Sep 21 07:34:36.679351: FIPS Product: YES Sep 21 07:34:36.679389: FIPS Kernel: NO Sep 21 07:34:36.679392: FIPS Mode: NO Sep 21 07:34:36.679395: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:34:36.679568: Initializing NSS Sep 21 07:34:36.679573: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:34:36.722512: NSS initialized Sep 21 07:34:36.722526: NSS crypto library initialized Sep 21 07:34:36.722529: FIPS HMAC integrity support [enabled] Sep 21 07:34:36.722531: FIPS mode disabled for pluto daemon Sep 21 07:34:36.789978: FIPS HMAC integrity verification self-test FAILED Sep 21 07:34:36.790080: libcap-ng support [enabled] Sep 21 07:34:36.790092: Linux audit support [enabled] Sep 21 07:34:36.790114: Linux audit activated Sep 21 07:34:36.790118: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:14976 Sep 21 07:34:36.790120: core dump dir: /tmp Sep 21 07:34:36.790123: secrets file: /etc/ipsec.secrets Sep 21 07:34:36.790125: leak-detective disabled Sep 21 07:34:36.790127: NSS crypto [enabled] Sep 21 07:34:36.790129: XAUTH PAM support [enabled] Sep 21 07:34:36.790203: | libevent is using pluto's memory allocator Sep 21 07:34:36.790209: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:34:36.790222: | libevent_malloc: new ptr-libevent@0x560a42b41ed0 size 40 Sep 21 07:34:36.790225: | libevent_malloc: new ptr-libevent@0x560a42b41f00 size 40 Sep 21 07:34:36.790228: | libevent_malloc: new ptr-libevent@0x560a42b431f0 size 40 Sep 21 07:34:36.790230: | creating event base Sep 21 07:34:36.790233: | libevent_malloc: new ptr-libevent@0x560a42b431b0 size 56 Sep 21 07:34:36.790237: | libevent_malloc: new ptr-libevent@0x560a42b43220 size 664 Sep 21 07:34:36.790249: | libevent_malloc: new ptr-libevent@0x560a42b434c0 size 24 Sep 21 07:34:36.790253: | libevent_malloc: new ptr-libevent@0x560a42b34cc0 size 384 Sep 21 07:34:36.790263: | libevent_malloc: new ptr-libevent@0x560a42b434e0 size 16 Sep 21 07:34:36.790265: | libevent_malloc: new ptr-libevent@0x560a42b43500 size 40 Sep 21 07:34:36.790268: | libevent_malloc: new ptr-libevent@0x560a42b43530 size 48 Sep 21 07:34:36.790275: | libevent_realloc: new ptr-libevent@0x560a42ac5370 size 256 Sep 21 07:34:36.790278: | libevent_malloc: new ptr-libevent@0x560a42b43570 size 16 Sep 21 07:34:36.790283: | libevent_free: release ptr-libevent@0x560a42b431b0 Sep 21 07:34:36.790286: | libevent initialized Sep 21 07:34:36.790290: | libevent_realloc: new ptr-libevent@0x560a42b43590 size 64 Sep 21 07:34:36.790294: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:34:36.790311: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:34:36.790314: NAT-Traversal support [enabled] Sep 21 07:34:36.790316: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:34:36.790322: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:34:36.790326: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:34:36.790360: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:34:36.790364: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:34:36.790367: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:34:36.790416: Encryption algorithms: Sep 21 07:34:36.790426: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:34:36.790430: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:34:36.790434: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:34:36.790437: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:34:36.790440: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:34:36.790451: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:34:36.790455: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:34:36.790459: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:34:36.790462: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:34:36.790466: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:34:36.790469: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:34:36.790473: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:34:36.790477: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:34:36.790480: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:34:36.790484: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:34:36.790487: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:34:36.790490: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:34:36.790497: Hash algorithms: Sep 21 07:34:36.790500: MD5 IKEv1: IKE IKEv2: Sep 21 07:34:36.790503: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:34:36.790506: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:34:36.790509: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:34:36.790512: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:34:36.790525: PRF algorithms: Sep 21 07:34:36.790528: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:34:36.790531: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:34:36.790534: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:34:36.790538: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:34:36.790541: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:34:36.790544: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:34:36.790568: Integrity algorithms: Sep 21 07:34:36.790572: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:34:36.790575: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:34:36.790579: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:34:36.790583: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:34:36.790587: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:34:36.790590: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:34:36.790593: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:34:36.790596: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:34:36.790599: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:34:36.790612: DH algorithms: Sep 21 07:34:36.790615: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:34:36.790618: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:34:36.790621: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:34:36.790625: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:34:36.790628: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:34:36.790631: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:34:36.790634: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:34:36.790637: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:34:36.790640: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:34:36.790643: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:34:36.790646: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:34:36.790648: testing CAMELLIA_CBC: Sep 21 07:34:36.790651: Camellia: 16 bytes with 128-bit key Sep 21 07:34:36.790766: Camellia: 16 bytes with 128-bit key Sep 21 07:34:36.790800: Camellia: 16 bytes with 256-bit key Sep 21 07:34:36.790834: Camellia: 16 bytes with 256-bit key Sep 21 07:34:36.790861: testing AES_GCM_16: Sep 21 07:34:36.790864: empty string Sep 21 07:34:36.790893: one block Sep 21 07:34:36.790917: two blocks Sep 21 07:34:36.790943: two blocks with associated data Sep 21 07:34:36.790968: testing AES_CTR: Sep 21 07:34:36.790971: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:34:36.790997: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:34:36.791023: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:34:36.791051: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:34:36.791076: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:34:36.791103: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:34:36.791130: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:34:36.791156: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:34:36.791182: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:34:36.791211: testing AES_CBC: Sep 21 07:34:36.791214: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:34:36.791240: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:34:36.791269: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:34:36.791297: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:34:36.791332: testing AES_XCBC: Sep 21 07:34:36.791336: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:34:36.791470: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:34:36.791610: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:34:36.791728: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:34:36.791861: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:34:36.791997: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:34:36.792143: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:34:36.792452: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:34:36.792590: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:34:36.792735: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:34:36.792976: testing HMAC_MD5: Sep 21 07:34:36.792984: RFC 2104: MD5_HMAC test 1 Sep 21 07:34:36.793172: RFC 2104: MD5_HMAC test 2 Sep 21 07:34:36.793334: RFC 2104: MD5_HMAC test 3 Sep 21 07:34:36.793521: 8 CPU cores online Sep 21 07:34:36.793525: starting up 7 crypto helpers Sep 21 07:34:36.793567: started thread for crypto helper 0 Sep 21 07:34:36.793589: started thread for crypto helper 1 Sep 21 07:34:36.793609: started thread for crypto helper 2 Sep 21 07:34:36.793628: started thread for crypto helper 3 Sep 21 07:34:36.793648: started thread for crypto helper 4 Sep 21 07:34:36.793666: started thread for crypto helper 5 Sep 21 07:34:36.793688: started thread for crypto helper 6 Sep 21 07:34:36.793692: | checking IKEv1 state table Sep 21 07:34:36.793700: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:34:36.793702: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:34:36.793705: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:34:36.793708: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:34:36.793710: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:34:36.793712: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:34:36.793715: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:34:36.793717: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:34:36.793719: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:34:36.793722: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:34:36.793724: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:34:36.793726: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:34:36.793728: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:34:36.793731: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:34:36.793733: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:34:36.793735: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:34:36.793738: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:34:36.793740: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:34:36.793742: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:34:36.793745: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:34:36.793747: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:34:36.793750: | -> UNDEFINED EVENT_NULL Sep 21 07:34:36.793752: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:34:36.793755: | -> UNDEFINED EVENT_NULL Sep 21 07:34:36.793757: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:34:36.793760: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:34:36.793762: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:34:36.793764: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:34:36.793767: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:34:36.793769: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:34:36.793772: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:34:36.793774: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:34:36.793777: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:34:36.793779: | -> UNDEFINED EVENT_NULL Sep 21 07:34:36.793782: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:34:36.793790: | -> UNDEFINED EVENT_NULL Sep 21 07:34:36.793793: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:34:36.793795: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:34:36.793798: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:34:36.793800: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:34:36.793802: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:34:36.793805: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:34:36.793848: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:34:36.793851: | -> UNDEFINED EVENT_NULL Sep 21 07:34:36.793854: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:34:36.793856: | -> UNDEFINED EVENT_NULL Sep 21 07:34:36.793859: | INFO: category: informational flags: 0: Sep 21 07:34:36.793861: | -> UNDEFINED EVENT_NULL Sep 21 07:34:36.793864: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:34:36.793866: | -> UNDEFINED EVENT_NULL Sep 21 07:34:36.793869: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:34:36.793871: | -> XAUTH_R1 EVENT_NULL Sep 21 07:34:36.793874: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:34:36.793876: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:34:36.793879: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:34:36.793882: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:34:36.793884: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:34:36.793887: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:34:36.793889: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:34:36.793892: | -> UNDEFINED EVENT_NULL Sep 21 07:34:36.793894: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:34:36.793900: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:34:36.793903: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:34:36.793905: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:34:36.793908: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:34:36.793910: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:34:36.793917: | checking IKEv2 state table Sep 21 07:34:36.793923: | PARENT_I0: category: ignore flags: 0: Sep 21 07:34:36.793925: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:34:36.793928: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:34:36.793931: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:34:36.793934: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:34:36.793937: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:34:36.793940: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:34:36.793942: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:34:36.793945: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:34:36.793947: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:34:36.793950: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:34:36.793953: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:34:36.793955: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:34:36.793958: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:34:36.793960: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:34:36.793963: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:34:36.793966: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:34:36.793968: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:34:36.793971: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:34:36.793974: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:34:36.793976: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:34:36.793979: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:34:36.793982: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:34:36.793984: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:34:36.793987: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:34:36.793989: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:34:36.793992: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:34:36.793995: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:34:36.793997: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:34:36.794000: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:34:36.794003: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:34:36.794005: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:34:36.794008: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:34:36.794011: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:34:36.794014: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:34:36.794016: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:34:36.794019: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:34:36.794022: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:34:36.794025: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:34:36.794030: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:34:36.794032: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:34:36.794035: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:34:36.794038: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:34:36.794041: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:34:36.794044: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:34:36.794046: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:34:36.794049: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:34:36.794099: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:34:36.794164: | Hard-wiring algorithms Sep 21 07:34:36.794168: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:34:36.794172: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:34:36.794174: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:34:36.794176: | adding 3DES_CBC to kernel algorithm db Sep 21 07:34:36.794179: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:34:36.794181: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:34:36.794184: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:34:36.794186: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:34:36.794188: | adding AES_CTR to kernel algorithm db Sep 21 07:34:36.794190: | adding AES_CBC to kernel algorithm db Sep 21 07:34:36.794193: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:34:36.794195: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:34:36.794198: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:34:36.794200: | adding NULL to kernel algorithm db Sep 21 07:34:36.794203: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:34:36.794206: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:34:36.794208: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:34:36.794211: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:34:36.794213: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:34:36.794216: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:34:36.794218: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:34:36.794221: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:34:36.794223: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:34:36.794225: | adding NONE to kernel algorithm db Sep 21 07:34:36.794245: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:34:36.794251: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:34:36.794254: | setup kernel fd callback Sep 21 07:34:36.794257: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x560a42b48c30 Sep 21 07:34:36.794260: | libevent_malloc: new ptr-libevent@0x560a42b54dd0 size 128 Sep 21 07:34:36.794264: | libevent_malloc: new ptr-libevent@0x560a42b47f10 size 16 Sep 21 07:34:36.794270: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x560a42b48bf0 Sep 21 07:34:36.794273: | libevent_malloc: new ptr-libevent@0x560a42b54e60 size 128 Sep 21 07:34:36.794275: | libevent_malloc: new ptr-libevent@0x560a42b47f30 size 16 Sep 21 07:34:36.794509: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:34:36.794516: selinux support is enabled. Sep 21 07:34:36.794596: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:34:36.794767: | unbound context created - setting debug level to 5 Sep 21 07:34:36.794799: | /etc/hosts lookups activated Sep 21 07:34:36.794818: | /etc/resolv.conf usage activated Sep 21 07:34:36.794881: | outgoing-port-avoid set 0-65535 Sep 21 07:34:36.794912: | outgoing-port-permit set 32768-60999 Sep 21 07:34:36.794914: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:34:36.794917: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:34:36.794921: | Setting up events, loop start Sep 21 07:34:36.794924: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x560a42b431b0 Sep 21 07:34:36.794931: | libevent_malloc: new ptr-libevent@0x560a42b5f3d0 size 128 Sep 21 07:34:36.794934: | libevent_malloc: new ptr-libevent@0x560a42b5f460 size 16 Sep 21 07:34:36.794941: | libevent_realloc: new ptr-libevent@0x560a42ac35b0 size 256 Sep 21 07:34:36.794944: | libevent_malloc: new ptr-libevent@0x560a42b5f480 size 8 Sep 21 07:34:36.794947: | libevent_realloc: new ptr-libevent@0x560a42b54150 size 144 Sep 21 07:34:36.794950: | libevent_malloc: new ptr-libevent@0x560a42b5f4a0 size 152 Sep 21 07:34:36.794954: | libevent_malloc: new ptr-libevent@0x560a42b5f540 size 16 Sep 21 07:34:36.794958: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:34:36.794960: | libevent_malloc: new ptr-libevent@0x560a42b5f560 size 8 Sep 21 07:34:36.794963: | libevent_malloc: new ptr-libevent@0x560a42b5f580 size 152 Sep 21 07:34:36.794966: | signal event handler PLUTO_SIGTERM installed Sep 21 07:34:36.794968: | libevent_malloc: new ptr-libevent@0x560a42b5f620 size 8 Sep 21 07:34:36.794971: | libevent_malloc: new ptr-libevent@0x560a42b5f640 size 152 Sep 21 07:34:36.794974: | signal event handler PLUTO_SIGHUP installed Sep 21 07:34:36.794976: | libevent_malloc: new ptr-libevent@0x560a42b5f6e0 size 8 Sep 21 07:34:36.794979: | libevent_realloc: release ptr-libevent@0x560a42b54150 Sep 21 07:34:36.794982: | libevent_realloc: new ptr-libevent@0x560a42b5f700 size 256 Sep 21 07:34:36.794984: | libevent_malloc: new ptr-libevent@0x560a42b54150 size 152 Sep 21 07:34:36.794987: | signal event handler PLUTO_SIGSYS installed Sep 21 07:34:36.794986: | starting up helper thread 1 Sep 21 07:34:36.795006: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:34:36.795009: | crypto helper 1 waiting (nothing to do) Sep 21 07:34:36.795374: | created addconn helper (pid:15076) using fork+execve Sep 21 07:34:36.795390: | forked child 15076 Sep 21 07:34:36.795428: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:36.795450: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:34:36.795457: listening for IKE messages Sep 21 07:34:36.795553: | Inspecting interface lo Sep 21 07:34:36.795560: | found lo with address 127.0.0.1 Sep 21 07:34:36.795563: | Inspecting interface eth0 Sep 21 07:34:36.795567: | found eth0 with address 192.0.1.254 Sep 21 07:34:36.795569: | Inspecting interface eth1 Sep 21 07:34:36.795572: | found eth1 with address 192.1.2.45 Sep 21 07:34:36.795619: Kernel supports NIC esp-hw-offload Sep 21 07:34:36.795639: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 Sep 21 07:34:36.795701: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:34:36.795706: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:34:36.795710: adding interface eth1/eth1 192.1.2.45:4500 Sep 21 07:34:36.795743: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 Sep 21 07:34:36.795769: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:34:36.795772: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:34:36.795776: adding interface eth0/eth0 192.0.1.254:4500 Sep 21 07:34:36.795810: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:34:36.795839: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:34:36.795844: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:34:36.795847: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:34:36.795905: | no interfaces to sort Sep 21 07:34:36.795909: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:34:36.795918: | add_fd_read_event_handler: new ethX-pe@0x560a42b5fa70 Sep 21 07:34:36.795921: | libevent_malloc: new ptr-libevent@0x560a42b5fab0 size 128 Sep 21 07:34:36.795924: | libevent_malloc: new ptr-libevent@0x560a42b5fb40 size 16 Sep 21 07:34:36.795932: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:34:36.795935: | add_fd_read_event_handler: new ethX-pe@0x560a42b5fb60 Sep 21 07:34:36.795941: | libevent_malloc: new ptr-libevent@0x560a42b5fba0 size 128 Sep 21 07:34:36.795944: | libevent_malloc: new ptr-libevent@0x560a42b5fc30 size 16 Sep 21 07:34:36.795949: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:34:36.795952: | add_fd_read_event_handler: new ethX-pe@0x560a42b5fc50 Sep 21 07:34:36.795954: | libevent_malloc: new ptr-libevent@0x560a42b5fc90 size 128 Sep 21 07:34:36.795957: | libevent_malloc: new ptr-libevent@0x560a42b5fd20 size 16 Sep 21 07:34:36.795961: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Sep 21 07:34:36.795964: | add_fd_read_event_handler: new ethX-pe@0x560a42b5fd40 Sep 21 07:34:36.795966: | libevent_malloc: new ptr-libevent@0x560a42b5fd80 size 128 Sep 21 07:34:36.795969: | libevent_malloc: new ptr-libevent@0x560a42b5fe10 size 16 Sep 21 07:34:36.795973: | setup callback for interface eth0 192.0.1.254:500 fd 19 Sep 21 07:34:36.795976: | add_fd_read_event_handler: new ethX-pe@0x560a42b5fe30 Sep 21 07:34:36.795978: | libevent_malloc: new ptr-libevent@0x560a42b5fe70 size 128 Sep 21 07:34:36.795981: | libevent_malloc: new ptr-libevent@0x560a42b5ff00 size 16 Sep 21 07:34:36.795985: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Sep 21 07:34:36.795988: | add_fd_read_event_handler: new ethX-pe@0x560a42b5ff20 Sep 21 07:34:36.795990: | libevent_malloc: new ptr-libevent@0x560a42b5ff60 size 128 Sep 21 07:34:36.795993: | libevent_malloc: new ptr-libevent@0x560a42b5fff0 size 16 Sep 21 07:34:36.795997: | setup callback for interface eth1 192.1.2.45:500 fd 17 Sep 21 07:34:36.796002: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:34:36.796005: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:34:36.796023: loading secrets from "/etc/ipsec.secrets" Sep 21 07:34:36.796042: | id type added to secret(0x560a42b54fb0) PKK_PSK: @west Sep 21 07:34:36.796046: | id type added to secret(0x560a42b54fb0) PKK_PSK: @east Sep 21 07:34:36.796050: | Processing PSK at line 1: passed Sep 21 07:34:36.796053: | certs and keys locked by 'process_secret' Sep 21 07:34:36.796057: | certs and keys unlocked by 'process_secret' Sep 21 07:34:36.796062: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:34:36.796739: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:34:36.796750: | spent 0.62 milliseconds in whack Sep 21 07:34:36.806799: | starting up helper thread 0 Sep 21 07:34:36.806818: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:34:36.806823: | crypto helper 0 waiting (nothing to do) Sep 21 07:34:36.806832: | starting up helper thread 2 Sep 21 07:34:36.806837: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:34:36.806839: | crypto helper 2 waiting (nothing to do) Sep 21 07:34:36.806847: | starting up helper thread 3 Sep 21 07:34:36.806852: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:34:36.806854: | crypto helper 3 waiting (nothing to do) Sep 21 07:34:36.810517: | starting up helper thread 4 Sep 21 07:34:36.810535: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:34:36.810538: | crypto helper 4 waiting (nothing to do) Sep 21 07:34:36.810552: | starting up helper thread 5 Sep 21 07:34:36.810557: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:34:36.810559: | crypto helper 5 waiting (nothing to do) Sep 21 07:34:36.810570: | starting up helper thread 6 Sep 21 07:34:36.810574: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:34:36.810577: | crypto helper 6 waiting (nothing to do) Sep 21 07:34:36.845164: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:36.845183: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:34:36.845188: listening for IKE messages Sep 21 07:34:36.845220: | Inspecting interface lo Sep 21 07:34:36.845228: | found lo with address 127.0.0.1 Sep 21 07:34:36.845231: | Inspecting interface eth0 Sep 21 07:34:36.845234: | found eth0 with address 192.0.1.254 Sep 21 07:34:36.845235: | Inspecting interface eth1 Sep 21 07:34:36.845238: | found eth1 with address 192.1.2.45 Sep 21 07:34:36.845286: | no interfaces to sort Sep 21 07:34:36.845293: | libevent_free: release ptr-libevent@0x560a42b5fab0 Sep 21 07:34:36.845296: | free_event_entry: release EVENT_NULL-pe@0x560a42b5fa70 Sep 21 07:34:36.845298: | add_fd_read_event_handler: new ethX-pe@0x560a42b5fa70 Sep 21 07:34:36.845300: | libevent_malloc: new ptr-libevent@0x560a42b5fab0 size 128 Sep 21 07:34:36.845306: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:34:36.845308: | libevent_free: release ptr-libevent@0x560a42b5fba0 Sep 21 07:34:36.845310: | free_event_entry: release EVENT_NULL-pe@0x560a42b5fb60 Sep 21 07:34:36.845312: | add_fd_read_event_handler: new ethX-pe@0x560a42b5fb60 Sep 21 07:34:36.845313: | libevent_malloc: new ptr-libevent@0x560a42b5fba0 size 128 Sep 21 07:34:36.845316: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:34:36.845319: | libevent_free: release ptr-libevent@0x560a42b5fc90 Sep 21 07:34:36.845321: | free_event_entry: release EVENT_NULL-pe@0x560a42b5fc50 Sep 21 07:34:36.845322: | add_fd_read_event_handler: new ethX-pe@0x560a42b5fc50 Sep 21 07:34:36.845324: | libevent_malloc: new ptr-libevent@0x560a42b5fc90 size 128 Sep 21 07:34:36.845327: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Sep 21 07:34:36.845329: | libevent_free: release ptr-libevent@0x560a42b5fd80 Sep 21 07:34:36.845331: | free_event_entry: release EVENT_NULL-pe@0x560a42b5fd40 Sep 21 07:34:36.845332: | add_fd_read_event_handler: new ethX-pe@0x560a42b5fd40 Sep 21 07:34:36.845334: | libevent_malloc: new ptr-libevent@0x560a42b5fd80 size 128 Sep 21 07:34:36.845337: | setup callback for interface eth0 192.0.1.254:500 fd 19 Sep 21 07:34:36.845339: | libevent_free: release ptr-libevent@0x560a42b5fe70 Sep 21 07:34:36.845341: | free_event_entry: release EVENT_NULL-pe@0x560a42b5fe30 Sep 21 07:34:36.845342: | add_fd_read_event_handler: new ethX-pe@0x560a42b5fe30 Sep 21 07:34:36.845344: | libevent_malloc: new ptr-libevent@0x560a42b5fe70 size 128 Sep 21 07:34:36.845347: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Sep 21 07:34:36.845349: | libevent_free: release ptr-libevent@0x560a42b5ff60 Sep 21 07:34:36.845351: | free_event_entry: release EVENT_NULL-pe@0x560a42b5ff20 Sep 21 07:34:36.845353: | add_fd_read_event_handler: new ethX-pe@0x560a42b5ff20 Sep 21 07:34:36.845354: | libevent_malloc: new ptr-libevent@0x560a42b5ff60 size 128 Sep 21 07:34:36.845357: | setup callback for interface eth1 192.1.2.45:500 fd 17 Sep 21 07:34:36.845359: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:34:36.845361: forgetting secrets Sep 21 07:34:36.845367: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:34:36.845379: loading secrets from "/etc/ipsec.secrets" Sep 21 07:34:36.845387: | id type added to secret(0x560a42b54fb0) PKK_PSK: @west Sep 21 07:34:36.845390: | id type added to secret(0x560a42b54fb0) PKK_PSK: @east Sep 21 07:34:36.845393: | Processing PSK at line 1: passed Sep 21 07:34:36.845395: | certs and keys locked by 'process_secret' Sep 21 07:34:36.845396: | certs and keys unlocked by 'process_secret' Sep 21 07:34:36.845400: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:34:36.845406: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:34:36.845414: | spent 0.256 milliseconds in whack Sep 21 07:34:36.845868: | processing signal PLUTO_SIGCHLD Sep 21 07:34:36.845880: | waitpid returned pid 15076 (exited with status 0) Sep 21 07:34:36.845883: | reaped addconn helper child (status 0) Sep 21 07:34:36.845886: | waitpid returned ECHILD (no child processes left) Sep 21 07:34:36.845890: | spent 0.0127 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:34:36.904428: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:36.904471: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:34:36.904475: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:34:36.904477: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:34:36.904480: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:34:36.904484: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:34:36.904492: | Added new connection west with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:34:36.904558: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:34:36.904561: | from whack: got --esp= Sep 21 07:34:36.904609: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:34:36.904615: | counting wild cards for @west is 0 Sep 21 07:34:36.904618: | counting wild cards for @east is 0 Sep 21 07:34:36.904631: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:34:36.904635: | new hp@0x560a42b2c460 Sep 21 07:34:36.904640: added connection description "west" Sep 21 07:34:36.904651: | ike_life: 3600s; ipsec_life: 40s; rekey_margin: 20s; rekey_fuzz: 0%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:34:36.904663: | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Sep 21 07:34:36.904672: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:34:36.904680: | spent 0.274 milliseconds in whack Sep 21 07:34:36.904707: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:36.904716: add keyid @west Sep 21 07:34:36.904720: | add pubkey 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 Sep 21 07:34:36.904723: | add pubkey 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e Sep 21 07:34:36.904725: | add pubkey b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 Sep 21 07:34:36.904727: | add pubkey 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 Sep 21 07:34:36.904730: | add pubkey 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 Sep 21 07:34:36.904732: | add pubkey f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c Sep 21 07:34:36.904735: | add pubkey ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a Sep 21 07:34:36.904737: | add pubkey 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 Sep 21 07:34:36.904739: | add pubkey b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 Sep 21 07:34:36.904742: | add pubkey 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a Sep 21 07:34:36.904744: | add pubkey 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 Sep 21 07:34:36.904746: | add pubkey ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc Sep 21 07:34:36.904749: | add pubkey 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e Sep 21 07:34:36.904751: | add pubkey d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 Sep 21 07:34:36.904753: | add pubkey 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d Sep 21 07:34:36.904756: | add pubkey 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f Sep 21 07:34:36.904758: | add pubkey c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 Sep 21 07:34:36.904760: | add pubkey 15 04 37 f9 Sep 21 07:34:36.904811: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:34:36.904817: | computed rsa CKAID 7f 0f 03 50 Sep 21 07:34:36.904824: | keyid: *AQOm9dY/4 Sep 21 07:34:36.904827: | n a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 8b 49 Sep 21 07:34:36.904829: | n 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e b3 96 Sep 21 07:34:36.904835: | n 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 09 f0 Sep 21 07:34:36.904838: | n c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 8f 95 Sep 21 07:34:36.904840: | n 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 f5 99 Sep 21 07:34:36.904842: | n f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c ac 34 Sep 21 07:34:36.904844: | n ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a 94 d3 Sep 21 07:34:36.904846: | n d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 b2 2b Sep 21 07:34:36.904848: | n 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 7d 7a Sep 21 07:34:36.904850: | n 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a 8f 52 Sep 21 07:34:36.904852: | n a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 ca 80 Sep 21 07:34:36.904854: | n db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc 2a b3 Sep 21 07:34:36.904856: | n 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e d3 3a Sep 21 07:34:36.904858: | n 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 87 33 Sep 21 07:34:36.904860: | n 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d 6e e8 Sep 21 07:34:36.904862: | n 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f c9 20 Sep 21 07:34:36.904864: | n 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 15 04 Sep 21 07:34:36.904867: | n 37 f9 Sep 21 07:34:36.904869: | e 03 Sep 21 07:34:36.904871: | CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:34:36.904873: | CKAID 7f 0f 03 50 Sep 21 07:34:36.904881: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:34:36.904886: | spent 0.178 milliseconds in whack Sep 21 07:34:36.904913: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:36.904922: add keyid @east Sep 21 07:34:36.904926: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Sep 21 07:34:36.904928: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Sep 21 07:34:36.904930: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Sep 21 07:34:36.904933: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Sep 21 07:34:36.904935: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Sep 21 07:34:36.904937: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Sep 21 07:34:36.904939: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Sep 21 07:34:36.904941: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Sep 21 07:34:36.904943: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Sep 21 07:34:36.904945: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Sep 21 07:34:36.904947: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Sep 21 07:34:36.904950: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Sep 21 07:34:36.904952: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Sep 21 07:34:36.904954: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Sep 21 07:34:36.904956: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Sep 21 07:34:36.904958: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Sep 21 07:34:36.904960: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Sep 21 07:34:36.904962: | add pubkey 51 51 48 ef Sep 21 07:34:36.904975: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:34:36.904978: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:34:36.904983: | keyid: *AQO9bJbr3 Sep 21 07:34:36.904986: | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Sep 21 07:34:36.904988: | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Sep 21 07:34:36.904990: | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Sep 21 07:34:36.904992: | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Sep 21 07:34:36.904994: | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Sep 21 07:34:36.904997: | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Sep 21 07:34:36.904999: | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Sep 21 07:34:36.905004: | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Sep 21 07:34:36.905006: | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Sep 21 07:34:36.905008: | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Sep 21 07:34:36.905010: | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Sep 21 07:34:36.905013: | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Sep 21 07:34:36.905015: | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Sep 21 07:34:36.905017: | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Sep 21 07:34:36.905019: | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Sep 21 07:34:36.905021: | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Sep 21 07:34:36.905023: | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Sep 21 07:34:36.905025: | n 48 ef Sep 21 07:34:36.905027: | e 03 Sep 21 07:34:36.905030: | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:34:36.905032: | CKAID 8a 82 25 f1 Sep 21 07:34:36.905040: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:34:36.905044: | spent 0.136 milliseconds in whack Sep 21 07:34:37.022995: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:37.023046: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Sep 21 07:34:37.023049: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:34:37.023054: | start processing: connection "west" (in initiate_a_connection() at initiate.c:186) Sep 21 07:34:37.023056: | connection 'west' +POLICY_UP Sep 21 07:34:37.023058: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Sep 21 07:34:37.023060: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:37.023082: | creating state object #1 at 0x560a42b61aa0 Sep 21 07:34:37.023085: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:34:37.023091: | pstats #1 ikev2.ike started Sep 21 07:34:37.023093: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:34:37.023096: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:34:37.023100: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:34:37.023105: | suspend processing: connection "west" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:34:37.023109: | start processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:34:37.023112: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:34:37.023115: | Queuing pending IPsec SA negotiating with 192.1.2.23 "west" IKE SA #1 "west" Sep 21 07:34:37.023118: "west" #1: initiating v2 parent SA Sep 21 07:34:37.023126: | constructing local IKE proposals for west (IKE SA initiator selecting KE) Sep 21 07:34:37.023133: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:34:37.023140: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:34:37.023144: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:34:37.023149: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:34:37.023152: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:34:37.023155: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:34:37.023160: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:34:37.023174: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:34:37.023183: "west": constructed local IKE proposals for west (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:34:37.023196: | adding ikev2_outI1 KE work-order 1 for state #1 Sep 21 07:34:37.023202: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x560a42b64150 Sep 21 07:34:37.023207: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:34:37.023210: | libevent_malloc: new ptr-libevent@0x560a42b64190 size 128 Sep 21 07:34:37.023224: | #1 spent 0.166 milliseconds in ikev2_parent_outI1() Sep 21 07:34:37.023224: | crypto helper 1 resuming Sep 21 07:34:37.023229: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:34:37.023237: | crypto helper 1 starting work-order 1 for state #1 Sep 21 07:34:37.023245: | RESET processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:34:37.023246: | crypto helper 1 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Sep 21 07:34:37.023249: | RESET processing: connection "west" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:34:37.023256: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:34:37.023260: | close_any(fd@23) (in initiate_connection() at initiate.c:372) Sep 21 07:34:37.023264: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:34:37.023268: | spent 0.278 milliseconds in whack Sep 21 07:34:37.024018: | crypto helper 1 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000772 seconds Sep 21 07:34:37.024028: | (#1) spent 0.775 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Sep 21 07:34:37.024031: | crypto helper 1 sending results from work-order 1 for state #1 to event queue Sep 21 07:34:37.024033: | scheduling resume sending helper answer for #1 Sep 21 07:34:37.024037: | libevent_malloc: new ptr-libevent@0x7f7418006900 size 128 Sep 21 07:34:37.024046: | crypto helper 1 waiting (nothing to do) Sep 21 07:34:37.024056: | processing resume sending helper answer for #1 Sep 21 07:34:37.024066: | start processing: state #1 connection "west" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:34:37.024070: | crypto helper 1 replies to request ID 1 Sep 21 07:34:37.024071: | calling continuation function 0x560a425f9630 Sep 21 07:34:37.024073: | ikev2_parent_outI1_continue for #1 Sep 21 07:34:37.024103: | **emit ISAKMP Message: Sep 21 07:34:37.024108: | initiator cookie: Sep 21 07:34:37.024112: | ec ac 45 49 26 ce a8 51 Sep 21 07:34:37.024115: | responder cookie: Sep 21 07:34:37.024118: | 00 00 00 00 00 00 00 00 Sep 21 07:34:37.024121: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:37.024125: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:34:37.024127: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:34:37.024129: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:34:37.024131: | Message ID: 0 (0x0) Sep 21 07:34:37.024133: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:37.024146: | using existing local IKE proposals for connection west (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:34:37.024152: | Emitting ikev2_proposals ... Sep 21 07:34:37.024154: | ***emit IKEv2 Security Association Payload: Sep 21 07:34:37.024156: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:37.024158: | flags: none (0x0) Sep 21 07:34:37.024160: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:34:37.024162: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:34:37.024164: | discarding INTEG=NONE Sep 21 07:34:37.024165: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:34:37.024167: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:37.024169: | prop #: 1 (0x1) Sep 21 07:34:37.024170: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:34:37.024172: | spi size: 0 (0x0) Sep 21 07:34:37.024173: | # transforms: 11 (0xb) Sep 21 07:34:37.024175: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:34:37.024177: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024179: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024180: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:37.024182: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:34:37.024184: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024186: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:34:37.024188: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:37.024189: | length/value: 256 (0x100) Sep 21 07:34:37.024191: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:34:37.024193: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024194: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024196: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:34:37.024198: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:34:37.024200: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024201: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024203: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024205: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024206: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024208: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:34:37.024209: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:34:37.024211: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024213: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024215: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024216: | discarding INTEG=NONE Sep 21 07:34:37.024217: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024220: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024222: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.024223: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:34:37.024225: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024227: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024229: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024230: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024232: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024233: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.024235: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:34:37.024237: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024238: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024240: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024242: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024243: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024245: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.024246: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:34:37.024248: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024250: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024251: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024253: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024254: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024256: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.024258: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:34:37.024260: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024263: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024265: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024266: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024268: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024270: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.024273: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:34:37.024275: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024276: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024278: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024280: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024283: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024286: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.024289: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:34:37.024293: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024297: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024303: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024306: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024309: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024312: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.024316: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:34:37.024320: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024324: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024328: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024330: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024334: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:37.024337: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.024340: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:34:37.024345: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024349: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024352: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024356: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:34:37.024358: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:34:37.024360: | discarding INTEG=NONE Sep 21 07:34:37.024362: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:34:37.024364: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:37.024365: | prop #: 2 (0x2) Sep 21 07:34:37.024367: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:34:37.024368: | spi size: 0 (0x0) Sep 21 07:34:37.024370: | # transforms: 11 (0xb) Sep 21 07:34:37.024372: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:37.024374: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:34:37.024376: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024377: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024379: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:37.024380: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:34:37.024382: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024385: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:34:37.024388: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:37.024390: | length/value: 128 (0x80) Sep 21 07:34:37.024392: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:34:37.024393: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024395: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024396: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:34:37.024398: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:34:37.024400: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024401: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024403: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024405: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024406: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024408: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:34:37.024415: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:34:37.024417: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024419: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024420: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024422: | discarding INTEG=NONE Sep 21 07:34:37.024423: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024425: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024426: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.024428: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:34:37.024430: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024432: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024433: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024435: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024436: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024438: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.024440: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:34:37.024441: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024443: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024445: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024446: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024448: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024449: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.024451: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:34:37.024453: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024455: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024456: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024458: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024459: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024461: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.024462: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:34:37.024464: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024466: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024468: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024469: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024471: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024472: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.024474: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:34:37.024476: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024477: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024479: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024482: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024483: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024485: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.024486: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:34:37.024488: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024490: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024491: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024493: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024495: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024496: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.024498: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:34:37.024500: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024501: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024503: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024504: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024506: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:37.024508: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.024509: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:34:37.024511: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024513: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024514: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024516: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:34:37.024518: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:34:37.024520: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:34:37.024521: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:37.024523: | prop #: 3 (0x3) Sep 21 07:34:37.024524: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:34:37.024526: | spi size: 0 (0x0) Sep 21 07:34:37.024527: | # transforms: 13 (0xd) Sep 21 07:34:37.024529: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:37.024531: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:34:37.024533: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024534: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024536: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:37.024537: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:34:37.024539: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024541: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:34:37.024542: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:37.024544: | length/value: 256 (0x100) Sep 21 07:34:37.024546: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:34:37.024547: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024549: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024550: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:34:37.024552: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:34:37.024555: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024557: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024559: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024560: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024562: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024563: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:34:37.024565: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:34:37.024567: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024568: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024570: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024572: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024573: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024575: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:34:37.024576: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:34:37.024578: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024580: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024582: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024583: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024585: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024586: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:34:37.024588: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:34:37.024590: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024592: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024593: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024595: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024596: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024598: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.024600: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:34:37.024601: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024603: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024605: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024606: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024608: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024609: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.024611: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:34:37.024613: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024615: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024616: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024618: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024620: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024622: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.024623: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:34:37.024625: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024627: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024629: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024630: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024632: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024633: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.024635: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:34:37.024637: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024638: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024640: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024641: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024643: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024645: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.024646: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:34:37.024648: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024650: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024651: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024653: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024655: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024656: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.024658: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:34:37.024659: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024661: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024663: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024664: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024666: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024667: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.024669: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:34:37.024671: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024673: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024674: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024676: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024677: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:37.024679: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.024680: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:34:37.024682: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024684: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024687: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024689: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:34:37.024690: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:34:37.024692: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:34:37.024696: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:34:37.024700: | prop #: 4 (0x4) Sep 21 07:34:37.024704: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:34:37.024706: | spi size: 0 (0x0) Sep 21 07:34:37.024709: | # transforms: 13 (0xd) Sep 21 07:34:37.024712: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:37.024715: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:34:37.024718: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024720: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024723: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:37.024726: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:34:37.024729: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024732: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:34:37.024734: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:37.024736: | length/value: 128 (0x80) Sep 21 07:34:37.024739: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:34:37.024741: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024743: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024746: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:34:37.024748: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:34:37.024751: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024754: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024756: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024759: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024761: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024763: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:34:37.024766: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:34:37.024768: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024771: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024773: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024776: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024778: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024781: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:34:37.024894: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:34:37.024901: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024903: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024905: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024907: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024909: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024914: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:34:37.024921: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:34:37.024926: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024930: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024933: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024937: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024939: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024940: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.024942: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:34:37.024944: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024946: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024947: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024949: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024951: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024952: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.024954: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:34:37.024956: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024957: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024959: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024960: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024962: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024964: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.024965: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:34:37.024967: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024969: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024970: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024972: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024974: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024975: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.024977: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:34:37.024979: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024980: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024982: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024984: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024985: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024987: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.024988: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:34:37.024990: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.024992: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.024994: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.024996: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.024998: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.025000: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.025001: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:34:37.025003: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.025005: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.025007: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.025008: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.025010: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.025011: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.025013: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:34:37.025015: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.025016: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.025018: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.025020: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.025021: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:37.025023: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.025024: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:34:37.025026: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.025028: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.025030: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.025031: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:34:37.025033: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:34:37.025035: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:34:37.025037: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:34:37.025039: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:34:37.025040: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:37.025042: | flags: none (0x0) Sep 21 07:34:37.025044: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:34:37.025046: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:34:37.025048: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:34:37.025051: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:34:37.025053: | ikev2 g^x c3 30 59 92 d2 b2 51 82 b9 ce 08 29 bc 45 69 3e Sep 21 07:34:37.025054: | ikev2 g^x 46 6c 03 a5 9d 60 99 71 82 41 0f 96 c3 90 1d a7 Sep 21 07:34:37.025056: | ikev2 g^x 8b d4 dc bb ad 92 eb a8 e2 c8 d2 d7 58 a3 69 32 Sep 21 07:34:37.025057: | ikev2 g^x fb 5a f2 9e 44 35 e0 c5 2d 7b 05 25 67 e1 2b dc Sep 21 07:34:37.025059: | ikev2 g^x 97 23 b5 5e bd 56 f5 9b 37 bc 7b ad c5 da e7 98 Sep 21 07:34:37.025060: | ikev2 g^x 0f 5a 22 9a e3 f8 08 c4 4c 93 38 84 58 28 44 a0 Sep 21 07:34:37.025062: | ikev2 g^x 1c 8c f0 d2 61 89 f5 34 3d 33 21 a4 81 86 96 0c Sep 21 07:34:37.025063: | ikev2 g^x 43 f3 00 56 25 5c 09 73 85 6f b6 c1 2c 9b f6 c7 Sep 21 07:34:37.025065: | ikev2 g^x c6 24 b7 98 fb 0d 47 94 11 80 13 5e 62 7d 76 69 Sep 21 07:34:37.025066: | ikev2 g^x 68 ef 13 93 c7 b4 28 ea 5e 36 7d 9b 1c 0a 05 64 Sep 21 07:34:37.025069: | ikev2 g^x 66 25 20 1f e5 29 37 3b 99 03 e2 46 3d 6d 4c d1 Sep 21 07:34:37.025070: | ikev2 g^x dc d9 84 da 6c ff a4 29 b9 05 16 1a 6d 49 c2 c0 Sep 21 07:34:37.025072: | ikev2 g^x a1 20 57 d0 ed 8c 18 0f e8 b6 66 4f a4 29 ab 94 Sep 21 07:34:37.025073: | ikev2 g^x a3 b4 cb bc 0f 45 7a c6 10 71 eb 86 a3 34 76 dc Sep 21 07:34:37.025075: | ikev2 g^x 6b 4a e0 9e ef ec f0 13 58 57 58 b6 1b b1 04 bd Sep 21 07:34:37.025076: | ikev2 g^x 30 2a 21 c6 61 ac 32 5a a5 58 09 c2 d7 71 18 26 Sep 21 07:34:37.025078: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:34:37.025080: | ***emit IKEv2 Nonce Payload: Sep 21 07:34:37.025081: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:34:37.025083: | flags: none (0x0) Sep 21 07:34:37.025085: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:34:37.025087: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:34:37.025088: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:34:37.025090: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:34:37.025092: | IKEv2 nonce fd 98 de 49 4b 1b 2b b4 f4 c0 cf 58 77 32 42 7e Sep 21 07:34:37.025093: | IKEv2 nonce f6 21 06 c4 a9 3c ae 34 08 99 d8 0a 73 df 20 54 Sep 21 07:34:37.025095: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:34:37.025097: | Adding a v2N Payload Sep 21 07:34:37.025098: | ***emit IKEv2 Notify Payload: Sep 21 07:34:37.025100: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:37.025101: | flags: none (0x0) Sep 21 07:34:37.025103: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:34:37.025105: | SPI size: 0 (0x0) Sep 21 07:34:37.025107: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:34:37.025110: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:34:37.025113: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:34:37.025115: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:34:37.025117: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:34:37.025119: | natd_hash: rcookie is zero Sep 21 07:34:37.025136: | natd_hash: hasher=0x560a426cf7a0(20) Sep 21 07:34:37.025138: | natd_hash: icookie= ec ac 45 49 26 ce a8 51 Sep 21 07:34:37.025140: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:34:37.025141: | natd_hash: ip= c0 01 02 2d Sep 21 07:34:37.025143: | natd_hash: port= 01 f4 Sep 21 07:34:37.025144: | natd_hash: hash= 67 62 54 ce 3a 16 d7 2c 5e 0b 6a 61 e3 55 59 08 Sep 21 07:34:37.025146: | natd_hash: hash= 86 59 af f9 Sep 21 07:34:37.025147: | Adding a v2N Payload Sep 21 07:34:37.025149: | ***emit IKEv2 Notify Payload: Sep 21 07:34:37.025151: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:37.025152: | flags: none (0x0) Sep 21 07:34:37.025154: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:34:37.025155: | SPI size: 0 (0x0) Sep 21 07:34:37.025157: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:34:37.025159: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:34:37.025161: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:34:37.025163: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:34:37.025164: | Notify data 67 62 54 ce 3a 16 d7 2c 5e 0b 6a 61 e3 55 59 08 Sep 21 07:34:37.025166: | Notify data 86 59 af f9 Sep 21 07:34:37.025167: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:34:37.025169: | natd_hash: rcookie is zero Sep 21 07:34:37.025173: | natd_hash: hasher=0x560a426cf7a0(20) Sep 21 07:34:37.025176: | natd_hash: icookie= ec ac 45 49 26 ce a8 51 Sep 21 07:34:37.025178: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:34:37.025179: | natd_hash: ip= c0 01 02 17 Sep 21 07:34:37.025181: | natd_hash: port= 01 f4 Sep 21 07:34:37.025182: | natd_hash: hash= 52 06 ae b6 a2 b4 8b ce df 2c 4e 31 a5 65 1e 03 Sep 21 07:34:37.025184: | natd_hash: hash= 41 49 14 d7 Sep 21 07:34:37.025185: | Adding a v2N Payload Sep 21 07:34:37.025186: | ***emit IKEv2 Notify Payload: Sep 21 07:34:37.025188: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:37.025189: | flags: none (0x0) Sep 21 07:34:37.025191: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:34:37.025192: | SPI size: 0 (0x0) Sep 21 07:34:37.025194: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:34:37.025196: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:34:37.025197: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:34:37.025199: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:34:37.025201: | Notify data 52 06 ae b6 a2 b4 8b ce df 2c 4e 31 a5 65 1e 03 Sep 21 07:34:37.025202: | Notify data 41 49 14 d7 Sep 21 07:34:37.025204: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:34:37.025205: | emitting length of ISAKMP Message: 828 Sep 21 07:34:37.025211: | stop processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:34:37.025218: | start processing: state #1 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:34:37.025221: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:34:37.025223: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:34:37.025225: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:34:37.025227: | Message ID: updating counters for #1 to 4294967295 after switching state Sep 21 07:34:37.025229: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:34:37.025233: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:34:37.025235: "west" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:34:37.025243: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Sep 21 07:34:37.025250: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:34:37.025252: | ec ac 45 49 26 ce a8 51 00 00 00 00 00 00 00 00 Sep 21 07:34:37.025254: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:34:37.025256: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:34:37.025259: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:34:37.025261: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:34:37.025262: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:34:37.025263: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:34:37.025265: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:34:37.025266: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:34:37.025268: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:34:37.025269: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:34:37.025271: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:34:37.025272: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:34:37.025273: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:34:37.025275: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:34:37.025276: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:34:37.025278: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:34:37.025279: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:34:37.025282: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:34:37.025283: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:34:37.025285: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:34:37.025286: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:34:37.025288: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:34:37.025289: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:34:37.025291: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:34:37.025292: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:34:37.025293: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:34:37.025295: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:34:37.025296: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:34:37.025298: | 28 00 01 08 00 0e 00 00 c3 30 59 92 d2 b2 51 82 Sep 21 07:34:37.025299: | b9 ce 08 29 bc 45 69 3e 46 6c 03 a5 9d 60 99 71 Sep 21 07:34:37.025301: | 82 41 0f 96 c3 90 1d a7 8b d4 dc bb ad 92 eb a8 Sep 21 07:34:37.025302: | e2 c8 d2 d7 58 a3 69 32 fb 5a f2 9e 44 35 e0 c5 Sep 21 07:34:37.025303: | 2d 7b 05 25 67 e1 2b dc 97 23 b5 5e bd 56 f5 9b Sep 21 07:34:37.025305: | 37 bc 7b ad c5 da e7 98 0f 5a 22 9a e3 f8 08 c4 Sep 21 07:34:37.025306: | 4c 93 38 84 58 28 44 a0 1c 8c f0 d2 61 89 f5 34 Sep 21 07:34:37.025308: | 3d 33 21 a4 81 86 96 0c 43 f3 00 56 25 5c 09 73 Sep 21 07:34:37.025309: | 85 6f b6 c1 2c 9b f6 c7 c6 24 b7 98 fb 0d 47 94 Sep 21 07:34:37.025311: | 11 80 13 5e 62 7d 76 69 68 ef 13 93 c7 b4 28 ea Sep 21 07:34:37.025312: | 5e 36 7d 9b 1c 0a 05 64 66 25 20 1f e5 29 37 3b Sep 21 07:34:37.025313: | 99 03 e2 46 3d 6d 4c d1 dc d9 84 da 6c ff a4 29 Sep 21 07:34:37.025315: | b9 05 16 1a 6d 49 c2 c0 a1 20 57 d0 ed 8c 18 0f Sep 21 07:34:37.025316: | e8 b6 66 4f a4 29 ab 94 a3 b4 cb bc 0f 45 7a c6 Sep 21 07:34:37.025318: | 10 71 eb 86 a3 34 76 dc 6b 4a e0 9e ef ec f0 13 Sep 21 07:34:37.025319: | 58 57 58 b6 1b b1 04 bd 30 2a 21 c6 61 ac 32 5a Sep 21 07:34:37.025321: | a5 58 09 c2 d7 71 18 26 29 00 00 24 fd 98 de 49 Sep 21 07:34:37.025322: | 4b 1b 2b b4 f4 c0 cf 58 77 32 42 7e f6 21 06 c4 Sep 21 07:34:37.025323: | a9 3c ae 34 08 99 d8 0a 73 df 20 54 29 00 00 08 Sep 21 07:34:37.025325: | 00 00 40 2e 29 00 00 1c 00 00 40 04 67 62 54 ce Sep 21 07:34:37.025326: | 3a 16 d7 2c 5e 0b 6a 61 e3 55 59 08 86 59 af f9 Sep 21 07:34:37.025328: | 00 00 00 1c 00 00 40 05 52 06 ae b6 a2 b4 8b ce Sep 21 07:34:37.025329: | df 2c 4e 31 a5 65 1e 03 41 49 14 d7 Sep 21 07:34:37.025363: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:37.025369: | libevent_free: release ptr-libevent@0x560a42b64190 Sep 21 07:34:37.025375: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x560a42b64150 Sep 21 07:34:37.025378: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:34:37.025382: | event_schedule: new EVENT_RETRANSMIT-pe@0x560a42b64150 Sep 21 07:34:37.025386: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Sep 21 07:34:37.025389: | libevent_malloc: new ptr-libevent@0x560a42b64190 size 128 Sep 21 07:34:37.025395: | #1 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49923.393646 Sep 21 07:34:37.025399: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Sep 21 07:34:37.025405: | #1 spent 1.21 milliseconds in resume sending helper answer Sep 21 07:34:37.025410: | stop processing: state #1 connection "west" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:34:37.025414: | libevent_free: release ptr-libevent@0x7f7418006900 Sep 21 07:34:37.028235: | spent 0.0178 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:37.028254: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:34:37.028257: | ec ac 45 49 26 ce a8 51 02 3e 15 24 13 ee 01 0d Sep 21 07:34:37.028260: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Sep 21 07:34:37.028262: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:34:37.028263: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:34:37.028265: | 04 00 00 0e 28 00 01 08 00 0e 00 00 68 6c ae 78 Sep 21 07:34:37.028266: | d3 1d f4 e2 35 68 e4 91 2f 4d b5 4f b4 2c 55 70 Sep 21 07:34:37.028268: | a1 b2 7d 11 ad 16 e1 ed cb 12 96 b4 29 85 82 6a Sep 21 07:34:37.028269: | bc c4 2d 32 cd 83 95 f8 6d 29 91 43 a2 38 45 77 Sep 21 07:34:37.028271: | d1 d4 11 6f bc 38 65 8e 5e 3d f3 43 c9 8b 44 46 Sep 21 07:34:37.028272: | 97 85 e9 3f 0f bb ef 9a 72 80 42 29 56 be bf 8f Sep 21 07:34:37.028273: | be 1b de 66 ce 14 6a 13 dc 93 31 e4 7f bc 6f 38 Sep 21 07:34:37.028275: | 9a 24 59 9f dd 45 7a 3a 4e 0a f8 d2 4f d9 be 97 Sep 21 07:34:37.028276: | 8a 80 98 7c 31 a0 7e 1a 4a c8 1d 78 80 d8 75 4f Sep 21 07:34:37.028278: | 94 b5 54 eb 78 c3 93 3a 3d 7a 0e 38 71 f9 14 df Sep 21 07:34:37.028279: | 21 15 99 5a 9f 96 6f 61 05 d8 da c4 9d b7 e0 3a Sep 21 07:34:37.028281: | 05 ce 66 62 9e 7b f9 0f bd 43 ea 2e 3e 54 df f3 Sep 21 07:34:37.028282: | e0 f1 00 0b 2f eb 09 53 6b 62 49 0f 51 ae 1c 84 Sep 21 07:34:37.028283: | dc b4 14 78 9e 12 0f 98 c3 a1 1b 13 76 14 f9 e0 Sep 21 07:34:37.028285: | fc 24 1a eb 28 25 30 b6 ca dd 84 ef 66 fd 87 72 Sep 21 07:34:37.028286: | b6 3f 0b 16 5f e0 06 d0 dc 47 6d 6a 31 09 84 46 Sep 21 07:34:37.028288: | 9f 67 f1 be a6 98 20 bb e7 e7 c2 50 29 00 00 24 Sep 21 07:34:37.028289: | 19 b3 eb 3e cd cd b9 6e 56 7c e8 c0 6d 81 ad 3b Sep 21 07:34:37.028291: | 1a d3 b6 a5 b9 ab 07 d4 b2 dc 1f f3 46 bd 94 57 Sep 21 07:34:37.028292: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:34:37.028294: | df 6b 3e 04 0f 0b 96 28 a7 2b 24 cd 5e da 41 1f Sep 21 07:34:37.028295: | e8 91 be 98 00 00 00 1c 00 00 40 05 78 f6 c3 25 Sep 21 07:34:37.028296: | a5 02 2d 09 1b c9 70 b4 95 4d cd 5a 25 31 94 2f Sep 21 07:34:37.028299: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:37.028302: | **parse ISAKMP Message: Sep 21 07:34:37.028304: | initiator cookie: Sep 21 07:34:37.028305: | ec ac 45 49 26 ce a8 51 Sep 21 07:34:37.028307: | responder cookie: Sep 21 07:34:37.028308: | 02 3e 15 24 13 ee 01 0d Sep 21 07:34:37.028310: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:34:37.028312: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:34:37.028313: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:34:37.028315: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:34:37.028317: | Message ID: 0 (0x0) Sep 21 07:34:37.028318: | length: 432 (0x1b0) Sep 21 07:34:37.028320: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:34:37.028322: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Sep 21 07:34:37.028325: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Sep 21 07:34:37.028329: | start processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:34:37.028332: | [RE]START processing: state #1 connection "west" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:34:37.028333: | #1 is idle Sep 21 07:34:37.028335: | #1 idle Sep 21 07:34:37.028336: | unpacking clear payload Sep 21 07:34:37.028338: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:34:37.028340: | ***parse IKEv2 Security Association Payload: Sep 21 07:34:37.028341: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:34:37.028343: | flags: none (0x0) Sep 21 07:34:37.028345: | length: 40 (0x28) Sep 21 07:34:37.028346: | processing payload: ISAKMP_NEXT_v2SA (len=36) Sep 21 07:34:37.028348: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:34:37.028350: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:34:37.028352: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:34:37.028355: | flags: none (0x0) Sep 21 07:34:37.028356: | length: 264 (0x108) Sep 21 07:34:37.028358: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:34:37.028359: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:34:37.028361: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:34:37.028362: | ***parse IKEv2 Nonce Payload: Sep 21 07:34:37.028364: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:34:37.028365: | flags: none (0x0) Sep 21 07:34:37.028367: | length: 36 (0x24) Sep 21 07:34:37.028368: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:34:37.028370: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:34:37.028372: | ***parse IKEv2 Notify Payload: Sep 21 07:34:37.028373: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:34:37.028374: | flags: none (0x0) Sep 21 07:34:37.028376: | length: 8 (0x8) Sep 21 07:34:37.028378: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:34:37.028379: | SPI size: 0 (0x0) Sep 21 07:34:37.028381: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:34:37.028383: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:34:37.028384: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:34:37.028386: | ***parse IKEv2 Notify Payload: Sep 21 07:34:37.028387: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:34:37.028389: | flags: none (0x0) Sep 21 07:34:37.028390: | length: 28 (0x1c) Sep 21 07:34:37.028392: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:34:37.028393: | SPI size: 0 (0x0) Sep 21 07:34:37.028395: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:34:37.028396: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:34:37.028398: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:34:37.028399: | ***parse IKEv2 Notify Payload: Sep 21 07:34:37.028401: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:37.028402: | flags: none (0x0) Sep 21 07:34:37.028404: | length: 28 (0x1c) Sep 21 07:34:37.028405: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:34:37.028406: | SPI size: 0 (0x0) Sep 21 07:34:37.028408: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:34:37.028410: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:34:37.028411: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Sep 21 07:34:37.028415: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:34:37.028417: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:34:37.028419: | Now let's proceed with state specific processing Sep 21 07:34:37.028421: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:34:37.028423: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Sep 21 07:34:37.028434: | using existing local IKE proposals for connection west (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:34:37.028437: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Sep 21 07:34:37.028439: | local proposal 1 type ENCR has 1 transforms Sep 21 07:34:37.028441: | local proposal 1 type PRF has 2 transforms Sep 21 07:34:37.028443: | local proposal 1 type INTEG has 1 transforms Sep 21 07:34:37.028444: | local proposal 1 type DH has 8 transforms Sep 21 07:34:37.028446: | local proposal 1 type ESN has 0 transforms Sep 21 07:34:37.028451: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:34:37.028452: | local proposal 2 type ENCR has 1 transforms Sep 21 07:34:37.028454: | local proposal 2 type PRF has 2 transforms Sep 21 07:34:37.028455: | local proposal 2 type INTEG has 1 transforms Sep 21 07:34:37.028457: | local proposal 2 type DH has 8 transforms Sep 21 07:34:37.028459: | local proposal 2 type ESN has 0 transforms Sep 21 07:34:37.028460: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:34:37.028462: | local proposal 3 type ENCR has 1 transforms Sep 21 07:34:37.028463: | local proposal 3 type PRF has 2 transforms Sep 21 07:34:37.028465: | local proposal 3 type INTEG has 2 transforms Sep 21 07:34:37.028467: | local proposal 3 type DH has 8 transforms Sep 21 07:34:37.028468: | local proposal 3 type ESN has 0 transforms Sep 21 07:34:37.028470: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:34:37.028472: | local proposal 4 type ENCR has 1 transforms Sep 21 07:34:37.028473: | local proposal 4 type PRF has 2 transforms Sep 21 07:34:37.028475: | local proposal 4 type INTEG has 2 transforms Sep 21 07:34:37.028476: | local proposal 4 type DH has 8 transforms Sep 21 07:34:37.028478: | local proposal 4 type ESN has 0 transforms Sep 21 07:34:37.028479: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:34:37.028481: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:34:37.028483: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:34:37.028484: | length: 36 (0x24) Sep 21 07:34:37.028486: | prop #: 1 (0x1) Sep 21 07:34:37.028488: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:34:37.028489: | spi size: 0 (0x0) Sep 21 07:34:37.028491: | # transforms: 3 (0x3) Sep 21 07:34:37.028493: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:34:37.028495: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:34:37.028496: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.028498: | length: 12 (0xc) Sep 21 07:34:37.028499: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:37.028501: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:34:37.028503: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:34:37.028505: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:37.028506: | length/value: 256 (0x100) Sep 21 07:34:37.028509: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:34:37.028511: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:34:37.028512: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.028514: | length: 8 (0x8) Sep 21 07:34:37.028515: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:34:37.028517: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:34:37.028519: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:34:37.028521: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:34:37.028522: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:37.028524: | length: 8 (0x8) Sep 21 07:34:37.028525: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:37.028527: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:34:37.028529: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:34:37.028531: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:34:37.028534: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:34:37.028535: | remote proposal 1 matches local proposal 1 Sep 21 07:34:37.028537: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Sep 21 07:34:37.028539: | converting proposal to internal trans attrs Sep 21 07:34:37.028550: | natd_hash: hasher=0x560a426cf7a0(20) Sep 21 07:34:37.028554: | natd_hash: icookie= ec ac 45 49 26 ce a8 51 Sep 21 07:34:37.028555: | natd_hash: rcookie= 02 3e 15 24 13 ee 01 0d Sep 21 07:34:37.028557: | natd_hash: ip= c0 01 02 2d Sep 21 07:34:37.028558: | natd_hash: port= 01 f4 Sep 21 07:34:37.028560: | natd_hash: hash= 78 f6 c3 25 a5 02 2d 09 1b c9 70 b4 95 4d cd 5a Sep 21 07:34:37.028561: | natd_hash: hash= 25 31 94 2f Sep 21 07:34:37.028565: | natd_hash: hasher=0x560a426cf7a0(20) Sep 21 07:34:37.028567: | natd_hash: icookie= ec ac 45 49 26 ce a8 51 Sep 21 07:34:37.028568: | natd_hash: rcookie= 02 3e 15 24 13 ee 01 0d Sep 21 07:34:37.028570: | natd_hash: ip= c0 01 02 17 Sep 21 07:34:37.028571: | natd_hash: port= 01 f4 Sep 21 07:34:37.028573: | natd_hash: hash= df 6b 3e 04 0f 0b 96 28 a7 2b 24 cd 5e da 41 1f Sep 21 07:34:37.028574: | natd_hash: hash= e8 91 be 98 Sep 21 07:34:37.028576: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:34:37.028577: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:34:37.028579: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:34:37.028581: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:34:37.028585: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:34:37.028587: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Sep 21 07:34:37.028589: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:34:37.028591: | #1 STATE_PARENT_I1: retransmits: cleared Sep 21 07:34:37.028593: | libevent_free: release ptr-libevent@0x560a42b64190 Sep 21 07:34:37.028595: | free_event_entry: release EVENT_RETRANSMIT-pe@0x560a42b64150 Sep 21 07:34:37.028597: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x560a42b64150 Sep 21 07:34:37.028599: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:34:37.028601: | libevent_malloc: new ptr-libevent@0x560a42b64190 size 128 Sep 21 07:34:37.028609: | #1 spent 0.185 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Sep 21 07:34:37.028612: | [RE]START processing: state #1 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:34:37.028612: | crypto helper 0 resuming Sep 21 07:34:37.028614: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Sep 21 07:34:37.028625: | crypto helper 0 starting work-order 2 for state #1 Sep 21 07:34:37.028626: | suspending state #1 and saving MD Sep 21 07:34:37.028632: | crypto helper 0 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Sep 21 07:34:37.028633: | #1 is busy; has a suspended MD Sep 21 07:34:37.028640: | [RE]START processing: state #1 connection "west" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:34:37.028643: | "west" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:34:37.028645: | stop processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:34:37.028648: | #1 spent 0.394 milliseconds in ikev2_process_packet() Sep 21 07:34:37.028651: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:34:37.028652: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:34:37.028654: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:37.028657: | spent 0.403 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:37.029546: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:34:37.030034: | crypto helper 0 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001402 seconds Sep 21 07:34:37.030046: | (#1) spent 1.4 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Sep 21 07:34:37.030049: | crypto helper 0 sending results from work-order 2 for state #1 to event queue Sep 21 07:34:37.030052: | scheduling resume sending helper answer for #1 Sep 21 07:34:37.030058: | libevent_malloc: new ptr-libevent@0x7f7410006b90 size 128 Sep 21 07:34:37.030066: | crypto helper 0 waiting (nothing to do) Sep 21 07:34:37.030101: | processing resume sending helper answer for #1 Sep 21 07:34:37.030109: | start processing: state #1 connection "west" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:34:37.030112: | crypto helper 0 replies to request ID 2 Sep 21 07:34:37.030114: | calling continuation function 0x560a425f9630 Sep 21 07:34:37.030116: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Sep 21 07:34:37.030123: | creating state object #2 at 0x560a42b669f0 Sep 21 07:34:37.030125: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:34:37.030127: | pstats #2 ikev2.child started Sep 21 07:34:37.030130: | duplicating state object #1 "west" as #2 for IPSEC SA Sep 21 07:34:37.030133: | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:34:37.030137: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:34:37.030140: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Sep 21 07:34:37.030143: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Sep 21 07:34:37.030145: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:37.030147: | libevent_free: release ptr-libevent@0x560a42b64190 Sep 21 07:34:37.030149: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x560a42b64150 Sep 21 07:34:37.030151: | event_schedule: new EVENT_SA_REPLACE-pe@0x560a42b64150 Sep 21 07:34:37.030153: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Sep 21 07:34:37.030155: | libevent_malloc: new ptr-libevent@0x560a42b64190 size 128 Sep 21 07:34:37.030158: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Sep 21 07:34:37.030162: | **emit ISAKMP Message: Sep 21 07:34:37.030163: | initiator cookie: Sep 21 07:34:37.030165: | ec ac 45 49 26 ce a8 51 Sep 21 07:34:37.030167: | responder cookie: Sep 21 07:34:37.030168: | 02 3e 15 24 13 ee 01 0d Sep 21 07:34:37.030170: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:37.030172: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:34:37.030173: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:34:37.030175: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:34:37.030177: | Message ID: 1 (0x1) Sep 21 07:34:37.030178: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:37.030180: | ***emit IKEv2 Encryption Payload: Sep 21 07:34:37.030182: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:37.030184: | flags: none (0x0) Sep 21 07:34:37.030186: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:34:37.030188: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:34:37.030190: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:34:37.030196: | IKEv2 CERT: send a certificate? Sep 21 07:34:37.030198: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Sep 21 07:34:37.030200: | IDr payload will be sent Sep 21 07:34:37.030210: | ****emit IKEv2 Identification - Initiator - Payload: Sep 21 07:34:37.030212: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:37.030214: | flags: none (0x0) Sep 21 07:34:37.030216: | ID type: ID_FQDN (0x2) Sep 21 07:34:37.030218: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Sep 21 07:34:37.030219: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:34:37.030223: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Sep 21 07:34:37.030225: | my identity 77 65 73 74 Sep 21 07:34:37.030227: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Sep 21 07:34:37.030233: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:34:37.030234: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:34:37.030236: | flags: none (0x0) Sep 21 07:34:37.030237: | ID type: ID_FQDN (0x2) Sep 21 07:34:37.030239: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Sep 21 07:34:37.030241: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:34:37.030243: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:34:37.030245: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Sep 21 07:34:37.030246: | IDr 65 61 73 74 Sep 21 07:34:37.030248: | emitting length of IKEv2 Identification - Responder - Payload: 12 Sep 21 07:34:37.030249: | not sending INITIAL_CONTACT Sep 21 07:34:37.030251: | ****emit IKEv2 Authentication Payload: Sep 21 07:34:37.030253: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:37.030254: | flags: none (0x0) Sep 21 07:34:37.030256: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:34:37.030258: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:34:37.030260: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:34:37.030262: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Sep 21 07:34:37.030265: | started looking for secret for @west->@east of kind PKK_PSK Sep 21 07:34:37.030267: | actually looking for secret for @west->@east of kind PKK_PSK Sep 21 07:34:37.030269: | line 1: key type PKK_PSK(@west) to type PKK_PSK Sep 21 07:34:37.030272: | 1: compared key @east to @west / @east -> 004 Sep 21 07:34:37.030274: | 2: compared key @west to @west / @east -> 014 Sep 21 07:34:37.030276: | line 1: match=014 Sep 21 07:34:37.030277: | match 014 beats previous best_match 000 match=0x560a42b54fb0 (line=1) Sep 21 07:34:37.030279: | concluding with best_match=014 best=0x560a42b54fb0 (lineno=1) Sep 21 07:34:37.030318: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Sep 21 07:34:37.030321: | PSK auth 51 b5 3b 0d 79 d6 c1 5c 5a b7 49 d6 74 86 0a be Sep 21 07:34:37.030322: | PSK auth e1 00 61 d7 c2 cc 58 53 99 02 fa f5 e4 84 6c 38 Sep 21 07:34:37.030324: | PSK auth 0b fe 48 e0 a4 43 f3 e9 d6 33 fb ec 26 02 9c 9a Sep 21 07:34:37.030325: | PSK auth cb 43 eb c5 ae bd 07 01 ab 95 a6 46 d2 31 a2 d7 Sep 21 07:34:37.030327: | emitting length of IKEv2 Authentication Payload: 72 Sep 21 07:34:37.030329: | getting first pending from state #1 Sep 21 07:34:37.030602: | netlink_get_spi: allocated 0x20f28e02 for esp.0@192.1.2.45 Sep 21 07:34:37.030605: | constructing ESP/AH proposals with all DH removed for west (IKE SA initiator emitting ESP/AH proposals) Sep 21 07:34:37.030610: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:34:37.030614: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:34:37.030616: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:34:37.030618: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:34:37.030620: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:34:37.030623: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:34:37.030624: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:34:37.030628: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:34:37.030633: "west": constructed local ESP/AH proposals for west (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:34:37.030640: | Emitting ikev2_proposals ... Sep 21 07:34:37.030642: | ****emit IKEv2 Security Association Payload: Sep 21 07:34:37.030644: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:37.030646: | flags: none (0x0) Sep 21 07:34:37.030648: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:34:37.030650: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:34:37.030651: | discarding INTEG=NONE Sep 21 07:34:37.030653: | discarding DH=NONE Sep 21 07:34:37.030654: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:34:37.030657: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:37.030659: | prop #: 1 (0x1) Sep 21 07:34:37.030662: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:34:37.030664: | spi size: 4 (0x4) Sep 21 07:34:37.030681: | # transforms: 2 (0x2) Sep 21 07:34:37.030683: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:34:37.030685: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:34:37.030686: | our spi 20 f2 8e 02 Sep 21 07:34:37.030688: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.030690: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.030691: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:37.030693: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:34:37.030695: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.030697: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:34:37.030699: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:37.030700: | length/value: 256 (0x100) Sep 21 07:34:37.030702: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:34:37.030705: | discarding INTEG=NONE Sep 21 07:34:37.030709: | discarding DH=NONE Sep 21 07:34:37.030714: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.030717: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:37.030720: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:34:37.030722: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:34:37.030726: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.030730: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.030733: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.030735: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:34:37.030737: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:34:37.030738: | discarding INTEG=NONE Sep 21 07:34:37.030740: | discarding DH=NONE Sep 21 07:34:37.030741: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:34:37.030743: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:37.030745: | prop #: 2 (0x2) Sep 21 07:34:37.030746: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:34:37.030748: | spi size: 4 (0x4) Sep 21 07:34:37.030751: | # transforms: 2 (0x2) Sep 21 07:34:37.030753: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:37.030755: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:34:37.030757: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:34:37.030759: | our spi 20 f2 8e 02 Sep 21 07:34:37.030761: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.030762: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.030764: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:37.030765: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:34:37.030767: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.030769: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:34:37.030771: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:37.030772: | length/value: 128 (0x80) Sep 21 07:34:37.030774: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:34:37.030775: | discarding INTEG=NONE Sep 21 07:34:37.030777: | discarding DH=NONE Sep 21 07:34:37.030778: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.030780: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:37.030782: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:34:37.030792: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:34:37.030794: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.030796: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.030797: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.030799: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:34:37.030801: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:34:37.030802: | discarding DH=NONE Sep 21 07:34:37.030804: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:34:37.030805: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:37.030807: | prop #: 3 (0x3) Sep 21 07:34:37.030809: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:34:37.030810: | spi size: 4 (0x4) Sep 21 07:34:37.030812: | # transforms: 4 (0x4) Sep 21 07:34:37.030814: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:37.030815: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:34:37.030817: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:34:37.030819: | our spi 20 f2 8e 02 Sep 21 07:34:37.030820: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.030822: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.030823: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:37.030825: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:34:37.030827: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.030828: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:34:37.030830: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:37.030832: | length/value: 256 (0x100) Sep 21 07:34:37.030833: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:34:37.030835: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.030836: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.030838: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:34:37.030841: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:34:37.030843: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.030845: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.030846: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.030848: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.030849: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.030851: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:34:37.030852: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:34:37.030854: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.030856: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.030858: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.030859: | discarding DH=NONE Sep 21 07:34:37.030861: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.030862: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:37.030864: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:34:37.030865: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:34:37.030867: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.030869: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.030871: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.030872: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:34:37.030874: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:34:37.030875: | discarding DH=NONE Sep 21 07:34:37.030877: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:34:37.030879: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:34:37.030880: | prop #: 4 (0x4) Sep 21 07:34:37.030882: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:34:37.030883: | spi size: 4 (0x4) Sep 21 07:34:37.030885: | # transforms: 4 (0x4) Sep 21 07:34:37.030887: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:37.030888: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:34:37.030890: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:34:37.030892: | our spi 20 f2 8e 02 Sep 21 07:34:37.030893: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.030895: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.030896: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:37.030898: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:34:37.030899: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.030901: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:34:37.030903: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:37.030904: | length/value: 128 (0x80) Sep 21 07:34:37.030906: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:34:37.030907: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.030909: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.030911: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:34:37.030912: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:34:37.030915: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.030917: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.030918: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.030920: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.030921: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.030923: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:34:37.030925: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:34:37.030926: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.030928: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.030930: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.030931: | discarding DH=NONE Sep 21 07:34:37.030933: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:37.030934: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:37.030936: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:34:37.030937: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:34:37.030939: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.030941: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:37.030943: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:37.030944: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:34:37.030946: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:34:37.030948: | emitting length of IKEv2 Security Association Payload: 164 Sep 21 07:34:37.030949: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:34:37.030952: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:34:37.030954: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:37.030955: | flags: none (0x0) Sep 21 07:34:37.030957: | number of TS: 1 (0x1) Sep 21 07:34:37.030959: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:34:37.030961: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:34:37.030963: | *****emit IKEv2 Traffic Selector: Sep 21 07:34:37.030964: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:34:37.030966: | IP Protocol ID: 0 (0x0) Sep 21 07:34:37.030967: | start port: 0 (0x0) Sep 21 07:34:37.030969: | end port: 65535 (0xffff) Sep 21 07:34:37.030971: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:34:37.030973: | IP start c0 00 01 00 Sep 21 07:34:37.030974: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:34:37.030976: | IP end c0 00 01 ff Sep 21 07:34:37.030977: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:34:37.030979: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:34:37.030981: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:34:37.030982: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:37.030984: | flags: none (0x0) Sep 21 07:34:37.030985: | number of TS: 1 (0x1) Sep 21 07:34:37.030987: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:34:37.030990: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:34:37.030991: | *****emit IKEv2 Traffic Selector: Sep 21 07:34:37.030993: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:34:37.030995: | IP Protocol ID: 0 (0x0) Sep 21 07:34:37.030996: | start port: 0 (0x0) Sep 21 07:34:37.030998: | end port: 65535 (0xffff) Sep 21 07:34:37.030999: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:34:37.031001: | IP start c0 00 02 00 Sep 21 07:34:37.031002: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:34:37.031004: | IP end c0 00 02 ff Sep 21 07:34:37.031005: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:34:37.031007: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:34:37.031009: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:34:37.031010: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:34:37.031012: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:34:37.031014: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:34:37.031016: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:34:37.031018: | emitting length of IKEv2 Encryption Payload: 337 Sep 21 07:34:37.031020: | emitting length of ISAKMP Message: 365 Sep 21 07:34:37.031033: | suspend processing: state #1 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:34:37.031049: | start processing: state #2 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:34:37.031052: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Sep 21 07:34:37.031053: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Sep 21 07:34:37.031056: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Sep 21 07:34:37.031057: | Message ID: updating counters for #2 to 0 after switching state Sep 21 07:34:37.031060: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Sep 21 07:34:37.031063: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Sep 21 07:34:37.031066: "west" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:34:37.031073: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Sep 21 07:34:37.031077: | sending 365 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:34:37.031078: | ec ac 45 49 26 ce a8 51 02 3e 15 24 13 ee 01 0d Sep 21 07:34:37.031080: | 2e 20 23 08 00 00 00 01 00 00 01 6d 23 00 01 51 Sep 21 07:34:37.031082: | 86 a2 cb 30 68 1a ec d4 aa a1 3f 49 1e c2 46 10 Sep 21 07:34:37.031084: | f6 8d 0a 11 bf 1b 6d 7b cf ee c8 23 2d d5 be 03 Sep 21 07:34:37.031086: | 52 9c 52 64 cb 0a 7f 0c 9d 60 09 23 01 b8 96 db Sep 21 07:34:37.031088: | f5 64 1d 66 c8 3a ef 55 cb 8a 5b 05 27 df ac e3 Sep 21 07:34:37.031105: | b9 7f 7c a3 ea d7 fa e0 b1 54 3d ac ef 80 df f4 Sep 21 07:34:37.031106: | 07 d6 c2 b4 56 55 72 26 ba 6c d2 cc 7b 9d 87 50 Sep 21 07:34:37.031108: | 98 6f 7e d2 e1 1c 6e 50 74 6f 15 96 56 02 b1 45 Sep 21 07:34:37.031109: | 2b 2d 88 0a ad cf 6d ab 88 74 2e dc 90 13 e0 40 Sep 21 07:34:37.031111: | fa dd a6 d8 50 76 93 e8 6f b5 52 63 04 fa 45 97 Sep 21 07:34:37.031112: | ba 50 57 d4 89 e7 39 db 4c 98 1f 0c 77 bc c7 5d Sep 21 07:34:37.031114: | d7 f4 af 78 81 93 ee ff d5 98 55 d8 fe 04 17 39 Sep 21 07:34:37.031115: | 46 e8 4c c5 86 7f 2e b7 ef 98 b7 a8 50 c0 12 4f Sep 21 07:34:37.031118: | 56 98 82 5c 36 3b f1 ec e6 cf 1d 2d b9 6a 53 35 Sep 21 07:34:37.031120: | fb 0a a2 3e 6e 10 f3 20 25 67 ca 27 83 2f 7d cb Sep 21 07:34:37.031121: | 0c 32 2a ea f8 fd 2e 63 df 35 77 73 8a 39 0b a4 Sep 21 07:34:37.031123: | d9 08 a0 af a5 a4 24 24 ef 2b d6 04 dd 78 60 48 Sep 21 07:34:37.031124: | f3 14 5a 6f 52 f4 63 ed 8c 80 21 e2 d1 26 87 b1 Sep 21 07:34:37.031125: | c1 85 d8 ec 20 e9 b5 0c 0b 51 6a 18 90 a3 52 e0 Sep 21 07:34:37.031127: | b8 09 a9 67 4b 6b ad cf 12 30 1b bc 32 58 ee 6b Sep 21 07:34:37.031128: | ab 0d 26 f1 a3 9f 59 7d 8f 90 0e a0 f9 d4 be 8c Sep 21 07:34:37.031130: | a2 c0 b0 48 fb bf b4 21 10 4f 33 dd 1c Sep 21 07:34:37.031157: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:34:37.031161: | event_schedule: new EVENT_RETRANSMIT-pe@0x560a42b63df0 Sep 21 07:34:37.031163: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Sep 21 07:34:37.031166: | libevent_malloc: new ptr-libevent@0x560a42b674b0 size 128 Sep 21 07:34:37.031169: | #2 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49923.399425 Sep 21 07:34:37.031171: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:34:37.031175: | #1 spent 1.04 milliseconds in resume sending helper answer Sep 21 07:34:37.031178: | stop processing: state #2 connection "west" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:34:37.031180: | libevent_free: release ptr-libevent@0x7f7410006b90 Sep 21 07:34:37.066098: | spent 0.00275 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:37.066122: | *received 225 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:34:37.066126: | ec ac 45 49 26 ce a8 51 02 3e 15 24 13 ee 01 0d Sep 21 07:34:37.066128: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Sep 21 07:34:37.066131: | ed 70 49 15 af 86 1c 6f 6c d0 bd 2d 31 99 29 c9 Sep 21 07:34:37.066133: | bc 15 1c 5b d1 6f 8c 03 fa 76 e1 69 a8 ef f3 a1 Sep 21 07:34:37.066135: | 51 b7 19 6d a3 28 bf 36 0e 4b 5d f4 72 41 ea d6 Sep 21 07:34:37.066138: | 34 e0 7f f4 0a 8e a4 b9 ae 4f f7 92 b2 14 05 a4 Sep 21 07:34:37.066140: | ae 8c a8 0f f0 d6 05 9a 1d e7 bc 90 82 11 96 1e Sep 21 07:34:37.066142: | ad 4c 17 52 cc 66 14 e5 5e 2a f2 0a e8 2d a4 dd Sep 21 07:34:37.066145: | 7a a8 fb ea 56 df 19 c8 a5 32 f1 35 89 7c 1d ec Sep 21 07:34:37.066147: | d1 a4 c9 14 c0 50 af ff 57 c1 dc e2 2a 34 6a ba Sep 21 07:34:37.066149: | a8 e5 4a c2 7d 1a 90 a1 71 85 68 9b 1a 44 39 d7 Sep 21 07:34:37.066152: | fe 59 94 6a 02 a4 7b a6 2b e4 67 d8 55 57 c5 5f Sep 21 07:34:37.066154: | 45 b0 95 9a 94 55 14 87 fa 0c 2a 7c e2 8d 76 81 Sep 21 07:34:37.066156: | c4 e7 0b b5 53 4e 5c db 28 dc d9 97 d9 78 30 98 Sep 21 07:34:37.066158: | 5a Sep 21 07:34:37.066176: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:37.066179: | **parse ISAKMP Message: Sep 21 07:34:37.066182: | initiator cookie: Sep 21 07:34:37.066184: | ec ac 45 49 26 ce a8 51 Sep 21 07:34:37.066186: | responder cookie: Sep 21 07:34:37.066189: | 02 3e 15 24 13 ee 01 0d Sep 21 07:34:37.066191: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:34:37.066194: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:34:37.066197: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:34:37.066214: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:34:37.066217: | Message ID: 1 (0x1) Sep 21 07:34:37.066219: | length: 225 (0xe1) Sep 21 07:34:37.066222: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:34:37.066226: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:34:37.066230: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:34:37.066249: | start processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:34:37.066255: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:34:37.066259: | suspend processing: state #1 connection "west" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:34:37.066263: | start processing: state #2 connection "west" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:34:37.066266: | #2 is idle Sep 21 07:34:37.066268: | #2 idle Sep 21 07:34:37.066270: | unpacking clear payload Sep 21 07:34:37.066273: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:34:37.066276: | ***parse IKEv2 Encryption Payload: Sep 21 07:34:37.066278: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:34:37.066281: | flags: none (0x0) Sep 21 07:34:37.066283: | length: 197 (0xc5) Sep 21 07:34:37.066286: | processing payload: ISAKMP_NEXT_v2SK (len=193) Sep 21 07:34:37.066288: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:34:37.066306: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:34:37.066308: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:34:37.066311: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:34:37.066314: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:34:37.066316: | flags: none (0x0) Sep 21 07:34:37.066318: | length: 12 (0xc) Sep 21 07:34:37.066321: | ID type: ID_FQDN (0x2) Sep 21 07:34:37.066323: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Sep 21 07:34:37.066326: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:34:37.066328: | **parse IKEv2 Authentication Payload: Sep 21 07:34:37.066331: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:34:37.066333: | flags: none (0x0) Sep 21 07:34:37.066335: | length: 72 (0x48) Sep 21 07:34:37.066338: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:34:37.066340: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Sep 21 07:34:37.066343: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:34:37.066360: | **parse IKEv2 Security Association Payload: Sep 21 07:34:37.066362: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:34:37.066365: | flags: none (0x0) Sep 21 07:34:37.066367: | length: 36 (0x24) Sep 21 07:34:37.066369: | processing payload: ISAKMP_NEXT_v2SA (len=32) Sep 21 07:34:37.066372: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:34:37.066374: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:34:37.066377: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:34:37.066379: | flags: none (0x0) Sep 21 07:34:37.066382: | length: 24 (0x18) Sep 21 07:34:37.066384: | number of TS: 1 (0x1) Sep 21 07:34:37.066386: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:34:37.066389: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:34:37.066391: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:34:37.066394: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:37.066396: | flags: none (0x0) Sep 21 07:34:37.066399: | length: 24 (0x18) Sep 21 07:34:37.066401: | number of TS: 1 (0x1) Sep 21 07:34:37.066404: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:34:37.066406: | selected state microcode Initiator: process IKE_AUTH response Sep 21 07:34:37.066409: | Now let's proceed with state specific processing Sep 21 07:34:37.066411: | calling processor Initiator: process IKE_AUTH response Sep 21 07:34:37.066417: | offered CA: '%none' Sep 21 07:34:37.066421: "west" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Sep 21 07:34:37.066458: | verifying AUTH payload Sep 21 07:34:37.066462: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Sep 21 07:34:37.066467: | started looking for secret for @west->@east of kind PKK_PSK Sep 21 07:34:37.066470: | actually looking for secret for @west->@east of kind PKK_PSK Sep 21 07:34:37.066473: | line 1: key type PKK_PSK(@west) to type PKK_PSK Sep 21 07:34:37.066477: | 1: compared key @east to @west / @east -> 004 Sep 21 07:34:37.066480: | 2: compared key @west to @west / @east -> 014 Sep 21 07:34:37.066484: | line 1: match=014 Sep 21 07:34:37.066487: | match 014 beats previous best_match 000 match=0x560a42b54fb0 (line=1) Sep 21 07:34:37.066490: | concluding with best_match=014 best=0x560a42b54fb0 (lineno=1) Sep 21 07:34:37.066553: "west" #2: Authenticated using authby=secret Sep 21 07:34:37.066561: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Sep 21 07:34:37.066566: | #1 will start re-keying in 3580 seconds with margin of 20 seconds (attempting re-key) Sep 21 07:34:37.066569: | state #1 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:34:37.066573: | libevent_free: release ptr-libevent@0x560a42b64190 Sep 21 07:34:37.066576: | free_event_entry: release EVENT_SA_REPLACE-pe@0x560a42b64150 Sep 21 07:34:37.066579: | event_schedule: new EVENT_SA_REKEY-pe@0x560a42b64150 Sep 21 07:34:37.066582: | inserting event EVENT_SA_REKEY, timeout in 3580 seconds for #1 Sep 21 07:34:37.066585: | libevent_malloc: new ptr-libevent@0x560a42b64190 size 128 Sep 21 07:34:37.066668: | pstats #1 ikev2.ike established Sep 21 07:34:37.066673: | TSi: parsing 1 traffic selectors Sep 21 07:34:37.066676: | ***parse IKEv2 Traffic Selector: Sep 21 07:34:37.066679: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:34:37.066682: | IP Protocol ID: 0 (0x0) Sep 21 07:34:37.066684: | length: 16 (0x10) Sep 21 07:34:37.066687: | start port: 0 (0x0) Sep 21 07:34:37.066689: | end port: 65535 (0xffff) Sep 21 07:34:37.066692: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:34:37.066695: | TS low c0 00 01 00 Sep 21 07:34:37.066697: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:34:37.066699: | TS high c0 00 01 ff Sep 21 07:34:37.066702: | TSi: parsed 1 traffic selectors Sep 21 07:34:37.066704: | TSr: parsing 1 traffic selectors Sep 21 07:34:37.066707: | ***parse IKEv2 Traffic Selector: Sep 21 07:34:37.066709: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:34:37.066712: | IP Protocol ID: 0 (0x0) Sep 21 07:34:37.066714: | length: 16 (0x10) Sep 21 07:34:37.066716: | start port: 0 (0x0) Sep 21 07:34:37.066719: | end port: 65535 (0xffff) Sep 21 07:34:37.066721: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:34:37.066724: | TS low c0 00 02 00 Sep 21 07:34:37.066726: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:34:37.066728: | TS high c0 00 02 ff Sep 21 07:34:37.066731: | TSr: parsed 1 traffic selectors Sep 21 07:34:37.066737: | evaluating our conn="west" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:34:37.066742: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:34:37.066750: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Sep 21 07:34:37.066753: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:34:37.066755: | TSi[0] port match: YES fitness 65536 Sep 21 07:34:37.066758: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:34:37.066761: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:34:37.066766: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:34:37.066772: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:34:37.066775: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:34:37.066777: | TSr[0] port match: YES fitness 65536 Sep 21 07:34:37.066780: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:34:37.066787: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:34:37.066792: | best fit so far: TSi[0] TSr[0] Sep 21 07:34:37.066794: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:34:37.066796: | printing contents struct traffic_selector Sep 21 07:34:37.066799: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:34:37.066801: | ipprotoid: 0 Sep 21 07:34:37.066803: | port range: 0-65535 Sep 21 07:34:37.066807: | ip range: 192.0.1.0-192.0.1.255 Sep 21 07:34:37.066812: | printing contents struct traffic_selector Sep 21 07:34:37.066814: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:34:37.066817: | ipprotoid: 0 Sep 21 07:34:37.066819: | port range: 0-65535 Sep 21 07:34:37.066823: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:34:37.066836: | using existing local ESP/AH proposals for west (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:34:37.066839: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Sep 21 07:34:37.066843: | local proposal 1 type ENCR has 1 transforms Sep 21 07:34:37.066845: | local proposal 1 type PRF has 0 transforms Sep 21 07:34:37.066848: | local proposal 1 type INTEG has 1 transforms Sep 21 07:34:37.066850: | local proposal 1 type DH has 1 transforms Sep 21 07:34:37.066853: | local proposal 1 type ESN has 1 transforms Sep 21 07:34:37.066856: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:34:37.066859: | local proposal 2 type ENCR has 1 transforms Sep 21 07:34:37.066861: | local proposal 2 type PRF has 0 transforms Sep 21 07:34:37.066864: | local proposal 2 type INTEG has 1 transforms Sep 21 07:34:37.066866: | local proposal 2 type DH has 1 transforms Sep 21 07:34:37.066868: | local proposal 2 type ESN has 1 transforms Sep 21 07:34:37.066871: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:34:37.066874: | local proposal 3 type ENCR has 1 transforms Sep 21 07:34:37.066876: | local proposal 3 type PRF has 0 transforms Sep 21 07:34:37.066879: | local proposal 3 type INTEG has 2 transforms Sep 21 07:34:37.066881: | local proposal 3 type DH has 1 transforms Sep 21 07:34:37.066884: | local proposal 3 type ESN has 1 transforms Sep 21 07:34:37.066887: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:34:37.066889: | local proposal 4 type ENCR has 1 transforms Sep 21 07:34:37.066892: | local proposal 4 type PRF has 0 transforms Sep 21 07:34:37.066894: | local proposal 4 type INTEG has 2 transforms Sep 21 07:34:37.066897: | local proposal 4 type DH has 1 transforms Sep 21 07:34:37.066899: | local proposal 4 type ESN has 1 transforms Sep 21 07:34:37.066902: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:34:37.066905: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:34:37.066908: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:34:37.066910: | length: 32 (0x20) Sep 21 07:34:37.066912: | prop #: 1 (0x1) Sep 21 07:34:37.066915: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:34:37.066917: | spi size: 4 (0x4) Sep 21 07:34:37.066920: | # transforms: 2 (0x2) Sep 21 07:34:37.066923: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:34:37.066925: | remote SPI 02 9d 13 1f Sep 21 07:34:37.066928: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:34:37.066932: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:34:37.066934: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:37.066937: | length: 12 (0xc) Sep 21 07:34:37.066939: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:37.066942: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:34:37.066944: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:34:37.066947: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:37.066949: | length/value: 256 (0x100) Sep 21 07:34:37.066954: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:34:37.066956: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:34:37.066959: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:37.066963: | length: 8 (0x8) Sep 21 07:34:37.066965: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:34:37.066968: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:34:37.066971: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:34:37.066975: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Sep 21 07:34:37.066979: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Sep 21 07:34:37.066982: | remote proposal 1 matches local proposal 1 Sep 21 07:34:37.066984: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Sep 21 07:34:37.066989: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=029d131f;ENCR=AES_GCM_C_256;ESN=DISABLED Sep 21 07:34:37.066992: | converting proposal to internal trans attrs Sep 21 07:34:37.066998: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:34:37.067167: | #1 spent 1.05 milliseconds Sep 21 07:34:37.067172: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:34:37.067174: | could_route called for west (kind=CK_PERMANENT) Sep 21 07:34:37.067177: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:37.067180: | conn west mark 0/00000000, 0/00000000 vs Sep 21 07:34:37.067183: | conn west mark 0/00000000, 0/00000000 Sep 21 07:34:37.067188: | route owner of "west" unrouted: NULL; eroute owner: NULL Sep 21 07:34:37.067191: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:34:37.067194: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:34:37.067197: | AES_GCM_16 requires 4 salt bytes Sep 21 07:34:37.067200: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:34:37.067204: | setting IPsec SA replay-window to 32 Sep 21 07:34:37.067207: | NIC esp-hw-offload not for connection 'west' not available on interface eth1 Sep 21 07:34:37.067210: | netlink: enabling tunnel mode Sep 21 07:34:37.067212: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:37.067215: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:37.067298: | netlink response for Add SA esp.29d131f@192.1.2.23 included non-error error Sep 21 07:34:37.067301: | set up outgoing SA, ref=0/0 Sep 21 07:34:37.067304: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:34:37.067307: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:34:37.067309: | AES_GCM_16 requires 4 salt bytes Sep 21 07:34:37.067312: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:34:37.067315: | setting IPsec SA replay-window to 32 Sep 21 07:34:37.067318: | NIC esp-hw-offload not for connection 'west' not available on interface eth1 Sep 21 07:34:37.067320: | netlink: enabling tunnel mode Sep 21 07:34:37.067323: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:37.067340: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:37.067399: | netlink response for Add SA esp.20f28e02@192.1.2.45 included non-error error Sep 21 07:34:37.067403: | priority calculation of connection "west" is 0xfe7e7 Sep 21 07:34:37.067423: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) Sep 21 07:34:37.067426: | IPsec Sa SPD priority set to 1042407 Sep 21 07:34:37.067496: | raw_eroute result=success Sep 21 07:34:37.067499: | set up incoming SA, ref=0/0 Sep 21 07:34:37.067514: | sr for #2: unrouted Sep 21 07:34:37.067517: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:34:37.067519: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:37.067522: | conn west mark 0/00000000, 0/00000000 vs Sep 21 07:34:37.067537: | conn west mark 0/00000000, 0/00000000 Sep 21 07:34:37.067540: | route owner of "west" unrouted: NULL; eroute owner: NULL Sep 21 07:34:37.067544: | route_and_eroute with c: west (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:34:37.067549: | priority calculation of connection "west" is 0xfe7e7 Sep 21 07:34:37.067556: | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:34:37.067559: | IPsec Sa SPD priority set to 1042407 Sep 21 07:34:37.067581: | raw_eroute result=success Sep 21 07:34:37.067584: | running updown command "ipsec _updown" for verb up Sep 21 07:34:37.067587: | command executing up-client Sep 21 07:34:37.067613: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x29d131f SPI_OUT=0x2 Sep 21 07:34:37.067617: | popen cmd is 1022 chars long Sep 21 07:34:37.067620: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTERFA: Sep 21 07:34:37.067623: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' : Sep 21 07:34:37.067626: | cmd( 160):PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_M: Sep 21 07:34:37.067628: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638: Sep 21 07:34:37.067631: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_: Sep 21 07:34:37.067633: | cmd( 400):CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK=': Sep 21 07:34:37.067636: | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: Sep 21 07:34:37.067639: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+: Sep 21 07:34:37.067641: | cmd( 640):IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL: Sep 21 07:34:37.067644: | cmd( 720):UTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS: Sep 21 07:34:37.067646: | cmd( 800):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU: Sep 21 07:34:37.067649: | cmd( 880):TO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR: Sep 21 07:34:37.067652: | cmd( 960):ED='no' SPI_IN=0x29d131f SPI_OUT=0x20f28e02 ipsec _updown 2>&1: Sep 21 07:34:37.076714: | route_and_eroute: firewall_notified: true Sep 21 07:34:37.076727: | running updown command "ipsec _updown" for verb prepare Sep 21 07:34:37.076729: | command executing prepare-client Sep 21 07:34:37.076750: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x29d131f S Sep 21 07:34:37.076756: | popen cmd is 1027 chars long Sep 21 07:34:37.076758: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_IN: Sep 21 07:34:37.076760: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: Sep 21 07:34:37.076762: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: Sep 21 07:34:37.076764: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: Sep 21 07:34:37.076765: | cmd( 320):'16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_: Sep 21 07:34:37.076767: | cmd( 400):PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_M: Sep 21 07:34:37.076768: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': Sep 21 07:34:37.076770: | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: Sep 21 07:34:37.076772: | cmd( 640):S+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: Sep 21 07:34:37.076773: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: Sep 21 07:34:37.076775: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: Sep 21 07:34:37.076777: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: Sep 21 07:34:37.076778: | cmd( 960):_SHARED='no' SPI_IN=0x29d131f SPI_OUT=0x20f28e02 ipsec _updown 2>&1: Sep 21 07:34:37.086222: | running updown command "ipsec _updown" for verb route Sep 21 07:34:37.086247: | command executing route-client Sep 21 07:34:37.086268: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x29d131f SPI_O Sep 21 07:34:37.086271: | popen cmd is 1025 chars long Sep 21 07:34:37.086273: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTE: Sep 21 07:34:37.086275: | cmd( 80):RFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@wes: Sep 21 07:34:37.086276: | cmd( 160):t' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIEN: Sep 21 07:34:37.086278: | cmd( 240):T_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1: Sep 21 07:34:37.086280: | cmd( 320):6388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PE: Sep 21 07:34:37.086281: | cmd( 400):ER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MAS: Sep 21 07:34:37.086283: | cmd( 480):K='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' P: Sep 21 07:34:37.086284: | cmd( 560):LUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+: Sep 21 07:34:37.086286: | cmd( 640):UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT': Sep 21 07:34:37.086290: | cmd( 720): PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: Sep 21 07:34:37.086292: | cmd( 800):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : Sep 21 07:34:37.086294: | cmd( 880):PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: Sep 21 07:34:37.086295: | cmd( 960):HARED='no' SPI_IN=0x29d131f SPI_OUT=0x20f28e02 ipsec _updown 2>&1: Sep 21 07:34:37.096589: | route_and_eroute: instance "west", setting eroute_owner {spd=0x560a42b60940,sr=0x560a42b60940} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:34:37.097008: | #1 spent 1.3 milliseconds in install_ipsec_sa() Sep 21 07:34:37.097015: | inR2: instance west[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:34:37.097018: | state #2 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:34:37.097020: | #2 STATE_PARENT_I2: retransmits: cleared Sep 21 07:34:37.097024: | libevent_free: release ptr-libevent@0x560a42b674b0 Sep 21 07:34:37.097026: | free_event_entry: release EVENT_RETRANSMIT-pe@0x560a42b63df0 Sep 21 07:34:37.097030: | #2 spent 2.09 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Sep 21 07:34:37.097035: | [RE]START processing: state #2 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:34:37.097038: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Sep 21 07:34:37.097040: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Sep 21 07:34:37.097043: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:34:37.097045: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:34:37.097049: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Sep 21 07:34:37.097052: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:34:37.097054: | pstats #2 ikev2.child established Sep 21 07:34:37.097060: "west" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Sep 21 07:34:37.097068: | NAT-T: encaps is 'auto' Sep 21 07:34:37.097072: "west" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x029d131f <0x20f28e02 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=active} Sep 21 07:34:37.097075: | releasing whack for #2 (sock=fd@25) Sep 21 07:34:37.097078: | close_any(fd@25) (in release_whack() at state.c:654) Sep 21 07:34:37.097080: | releasing whack and unpending for parent #1 Sep 21 07:34:37.097082: | unpending state #1 connection "west" Sep 21 07:34:37.097085: | delete from pending Child SA with 192.1.2.23 "west" Sep 21 07:34:37.097088: | removing pending policy for no connection {0x560a42aea600} Sep 21 07:34:37.097094: | close_any(fd@24) (in release_whack() at state.c:654) Sep 21 07:34:37.097098: | #2 will start re-keying in 20 seconds with margin of 20 seconds (attempting re-key) Sep 21 07:34:37.097100: | event_schedule: new EVENT_SA_REKEY-pe@0x560a42b63df0 Sep 21 07:34:37.097102: | inserting event EVENT_SA_REKEY, timeout in 20 seconds for #2 Sep 21 07:34:37.097105: | libevent_malloc: new ptr-libevent@0x560a42b674b0 size 128 Sep 21 07:34:37.097108: | dpd enabled, scheduling ikev2 liveness checks Sep 21 07:34:37.097109: | event_schedule: new EVENT_v2_LIVENESS-pe@0x560a42ae66f0 Sep 21 07:34:37.097112: | inserting event EVENT_v2_LIVENESS, timeout in 3 seconds for #2 Sep 21 07:34:37.097113: | libevent_malloc: new ptr-libevent@0x560a42b66180 size 128 Sep 21 07:34:37.097117: | stop processing: state #2 connection "west" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:34:37.097120: | #1 spent 2.48 milliseconds in ikev2_process_packet() Sep 21 07:34:37.097126: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:34:37.097128: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:34:37.097130: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:37.097133: | spent 2.5 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:37.097142: | processing signal PLUTO_SIGCHLD Sep 21 07:34:37.097146: | waitpid returned ECHILD (no child processes left) Sep 21 07:34:37.097149: | spent 0.0038 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:34:37.097150: | processing signal PLUTO_SIGCHLD Sep 21 07:34:37.097153: | waitpid returned ECHILD (no child processes left) Sep 21 07:34:37.097155: | spent 0.00237 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:34:37.097157: | processing signal PLUTO_SIGCHLD Sep 21 07:34:37.097159: | waitpid returned ECHILD (no child processes left) Sep 21 07:34:37.097161: | spent 0.00234 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:34:40.069841: | timer_event_cb: processing event@0x560a42ae66f0 Sep 21 07:34:40.069854: | handling event EVENT_v2_LIVENESS for child state #2 Sep 21 07:34:40.069860: | start processing: state #2 connection "west" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:40.069864: | [RE]START processing: state #2 connection "west" from 192.1.2.23:500 (in liveness_check() at timer.c:113) Sep 21 07:34:40.069869: | get_sa_info esp.20f28e02@192.1.2.45 Sep 21 07:34:40.069882: | #2 liveness_check - peer 192.1.2.23 is ok schedule new Sep 21 07:34:40.069885: | event_schedule: new EVENT_v2_LIVENESS-pe@0x7f7418002b20 Sep 21 07:34:40.069887: | inserting event EVENT_v2_LIVENESS, timeout in 3 seconds for #2 Sep 21 07:34:40.069890: | libevent_malloc: new ptr-libevent@0x560a42b66210 size 128 Sep 21 07:34:40.069893: | libevent_free: release ptr-libevent@0x560a42b66180 Sep 21 07:34:40.069895: | free_event_entry: release EVENT_v2_LIVENESS-pe@0x560a42ae66f0 Sep 21 07:34:40.069900: | #2 spent 0.061 milliseconds in timer_event_cb() EVENT_v2_LIVENESS Sep 21 07:34:40.069903: | stop processing: state #2 connection "west" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:40.347030: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:40.347047: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:34:40.347050: | FOR_EACH_STATE_... in sort_states Sep 21 07:34:40.347057: | get_sa_info esp.20f28e02@192.1.2.45 Sep 21 07:34:40.347070: | get_sa_info esp.29d131f@192.1.2.23 Sep 21 07:34:40.347086: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:34:40.347091: | spent 0.07 milliseconds in whack