x5587b8a2a0a0} Sep 21 07:34:33.285342: | close_any(fd@24) (in release_whack() at state.c:654) Sep 21 07:34:33.285347: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Sep 21 07:34:33.285350: | event_schedule: new EVENT_SA_REKEY-pe@0x5587b8ad3e80 Sep 21 07:34:33.285353: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Sep 21 07:34:33.285357: | libevent_malloc: new ptr-libevent@0x5587b8ad7540 size 128 Sep 21 07:34:33.285363: | stop processing: state #2 connection "west" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:34:33.285368: | #1 spent 2.14 milliseconds in ikev2_process_packet() Sep 21 07:34:33.285372: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:34:33.285375: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:34:33.285378: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:33.285382: | spent 2.16 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:33.285397: | processing signal PLUTO_SIGCHLD Sep 21 07:34:33.285405: | waitpid returned ECHILD (no child processes left) Sep 21 07:34:33.285409: | spent 0.00701 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:34:33.285411: | processing signal PLUTO_SIGCHLD Sep 21 07:34:33.285414: | waitpid returned ECHILD (no child processes left) Sep 21 07:34:33.285418: | spent 0.00326 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:34:33.285420: | processing signal PLUTO_SIGCHLD Sep 21 07:34:33.285423: | waitpid returned ECHILD (no child processes left) Sep 21 07:34:33.285426: | spent 0.00317 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:34:36.506284: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:36.506309: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:34:36.506313: | FOR_EACH_STATE_... in sort_states Sep 21 07:34:36.506321: | get_sa_info esp.1737e355@192.1.2.45 Sep 21 07:34:36.506337: | get_sa_info esp.6d5ced15@192.1.2.23 Sep 21 07:34:36.506354: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:34:36.506361: | spent 0.0854 milliseconds in whack