Sep 21 07:34:30.361572: FIPS Product: YES
Sep 21 07:34:30.361610: FIPS Kernel: NO
Sep 21 07:34:30.361613: FIPS Mode: NO
Sep 21 07:34:30.361616: NSS DB directory: sql:/etc/ipsec.d
Sep 21 07:34:30.361778: Initializing NSS
Sep 21 07:34:30.361782: Opening NSS database "sql:/etc/ipsec.d" read-only
Sep 21 07:34:30.408399: NSS initialized
Sep 21 07:34:30.408418: NSS crypto library initialized
Sep 21 07:34:30.408421: FIPS HMAC integrity support [enabled]
Sep 21 07:34:30.408423: FIPS mode disabled for pluto daemon
Sep 21 07:34:30.479884: FIPS HMAC integrity verification self-test FAILED
Sep 21 07:34:30.479980: libcap-ng support [enabled]
Sep 21 07:34:30.479987: Linux audit support [enabled]
Sep 21 07:34:30.480008: Linux audit activated
Sep 21 07:34:30.480014: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:9815
Sep 21 07:34:30.480016: core dump dir: /tmp
Sep 21 07:34:30.480018: secrets file: /etc/ipsec.secrets
Sep 21 07:34:30.480019: leak-detective disabled
Sep 21 07:34:30.480020: NSS crypto [enabled]
Sep 21 07:34:30.480022: XAUTH PAM support [enabled]
Sep 21 07:34:30.480087: | libevent is using pluto's memory allocator
Sep 21 07:34:30.480094: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800)
Sep 21 07:34:30.480107: | libevent_malloc: new ptr-libevent@0x55d95cd78390 size 40
Sep 21 07:34:30.480114: | libevent_malloc: new ptr-libevent@0x55d95cd783c0 size 40
Sep 21 07:34:30.480117: | libevent_malloc: new ptr-libevent@0x55d95cd79690 size 40
Sep 21 07:34:30.480120: | creating event base
Sep 21 07:34:30.480123: | libevent_malloc: new ptr-libevent@0x55d95cd79650 size 56
Sep 21 07:34:30.480126: | libevent_malloc: new ptr-libevent@0x55d95cd796c0 size 664
Sep 21 07:34:30.480138: | libevent_malloc: new ptr-libevent@0x55d95cd79960 size 24
Sep 21 07:34:30.480143: | libevent_malloc: new ptr-libevent@0x55d95cd6b130 size 384
Sep 21 07:34:30.480152: | libevent_malloc: new ptr-libevent@0x55d95cd79980 size 16
Sep 21 07:34:30.480155: | libevent_malloc: new ptr-libevent@0x55d95cd799a0 size 40
Sep 21 07:34:30.480158: | libevent_malloc: new ptr-libevent@0x55d95cd799d0 size 48
Sep 21 07:34:30.480165: | libevent_realloc: new ptr-libevent@0x55d95ccfb370 size 256
Sep 21 07:34:30.480168: | libevent_malloc: new ptr-libevent@0x55d95cd79a10 size 16
Sep 21 07:34:30.480173: | libevent_free: release ptr-libevent@0x55d95cd79650
Sep 21 07:34:30.480177: | libevent initialized
Sep 21 07:34:30.480181: | libevent_realloc: new ptr-libevent@0x55d95cd79a30 size 64
Sep 21 07:34:30.480184: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds
Sep 21 07:34:30.480200: | init_nat_traversal() initialized with keep_alive=0s
Sep 21 07:34:30.480203: NAT-Traversal support  [enabled]
Sep 21 07:34:30.480206: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized
Sep 21 07:34:30.480212: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized
Sep 21 07:34:30.480216: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds
Sep 21 07:34:30.480253: | global one-shot timer EVENT_REVIVE_CONNS initialized
Sep 21 07:34:30.480256: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds
Sep 21 07:34:30.480259: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds
Sep 21 07:34:30.480306: Encryption algorithms:
Sep 21 07:34:30.480316:   AES_CCM_16              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm, aes_ccm_c
Sep 21 07:34:30.480320:   AES_CCM_12              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_b
Sep 21 07:34:30.480323:   AES_CCM_8               IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_a
Sep 21 07:34:30.480326:   3DES_CBC                IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  [*192]  3des
Sep 21 07:34:30.480329:   CAMELLIA_CTR            IKEv1:     ESP     IKEv2:     ESP           {256,192,*128}
Sep 21 07:34:30.480338:   CAMELLIA_CBC            IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  camellia
Sep 21 07:34:30.480342:   AES_GCM_16              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm, aes_gcm_c
Sep 21 07:34:30.480346:   AES_GCM_12              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_b
Sep 21 07:34:30.480350:   AES_GCM_8               IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_a
Sep 21 07:34:30.480354:   AES_CTR                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aesctr
Sep 21 07:34:30.480357:   AES_CBC                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes
Sep 21 07:34:30.480361:   SERPENT_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  serpent
Sep 21 07:34:30.480364:   TWOFISH_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  twofish
Sep 21 07:34:30.480368:   TWOFISH_SSH             IKEv1: IKE         IKEv2: IKE ESP           {256,192,*128}  twofish_cbc_ssh
Sep 21 07:34:30.480372:   NULL_AUTH_AES_GMAC      IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_gmac
Sep 21 07:34:30.480375:   NULL                    IKEv1:     ESP     IKEv2:     ESP           []
Sep 21 07:34:30.480378:   CHACHA20_POLY1305       IKEv1:             IKEv2: IKE ESP           [*256]  chacha20poly1305
Sep 21 07:34:30.480386: Hash algorithms:
Sep 21 07:34:30.480389:   MD5                     IKEv1: IKE         IKEv2:                 
Sep 21 07:34:30.480392:   SHA1                    IKEv1: IKE         IKEv2:             FIPS  sha
Sep 21 07:34:30.480395:   SHA2_256                IKEv1: IKE         IKEv2:             FIPS  sha2, sha256
Sep 21 07:34:30.480398:   SHA2_384                IKEv1: IKE         IKEv2:             FIPS  sha384
Sep 21 07:34:30.480401:   SHA2_512                IKEv1: IKE         IKEv2:             FIPS  sha512
Sep 21 07:34:30.480415: PRF algorithms:
Sep 21 07:34:30.480418:   HMAC_MD5                IKEv1: IKE         IKEv2: IKE               md5
Sep 21 07:34:30.480421:   HMAC_SHA1               IKEv1: IKE         IKEv2: IKE         FIPS  sha, sha1
Sep 21 07:34:30.480425:   HMAC_SHA2_256           IKEv1: IKE         IKEv2: IKE         FIPS  sha2, sha256, sha2_256
Sep 21 07:34:30.480428:   HMAC_SHA2_384           IKEv1: IKE         IKEv2: IKE         FIPS  sha384, sha2_384
Sep 21 07:34:30.480431:   HMAC_SHA2_512           IKEv1: IKE         IKEv2: IKE         FIPS  sha512, sha2_512
Sep 21 07:34:30.480434:   AES_XCBC                IKEv1:             IKEv2: IKE               aes128_xcbc
Sep 21 07:34:30.480458: Integrity algorithms:
Sep 21 07:34:30.480462:   HMAC_MD5_96             IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        md5, hmac_md5
Sep 21 07:34:30.480466:   HMAC_SHA1_96            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha, sha1, sha1_96, hmac_sha1
Sep 21 07:34:30.480470:   HMAC_SHA2_512_256       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha512, sha2_512, sha2_512_256, hmac_sha2_512
Sep 21 07:34:30.480474:   HMAC_SHA2_384_192       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha384, sha2_384, sha2_384_192, hmac_sha2_384
Sep 21 07:34:30.480478:   HMAC_SHA2_256_128       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Sep 21 07:34:30.480481:   HMAC_SHA2_256_TRUNCBUG  IKEv1:     ESP AH  IKEv2:         AH      
Sep 21 07:34:30.480484:   AES_XCBC_96             IKEv1:     ESP AH  IKEv2: IKE ESP AH        aes_xcbc, aes128_xcbc, aes128_xcbc_96
Sep 21 07:34:30.480487:   AES_CMAC_96             IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  aes_cmac
Sep 21 07:34:30.480490:   NONE                    IKEv1:     ESP     IKEv2: IKE ESP     FIPS  null
Sep 21 07:34:30.480503: DH algorithms:
Sep 21 07:34:30.480506:   NONE                    IKEv1:             IKEv2: IKE ESP AH  FIPS  null, dh0
Sep 21 07:34:30.480509:   MODP1536                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        dh5
Sep 21 07:34:30.480512:   MODP2048                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh14
Sep 21 07:34:30.480518:   MODP3072                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh15
Sep 21 07:34:30.480521:   MODP4096                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh16
Sep 21 07:34:30.480523:   MODP6144                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh17
Sep 21 07:34:30.480526:   MODP8192                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh18
Sep 21 07:34:30.480529:   DH19                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_256, ecp256
Sep 21 07:34:30.480532:   DH20                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_384, ecp384
Sep 21 07:34:30.480535:   DH21                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_521, ecp521
Sep 21 07:34:30.480538:   DH31                    IKEv1: IKE         IKEv2: IKE ESP AH        curve25519
Sep 21 07:34:30.480540: testing CAMELLIA_CBC:
Sep 21 07:34:30.480543:   Camellia: 16 bytes with 128-bit key
Sep 21 07:34:30.480673:   Camellia: 16 bytes with 128-bit key
Sep 21 07:34:30.480705:   Camellia: 16 bytes with 256-bit key
Sep 21 07:34:30.480725:   Camellia: 16 bytes with 256-bit key
Sep 21 07:34:30.480742: testing AES_GCM_16:
Sep 21 07:34:30.480744:   empty string
Sep 21 07:34:30.480764:   one block
Sep 21 07:34:30.480796:   two blocks
Sep 21 07:34:30.480826:   two blocks with associated data
Sep 21 07:34:30.480853: testing AES_CTR:
Sep 21 07:34:30.480857:   Encrypting 16 octets using AES-CTR with 128-bit key
Sep 21 07:34:30.480884:   Encrypting 32 octets using AES-CTR with 128-bit key
Sep 21 07:34:30.480914:   Encrypting 36 octets using AES-CTR with 128-bit key
Sep 21 07:34:30.480944:   Encrypting 16 octets using AES-CTR with 192-bit key
Sep 21 07:34:30.480971:   Encrypting 32 octets using AES-CTR with 192-bit key
Sep 21 07:34:30.480994:   Encrypting 36 octets using AES-CTR with 192-bit key
Sep 21 07:34:30.481021:   Encrypting 16 octets using AES-CTR with 256-bit key
Sep 21 07:34:30.481046:   Encrypting 32 octets using AES-CTR with 256-bit key
Sep 21 07:34:30.481072:   Encrypting 36 octets using AES-CTR with 256-bit key
Sep 21 07:34:30.481098: testing AES_CBC:
Sep 21 07:34:30.481101:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Sep 21 07:34:30.481128:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Sep 21 07:34:30.481156:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Sep 21 07:34:30.481185:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Sep 21 07:34:30.481219: testing AES_XCBC:
Sep 21 07:34:30.481223:   RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input
Sep 21 07:34:30.481350:   RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input
Sep 21 07:34:30.481480:   RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input
Sep 21 07:34:30.481613:   RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input
Sep 21 07:34:30.481749:   RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input
Sep 21 07:34:30.481894:   RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input
Sep 21 07:34:30.482033:   RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input
Sep 21 07:34:30.482316:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Sep 21 07:34:30.482441:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Sep 21 07:34:30.482593:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Sep 21 07:34:30.482862: testing HMAC_MD5:
Sep 21 07:34:30.482871:   RFC 2104: MD5_HMAC test 1
Sep 21 07:34:30.483071:   RFC 2104: MD5_HMAC test 2
Sep 21 07:34:30.483230:   RFC 2104: MD5_HMAC test 3
Sep 21 07:34:30.483401: 8 CPU cores online
Sep 21 07:34:30.483406: starting up 7 crypto helpers
Sep 21 07:34:30.483449: started thread for crypto helper 0
Sep 21 07:34:30.483470: | starting up helper thread 0
Sep 21 07:34:30.483481: started thread for crypto helper 1
Sep 21 07:34:30.483483: | status value returned by setting the priority of this thread (crypto helper 0) 22
Sep 21 07:34:30.483487: | crypto helper 0 waiting (nothing to do)
Sep 21 07:34:30.483486: | starting up helper thread 1
Sep 21 07:34:30.483503: started thread for crypto helper 2
Sep 21 07:34:30.483511: | status value returned by setting the priority of this thread (crypto helper 1) 22
Sep 21 07:34:30.483521: | crypto helper 1 waiting (nothing to do)
Sep 21 07:34:30.483516: | starting up helper thread 2
Sep 21 07:34:30.483531: | status value returned by setting the priority of this thread (crypto helper 2) 22
Sep 21 07:34:30.483533: | crypto helper 2 waiting (nothing to do)
Sep 21 07:34:30.483548: started thread for crypto helper 3
Sep 21 07:34:30.483568: started thread for crypto helper 4
Sep 21 07:34:30.483571: | starting up helper thread 4
Sep 21 07:34:30.483583: | status value returned by setting the priority of this thread (crypto helper 4) 22
Sep 21 07:34:30.483586: | crypto helper 4 waiting (nothing to do)
Sep 21 07:34:30.483591: started thread for crypto helper 5
Sep 21 07:34:30.483606: started thread for crypto helper 6
Sep 21 07:34:30.483608: | checking IKEv1 state table
Sep 21 07:34:30.483609: | starting up helper thread 6
Sep 21 07:34:30.483615: |   MAIN_R0: category: half-open IKE SA flags: 0:
Sep 21 07:34:30.483616: | status value returned by setting the priority of this thread (crypto helper 6) 22
Sep 21 07:34:30.483621: | crypto helper 6 waiting (nothing to do)
Sep 21 07:34:30.483616: |     -> MAIN_R1 EVENT_SO_DISCARD
Sep 21 07:34:30.483630: |   MAIN_I1: category: half-open IKE SA flags: 0:
Sep 21 07:34:30.483632: |     -> MAIN_I2 EVENT_RETRANSMIT
Sep 21 07:34:30.483635: |   MAIN_R1: category: open IKE SA flags: 200:
Sep 21 07:34:30.483637: |     -> MAIN_R2 EVENT_RETRANSMIT
Sep 21 07:34:30.483639: |     -> UNDEFINED EVENT_RETRANSMIT
Sep 21 07:34:30.483641: |     -> UNDEFINED EVENT_RETRANSMIT
Sep 21 07:34:30.483643: |   MAIN_I2: category: open IKE SA flags: 0:
Sep 21 07:34:30.483645: |     -> MAIN_I3 EVENT_RETRANSMIT
Sep 21 07:34:30.483647: |     -> UNDEFINED EVENT_RETRANSMIT
Sep 21 07:34:30.483649: |     -> UNDEFINED EVENT_RETRANSMIT
Sep 21 07:34:30.483652: |   MAIN_R2: category: open IKE SA flags: 0:
Sep 21 07:34:30.483654: |     -> MAIN_R3 EVENT_SA_REPLACE
Sep 21 07:34:30.483656: |     -> MAIN_R3 EVENT_SA_REPLACE
Sep 21 07:34:30.483658: |     -> UNDEFINED EVENT_SA_REPLACE
Sep 21 07:34:30.483660: |   MAIN_I3: category: open IKE SA flags: 0:
Sep 21 07:34:30.483662: |     -> MAIN_I4 EVENT_SA_REPLACE
Sep 21 07:34:30.483664: |     -> MAIN_I4 EVENT_SA_REPLACE
Sep 21 07:34:30.483665: |     -> UNDEFINED EVENT_SA_REPLACE
Sep 21 07:34:30.483668: |   MAIN_R3: category: established IKE SA flags: 200:
Sep 21 07:34:30.483670: |     -> UNDEFINED EVENT_NULL
Sep 21 07:34:30.483673: |   MAIN_I4: category: established IKE SA flags: 0:
Sep 21 07:34:30.483675: |     -> UNDEFINED EVENT_NULL
Sep 21 07:34:30.483677: |   AGGR_R0: category: half-open IKE SA flags: 0:
Sep 21 07:34:30.483680: |     -> AGGR_R1 EVENT_SO_DISCARD
Sep 21 07:34:30.483682: |   AGGR_I1: category: half-open IKE SA flags: 0:
Sep 21 07:34:30.483684: |     -> AGGR_I2 EVENT_SA_REPLACE
Sep 21 07:34:30.483686: |     -> AGGR_I2 EVENT_SA_REPLACE
Sep 21 07:34:30.483689: |   AGGR_R1: category: open IKE SA flags: 200:
Sep 21 07:34:30.483691: |     -> AGGR_R2 EVENT_SA_REPLACE
Sep 21 07:34:30.483693: |     -> AGGR_R2 EVENT_SA_REPLACE
Sep 21 07:34:30.483695: |   AGGR_I2: category: established IKE SA flags: 200:
Sep 21 07:34:30.483697: |     -> UNDEFINED EVENT_NULL
Sep 21 07:34:30.483700: |   AGGR_R2: category: established IKE SA flags: 0:
Sep 21 07:34:30.483702: |     -> UNDEFINED EVENT_NULL
Sep 21 07:34:30.483704: |   QUICK_R0: category: established CHILD SA flags: 0:
Sep 21 07:34:30.483706: |     -> QUICK_R1 EVENT_RETRANSMIT
Sep 21 07:34:30.483709: |   QUICK_I1: category: established CHILD SA flags: 0:
Sep 21 07:34:30.483711: |     -> QUICK_I2 EVENT_SA_REPLACE
Sep 21 07:34:30.483713: |   QUICK_R1: category: established CHILD SA flags: 0:
Sep 21 07:34:30.483716: |     -> QUICK_R2 EVENT_SA_REPLACE
Sep 21 07:34:30.483718: |   QUICK_I2: category: established CHILD SA flags: 200:
Sep 21 07:34:30.483721: |     -> UNDEFINED EVENT_NULL
Sep 21 07:34:30.483726: |   QUICK_R2: category: established CHILD SA flags: 0:
Sep 21 07:34:30.483727: |     -> UNDEFINED EVENT_NULL
Sep 21 07:34:30.483729: |   INFO: category: informational flags: 0:
Sep 21 07:34:30.483730: |     -> UNDEFINED EVENT_NULL
Sep 21 07:34:30.483732: |   INFO_PROTECTED: category: informational flags: 0:
Sep 21 07:34:30.483733: |     -> UNDEFINED EVENT_NULL
Sep 21 07:34:30.483735: |   XAUTH_R0: category: established IKE SA flags: 0:
Sep 21 07:34:30.483736: |     -> XAUTH_R1 EVENT_NULL
Sep 21 07:34:30.483738: |   XAUTH_R1: category: established IKE SA flags: 0:
Sep 21 07:34:30.483740: |     -> MAIN_R3 EVENT_SA_REPLACE
Sep 21 07:34:30.483741: |   MODE_CFG_R0: category: informational flags: 0:
Sep 21 07:34:30.483743: |     -> MODE_CFG_R1 EVENT_SA_REPLACE
Sep 21 07:34:30.483744: |   MODE_CFG_R1: category: established IKE SA flags: 0:
Sep 21 07:34:30.483746: |     -> MODE_CFG_R2 EVENT_SA_REPLACE
Sep 21 07:34:30.483747: |   MODE_CFG_R2: category: established IKE SA flags: 0:
Sep 21 07:34:30.483749: |     -> UNDEFINED EVENT_NULL
Sep 21 07:34:30.483750: |   MODE_CFG_I1: category: established IKE SA flags: 0:
Sep 21 07:34:30.483752: |     -> MAIN_I4 EVENT_SA_REPLACE
Sep 21 07:34:30.483753: |   XAUTH_I0: category: established IKE SA flags: 0:
Sep 21 07:34:30.483755: |     -> XAUTH_I1 EVENT_RETRANSMIT
Sep 21 07:34:30.483756: |   XAUTH_I1: category: established IKE SA flags: 0:
Sep 21 07:34:30.483758: |     -> MAIN_I4 EVENT_RETRANSMIT
Sep 21 07:34:30.483763: | checking IKEv2 state table
Sep 21 07:34:30.483767: |   PARENT_I0: category: ignore flags: 0:
Sep 21 07:34:30.483769: |     -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT)
Sep 21 07:34:30.483771: |   PARENT_I1: category: half-open IKE SA flags: 0:
Sep 21 07:34:30.483773: |     -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification)
Sep 21 07:34:30.483774: |     -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH)
Sep 21 07:34:30.483776: |   PARENT_I2: category: open IKE SA flags: 0:
Sep 21 07:34:30.483778: |     -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification)
Sep 21 07:34:30.483779: |     -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification)
Sep 21 07:34:30.483781: |     -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification)
Sep 21 07:34:30.483788: |     -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response)
Sep 21 07:34:30.483794: |     -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification)
Sep 21 07:34:30.483797: |   PARENT_I3: category: established IKE SA flags: 0:
Sep 21 07:34:30.483798: |     -> PARENT_I3 EVENT_RETAIN (I3: Informational Request)
Sep 21 07:34:30.483800: |     -> PARENT_I3 EVENT_RETAIN (I3: Informational Response)
Sep 21 07:34:30.483801: |     -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request)
Sep 21 07:34:30.483803: |     -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response)
Sep 21 07:34:30.483805: |   PARENT_R0: category: half-open IKE SA flags: 0:
Sep 21 07:34:30.483806: |     -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT)
Sep 21 07:34:30.483808: |   PARENT_R1: category: half-open IKE SA flags: 0:
Sep 21 07:34:30.483810: |     -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED))
Sep 21 07:34:30.483811: |     -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request)
Sep 21 07:34:30.483813: |   PARENT_R2: category: established IKE SA flags: 0:
Sep 21 07:34:30.483814: |     -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request)
Sep 21 07:34:30.483816: |     -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response)
Sep 21 07:34:30.483817: |     -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request)
Sep 21 07:34:30.483819: |     -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response)
Sep 21 07:34:30.483821: |   V2_CREATE_I0: category: established IKE SA flags: 0:
Sep 21 07:34:30.483824: |     -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA)
Sep 21 07:34:30.483826: |   V2_CREATE_I: category: established IKE SA flags: 0:
Sep 21 07:34:30.483828: |     -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response)
Sep 21 07:34:30.483829: |   V2_REKEY_IKE_I0: category: established IKE SA flags: 0:
Sep 21 07:34:30.483831: |     -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey)
Sep 21 07:34:30.483834: |   V2_REKEY_IKE_I: category: established IKE SA flags: 0:
Sep 21 07:34:30.483836: |     -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response)
Sep 21 07:34:30.483839: |   V2_REKEY_CHILD_I0: category: established IKE SA flags: 0:
Sep 21 07:34:30.483840: | starting up helper thread 5
Sep 21 07:34:30.483842: |     -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA)
Sep 21 07:34:30.483854: | starting up helper thread 3
Sep 21 07:34:30.483857: |   V2_REKEY_CHILD_I: category: established IKE SA flags: 0: <none>
Sep 21 07:34:30.483859: | status value returned by setting the priority of this thread (crypto helper 3) 22
Sep 21 07:34:30.483863: | crypto helper 3 waiting (nothing to do)
Sep 21 07:34:30.483863: |   V2_CREATE_R: category: established IKE SA flags: 0:
Sep 21 07:34:30.483873: |     -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request)
Sep 21 07:34:30.483876: |   V2_REKEY_IKE_R: category: established IKE SA flags: 0:
Sep 21 07:34:30.483878: |     -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey)
Sep 21 07:34:30.483881: |   V2_REKEY_CHILD_R: category: established IKE SA flags: 0: <none>
Sep 21 07:34:30.483884: |   V2_IPSEC_I: category: established CHILD SA flags: 0: <none>
Sep 21 07:34:30.483887: |   V2_IPSEC_R: category: established CHILD SA flags: 0: <none>
Sep 21 07:34:30.483890: |   IKESA_DEL: category: established IKE SA flags: 0:
Sep 21 07:34:30.483893: |     -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL)
Sep 21 07:34:30.483895: |   CHILDSA_DEL: category: informational flags: 0: <none>
Sep 21 07:34:30.483950: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+
Sep 21 07:34:30.483999: | Hard-wiring algorithms
Sep 21 07:34:30.484002: | adding AES_CCM_16 to kernel algorithm db
Sep 21 07:34:30.484005: | adding AES_CCM_12 to kernel algorithm db
Sep 21 07:34:30.484006: | adding AES_CCM_8 to kernel algorithm db
Sep 21 07:34:30.484008: | adding 3DES_CBC to kernel algorithm db
Sep 21 07:34:30.484009: | adding CAMELLIA_CBC to kernel algorithm db
Sep 21 07:34:30.484011: | adding AES_GCM_16 to kernel algorithm db
Sep 21 07:34:30.484012: | adding AES_GCM_12 to kernel algorithm db
Sep 21 07:34:30.484014: | adding AES_GCM_8 to kernel algorithm db
Sep 21 07:34:30.484015: | adding AES_CTR to kernel algorithm db
Sep 21 07:34:30.484017: | adding AES_CBC to kernel algorithm db
Sep 21 07:34:30.484018: | adding SERPENT_CBC to kernel algorithm db
Sep 21 07:34:30.484020: | adding TWOFISH_CBC to kernel algorithm db
Sep 21 07:34:30.484021: | adding NULL_AUTH_AES_GMAC to kernel algorithm db
Sep 21 07:34:30.484023: | adding NULL to kernel algorithm db
Sep 21 07:34:30.484025: | adding CHACHA20_POLY1305 to kernel algorithm db
Sep 21 07:34:30.484027: | adding HMAC_MD5_96 to kernel algorithm db
Sep 21 07:34:30.484028: | adding HMAC_SHA1_96 to kernel algorithm db
Sep 21 07:34:30.484030: | adding HMAC_SHA2_512_256 to kernel algorithm db
Sep 21 07:34:30.484031: | adding HMAC_SHA2_384_192 to kernel algorithm db
Sep 21 07:34:30.484033: | adding HMAC_SHA2_256_128 to kernel algorithm db
Sep 21 07:34:30.484035: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db
Sep 21 07:34:30.484036: | adding AES_XCBC_96 to kernel algorithm db
Sep 21 07:34:30.484038: | adding AES_CMAC_96 to kernel algorithm db
Sep 21 07:34:30.484039: | adding NONE to kernel algorithm db
Sep 21 07:34:30.484058: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes
Sep 21 07:34:30.484065: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds
Sep 21 07:34:30.484071: | setup kernel fd callback
Sep 21 07:34:30.484074: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55d95cd83d50
Sep 21 07:34:30.484077: | libevent_malloc: new ptr-libevent@0x55d95cd8b220 size 128
Sep 21 07:34:30.484081: | libevent_malloc: new ptr-libevent@0x55d95cd7efc0 size 16
Sep 21 07:34:30.484087: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55d95cd7e5f0
Sep 21 07:34:30.484088: | libevent_malloc: new ptr-libevent@0x55d95cd8b2b0 size 128
Sep 21 07:34:30.484090: | libevent_malloc: new ptr-libevent@0x55d95cd79a80 size 16
Sep 21 07:34:30.483851: | status value returned by setting the priority of this thread (crypto helper 5) 22
Sep 21 07:34:30.484113: | crypto helper 5 waiting (nothing to do)
Sep 21 07:34:30.484238: | global one-shot timer EVENT_CHECK_CRLS initialized
Sep 21 07:34:30.484245: selinux support is enabled.
Sep 21 07:34:30.484729: systemd watchdog not enabled - not sending watchdog keepalives
Sep 21 07:34:30.484933: | unbound context created - setting debug level to 5
Sep 21 07:34:30.484966: | /etc/hosts lookups activated
Sep 21 07:34:30.484987: | /etc/resolv.conf usage activated
Sep 21 07:34:30.485037: | outgoing-port-avoid set 0-65535
Sep 21 07:34:30.485056: | outgoing-port-permit set 32768-60999
Sep 21 07:34:30.485058: | Loading dnssec root key from:/var/lib/unbound/root.key
Sep 21 07:34:30.485060: | No additional dnssec trust anchors defined via dnssec-trusted= option
Sep 21 07:34:30.485063: | Setting up events, loop start
Sep 21 07:34:30.485065: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55d95cd7e340
Sep 21 07:34:30.485068: | libevent_malloc: new ptr-libevent@0x55d95cd95820 size 128
Sep 21 07:34:30.485070: | libevent_malloc: new ptr-libevent@0x55d95cd958b0 size 16
Sep 21 07:34:30.485078: | libevent_realloc: new ptr-libevent@0x55d95ccf95b0 size 256
Sep 21 07:34:30.485080: | libevent_malloc: new ptr-libevent@0x55d95cd958d0 size 8
Sep 21 07:34:30.485082: | libevent_realloc: new ptr-libevent@0x55d95cd8a520 size 144
Sep 21 07:34:30.485084: | libevent_malloc: new ptr-libevent@0x55d95cd958f0 size 152
Sep 21 07:34:30.485086: | libevent_malloc: new ptr-libevent@0x55d95cd95990 size 16
Sep 21 07:34:30.485089: | signal event handler PLUTO_SIGCHLD installed
Sep 21 07:34:30.485091: | libevent_malloc: new ptr-libevent@0x55d95cd959b0 size 8
Sep 21 07:34:30.485092: | libevent_malloc: new ptr-libevent@0x55d95cd959d0 size 152
Sep 21 07:34:30.485094: | signal event handler PLUTO_SIGTERM installed
Sep 21 07:34:30.485096: | libevent_malloc: new ptr-libevent@0x55d95cd95a70 size 8
Sep 21 07:34:30.485097: | libevent_malloc: new ptr-libevent@0x55d95cd95a90 size 152
Sep 21 07:34:30.485099: | signal event handler PLUTO_SIGHUP installed
Sep 21 07:34:30.485101: | libevent_malloc: new ptr-libevent@0x55d95cd95b30 size 8
Sep 21 07:34:30.485102: | libevent_realloc: release ptr-libevent@0x55d95cd8a520
Sep 21 07:34:30.485104: | libevent_realloc: new ptr-libevent@0x55d95cd95b50 size 256
Sep 21 07:34:30.485106: | libevent_malloc: new ptr-libevent@0x55d95cd8a520 size 152
Sep 21 07:34:30.485108: | signal event handler PLUTO_SIGSYS installed
Sep 21 07:34:30.485488: | created addconn helper (pid:10023) using fork+execve
Sep 21 07:34:30.485506: | forked child 10023
Sep 21 07:34:30.485542: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:34:30.485556: | pluto_sd: executing action action: reloading(4), status 0
Sep 21 07:34:30.485564: listening for IKE messages
Sep 21 07:34:30.485597: | Inspecting interface lo 
Sep 21 07:34:30.485605: | found lo with address 127.0.0.1
Sep 21 07:34:30.485611: | Inspecting interface eth0 
Sep 21 07:34:30.485616: | found eth0 with address 192.0.1.254
Sep 21 07:34:30.485618: | Inspecting interface eth0 
Sep 21 07:34:30.485623: | found eth0 with address 192.0.100.254
Sep 21 07:34:30.485626: | Inspecting interface eth1 
Sep 21 07:34:30.485630: | found eth1 with address 192.1.2.45
Sep 21 07:34:30.485684: Kernel supports NIC esp-hw-offload
Sep 21 07:34:30.485698: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500
Sep 21 07:34:30.485729: | NAT-Traversal: Trying sockopt style NAT-T
Sep 21 07:34:30.485735: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Sep 21 07:34:30.485739: adding interface eth1/eth1 192.1.2.45:4500
Sep 21 07:34:30.485763: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.100.254:500
Sep 21 07:34:30.485802: | NAT-Traversal: Trying sockopt style NAT-T
Sep 21 07:34:30.485812: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Sep 21 07:34:30.485816: adding interface eth0/eth0 192.0.100.254:4500
Sep 21 07:34:30.485845: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500
Sep 21 07:34:30.485869: | NAT-Traversal: Trying sockopt style NAT-T
Sep 21 07:34:30.485875: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Sep 21 07:34:30.485879: adding interface eth0/eth0 192.0.1.254:4500
Sep 21 07:34:30.485905: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500
Sep 21 07:34:30.485929: | NAT-Traversal: Trying sockopt style NAT-T
Sep 21 07:34:30.485934: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Sep 21 07:34:30.485938: adding interface lo/lo 127.0.0.1:4500
Sep 21 07:34:30.485995: | no interfaces to sort
Sep 21 07:34:30.486000: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
Sep 21 07:34:30.486012: | add_fd_read_event_handler: new ethX-pe@0x55d95cd95fe0
Sep 21 07:34:30.486016: | libevent_malloc: new ptr-libevent@0x55d95cd96020 size 128
Sep 21 07:34:30.486020: | libevent_malloc: new ptr-libevent@0x55d95cd960b0 size 16
Sep 21 07:34:30.486031: | setup callback for interface lo 127.0.0.1:4500 fd 24
Sep 21 07:34:30.486036: | add_fd_read_event_handler: new ethX-pe@0x55d95cd960d0
Sep 21 07:34:30.486039: | libevent_malloc: new ptr-libevent@0x55d95cd96110 size 128
Sep 21 07:34:30.486043: | libevent_malloc: new ptr-libevent@0x55d95cd961a0 size 16
Sep 21 07:34:30.486048: | setup callback for interface lo 127.0.0.1:500 fd 23
Sep 21 07:34:30.486052: | add_fd_read_event_handler: new ethX-pe@0x55d95cd961c0
Sep 21 07:34:30.486055: | libevent_malloc: new ptr-libevent@0x55d95cd96200 size 128
Sep 21 07:34:30.486058: | libevent_malloc: new ptr-libevent@0x55d95cd96290 size 16
Sep 21 07:34:30.486063: | setup callback for interface eth0 192.0.1.254:4500 fd 22
Sep 21 07:34:30.486067: | add_fd_read_event_handler: new ethX-pe@0x55d95cd962b0
Sep 21 07:34:30.486070: | libevent_malloc: new ptr-libevent@0x55d95cd962f0 size 128
Sep 21 07:34:30.486074: | libevent_malloc: new ptr-libevent@0x55d95cd96380 size 16
Sep 21 07:34:30.486080: | setup callback for interface eth0 192.0.1.254:500 fd 21
Sep 21 07:34:30.486083: | add_fd_read_event_handler: new ethX-pe@0x55d95cd963a0
Sep 21 07:34:30.486086: | libevent_malloc: new ptr-libevent@0x55d95cd963e0 size 128
Sep 21 07:34:30.486090: | libevent_malloc: new ptr-libevent@0x55d95cd96470 size 16
Sep 21 07:34:30.486095: | setup callback for interface eth0 192.0.100.254:4500 fd 20
Sep 21 07:34:30.486099: | add_fd_read_event_handler: new ethX-pe@0x55d95cd96490
Sep 21 07:34:30.486102: | libevent_malloc: new ptr-libevent@0x55d95cd964d0 size 128
Sep 21 07:34:30.486105: | libevent_malloc: new ptr-libevent@0x55d95cd96560 size 16
Sep 21 07:34:30.486110: | setup callback for interface eth0 192.0.100.254:500 fd 19
Sep 21 07:34:30.486114: | add_fd_read_event_handler: new ethX-pe@0x55d95cd96580
Sep 21 07:34:30.486118: | libevent_malloc: new ptr-libevent@0x55d95cd965c0 size 128
Sep 21 07:34:30.486122: | libevent_malloc: new ptr-libevent@0x55d95cd96650 size 16
Sep 21 07:34:30.486128: | setup callback for interface eth1 192.1.2.45:4500 fd 18
Sep 21 07:34:30.486131: | add_fd_read_event_handler: new ethX-pe@0x55d95cd96c40
Sep 21 07:34:30.486134: | libevent_malloc: new ptr-libevent@0x55d95cd96c80 size 128
Sep 21 07:34:30.486138: | libevent_malloc: new ptr-libevent@0x55d95cd96d10 size 16
Sep 21 07:34:30.486143: | setup callback for interface eth1 192.1.2.45:500 fd 17
Sep 21 07:34:30.486153: | certs and keys locked by 'free_preshared_secrets'
Sep 21 07:34:30.486156: | certs and keys unlocked by 'free_preshared_secrets'
Sep 21 07:34:30.486176: loading secrets from "/etc/ipsec.secrets"
Sep 21 07:34:30.486190: | id type added to secret(0x55d95cd8b400) PKK_PSK: @west
Sep 21 07:34:30.486195: | id type added to secret(0x55d95cd8b400) PKK_PSK: @east
Sep 21 07:34:30.486200: | Processing PSK at line 1: passed
Sep 21 07:34:30.486203: | certs and keys locked by 'process_secret'
Sep 21 07:34:30.486208: | certs and keys unlocked by 'process_secret'
Sep 21 07:34:30.486215: | pluto_sd: executing action action: ready(5), status 0
Sep 21 07:34:30.486223: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:34:30.486232: | spent 0.678 milliseconds in whack
Sep 21 07:34:30.518763: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:34:30.518810: | pluto_sd: executing action action: reloading(4), status 0
Sep 21 07:34:30.518820: listening for IKE messages
Sep 21 07:34:30.518856: | Inspecting interface lo 
Sep 21 07:34:30.518861: | found lo with address 127.0.0.1
Sep 21 07:34:30.518864: | Inspecting interface eth0 
Sep 21 07:34:30.518867: | found eth0 with address 192.0.1.254
Sep 21 07:34:30.518868: | Inspecting interface eth0 
Sep 21 07:34:30.518871: | found eth0 with address 192.0.100.254
Sep 21 07:34:30.518872: | Inspecting interface eth1 
Sep 21 07:34:30.518875: | found eth1 with address 192.1.2.45
Sep 21 07:34:30.518927: | no interfaces to sort
Sep 21 07:34:30.518935: | libevent_free: release ptr-libevent@0x55d95cd96020
Sep 21 07:34:30.518937: | free_event_entry: release EVENT_NULL-pe@0x55d95cd95fe0
Sep 21 07:34:30.518939: | add_fd_read_event_handler: new ethX-pe@0x55d95cd95fe0
Sep 21 07:34:30.518942: | libevent_malloc: new ptr-libevent@0x55d95cd96020 size 128
Sep 21 07:34:30.518947: | setup callback for interface lo 127.0.0.1:4500 fd 24
Sep 21 07:34:30.518950: | libevent_free: release ptr-libevent@0x55d95cd96110
Sep 21 07:34:30.518952: | free_event_entry: release EVENT_NULL-pe@0x55d95cd960d0
Sep 21 07:34:30.518953: | add_fd_read_event_handler: new ethX-pe@0x55d95cd960d0
Sep 21 07:34:30.518955: | libevent_malloc: new ptr-libevent@0x55d95cd96110 size 128
Sep 21 07:34:30.518958: | setup callback for interface lo 127.0.0.1:500 fd 23
Sep 21 07:34:30.518961: | libevent_free: release ptr-libevent@0x55d95cd96200
Sep 21 07:34:30.518963: | free_event_entry: release EVENT_NULL-pe@0x55d95cd961c0
Sep 21 07:34:30.518965: | add_fd_read_event_handler: new ethX-pe@0x55d95cd961c0
Sep 21 07:34:30.518967: | libevent_malloc: new ptr-libevent@0x55d95cd96200 size 128
Sep 21 07:34:30.518970: | setup callback for interface eth0 192.0.1.254:4500 fd 22
Sep 21 07:34:30.518972: | libevent_free: release ptr-libevent@0x55d95cd962f0
Sep 21 07:34:30.518974: | free_event_entry: release EVENT_NULL-pe@0x55d95cd962b0
Sep 21 07:34:30.518976: | add_fd_read_event_handler: new ethX-pe@0x55d95cd962b0
Sep 21 07:34:30.518978: | libevent_malloc: new ptr-libevent@0x55d95cd962f0 size 128
Sep 21 07:34:30.518981: | setup callback for interface eth0 192.0.1.254:500 fd 21
Sep 21 07:34:30.518983: | libevent_free: release ptr-libevent@0x55d95cd963e0
Sep 21 07:34:30.518985: | free_event_entry: release EVENT_NULL-pe@0x55d95cd963a0
Sep 21 07:34:30.518986: | add_fd_read_event_handler: new ethX-pe@0x55d95cd963a0
Sep 21 07:34:30.518988: | libevent_malloc: new ptr-libevent@0x55d95cd963e0 size 128
Sep 21 07:34:30.518991: | setup callback for interface eth0 192.0.100.254:4500 fd 20
Sep 21 07:34:30.518993: | libevent_free: release ptr-libevent@0x55d95cd964d0
Sep 21 07:34:30.518995: | free_event_entry: release EVENT_NULL-pe@0x55d95cd96490
Sep 21 07:34:30.518997: | add_fd_read_event_handler: new ethX-pe@0x55d95cd96490
Sep 21 07:34:30.518998: | libevent_malloc: new ptr-libevent@0x55d95cd964d0 size 128
Sep 21 07:34:30.519002: | setup callback for interface eth0 192.0.100.254:500 fd 19
Sep 21 07:34:30.519004: | libevent_free: release ptr-libevent@0x55d95cd965c0
Sep 21 07:34:30.519010: | free_event_entry: release EVENT_NULL-pe@0x55d95cd96580
Sep 21 07:34:30.519012: | add_fd_read_event_handler: new ethX-pe@0x55d95cd96580
Sep 21 07:34:30.519014: | libevent_malloc: new ptr-libevent@0x55d95cd965c0 size 128
Sep 21 07:34:30.519017: | setup callback for interface eth1 192.1.2.45:4500 fd 18
Sep 21 07:34:30.519020: | libevent_free: release ptr-libevent@0x55d95cd96c80
Sep 21 07:34:30.519022: | free_event_entry: release EVENT_NULL-pe@0x55d95cd96c40
Sep 21 07:34:30.519023: | add_fd_read_event_handler: new ethX-pe@0x55d95cd96c40
Sep 21 07:34:30.519025: | libevent_malloc: new ptr-libevent@0x55d95cd96c80 size 128
Sep 21 07:34:30.519028: | setup callback for interface eth1 192.1.2.45:500 fd 17
Sep 21 07:34:30.519030: | certs and keys locked by 'free_preshared_secrets'
Sep 21 07:34:30.519032: forgetting secrets
Sep 21 07:34:30.519038: | certs and keys unlocked by 'free_preshared_secrets'
Sep 21 07:34:30.519049: loading secrets from "/etc/ipsec.secrets"
Sep 21 07:34:30.519056: | id type added to secret(0x55d95cd8b400) PKK_PSK: @west
Sep 21 07:34:30.519059: | id type added to secret(0x55d95cd8b400) PKK_PSK: @east
Sep 21 07:34:30.519062: | Processing PSK at line 1: passed
Sep 21 07:34:30.519063: | certs and keys locked by 'process_secret'
Sep 21 07:34:30.519065: | certs and keys unlocked by 'process_secret'
Sep 21 07:34:30.519068: | pluto_sd: executing action action: ready(5), status 0
Sep 21 07:34:30.519074: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:34:30.519079: | spent 0.317 milliseconds in whack
Sep 21 07:34:30.519688: | processing signal PLUTO_SIGCHLD
Sep 21 07:34:30.519700: | waitpid returned pid 10023 (exited with status 0)
Sep 21 07:34:30.519703: | reaped addconn helper child (status 0)
Sep 21 07:34:30.519707: | waitpid returned ECHILD (no child processes left)
Sep 21 07:34:30.519710: | spent 0.0146 milliseconds in signal handler PLUTO_SIGCHLD
Sep 21 07:34:30.556051: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:34:30.556071: | old debugging base+cpu-usage + none
Sep 21 07:34:30.556075: | base debugging = base+cpu-usage
Sep 21 07:34:30.556077: | old impairing none + suppress-retransmits
Sep 21 07:34:30.556080: | base impairing = suppress-retransmits
Sep 21 07:34:30.556088: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:34:30.556095: | spent 0.0528 milliseconds in whack
Sep 21 07:34:30.659105: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:34:30.659130: | FOR_EACH_CONNECTION_... in conn_by_name
Sep 21 07:34:30.659133: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Sep 21 07:34:30.659136: | FOR_EACH_CONNECTION_... in conn_by_name
Sep 21 07:34:30.659138: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Sep 21 07:34:30.659141: | FOR_EACH_CONNECTION_... in conn_by_name
Sep 21 07:34:30.659149: | Added new connection westnet-eastnet-ikev2a with policy PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Sep 21 07:34:30.659222: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31
Sep 21 07:34:30.659226: | from whack: got --esp=
Sep 21 07:34:30.659256: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128
Sep 21 07:34:30.659261: | counting wild cards for @west is 0
Sep 21 07:34:30.659264: | counting wild cards for @east is 0
Sep 21 07:34:30.659274: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none
Sep 21 07:34:30.659278: | new hp@0x55d95cd62830
Sep 21 07:34:30.659282: added connection description "westnet-eastnet-ikev2a"
Sep 21 07:34:30.659309: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Sep 21 07:34:30.659320: | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24
Sep 21 07:34:30.659342: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:34:30.659349: | spent 0.252 milliseconds in whack
Sep 21 07:34:30.659381: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:34:30.659391: add keyid @west
Sep 21 07:34:30.659394: | add pubkey  01 03 a6 f5  d6 3f e3 8f  6c 01 6a fc  7b 7c 6d 57
Sep 21 07:34:30.659396: | add pubkey  8b 49 39 0d  77 f7 ac e2  85 f1 98 1e  4b 6d a5 3e
Sep 21 07:34:30.659398: | add pubkey  b3 96 9a d1  99 5a bc 10  f2 97 de f2  28 f9 5f 92
Sep 21 07:34:30.659400: | add pubkey  09 f0 c8 d4  12 e4 60 6e  9c 60 98 10  01 7d 26 b7
Sep 21 07:34:30.659402: | add pubkey  8f 95 62 2d  87 dd cd de  f6 d3 8f 35  b0 50 d0 18
Sep 21 07:34:30.659404: | add pubkey  f5 99 f8 04  f1 ff 61 5b  bc 7f 1f c0  04 d8 e4 8c
Sep 21 07:34:30.659406: | add pubkey  ac 34 ad 7a  c1 da 3c 2d  8c 30 ae d6  3c 59 b1 3a
Sep 21 07:34:30.659408: | add pubkey  94 d3 d5 2a  73 91 bd 59  5f 3e 72 bf  4a 1b 9d c5
Sep 21 07:34:30.659410: | add pubkey  b2 2b 4d e7  0d 24 3e 77  f9 7f 2d d6  9d 29 ef 70
Sep 21 07:34:30.659412: | add pubkey  7d 7a 6d a2  b8 61 0c 4b  09 4a 06 71  84 70 85 9a
Sep 21 07:34:30.659414: | add pubkey  8f 52 a1 80  06 fd c6 fc  3e 27 fa 16  fa 32 83 a9
Sep 21 07:34:30.659416: | add pubkey  ca 80 db 0f  4a bf f7 e9  55 8e bd 29  4d 23 a6 dc
Sep 21 07:34:30.659418: | add pubkey  2a b3 5d 62  a9 21 1e be  83 d8 69 3c  03 0a 48 8e
Sep 21 07:34:30.659420: | add pubkey  d3 3a 11 f2  86 5a d1 30  65 bd c8 f4  83 87 ff 04
Sep 21 07:34:30.659422: | add pubkey  87 33 05 4f  e0 d8 8c fe  b3 19 4c dd  85 40 f3 4d
Sep 21 07:34:30.659424: | add pubkey  6e e8 49 14  06 2c 1f 59  59 05 8f 20  b0 ca 46 3f
Sep 21 07:34:30.659425: | add pubkey  c9 20 7e 04  30 7d 9a 80  6c 3f 0a 89  f7 d3 af d8
Sep 21 07:34:30.659427: | add pubkey  15 04 37 f9
Sep 21 07:34:30.659473: | computed rsa CKAID  b4 9f 1a ac  9e 45 6e 79  29 c8 81 97  3a 0c 6a d3
Sep 21 07:34:30.659476: | computed rsa CKAID  7f 0f 03 50
Sep 21 07:34:30.659481: | keyid: *AQOm9dY/4
Sep 21 07:34:30.659484: |   n  a6 f5 d6 3f  e3 8f 6c 01  6a fc 7b 7c  6d 57 8b 49
Sep 21 07:34:30.659486: |   n  39 0d 77 f7  ac e2 85 f1  98 1e 4b 6d  a5 3e b3 96
Sep 21 07:34:30.659488: |   n  9a d1 99 5a  bc 10 f2 97  de f2 28 f9  5f 92 09 f0
Sep 21 07:34:30.659490: |   n  c8 d4 12 e4  60 6e 9c 60  98 10 01 7d  26 b7 8f 95
Sep 21 07:34:30.659492: |   n  62 2d 87 dd  cd de f6 d3  8f 35 b0 50  d0 18 f5 99
Sep 21 07:34:30.659494: |   n  f8 04 f1 ff  61 5b bc 7f  1f c0 04 d8  e4 8c ac 34
Sep 21 07:34:30.659496: |   n  ad 7a c1 da  3c 2d 8c 30  ae d6 3c 59  b1 3a 94 d3
Sep 21 07:34:30.659499: |   n  d5 2a 73 91  bd 59 5f 3e  72 bf 4a 1b  9d c5 b2 2b
Sep 21 07:34:30.659501: |   n  4d e7 0d 24  3e 77 f9 7f  2d d6 9d 29  ef 70 7d 7a
Sep 21 07:34:30.659503: |   n  6d a2 b8 61  0c 4b 09 4a  06 71 84 70  85 9a 8f 52
Sep 21 07:34:30.659505: |   n  a1 80 06 fd  c6 fc 3e 27  fa 16 fa 32  83 a9 ca 80
Sep 21 07:34:30.659507: |   n  db 0f 4a bf  f7 e9 55 8e  bd 29 4d 23  a6 dc 2a b3
Sep 21 07:34:30.659509: |   n  5d 62 a9 21  1e be 83 d8  69 3c 03 0a  48 8e d3 3a
Sep 21 07:34:30.659511: |   n  11 f2 86 5a  d1 30 65 bd  c8 f4 83 87  ff 04 87 33
Sep 21 07:34:30.659513: |   n  05 4f e0 d8  8c fe b3 19  4c dd 85 40  f3 4d 6e e8
Sep 21 07:34:30.659516: |   n  49 14 06 2c  1f 59 59 05  8f 20 b0 ca  46 3f c9 20
Sep 21 07:34:30.659518: |   n  7e 04 30 7d  9a 80 6c 3f  0a 89 f7 d3  af d8 15 04
Sep 21 07:34:30.659520: |   n  37 f9
Sep 21 07:34:30.659522: |   e  03
Sep 21 07:34:30.659525: |   CKAID  b4 9f 1a ac  9e 45 6e 79  29 c8 81 97  3a 0c 6a d3
Sep 21 07:34:30.659527: |   CKAID  7f 0f 03 50
Sep 21 07:34:30.659534: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:34:30.659541: | spent 0.166 milliseconds in whack
Sep 21 07:34:30.659571: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:34:30.659579: add keyid @east
Sep 21 07:34:30.659582: | add pubkey  01 03 bd 6c  96 eb df 78  89 b3 ed 77  0d a1 7f 7b
Sep 21 07:34:30.659585: | add pubkey  e5 16 c2 c9  e4 7d 92 0a  90 9d 55 43  b4 62 13 03
Sep 21 07:34:30.659587: | add pubkey  85 7a e0 26  7b 54 1f ca  09 93 cf ff  25 c9 02 4c
Sep 21 07:34:30.659589: | add pubkey  78 ca 94 e5  3e ac d1 f9  a8 e5 bb 7f  cc 20 84 e0
Sep 21 07:34:30.659591: | add pubkey  21 c9 f0 0d  c5 44 ba f3  48 64 61 58  f6 0f 63 0d
Sep 21 07:34:30.659593: | add pubkey  d2 67 1e 59  8b ec f3 50  39 71 fb 39  da 11 64 b6
Sep 21 07:34:30.659595: | add pubkey  62 cd 5f d3  8d 2e c1 50  ed 9c 6e 22  0c 39 a7 ce
Sep 21 07:34:30.659596: | add pubkey  62 b5 af 8a  80 0f 2e 4c  05 5c 82 c7  8d 29 02 2e
Sep 21 07:34:30.659598: | add pubkey  bb 23 5f db  f2 9e b5 7d  e2 20 70 1a  63 f3 8e 5d
Sep 21 07:34:30.659600: | add pubkey  ac 47 f0 5c  26 4e b1 d0  42 60 52 4a  b0 77 25 ce
Sep 21 07:34:30.659603: | add pubkey  e0 98 2b 43  f4 c7 59 1a  64 01 83 ea  4e e3 1a 2a
Sep 21 07:34:30.659605: | add pubkey  92 b8 55 ab  63 dd 4b 70  47 29 dc e9  b4 60 bf 43
Sep 21 07:34:30.659607: | add pubkey  4d 58 8f 64  73 95 70 ac  35 89 b2 c2  9c d4 62 c0
Sep 21 07:34:30.659609: | add pubkey  5f 56 5f ad  1b e5 dd 49  93 6a f5 23  82 ed d4 e7
Sep 21 07:34:30.659612: | add pubkey  d5 f1 55 f2  2d a2 26 a6  36 53 2f 94  fb 99 22 5c
Sep 21 07:34:30.659614: | add pubkey  47 cc 6d 80  30 88 96 38  0c f5 f2 ed  37 d0 09 d5
Sep 21 07:34:30.659616: | add pubkey  07 8f 69 ef  a9 99 ce 4d  1a 77 9e 39  c4 38 f3 c5
Sep 21 07:34:30.659618: | add pubkey  51 51 48 ef
Sep 21 07:34:30.659631: | computed rsa CKAID  61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Sep 21 07:34:30.659633: | computed rsa CKAID  8a 82 25 f1
Sep 21 07:34:30.659637: | keyid: *AQO9bJbr3
Sep 21 07:34:30.659640: |   n  bd 6c 96 eb  df 78 89 b3  ed 77 0d a1  7f 7b e5 16
Sep 21 07:34:30.659642: |   n  c2 c9 e4 7d  92 0a 90 9d  55 43 b4 62  13 03 85 7a
Sep 21 07:34:30.659644: |   n  e0 26 7b 54  1f ca 09 93  cf ff 25 c9  02 4c 78 ca
Sep 21 07:34:30.659646: |   n  94 e5 3e ac  d1 f9 a8 e5  bb 7f cc 20  84 e0 21 c9
Sep 21 07:34:30.659648: |   n  f0 0d c5 44  ba f3 48 64  61 58 f6 0f  63 0d d2 67
Sep 21 07:34:30.659650: |   n  1e 59 8b ec  f3 50 39 71  fb 39 da 11  64 b6 62 cd
Sep 21 07:34:30.659653: |   n  5f d3 8d 2e  c1 50 ed 9c  6e 22 0c 39  a7 ce 62 b5
Sep 21 07:34:30.659655: |   n  af 8a 80 0f  2e 4c 05 5c  82 c7 8d 29  02 2e bb 23
Sep 21 07:34:30.659657: |   n  5f db f2 9e  b5 7d e2 20  70 1a 63 f3  8e 5d ac 47
Sep 21 07:34:30.659660: |   n  f0 5c 26 4e  b1 d0 42 60  52 4a b0 77  25 ce e0 98
Sep 21 07:34:30.659662: |   n  2b 43 f4 c7  59 1a 64 01  83 ea 4e e3  1a 2a 92 b8
Sep 21 07:34:30.659664: |   n  55 ab 63 dd  4b 70 47 29  dc e9 b4 60  bf 43 4d 58
Sep 21 07:34:30.659666: |   n  8f 64 73 95  70 ac 35 89  b2 c2 9c d4  62 c0 5f 56
Sep 21 07:34:30.659668: |   n  5f ad 1b e5  dd 49 93 6a  f5 23 82 ed  d4 e7 d5 f1
Sep 21 07:34:30.659670: |   n  55 f2 2d a2  26 a6 36 53  2f 94 fb 99  22 5c 47 cc
Sep 21 07:34:30.659672: |   n  6d 80 30 88  96 38 0c f5  f2 ed 37 d0  09 d5 07 8f
Sep 21 07:34:30.659674: |   n  69 ef a9 99  ce 4d 1a 77  9e 39 c4 38  f3 c5 51 51
Sep 21 07:34:30.659677: |   n  48 ef
Sep 21 07:34:30.659679: |   e  03
Sep 21 07:34:30.659681: |   CKAID  61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Sep 21 07:34:30.659683: |   CKAID  8a 82 25 f1
Sep 21 07:34:30.659690: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:34:30.659695: | spent 0.128 milliseconds in whack
Sep 21 07:34:30.751631: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:34:30.751652: | FOR_EACH_CONNECTION_... in conn_by_name
Sep 21 07:34:30.751655: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Sep 21 07:34:30.751662: | FOR_EACH_CONNECTION_... in conn_by_name
Sep 21 07:34:30.751663: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Sep 21 07:34:30.751666: | FOR_EACH_CONNECTION_... in conn_by_name
Sep 21 07:34:30.751672: | Added new connection westnet-eastnet-ikev2b with policy PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Sep 21 07:34:30.751709: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31
Sep 21 07:34:30.751711: | from whack: got --esp=
Sep 21 07:34:30.751738: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128
Sep 21 07:34:30.751742: | counting wild cards for @west is 0
Sep 21 07:34:30.751744: | counting wild cards for @east is 0
Sep 21 07:34:30.751749: | find_host_pair: comparing 192.1.2.45:500 to 192.1.2.23:500 but ignoring ports
Sep 21 07:34:30.751752: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@0x55d95cd62830: westnet-eastnet-ikev2a
Sep 21 07:34:30.751754: added connection description "westnet-eastnet-ikev2b"
Sep 21 07:34:30.751762: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Sep 21 07:34:30.751769: | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.200.0/24
Sep 21 07:34:30.751775: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:34:30.751780: | spent 0.157 milliseconds in whack
Sep 21 07:34:30.751852: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:34:30.751864: add keyid @west
Sep 21 07:34:30.751883: | unreference key: 0x55d95cd1ea10 @west cnt 1--
Sep 21 07:34:30.751888: | add pubkey  01 03 a6 f5  d6 3f e3 8f  6c 01 6a fc  7b 7c 6d 57
Sep 21 07:34:30.751889: | add pubkey  8b 49 39 0d  77 f7 ac e2  85 f1 98 1e  4b 6d a5 3e
Sep 21 07:34:30.751891: | add pubkey  b3 96 9a d1  99 5a bc 10  f2 97 de f2  28 f9 5f 92
Sep 21 07:34:30.751892: | add pubkey  09 f0 c8 d4  12 e4 60 6e  9c 60 98 10  01 7d 26 b7
Sep 21 07:34:30.751894: | add pubkey  8f 95 62 2d  87 dd cd de  f6 d3 8f 35  b0 50 d0 18
Sep 21 07:34:30.751895: | add pubkey  f5 99 f8 04  f1 ff 61 5b  bc 7f 1f c0  04 d8 e4 8c
Sep 21 07:34:30.751896: | add pubkey  ac 34 ad 7a  c1 da 3c 2d  8c 30 ae d6  3c 59 b1 3a
Sep 21 07:34:30.751898: | add pubkey  94 d3 d5 2a  73 91 bd 59  5f 3e 72 bf  4a 1b 9d c5
Sep 21 07:34:30.751899: | add pubkey  b2 2b 4d e7  0d 24 3e 77  f9 7f 2d d6  9d 29 ef 70
Sep 21 07:34:30.751901: | add pubkey  7d 7a 6d a2  b8 61 0c 4b  09 4a 06 71  84 70 85 9a
Sep 21 07:34:30.751902: | add pubkey  8f 52 a1 80  06 fd c6 fc  3e 27 fa 16  fa 32 83 a9
Sep 21 07:34:30.751904: | add pubkey  ca 80 db 0f  4a bf f7 e9  55 8e bd 29  4d 23 a6 dc
Sep 21 07:34:30.751905: | add pubkey  2a b3 5d 62  a9 21 1e be  83 d8 69 3c  03 0a 48 8e
Sep 21 07:34:30.751906: | add pubkey  d3 3a 11 f2  86 5a d1 30  65 bd c8 f4  83 87 ff 04
Sep 21 07:34:30.751908: | add pubkey  87 33 05 4f  e0 d8 8c fe  b3 19 4c dd  85 40 f3 4d
Sep 21 07:34:30.751922: | add pubkey  6e e8 49 14  06 2c 1f 59  59 05 8f 20  b0 ca 46 3f
Sep 21 07:34:30.751924: | add pubkey  c9 20 7e 04  30 7d 9a 80  6c 3f 0a 89  f7 d3 af d8
Sep 21 07:34:30.751925: | add pubkey  15 04 37 f9
Sep 21 07:34:30.751943: | computed rsa CKAID  b4 9f 1a ac  9e 45 6e 79  29 c8 81 97  3a 0c 6a d3
Sep 21 07:34:30.751945: | computed rsa CKAID  7f 0f 03 50
Sep 21 07:34:30.751948: | keyid: *AQOm9dY/4
Sep 21 07:34:30.751949: |   n  a6 f5 d6 3f  e3 8f 6c 01  6a fc 7b 7c  6d 57 8b 49
Sep 21 07:34:30.751951: |   n  39 0d 77 f7  ac e2 85 f1  98 1e 4b 6d  a5 3e b3 96
Sep 21 07:34:30.751955: |   n  9a d1 99 5a  bc 10 f2 97  de f2 28 f9  5f 92 09 f0
Sep 21 07:34:30.751957: |   n  c8 d4 12 e4  60 6e 9c 60  98 10 01 7d  26 b7 8f 95
Sep 21 07:34:30.751958: |   n  62 2d 87 dd  cd de f6 d3  8f 35 b0 50  d0 18 f5 99
Sep 21 07:34:30.751959: |   n  f8 04 f1 ff  61 5b bc 7f  1f c0 04 d8  e4 8c ac 34
Sep 21 07:34:30.751961: |   n  ad 7a c1 da  3c 2d 8c 30  ae d6 3c 59  b1 3a 94 d3
Sep 21 07:34:30.751962: |   n  d5 2a 73 91  bd 59 5f 3e  72 bf 4a 1b  9d c5 b2 2b
Sep 21 07:34:30.751963: |   n  4d e7 0d 24  3e 77 f9 7f  2d d6 9d 29  ef 70 7d 7a
Sep 21 07:34:30.751965: |   n  6d a2 b8 61  0c 4b 09 4a  06 71 84 70  85 9a 8f 52
Sep 21 07:34:30.751966: |   n  a1 80 06 fd  c6 fc 3e 27  fa 16 fa 32  83 a9 ca 80
Sep 21 07:34:30.751968: |   n  db 0f 4a bf  f7 e9 55 8e  bd 29 4d 23  a6 dc 2a b3
Sep 21 07:34:30.751969: |   n  5d 62 a9 21  1e be 83 d8  69 3c 03 0a  48 8e d3 3a
Sep 21 07:34:30.751970: |   n  11 f2 86 5a  d1 30 65 bd  c8 f4 83 87  ff 04 87 33
Sep 21 07:34:30.751972: |   n  05 4f e0 d8  8c fe b3 19  4c dd 85 40  f3 4d 6e e8
Sep 21 07:34:30.751973: |   n  49 14 06 2c  1f 59 59 05  8f 20 b0 ca  46 3f c9 20
Sep 21 07:34:30.751974: |   n  7e 04 30 7d  9a 80 6c 3f  0a 89 f7 d3  af d8 15 04
Sep 21 07:34:30.751976: |   n  37 f9
Sep 21 07:34:30.751977: |   e  03
Sep 21 07:34:30.751979: |   CKAID  b4 9f 1a ac  9e 45 6e 79  29 c8 81 97  3a 0c 6a d3
Sep 21 07:34:30.751980: |   CKAID  7f 0f 03 50
Sep 21 07:34:30.751986: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:34:30.752005: | spent 0.158 milliseconds in whack
Sep 21 07:34:30.752084: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:34:30.752095: add keyid @east
Sep 21 07:34:30.752099: | unreference key: 0x55d95cd1ddd0 @east cnt 1--
Sep 21 07:34:30.752101: | add pubkey  01 03 bd 6c  96 eb df 78  89 b3 ed 77  0d a1 7f 7b
Sep 21 07:34:30.752103: | add pubkey  e5 16 c2 c9  e4 7d 92 0a  90 9d 55 43  b4 62 13 03
Sep 21 07:34:30.752104: | add pubkey  85 7a e0 26  7b 54 1f ca  09 93 cf ff  25 c9 02 4c
Sep 21 07:34:30.752106: | add pubkey  78 ca 94 e5  3e ac d1 f9  a8 e5 bb 7f  cc 20 84 e0
Sep 21 07:34:30.752107: | add pubkey  21 c9 f0 0d  c5 44 ba f3  48 64 61 58  f6 0f 63 0d
Sep 21 07:34:30.752109: | add pubkey  d2 67 1e 59  8b ec f3 50  39 71 fb 39  da 11 64 b6
Sep 21 07:34:30.752110: | add pubkey  62 cd 5f d3  8d 2e c1 50  ed 9c 6e 22  0c 39 a7 ce
Sep 21 07:34:30.752111: | add pubkey  62 b5 af 8a  80 0f 2e 4c  05 5c 82 c7  8d 29 02 2e
Sep 21 07:34:30.752113: | add pubkey  bb 23 5f db  f2 9e b5 7d  e2 20 70 1a  63 f3 8e 5d
Sep 21 07:34:30.752114: | add pubkey  ac 47 f0 5c  26 4e b1 d0  42 60 52 4a  b0 77 25 ce
Sep 21 07:34:30.752116: | add pubkey  e0 98 2b 43  f4 c7 59 1a  64 01 83 ea  4e e3 1a 2a
Sep 21 07:34:30.752117: | add pubkey  92 b8 55 ab  63 dd 4b 70  47 29 dc e9  b4 60 bf 43
Sep 21 07:34:30.752119: | add pubkey  4d 58 8f 64  73 95 70 ac  35 89 b2 c2  9c d4 62 c0
Sep 21 07:34:30.752120: | add pubkey  5f 56 5f ad  1b e5 dd 49  93 6a f5 23  82 ed d4 e7
Sep 21 07:34:30.752121: | add pubkey  d5 f1 55 f2  2d a2 26 a6  36 53 2f 94  fb 99 22 5c
Sep 21 07:34:30.752123: | add pubkey  47 cc 6d 80  30 88 96 38  0c f5 f2 ed  37 d0 09 d5
Sep 21 07:34:30.752124: | add pubkey  07 8f 69 ef  a9 99 ce 4d  1a 77 9e 39  c4 38 f3 c5
Sep 21 07:34:30.752126: | add pubkey  51 51 48 ef
Sep 21 07:34:30.752133: | computed rsa CKAID  61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Sep 21 07:34:30.752134: | computed rsa CKAID  8a 82 25 f1
Sep 21 07:34:30.752137: | keyid: *AQO9bJbr3
Sep 21 07:34:30.752138: |   n  bd 6c 96 eb  df 78 89 b3  ed 77 0d a1  7f 7b e5 16
Sep 21 07:34:30.752140: |   n  c2 c9 e4 7d  92 0a 90 9d  55 43 b4 62  13 03 85 7a
Sep 21 07:34:30.752141: |   n  e0 26 7b 54  1f ca 09 93  cf ff 25 c9  02 4c 78 ca
Sep 21 07:34:30.752143: |   n  94 e5 3e ac  d1 f9 a8 e5  bb 7f cc 20  84 e0 21 c9
Sep 21 07:34:30.752144: |   n  f0 0d c5 44  ba f3 48 64  61 58 f6 0f  63 0d d2 67
Sep 21 07:34:30.752145: |   n  1e 59 8b ec  f3 50 39 71  fb 39 da 11  64 b6 62 cd
Sep 21 07:34:30.752150: |   n  5f d3 8d 2e  c1 50 ed 9c  6e 22 0c 39  a7 ce 62 b5
Sep 21 07:34:30.752151: |   n  af 8a 80 0f  2e 4c 05 5c  82 c7 8d 29  02 2e bb 23
Sep 21 07:34:30.752153: |   n  5f db f2 9e  b5 7d e2 20  70 1a 63 f3  8e 5d ac 47
Sep 21 07:34:30.752154: |   n  f0 5c 26 4e  b1 d0 42 60  52 4a b0 77  25 ce e0 98
Sep 21 07:34:30.752156: |   n  2b 43 f4 c7  59 1a 64 01  83 ea 4e e3  1a 2a 92 b8
Sep 21 07:34:30.752157: |   n  55 ab 63 dd  4b 70 47 29  dc e9 b4 60  bf 43 4d 58
Sep 21 07:34:30.752158: |   n  8f 64 73 95  70 ac 35 89  b2 c2 9c d4  62 c0 5f 56
Sep 21 07:34:30.752160: |   n  5f ad 1b e5  dd 49 93 6a  f5 23 82 ed  d4 e7 d5 f1
Sep 21 07:34:30.752161: |   n  55 f2 2d a2  26 a6 36 53  2f 94 fb 99  22 5c 47 cc
Sep 21 07:34:30.752163: |   n  6d 80 30 88  96 38 0c f5  f2 ed 37 d0  09 d5 07 8f
Sep 21 07:34:30.752164: |   n  69 ef a9 99  ce 4d 1a 77  9e 39 c4 38  f3 c5 51 51
Sep 21 07:34:30.752165: |   n  48 ef
Sep 21 07:34:30.752167: |   e  03
Sep 21 07:34:30.752168: |   CKAID  61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Sep 21 07:34:30.752170: |   CKAID  8a 82 25 f1
Sep 21 07:34:30.752176: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:34:30.752180: | spent 0.101 milliseconds in whack
Sep 21 07:34:30.840366: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:34:30.840384: | FOR_EACH_CONNECTION_... in conn_by_name
Sep 21 07:34:30.840387: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Sep 21 07:34:30.840388: | FOR_EACH_CONNECTION_... in conn_by_name
Sep 21 07:34:30.840390: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Sep 21 07:34:30.840393: | FOR_EACH_CONNECTION_... in conn_by_name
Sep 21 07:34:30.840399: | Added new connection westnet-eastnet-ikev2c with policy PSK+ENCRYPT+TUNNEL+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Sep 21 07:34:30.840436: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31
Sep 21 07:34:30.840438: | from whack: got --esp=
Sep 21 07:34:30.840465: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128
Sep 21 07:34:30.840469: | counting wild cards for @west is 0
Sep 21 07:34:30.840471: | counting wild cards for @east is 0
Sep 21 07:34:30.840477: | find_host_pair: comparing 192.1.2.45:500 to 192.1.2.23:500 but ignoring ports
Sep 21 07:34:30.840480: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@0x55d95cd62830: westnet-eastnet-ikev2b
Sep 21 07:34:30.840482: added connection description "westnet-eastnet-ikev2c"
Sep 21 07:34:30.840489: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Sep 21 07:34:30.840498: | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.201.0/24
Sep 21 07:34:30.840506: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:34:30.840512: | spent 0.153 milliseconds in whack
Sep 21 07:34:30.840582: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:34:30.840590: add keyid @west
Sep 21 07:34:30.840596: | unreference key: 0x55d95cd1ea10 @west cnt 1--
Sep 21 07:34:30.840600: | add pubkey  01 03 a6 f5  d6 3f e3 8f  6c 01 6a fc  7b 7c 6d 57
Sep 21 07:34:30.840601: | add pubkey  8b 49 39 0d  77 f7 ac e2  85 f1 98 1e  4b 6d a5 3e
Sep 21 07:34:30.840603: | add pubkey  b3 96 9a d1  99 5a bc 10  f2 97 de f2  28 f9 5f 92
Sep 21 07:34:30.840604: | add pubkey  09 f0 c8 d4  12 e4 60 6e  9c 60 98 10  01 7d 26 b7
Sep 21 07:34:30.840609: | add pubkey  8f 95 62 2d  87 dd cd de  f6 d3 8f 35  b0 50 d0 18
Sep 21 07:34:30.840611: | add pubkey  f5 99 f8 04  f1 ff 61 5b  bc 7f 1f c0  04 d8 e4 8c
Sep 21 07:34:30.840612: | add pubkey  ac 34 ad 7a  c1 da 3c 2d  8c 30 ae d6  3c 59 b1 3a
Sep 21 07:34:30.840614: | add pubkey  94 d3 d5 2a  73 91 bd 59  5f 3e 72 bf  4a 1b 9d c5
Sep 21 07:34:30.840615: | add pubkey  b2 2b 4d e7  0d 24 3e 77  f9 7f 2d d6  9d 29 ef 70
Sep 21 07:34:30.840616: | add pubkey  7d 7a 6d a2  b8 61 0c 4b  09 4a 06 71  84 70 85 9a
Sep 21 07:34:30.840618: | add pubkey  8f 52 a1 80  06 fd c6 fc  3e 27 fa 16  fa 32 83 a9
Sep 21 07:34:30.840619: | add pubkey  ca 80 db 0f  4a bf f7 e9  55 8e bd 29  4d 23 a6 dc
Sep 21 07:34:30.840621: | add pubkey  2a b3 5d 62  a9 21 1e be  83 d8 69 3c  03 0a 48 8e
Sep 21 07:34:30.840622: | add pubkey  d3 3a 11 f2  86 5a d1 30  65 bd c8 f4  83 87 ff 04
Sep 21 07:34:30.840623: | add pubkey  87 33 05 4f  e0 d8 8c fe  b3 19 4c dd  85 40 f3 4d
Sep 21 07:34:30.840625: | add pubkey  6e e8 49 14  06 2c 1f 59  59 05 8f 20  b0 ca 46 3f
Sep 21 07:34:30.840626: | add pubkey  c9 20 7e 04  30 7d 9a 80  6c 3f 0a 89  f7 d3 af d8
Sep 21 07:34:30.840628: | add pubkey  15 04 37 f9
Sep 21 07:34:30.840644: | computed rsa CKAID  b4 9f 1a ac  9e 45 6e 79  29 c8 81 97  3a 0c 6a d3
Sep 21 07:34:30.840645: | computed rsa CKAID  7f 0f 03 50
Sep 21 07:34:30.840648: | keyid: *AQOm9dY/4
Sep 21 07:34:30.840650: |   n  a6 f5 d6 3f  e3 8f 6c 01  6a fc 7b 7c  6d 57 8b 49
Sep 21 07:34:30.840651: |   n  39 0d 77 f7  ac e2 85 f1  98 1e 4b 6d  a5 3e b3 96
Sep 21 07:34:30.840653: |   n  9a d1 99 5a  bc 10 f2 97  de f2 28 f9  5f 92 09 f0
Sep 21 07:34:30.840654: |   n  c8 d4 12 e4  60 6e 9c 60  98 10 01 7d  26 b7 8f 95
Sep 21 07:34:30.840656: |   n  62 2d 87 dd  cd de f6 d3  8f 35 b0 50  d0 18 f5 99
Sep 21 07:34:30.840657: |   n  f8 04 f1 ff  61 5b bc 7f  1f c0 04 d8  e4 8c ac 34
Sep 21 07:34:30.840658: |   n  ad 7a c1 da  3c 2d 8c 30  ae d6 3c 59  b1 3a 94 d3
Sep 21 07:34:30.840660: |   n  d5 2a 73 91  bd 59 5f 3e  72 bf 4a 1b  9d c5 b2 2b
Sep 21 07:34:30.840661: |   n  4d e7 0d 24  3e 77 f9 7f  2d d6 9d 29  ef 70 7d 7a
Sep 21 07:34:30.840662: |   n  6d a2 b8 61  0c 4b 09 4a  06 71 84 70  85 9a 8f 52
Sep 21 07:34:30.840668: |   n  a1 80 06 fd  c6 fc 3e 27  fa 16 fa 32  83 a9 ca 80
Sep 21 07:34:30.840670: |   n  db 0f 4a bf  f7 e9 55 8e  bd 29 4d 23  a6 dc 2a b3
Sep 21 07:34:30.840672: |   n  5d 62 a9 21  1e be 83 d8  69 3c 03 0a  48 8e d3 3a
Sep 21 07:34:30.840673: |   n  11 f2 86 5a  d1 30 65 bd  c8 f4 83 87  ff 04 87 33
Sep 21 07:34:30.840676: |   n  05 4f e0 d8  8c fe b3 19  4c dd 85 40  f3 4d 6e e8
Sep 21 07:34:30.840677: |   n  49 14 06 2c  1f 59 59 05  8f 20 b0 ca  46 3f c9 20
Sep 21 07:34:30.840679: |   n  7e 04 30 7d  9a 80 6c 3f  0a 89 f7 d3  af d8 15 04
Sep 21 07:34:30.840680: |   n  37 f9
Sep 21 07:34:30.840681: |   e  03
Sep 21 07:34:30.840683: |   CKAID  b4 9f 1a ac  9e 45 6e 79  29 c8 81 97  3a 0c 6a d3
Sep 21 07:34:30.840684: |   CKAID  7f 0f 03 50
Sep 21 07:34:30.840689: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:34:30.840693: | spent 0.111 milliseconds in whack
Sep 21 07:34:30.840717: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:34:30.840723: add keyid @east
Sep 21 07:34:30.840725: | unreference key: 0x55d95cd1ddd0 @east cnt 1--
Sep 21 07:34:30.840727: | add pubkey  01 03 bd 6c  96 eb df 78  89 b3 ed 77  0d a1 7f 7b
Sep 21 07:34:30.840729: | add pubkey  e5 16 c2 c9  e4 7d 92 0a  90 9d 55 43  b4 62 13 03
Sep 21 07:34:30.840730: | add pubkey  85 7a e0 26  7b 54 1f ca  09 93 cf ff  25 c9 02 4c
Sep 21 07:34:30.840732: | add pubkey  78 ca 94 e5  3e ac d1 f9  a8 e5 bb 7f  cc 20 84 e0
Sep 21 07:34:30.840733: | add pubkey  21 c9 f0 0d  c5 44 ba f3  48 64 61 58  f6 0f 63 0d
Sep 21 07:34:30.840734: | add pubkey  d2 67 1e 59  8b ec f3 50  39 71 fb 39  da 11 64 b6
Sep 21 07:34:30.840736: | add pubkey  62 cd 5f d3  8d 2e c1 50  ed 9c 6e 22  0c 39 a7 ce
Sep 21 07:34:30.840737: | add pubkey  62 b5 af 8a  80 0f 2e 4c  05 5c 82 c7  8d 29 02 2e
Sep 21 07:34:30.840742: | add pubkey  bb 23 5f db  f2 9e b5 7d  e2 20 70 1a  63 f3 8e 5d
Sep 21 07:34:30.840744: | add pubkey  ac 47 f0 5c  26 4e b1 d0  42 60 52 4a  b0 77 25 ce
Sep 21 07:34:30.840745: | add pubkey  e0 98 2b 43  f4 c7 59 1a  64 01 83 ea  4e e3 1a 2a
Sep 21 07:34:30.840746: | add pubkey  92 b8 55 ab  63 dd 4b 70  47 29 dc e9  b4 60 bf 43
Sep 21 07:34:30.840748: | add pubkey  4d 58 8f 64  73 95 70 ac  35 89 b2 c2  9c d4 62 c0
Sep 21 07:34:30.840749: | add pubkey  5f 56 5f ad  1b e5 dd 49  93 6a f5 23  82 ed d4 e7
Sep 21 07:34:30.840751: | add pubkey  d5 f1 55 f2  2d a2 26 a6  36 53 2f 94  fb 99 22 5c
Sep 21 07:34:30.840752: | add pubkey  47 cc 6d 80  30 88 96 38  0c f5 f2 ed  37 d0 09 d5
Sep 21 07:34:30.840753: | add pubkey  07 8f 69 ef  a9 99 ce 4d  1a 77 9e 39  c4 38 f3 c5
Sep 21 07:34:30.840755: | add pubkey  51 51 48 ef
Sep 21 07:34:30.840760: | computed rsa CKAID  61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Sep 21 07:34:30.840761: | computed rsa CKAID  8a 82 25 f1
Sep 21 07:34:30.840763: | keyid: *AQO9bJbr3
Sep 21 07:34:30.840765: |   n  bd 6c 96 eb  df 78 89 b3  ed 77 0d a1  7f 7b e5 16
Sep 21 07:34:30.840766: |   n  c2 c9 e4 7d  92 0a 90 9d  55 43 b4 62  13 03 85 7a
Sep 21 07:34:30.840768: |   n  e0 26 7b 54  1f ca 09 93  cf ff 25 c9  02 4c 78 ca
Sep 21 07:34:30.840769: |   n  94 e5 3e ac  d1 f9 a8 e5  bb 7f cc 20  84 e0 21 c9
Sep 21 07:34:30.840770: |   n  f0 0d c5 44  ba f3 48 64  61 58 f6 0f  63 0d d2 67
Sep 21 07:34:30.840772: |   n  1e 59 8b ec  f3 50 39 71  fb 39 da 11  64 b6 62 cd
Sep 21 07:34:30.840773: |   n  5f d3 8d 2e  c1 50 ed 9c  6e 22 0c 39  a7 ce 62 b5
Sep 21 07:34:30.840775: |   n  af 8a 80 0f  2e 4c 05 5c  82 c7 8d 29  02 2e bb 23
Sep 21 07:34:30.840776: |   n  5f db f2 9e  b5 7d e2 20  70 1a 63 f3  8e 5d ac 47
Sep 21 07:34:30.840777: |   n  f0 5c 26 4e  b1 d0 42 60  52 4a b0 77  25 ce e0 98
Sep 21 07:34:30.840779: |   n  2b 43 f4 c7  59 1a 64 01  83 ea 4e e3  1a 2a 92 b8
Sep 21 07:34:30.840780: |   n  55 ab 63 dd  4b 70 47 29  dc e9 b4 60  bf 43 4d 58
Sep 21 07:34:30.840782: |   n  8f 64 73 95  70 ac 35 89  b2 c2 9c d4  62 c0 5f 56
Sep 21 07:34:30.840787: |   n  5f ad 1b e5  dd 49 93 6a  f5 23 82 ed  d4 e7 d5 f1
Sep 21 07:34:30.840791: |   n  55 f2 2d a2  26 a6 36 53  2f 94 fb 99  22 5c 47 cc
Sep 21 07:34:30.840792: |   n  6d 80 30 88  96 38 0c f5  f2 ed 37 d0  09 d5 07 8f
Sep 21 07:34:30.840794: |   n  69 ef a9 99  ce 4d 1a 77  9e 39 c4 38  f3 c5 51 51
Sep 21 07:34:30.840795: |   n  48 ef
Sep 21 07:34:30.840797: |   e  03
Sep 21 07:34:30.840798: |   CKAID  61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Sep 21 07:34:30.840799: |   CKAID  8a 82 25 f1
Sep 21 07:34:30.840804: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:34:30.840807: | spent 0.0909 milliseconds in whack
Sep 21 07:34:30.955324: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:34:30.955346: | dup_any(fd@16) -> fd@25 (in whack_process() at rcv_whack.c:590)
Sep 21 07:34:30.955349: | FOR_EACH_CONNECTION_... in conn_by_name
Sep 21 07:34:30.955353: | start processing: connection "westnet-eastnet-ikev2a" (in initiate_a_connection() at initiate.c:186)
Sep 21 07:34:30.955355: | connection 'westnet-eastnet-ikev2a' +POLICY_UP
Sep 21 07:34:30.955358: | dup_any(fd@25) -> fd@26 (in initiate_a_connection() at initiate.c:342)
Sep 21 07:34:30.955360: | FOR_EACH_STATE_... in find_phase1_state
Sep 21 07:34:30.955378: | creating state object #1 at 0x55d95cd9a2a0
Sep 21 07:34:30.955381: | State DB: adding IKEv2 state #1 in UNDEFINED
Sep 21 07:34:30.955387: | pstats #1 ikev2.ike started
Sep 21 07:34:30.955390: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0
Sep 21 07:34:30.955392: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore)
Sep 21 07:34:30.955396: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1
Sep 21 07:34:30.955401: | suspend processing: connection "westnet-eastnet-ikev2a" (in ikev2_parent_outI1() at ikev2_parent.c:535)
Sep 21 07:34:30.955408: | start processing: state #1 connection "westnet-eastnet-ikev2a" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535)
Sep 21 07:34:30.955411: | dup_any(fd@26) -> fd@27 (in ikev2_parent_outI1() at ikev2_parent.c:551)
Sep 21 07:34:30.955414: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-ikev2a" IKE SA #1 "westnet-eastnet-ikev2a"
Sep 21 07:34:30.955417: "westnet-eastnet-ikev2a" #1: initiating v2 parent SA
Sep 21 07:34:30.955425: | constructing local IKE proposals for westnet-eastnet-ikev2a (IKE SA initiator selecting KE)
Sep 21 07:34:30.955432: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Sep 21 07:34:30.955438: | ...  ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Sep 21 07:34:30.955443: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Sep 21 07:34:30.955451: | ...  ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Sep 21 07:34:30.955455: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Sep 21 07:34:30.955460: | ...  ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Sep 21 07:34:30.955463: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Sep 21 07:34:30.955468: | ...  ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Sep 21 07:34:30.955478: "westnet-eastnet-ikev2a": constructed local IKE proposals for westnet-eastnet-ikev2a (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Sep 21 07:34:30.955489: | adding ikev2_outI1 KE work-order 1 for state #1
Sep 21 07:34:30.955493: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55d95cd9c950
Sep 21 07:34:30.955497: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Sep 21 07:34:30.955500: | libevent_malloc: new ptr-libevent@0x55d95cd9c990 size 128
Sep 21 07:34:30.955514: | #1 spent 0.158 milliseconds in ikev2_parent_outI1()
Sep 21 07:34:30.955517: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610)
Sep 21 07:34:30.955519: | crypto helper 0 resuming
Sep 21 07:34:30.955521: | RESET processing: state #1 connection "westnet-eastnet-ikev2a" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610)
Sep 21 07:34:30.955533: | crypto helper 0 starting work-order 1 for state #1
Sep 21 07:34:30.955539: | RESET processing: connection "westnet-eastnet-ikev2a" (in ikev2_parent_outI1() at ikev2_parent.c:610)
Sep 21 07:34:30.955545: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1
Sep 21 07:34:30.955547: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349)
Sep 21 07:34:30.955551: | close_any(fd@25) (in initiate_connection() at initiate.c:372)
Sep 21 07:34:30.955556: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:34:30.955561: | spent 0.239 milliseconds in whack
Sep 21 07:34:30.956552: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.001006 seconds
Sep 21 07:34:30.956566: | (#1) spent 1.02 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr)
Sep 21 07:34:30.956569: | crypto helper 0 sending results from work-order 1 for state #1 to event queue
Sep 21 07:34:30.956572: | scheduling resume sending helper answer for #1
Sep 21 07:34:30.956576: | libevent_malloc: new ptr-libevent@0x7f3f9c006900 size 128
Sep 21 07:34:30.956584: | crypto helper 0 waiting (nothing to do)
Sep 21 07:34:30.956594: | processing resume sending helper answer for #1
Sep 21 07:34:30.956605: | start processing: state #1 connection "westnet-eastnet-ikev2a" from 192.1.2.23:500 (in resume_handler() at server.c:797)
Sep 21 07:34:30.956610: | crypto helper 0 replies to request ID 1
Sep 21 07:34:30.956613: | calling continuation function 0x55d95ac05630
Sep 21 07:34:30.956615: | ikev2_parent_outI1_continue for #1
Sep 21 07:34:30.956647: | **emit ISAKMP Message:
Sep 21 07:34:30.956650: |    initiator cookie:
Sep 21 07:34:30.956652: |   8d d2 34 28  c7 e8 c1 2d
Sep 21 07:34:30.956655: |    responder cookie:
Sep 21 07:34:30.956657: |   00 00 00 00  00 00 00 00
Sep 21 07:34:30.956660: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Sep 21 07:34:30.956663: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:34:30.956666: |    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
Sep 21 07:34:30.956669: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Sep 21 07:34:30.956671: |    Message ID: 0 (0x0)
Sep 21 07:34:30.956674: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Sep 21 07:34:30.956690: | using existing local IKE proposals for connection westnet-eastnet-ikev2a (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Sep 21 07:34:30.956693: | Emitting ikev2_proposals ...
Sep 21 07:34:30.956696: | ***emit IKEv2 Security Association Payload:
Sep 21 07:34:30.956699: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:30.956701: |    flags: none (0x0)
Sep 21 07:34:30.956705: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Sep 21 07:34:30.956708: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:30.956710: | discarding INTEG=NONE
Sep 21 07:34:30.956713: | ****emit IKEv2 Proposal Substructure Payload:
Sep 21 07:34:30.956716: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:30.956718: |    prop #: 1 (0x1)
Sep 21 07:34:30.956721: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Sep 21 07:34:30.956723: |    spi size: 0 (0x0)
Sep 21 07:34:30.956725: |    # transforms: 11 (0xb)
Sep 21 07:34:30.956728: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Sep 21 07:34:30.956731: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.956734: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.956736: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:30.956739: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:34:30.956741: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.956747: | ******emit IKEv2 Attribute Substructure Payload:
Sep 21 07:34:30.956749: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:30.956752: |    length/value: 256 (0x100)
Sep 21 07:34:30.956755: | emitting length of IKEv2 Transform Substructure Payload: 12
Sep 21 07:34:30.956758: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.956760: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.956763: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:34:30.956765: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Sep 21 07:34:30.956768: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.956771: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.956774: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.956776: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.956779: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.956781: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:34:30.956790: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Sep 21 07:34:30.956797: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.956800: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.956803: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.956805: | discarding INTEG=NONE
Sep 21 07:34:30.956807: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.956810: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.956812: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.956815: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:34:30.956818: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.956821: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.956824: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.956826: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.956828: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.956831: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.956833: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Sep 21 07:34:30.956836: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.956839: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.956842: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.956844: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.956847: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.956849: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.956852: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Sep 21 07:34:30.956855: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.956858: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.956860: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.956863: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.956865: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.956869: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.956871: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Sep 21 07:34:30.956874: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.956877: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.956880: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.956882: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.956885: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.956887: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.956890: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Sep 21 07:34:30.956893: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.956896: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.956898: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.956901: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.956903: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.956905: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.956908: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Sep 21 07:34:30.956911: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.956914: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.956916: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.956919: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.956921: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.956923: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.956926: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Sep 21 07:34:30.956929: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.956932: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.956934: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.956937: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.956939: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:30.956942: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.956944: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Sep 21 07:34:30.956947: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.956950: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.956953: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.956955: | emitting length of IKEv2 Proposal Substructure Payload: 100
Sep 21 07:34:30.956958: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Sep 21 07:34:30.956960: | discarding INTEG=NONE
Sep 21 07:34:30.956963: | ****emit IKEv2 Proposal Substructure Payload:
Sep 21 07:34:30.956965: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:30.956968: |    prop #: 2 (0x2)
Sep 21 07:34:30.956970: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Sep 21 07:34:30.956972: |    spi size: 0 (0x0)
Sep 21 07:34:30.956975: |    # transforms: 11 (0xb)
Sep 21 07:34:30.956979: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:30.956982: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Sep 21 07:34:30.956985: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.956987: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.956990: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:30.956992: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:34:30.956995: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.956997: | ******emit IKEv2 Attribute Substructure Payload:
Sep 21 07:34:30.957000: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:30.957003: |    length/value: 128 (0x80)
Sep 21 07:34:30.957005: | emitting length of IKEv2 Transform Substructure Payload: 12
Sep 21 07:34:30.957008: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957010: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957013: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:34:30.957015: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Sep 21 07:34:30.957018: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957021: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957024: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957026: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957029: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957031: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:34:30.957034: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Sep 21 07:34:30.957036: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957039: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957042: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957044: | discarding INTEG=NONE
Sep 21 07:34:30.957046: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957049: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957051: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.957054: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:34:30.957057: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957060: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957062: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957064: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957067: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957069: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.957072: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Sep 21 07:34:30.957075: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957078: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957080: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957083: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957085: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957089: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.957091: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Sep 21 07:34:30.957094: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957097: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957100: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957102: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957104: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957107: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.957109: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Sep 21 07:34:30.957112: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957115: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957118: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957120: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957122: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957125: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.957127: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Sep 21 07:34:30.957130: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957133: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957136: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957138: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957140: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957143: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.957145: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Sep 21 07:34:30.957148: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957151: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957154: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957156: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957159: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957161: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.957163: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Sep 21 07:34:30.957166: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957169: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957172: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957174: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957177: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:30.957179: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.957182: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Sep 21 07:34:30.957184: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957187: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957190: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957193: | emitting length of IKEv2 Proposal Substructure Payload: 100
Sep 21 07:34:30.957196: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Sep 21 07:34:30.957199: | ****emit IKEv2 Proposal Substructure Payload:
Sep 21 07:34:30.957201: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:30.957204: |    prop #: 3 (0x3)
Sep 21 07:34:30.957206: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Sep 21 07:34:30.957208: |    spi size: 0 (0x0)
Sep 21 07:34:30.957211: |    # transforms: 13 (0xd)
Sep 21 07:34:30.957214: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:30.957217: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Sep 21 07:34:30.957219: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957222: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957224: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:30.957227: |    IKEv2 transform ID: AES_CBC (0xc)
Sep 21 07:34:30.957229: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957232: | ******emit IKEv2 Attribute Substructure Payload:
Sep 21 07:34:30.957234: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:30.957237: |    length/value: 256 (0x100)
Sep 21 07:34:30.957240: | emitting length of IKEv2 Transform Substructure Payload: 12
Sep 21 07:34:30.957242: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957244: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957247: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:34:30.957249: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Sep 21 07:34:30.957252: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957255: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957258: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957260: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957262: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957265: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:34:30.957267: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Sep 21 07:34:30.957270: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957273: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957276: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957278: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957281: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957283: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:34:30.957286: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Sep 21 07:34:30.957288: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957291: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957294: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957296: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957299: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957301: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:34:30.957304: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Sep 21 07:34:30.957308: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957311: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957313: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957316: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957318: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957321: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.957323: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:34:30.957326: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957329: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957331: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957334: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957336: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957339: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.957341: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Sep 21 07:34:30.957344: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957347: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957349: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957352: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957354: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957357: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.957359: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Sep 21 07:34:30.957362: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957365: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957367: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957370: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957372: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957375: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.957377: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Sep 21 07:34:30.957380: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957383: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957386: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957388: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957390: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957393: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.957395: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Sep 21 07:34:30.957398: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957401: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957404: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957406: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957410: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957413: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.957415: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Sep 21 07:34:30.957418: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957421: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957423: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957426: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957428: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957431: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.957433: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Sep 21 07:34:30.957436: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957439: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957441: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957444: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957446: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:30.957449: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.957451: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Sep 21 07:34:30.957454: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957457: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957459: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957462: | emitting length of IKEv2 Proposal Substructure Payload: 116
Sep 21 07:34:30.957465: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Sep 21 07:34:30.957467: | ****emit IKEv2 Proposal Substructure Payload:
Sep 21 07:34:30.957470: |    last proposal: v2_PROPOSAL_LAST (0x0)
Sep 21 07:34:30.957472: |    prop #: 4 (0x4)
Sep 21 07:34:30.957475: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Sep 21 07:34:30.957477: |    spi size: 0 (0x0)
Sep 21 07:34:30.957480: |    # transforms: 13 (0xd)
Sep 21 07:34:30.957483: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:30.957486: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Sep 21 07:34:30.957488: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957491: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957493: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:30.957495: |    IKEv2 transform ID: AES_CBC (0xc)
Sep 21 07:34:30.957498: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957501: | ******emit IKEv2 Attribute Substructure Payload:
Sep 21 07:34:30.957503: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:30.957506: |    length/value: 128 (0x80)
Sep 21 07:34:30.957508: | emitting length of IKEv2 Transform Substructure Payload: 12
Sep 21 07:34:30.957511: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957513: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957516: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:34:30.957518: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Sep 21 07:34:30.957521: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957525: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957527: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957530: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957532: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957535: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:34:30.957537: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Sep 21 07:34:30.957540: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957543: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957546: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957548: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957551: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957553: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:34:30.957556: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Sep 21 07:34:30.957558: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957561: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957564: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957566: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957569: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957571: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:34:30.957574: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Sep 21 07:34:30.957577: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957579: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957582: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957584: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957587: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957589: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.957592: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:34:30.957595: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957597: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957600: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957602: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957605: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957607: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.957610: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Sep 21 07:34:30.957613: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957616: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957618: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957621: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957623: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957625: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.957629: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Sep 21 07:34:30.957632: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957635: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957637: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957640: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957642: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957645: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.957647: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Sep 21 07:34:30.957650: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957653: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957656: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957658: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957660: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957663: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.957665: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Sep 21 07:34:30.957668: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957671: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957674: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957676: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957678: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957681: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.957683: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Sep 21 07:34:30.957686: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957689: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957692: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957694: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957696: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957699: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.957701: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Sep 21 07:34:30.957704: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957707: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957710: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957712: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.957715: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:30.957717: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.957720: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Sep 21 07:34:30.957723: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.957725: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.957728: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.957730: | emitting length of IKEv2 Proposal Substructure Payload: 116
Sep 21 07:34:30.957734: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Sep 21 07:34:30.957737: | emitting length of IKEv2 Security Association Payload: 436
Sep 21 07:34:30.957740: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Sep 21 07:34:30.957742: | ***emit IKEv2 Key Exchange Payload:
Sep 21 07:34:30.957745: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:30.957747: |    flags: none (0x0)
Sep 21 07:34:30.957750: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:34:30.957753: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE)
Sep 21 07:34:30.957756: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:30.957759: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
Sep 21 07:34:30.957762: | ikev2 g^x  7c a3 3e 7a  51 d7 e5 5c  ab ca 55 29  2b 4d 1b a4
Sep 21 07:34:30.957765: | ikev2 g^x  7b 10 eb 36  7d 22 1d 26  6e 19 29 12  ac 1c 1d 55
Sep 21 07:34:30.957767: | ikev2 g^x  88 4f b0 a8  a3 6b 69 49  ae 4c 80 a6  41 75 9b df
Sep 21 07:34:30.957769: | ikev2 g^x  10 02 39 c5  b0 f2 d8 38  69 d5 d1 3b  52 db 95 a3
Sep 21 07:34:30.957771: | ikev2 g^x  70 67 b3 07  76 07 14 78  f9 15 a1 b1  18 07 a1 fc
Sep 21 07:34:30.957774: | ikev2 g^x  9d 31 22 17  b4 1a 1b f3  ae 5f b0 1d  5b ef 65 c0
Sep 21 07:34:30.957776: | ikev2 g^x  dd 8d 6e e0  5d 26 a4 c6  1a 38 35 d1  a2 e4 44 d5
Sep 21 07:34:30.957778: | ikev2 g^x  66 4e 40 b7  ca 5a 05 4d  0f 92 f9 5a  ba 54 62 4e
Sep 21 07:34:30.957780: | ikev2 g^x  f9 67 d9 16  ae a4 48 c3  cb d3 59 cd  14 9e 9d ab
Sep 21 07:34:30.957786: | ikev2 g^x  b1 69 4c d8  a1 ff fe d2  e6 15 87 96  e7 4a 87 bb
Sep 21 07:34:30.957790: | ikev2 g^x  0a d6 00 31  04 f1 cb f4  af f9 d2 b6  43 26 69 05
Sep 21 07:34:30.957792: | ikev2 g^x  60 33 c4 f9  77 1b ad 84  99 7c 93 43  5b b1 83 43
Sep 21 07:34:30.957794: | ikev2 g^x  8a cc 68 ba  6a c0 9f 47  2d 80 09 41  7d a7 cf 7e
Sep 21 07:34:30.957797: | ikev2 g^x  b4 56 f3 20  c5 41 7f 75  55 fe ee 45  48 7e 11 5a
Sep 21 07:34:30.957799: | ikev2 g^x  a1 5c 4f 99  b3 61 5f 69  69 d0 ea d2  19 fc c6 a3
Sep 21 07:34:30.957801: | ikev2 g^x  cb fd 77 5b  96 dd 57 c4  d3 db 7a 46  bf d2 ed 7b
Sep 21 07:34:30.957804: | emitting length of IKEv2 Key Exchange Payload: 264
Sep 21 07:34:30.957807: | ***emit IKEv2 Nonce Payload:
Sep 21 07:34:30.957809: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Sep 21 07:34:30.957812: |    flags: none (0x0)
Sep 21 07:34:30.957814: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N
Sep 21 07:34:30.957817: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni)
Sep 21 07:34:30.957820: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:30.957823: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
Sep 21 07:34:30.957825: | IKEv2 nonce  63 88 28 0e  98 be 19 6a  d0 60 7e 08  dc 72 4c df
Sep 21 07:34:30.957828: | IKEv2 nonce  39 2e 24 e1  46 3d 2f 62  9d 51 0b 38  62 1f 0e 0a
Sep 21 07:34:30.957830: | emitting length of IKEv2 Nonce Payload: 36
Sep 21 07:34:30.957833: | Adding a v2N Payload
Sep 21 07:34:30.957835: | ***emit IKEv2 Notify Payload:
Sep 21 07:34:30.957838: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:30.957840: |    flags: none (0x0)
Sep 21 07:34:30.957843: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:34:30.957845: |    SPI size: 0 (0x0)
Sep 21 07:34:30.957848: |    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
Sep 21 07:34:30.957851: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Sep 21 07:34:30.957855: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:30.957857: | emitting length of IKEv2 Notify Payload: 8
Sep 21 07:34:30.957860: |  NAT-Traversal support  [enabled] add v2N payloads.
Sep 21 07:34:30.957863: | natd_hash: rcookie is zero
Sep 21 07:34:30.957875: | natd_hash: hasher=0x55d95acdb7a0(20)
Sep 21 07:34:30.957878: | natd_hash: icookie=  8d d2 34 28  c7 e8 c1 2d
Sep 21 07:34:30.957881: | natd_hash: rcookie=  00 00 00 00  00 00 00 00
Sep 21 07:34:30.957883: | natd_hash: ip=  c0 01 02 2d
Sep 21 07:34:30.957885: | natd_hash: port=  01 f4
Sep 21 07:34:30.957888: | natd_hash: hash=  ba 20 a9 b5  7e 63 6b 29  df 6e fd c0  32 1b 56 79
Sep 21 07:34:30.957890: | natd_hash: hash=  96 0b e0 a2
Sep 21 07:34:30.957892: | Adding a v2N Payload
Sep 21 07:34:30.957894: | ***emit IKEv2 Notify Payload:
Sep 21 07:34:30.957897: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:30.957899: |    flags: none (0x0)
Sep 21 07:34:30.957901: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:34:30.957904: |    SPI size: 0 (0x0)
Sep 21 07:34:30.957906: |    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Sep 21 07:34:30.957909: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Sep 21 07:34:30.957912: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:30.957915: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Sep 21 07:34:30.957917: | Notify data  ba 20 a9 b5  7e 63 6b 29  df 6e fd c0  32 1b 56 79
Sep 21 07:34:30.957919: | Notify data  96 0b e0 a2
Sep 21 07:34:30.957922: | emitting length of IKEv2 Notify Payload: 28
Sep 21 07:34:30.957924: | natd_hash: rcookie is zero
Sep 21 07:34:30.957930: | natd_hash: hasher=0x55d95acdb7a0(20)
Sep 21 07:34:30.957932: | natd_hash: icookie=  8d d2 34 28  c7 e8 c1 2d
Sep 21 07:34:30.957935: | natd_hash: rcookie=  00 00 00 00  00 00 00 00
Sep 21 07:34:30.957937: | natd_hash: ip=  c0 01 02 17
Sep 21 07:34:30.957939: | natd_hash: port=  01 f4
Sep 21 07:34:30.957941: | natd_hash: hash=  b7 f9 b7 9f  ad 63 6d 86  94 d1 3f 33  64 04 f7 57
Sep 21 07:34:30.957943: | natd_hash: hash=  80 62 e7 fc
Sep 21 07:34:30.957946: | Adding a v2N Payload
Sep 21 07:34:30.957948: | ***emit IKEv2 Notify Payload:
Sep 21 07:34:30.957950: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:30.957953: |    flags: none (0x0)
Sep 21 07:34:30.957955: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:34:30.957957: |    SPI size: 0 (0x0)
Sep 21 07:34:30.957960: |    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Sep 21 07:34:30.957963: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Sep 21 07:34:30.957965: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:30.957968: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Sep 21 07:34:30.957970: | Notify data  b7 f9 b7 9f  ad 63 6d 86  94 d1 3f 33  64 04 f7 57
Sep 21 07:34:30.957973: | Notify data  80 62 e7 fc
Sep 21 07:34:30.957975: | emitting length of IKEv2 Notify Payload: 28
Sep 21 07:34:30.957977: | emitting length of ISAKMP Message: 828
Sep 21 07:34:30.957986: | stop processing: state #1 connection "westnet-eastnet-ikev2a" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817)
Sep 21 07:34:30.957994: | start processing: state #1 connection "westnet-eastnet-ikev2a" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:34:30.957998: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK
Sep 21 07:34:30.958001: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1
Sep 21 07:34:30.958005: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA)
Sep 21 07:34:30.958008: | Message ID: updating counters for #1 to 4294967295 after switching state
Sep 21 07:34:30.958012: | Message ID: IKE #1 skipping update_recv as MD is fake
Sep 21 07:34:30.958017: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1
Sep 21 07:34:30.958020: "westnet-eastnet-ikev2a" #1: STATE_PARENT_I1: sent v2I1, expected v2R1
Sep 21 07:34:30.958032: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500)
Sep 21 07:34:30.958044: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1)
Sep 21 07:34:30.958047: |   8d d2 34 28  c7 e8 c1 2d  00 00 00 00  00 00 00 00
Sep 21 07:34:30.958049: |   21 20 22 08  00 00 00 00  00 00 03 3c  22 00 01 b4
Sep 21 07:34:30.958052: |   02 00 00 64  01 01 00 0b  03 00 00 0c  01 00 00 14
Sep 21 07:34:30.958054: |   80 0e 01 00  03 00 00 08  02 00 00 07  03 00 00 08
Sep 21 07:34:30.958056: |   02 00 00 05  03 00 00 08  04 00 00 0e  03 00 00 08
Sep 21 07:34:30.958059: |   04 00 00 0f  03 00 00 08  04 00 00 10  03 00 00 08
Sep 21 07:34:30.958061: |   04 00 00 12  03 00 00 08  04 00 00 13  03 00 00 08
Sep 21 07:34:30.958063: |   04 00 00 14  03 00 00 08  04 00 00 15  00 00 00 08
Sep 21 07:34:30.958065: |   04 00 00 1f  02 00 00 64  02 01 00 0b  03 00 00 0c
Sep 21 07:34:30.958068: |   01 00 00 14  80 0e 00 80  03 00 00 08  02 00 00 07
Sep 21 07:34:30.958070: |   03 00 00 08  02 00 00 05  03 00 00 08  04 00 00 0e
Sep 21 07:34:30.958072: |   03 00 00 08  04 00 00 0f  03 00 00 08  04 00 00 10
Sep 21 07:34:30.958075: |   03 00 00 08  04 00 00 12  03 00 00 08  04 00 00 13
Sep 21 07:34:30.958077: |   03 00 00 08  04 00 00 14  03 00 00 08  04 00 00 15
Sep 21 07:34:30.958079: |   00 00 00 08  04 00 00 1f  02 00 00 74  03 01 00 0d
Sep 21 07:34:30.958081: |   03 00 00 0c  01 00 00 0c  80 0e 01 00  03 00 00 08
Sep 21 07:34:30.958084: |   02 00 00 07  03 00 00 08  02 00 00 05  03 00 00 08
Sep 21 07:34:30.958086: |   03 00 00 0e  03 00 00 08  03 00 00 0c  03 00 00 08
Sep 21 07:34:30.958088: |   04 00 00 0e  03 00 00 08  04 00 00 0f  03 00 00 08
Sep 21 07:34:30.958090: |   04 00 00 10  03 00 00 08  04 00 00 12  03 00 00 08
Sep 21 07:34:30.958093: |   04 00 00 13  03 00 00 08  04 00 00 14  03 00 00 08
Sep 21 07:34:30.958107: |   04 00 00 15  00 00 00 08  04 00 00 1f  00 00 00 74
Sep 21 07:34:30.958110: |   04 01 00 0d  03 00 00 0c  01 00 00 0c  80 0e 00 80
Sep 21 07:34:30.958112: |   03 00 00 08  02 00 00 07  03 00 00 08  02 00 00 05
Sep 21 07:34:30.958114: |   03 00 00 08  03 00 00 0e  03 00 00 08  03 00 00 0c
Sep 21 07:34:30.958116: |   03 00 00 08  04 00 00 0e  03 00 00 08  04 00 00 0f
Sep 21 07:34:30.958118: |   03 00 00 08  04 00 00 10  03 00 00 08  04 00 00 12
Sep 21 07:34:30.958121: |   03 00 00 08  04 00 00 13  03 00 00 08  04 00 00 14
Sep 21 07:34:30.958123: |   03 00 00 08  04 00 00 15  00 00 00 08  04 00 00 1f
Sep 21 07:34:30.958125: |   28 00 01 08  00 0e 00 00  7c a3 3e 7a  51 d7 e5 5c
Sep 21 07:34:30.958127: |   ab ca 55 29  2b 4d 1b a4  7b 10 eb 36  7d 22 1d 26
Sep 21 07:34:30.958130: |   6e 19 29 12  ac 1c 1d 55  88 4f b0 a8  a3 6b 69 49
Sep 21 07:34:30.958132: |   ae 4c 80 a6  41 75 9b df  10 02 39 c5  b0 f2 d8 38
Sep 21 07:34:30.958134: |   69 d5 d1 3b  52 db 95 a3  70 67 b3 07  76 07 14 78
Sep 21 07:34:30.958136: |   f9 15 a1 b1  18 07 a1 fc  9d 31 22 17  b4 1a 1b f3
Sep 21 07:34:30.958138: |   ae 5f b0 1d  5b ef 65 c0  dd 8d 6e e0  5d 26 a4 c6
Sep 21 07:34:30.958141: |   1a 38 35 d1  a2 e4 44 d5  66 4e 40 b7  ca 5a 05 4d
Sep 21 07:34:30.958143: |   0f 92 f9 5a  ba 54 62 4e  f9 67 d9 16  ae a4 48 c3
Sep 21 07:34:30.958145: |   cb d3 59 cd  14 9e 9d ab  b1 69 4c d8  a1 ff fe d2
Sep 21 07:34:30.958147: |   e6 15 87 96  e7 4a 87 bb  0a d6 00 31  04 f1 cb f4
Sep 21 07:34:30.958149: |   af f9 d2 b6  43 26 69 05  60 33 c4 f9  77 1b ad 84
Sep 21 07:34:30.958152: |   99 7c 93 43  5b b1 83 43  8a cc 68 ba  6a c0 9f 47
Sep 21 07:34:30.958154: |   2d 80 09 41  7d a7 cf 7e  b4 56 f3 20  c5 41 7f 75
Sep 21 07:34:30.958156: |   55 fe ee 45  48 7e 11 5a  a1 5c 4f 99  b3 61 5f 69
Sep 21 07:34:30.958158: |   69 d0 ea d2  19 fc c6 a3  cb fd 77 5b  96 dd 57 c4
Sep 21 07:34:30.958162: |   d3 db 7a 46  bf d2 ed 7b  29 00 00 24  63 88 28 0e
Sep 21 07:34:30.958164: |   98 be 19 6a  d0 60 7e 08  dc 72 4c df  39 2e 24 e1
Sep 21 07:34:30.958166: |   46 3d 2f 62  9d 51 0b 38  62 1f 0e 0a  29 00 00 08
Sep 21 07:34:30.958168: |   00 00 40 2e  29 00 00 1c  00 00 40 04  ba 20 a9 b5
Sep 21 07:34:30.958170: |   7e 63 6b 29  df 6e fd c0  32 1b 56 79  96 0b e0 a2
Sep 21 07:34:30.958173: |   00 00 00 1c  00 00 40 05  b7 f9 b7 9f  ad 63 6d 86
Sep 21 07:34:30.958175: |   94 d1 3f 33  64 04 f7 57  80 62 e7 fc
Sep 21 07:34:30.958244: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Sep 21 07:34:30.958264: | libevent_free: release ptr-libevent@0x55d95cd9c990
Sep 21 07:34:30.958267: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55d95cd9c950
Sep 21 07:34:30.958270: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms
Sep 21 07:34:30.958273: "westnet-eastnet-ikev2a" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds
Sep 21 07:34:30.958281: | event_schedule: new EVENT_RETRANSMIT-pe@0x55d95cd9c950
Sep 21 07:34:30.958285: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1
Sep 21 07:34:30.958288: | libevent_malloc: new ptr-libevent@0x55d95cd9c990 size 128
Sep 21 07:34:30.958293: | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49917.326545
Sep 21 07:34:30.958296: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD
Sep 21 07:34:30.958302: | #1 spent 1.64 milliseconds in resume sending helper answer
Sep 21 07:34:30.958307: | stop processing: state #1 connection "westnet-eastnet-ikev2a" from 192.1.2.23:500 (in resume_handler() at server.c:833)
Sep 21 07:34:30.958310: | libevent_free: release ptr-libevent@0x7f3f9c006900
Sep 21 07:34:30.960851: | spent 0.00204 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Sep 21 07:34:30.960871: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500)
Sep 21 07:34:30.960875: |   8d d2 34 28  c7 e8 c1 2d  b9 d2 a5 24  9f c6 1e 32
Sep 21 07:34:30.960877: |   21 20 22 20  00 00 00 00  00 00 01 b0  22 00 00 28
Sep 21 07:34:30.960879: |   00 00 00 24  01 01 00 03  03 00 00 0c  01 00 00 14
Sep 21 07:34:30.960882: |   80 0e 01 00  03 00 00 08  02 00 00 07  00 00 00 08
Sep 21 07:34:30.960884: |   04 00 00 0e  28 00 01 08  00 0e 00 00  e4 6c 04 92
Sep 21 07:34:30.960886: |   1b 7d a4 02  82 a9 7d 92  af e4 b5 9b  49 0b 86 6f
Sep 21 07:34:30.960901: |   4f 82 2b ab  96 d4 b2 34  7d b3 1b 81  f6 d7 d7 b7
Sep 21 07:34:30.960903: |   67 4a ff db  5e f2 cd fc  a2 a8 61 23  5c c8 0f ca
Sep 21 07:34:30.960905: |   61 59 2f da  bb ca ec 25  15 1e 58 9e  b7 c8 01 0a
Sep 21 07:34:30.960907: |   e8 03 71 51  5b b3 3e 4b  40 bd cb 07  79 0b 1d 92
Sep 21 07:34:30.960910: |   b0 fc c2 46  d6 da f8 1f  8c f4 8a 3e  21 58 2e 62
Sep 21 07:34:30.960912: |   ec fa 7a 2b  52 1b 9a 54  20 5a c9 2e  34 15 99 dc
Sep 21 07:34:30.960914: |   0a 6d 28 69  0b a4 c4 55  82 41 4c c7  69 ed 21 7c
Sep 21 07:34:30.960916: |   32 a7 d7 04  72 bb 4a 9a  14 ca f3 db  62 e6 0d ae
Sep 21 07:34:30.960919: |   04 44 df 67  17 b5 c1 de  c2 40 20 93  ed 60 0e ec
Sep 21 07:34:30.960921: |   07 62 d9 de  e7 70 9e ee  c8 f5 70 07  14 f2 76 7e
Sep 21 07:34:30.960923: |   9a b6 f7 e4  53 57 c6 a2  dc 96 46 52  6a 37 42 15
Sep 21 07:34:30.960925: |   e3 29 1f e5  f9 b0 8c ac  cc 83 76 25  2a e3 0b c9
Sep 21 07:34:30.960927: |   6d 10 fb ad  8e 94 35 e0  c8 b8 09 8c  a8 cc fc 1b
Sep 21 07:34:30.960929: |   5a 43 0c 85  8e cf e0 3a  bc b8 b1 64  7b c5 66 c5
Sep 21 07:34:30.960932: |   36 6f 93 c4  df 05 6c a0  28 e0 1a d7  29 00 00 24
Sep 21 07:34:30.960934: |   6e 72 a9 94  dc 1e b2 de  ff d4 c0 04  c5 f4 15 8c
Sep 21 07:34:30.960936: |   f7 8d 24 66  a1 ec c7 c6  c7 78 a2 57  3f cf 3f 25
Sep 21 07:34:30.960938: |   29 00 00 08  00 00 40 2e  29 00 00 1c  00 00 40 04
Sep 21 07:34:30.960941: |   5b 8c c1 ee  c5 48 7d b6  45 6f 62 b2  2f 6c d6 6f
Sep 21 07:34:30.960943: |   df b2 d9 c0  00 00 00 1c  00 00 40 05  bb 74 8b 3a
Sep 21 07:34:30.960948: |   4b 54 58 90  56 fb 18 6b  fb 39 81 8c  7e 55 d8 66
Sep 21 07:34:30.960952: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378)
Sep 21 07:34:30.960955: | **parse ISAKMP Message:
Sep 21 07:34:30.960958: |    initiator cookie:
Sep 21 07:34:30.960960: |   8d d2 34 28  c7 e8 c1 2d
Sep 21 07:34:30.960962: |    responder cookie:
Sep 21 07:34:30.960964: |   b9 d2 a5 24  9f c6 1e 32
Sep 21 07:34:30.960967: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Sep 21 07:34:30.960969: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:34:30.960972: |    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
Sep 21 07:34:30.960974: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Sep 21 07:34:30.960977: |    Message ID: 0 (0x0)
Sep 21 07:34:30.960979: |    length: 432 (0x1b0)
Sep 21 07:34:30.960982: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34)
Sep 21 07:34:30.960985: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response 
Sep 21 07:34:30.960988: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi)
Sep 21 07:34:30.960994: | start processing: state #1 connection "westnet-eastnet-ikev2a" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016)
Sep 21 07:34:30.960998: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2a" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062)
Sep 21 07:34:30.961001: | #1 is idle
Sep 21 07:34:30.961003: | #1 idle
Sep 21 07:34:30.961005: | unpacking clear payload
Sep 21 07:34:30.961008: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Sep 21 07:34:30.961010: | ***parse IKEv2 Security Association Payload:
Sep 21 07:34:30.961013: |    next payload type: ISAKMP_NEXT_v2KE (0x22)
Sep 21 07:34:30.961015: |    flags: none (0x0)
Sep 21 07:34:30.961017: |    length: 40 (0x28)
Sep 21 07:34:30.961020: | processing payload: ISAKMP_NEXT_v2SA (len=36)
Sep 21 07:34:30.961022: | Now let's proceed with payload (ISAKMP_NEXT_v2KE)
Sep 21 07:34:30.961024: | ***parse IKEv2 Key Exchange Payload:
Sep 21 07:34:30.961027: |    next payload type: ISAKMP_NEXT_v2Ni (0x28)
Sep 21 07:34:30.961029: |    flags: none (0x0)
Sep 21 07:34:30.961031: |    length: 264 (0x108)
Sep 21 07:34:30.961033: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:34:30.961036: | processing payload: ISAKMP_NEXT_v2KE (len=256)
Sep 21 07:34:30.961038: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
Sep 21 07:34:30.961040: | ***parse IKEv2 Nonce Payload:
Sep 21 07:34:30.961043: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Sep 21 07:34:30.961045: |    flags: none (0x0)
Sep 21 07:34:30.961047: |    length: 36 (0x24)
Sep 21 07:34:30.961049: | processing payload: ISAKMP_NEXT_v2Ni (len=32)
Sep 21 07:34:30.961051: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Sep 21 07:34:30.961054: | ***parse IKEv2 Notify Payload:
Sep 21 07:34:30.961056: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Sep 21 07:34:30.961058: |    flags: none (0x0)
Sep 21 07:34:30.961060: |    length: 8 (0x8)
Sep 21 07:34:30.961063: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:34:30.961065: |    SPI size: 0 (0x0)
Sep 21 07:34:30.961068: |    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
Sep 21 07:34:30.961070: | processing payload: ISAKMP_NEXT_v2N (len=0)
Sep 21 07:34:30.961072: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Sep 21 07:34:30.961074: | ***parse IKEv2 Notify Payload:
Sep 21 07:34:30.961077: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Sep 21 07:34:30.961079: |    flags: none (0x0)
Sep 21 07:34:30.961081: |    length: 28 (0x1c)
Sep 21 07:34:30.961083: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:34:30.961086: |    SPI size: 0 (0x0)
Sep 21 07:34:30.961088: |    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Sep 21 07:34:30.961090: | processing payload: ISAKMP_NEXT_v2N (len=20)
Sep 21 07:34:30.961093: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Sep 21 07:34:30.961095: | ***parse IKEv2 Notify Payload:
Sep 21 07:34:30.961097: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:30.961101: |    flags: none (0x0)
Sep 21 07:34:30.961103: |    length: 28 (0x1c)
Sep 21 07:34:30.961105: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:34:30.961108: |    SPI size: 0 (0x0)
Sep 21 07:34:30.961110: |    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Sep 21 07:34:30.961112: | processing payload: ISAKMP_NEXT_v2N (len=20)
Sep 21 07:34:30.961115: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir]
Sep 21 07:34:30.961120: | #1 in state PARENT_I1: sent v2I1, expected v2R1
Sep 21 07:34:30.961123: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH
Sep 21 07:34:30.961125: | Now let's proceed with state specific processing
Sep 21 07:34:30.961128: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH
Sep 21 07:34:30.961131: | ikev2 parent inR1: calculating g^{xy} in order to send I2
Sep 21 07:34:30.961147: | using existing local IKE proposals for connection westnet-eastnet-ikev2a (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Sep 21 07:34:30.961150: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals
Sep 21 07:34:30.961153: | local proposal 1 type ENCR has 1 transforms
Sep 21 07:34:30.961156: | local proposal 1 type PRF has 2 transforms
Sep 21 07:34:30.961158: | local proposal 1 type INTEG has 1 transforms
Sep 21 07:34:30.961161: | local proposal 1 type DH has 8 transforms
Sep 21 07:34:30.961163: | local proposal 1 type ESN has 0 transforms
Sep 21 07:34:30.961166: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG
Sep 21 07:34:30.961168: | local proposal 2 type ENCR has 1 transforms
Sep 21 07:34:30.961170: | local proposal 2 type PRF has 2 transforms
Sep 21 07:34:30.961173: | local proposal 2 type INTEG has 1 transforms
Sep 21 07:34:30.961175: | local proposal 2 type DH has 8 transforms
Sep 21 07:34:30.961177: | local proposal 2 type ESN has 0 transforms
Sep 21 07:34:30.961180: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG
Sep 21 07:34:30.961182: | local proposal 3 type ENCR has 1 transforms
Sep 21 07:34:30.961185: | local proposal 3 type PRF has 2 transforms
Sep 21 07:34:30.961187: | local proposal 3 type INTEG has 2 transforms
Sep 21 07:34:30.961189: | local proposal 3 type DH has 8 transforms
Sep 21 07:34:30.961192: | local proposal 3 type ESN has 0 transforms
Sep 21 07:34:30.961195: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Sep 21 07:34:30.961197: | local proposal 4 type ENCR has 1 transforms
Sep 21 07:34:30.961199: | local proposal 4 type PRF has 2 transforms
Sep 21 07:34:30.961201: | local proposal 4 type INTEG has 2 transforms
Sep 21 07:34:30.961204: | local proposal 4 type DH has 8 transforms
Sep 21 07:34:30.961206: | local proposal 4 type ESN has 0 transforms
Sep 21 07:34:30.961209: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Sep 21 07:34:30.961211: | ****parse IKEv2 Proposal Substructure Payload:
Sep 21 07:34:30.961214: |    last proposal: v2_PROPOSAL_LAST (0x0)
Sep 21 07:34:30.961216: |    length: 36 (0x24)
Sep 21 07:34:30.961218: |    prop #: 1 (0x1)
Sep 21 07:34:30.961221: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Sep 21 07:34:30.961223: |    spi size: 0 (0x0)
Sep 21 07:34:30.961225: |    # transforms: 3 (0x3)
Sep 21 07:34:30.961228: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals
Sep 21 07:34:30.961232: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.961234: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.961237: |    length: 12 (0xc)
Sep 21 07:34:30.961239: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:30.961241: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:34:30.961244: | ******parse IKEv2 Attribute Substructure Payload:
Sep 21 07:34:30.961246: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:30.961248: |    length/value: 256 (0x100)
Sep 21 07:34:30.961252: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Sep 21 07:34:30.961255: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.961257: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.961260: |    length: 8 (0x8)
Sep 21 07:34:30.961262: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:34:30.961264: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Sep 21 07:34:30.961267: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0
Sep 21 07:34:30.961270: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.961272: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:30.961274: |    length: 8 (0x8)
Sep 21 07:34:30.961277: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:30.961279: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:34:30.961282: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0
Sep 21 07:34:30.961285: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none
Sep 21 07:34:30.961290: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH
Sep 21 07:34:30.961292: | remote proposal 1 matches local proposal 1
Sep 21 07:34:30.961295: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match]
Sep 21 07:34:30.961297: | converting proposal to internal trans attrs
Sep 21 07:34:30.961309: | natd_hash: hasher=0x55d95acdb7a0(20)
Sep 21 07:34:30.961311: | natd_hash: icookie=  8d d2 34 28  c7 e8 c1 2d
Sep 21 07:34:30.961314: | natd_hash: rcookie=  b9 d2 a5 24  9f c6 1e 32
Sep 21 07:34:30.961316: | natd_hash: ip=  c0 01 02 2d
Sep 21 07:34:30.961318: | natd_hash: port=  01 f4
Sep 21 07:34:30.961321: | natd_hash: hash=  bb 74 8b 3a  4b 54 58 90  56 fb 18 6b  fb 39 81 8c
Sep 21 07:34:30.961323: | natd_hash: hash=  7e 55 d8 66
Sep 21 07:34:30.961329: | natd_hash: hasher=0x55d95acdb7a0(20)
Sep 21 07:34:30.961331: | natd_hash: icookie=  8d d2 34 28  c7 e8 c1 2d
Sep 21 07:34:30.961333: | natd_hash: rcookie=  b9 d2 a5 24  9f c6 1e 32
Sep 21 07:34:30.961335: | natd_hash: ip=  c0 01 02 17
Sep 21 07:34:30.961338: | natd_hash: port=  01 f4
Sep 21 07:34:30.961340: | natd_hash: hash=  5b 8c c1 ee  c5 48 7d b6  45 6f 62 b2  2f 6c d6 6f
Sep 21 07:34:30.961342: | natd_hash: hash=  df b2 d9 c0
Sep 21 07:34:30.961344: | NAT_TRAVERSAL encaps using auto-detect
Sep 21 07:34:30.961347: | NAT_TRAVERSAL this end is NOT behind NAT
Sep 21 07:34:30.961349: | NAT_TRAVERSAL that end is NOT behind NAT
Sep 21 07:34:30.961352: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23
Sep 21 07:34:30.961357: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16
Sep 21 07:34:30.961360: | adding ikev2_inR1outI2 KE work-order 2 for state #1
Sep 21 07:34:30.961363: | state #1 requesting EVENT_RETRANSMIT to be deleted
Sep 21 07:34:30.961365: | #1 STATE_PARENT_I1: retransmits: cleared
Sep 21 07:34:30.961368: | libevent_free: release ptr-libevent@0x55d95cd9c990
Sep 21 07:34:30.961371: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55d95cd9c950
Sep 21 07:34:30.961374: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55d95cd9c950
Sep 21 07:34:30.961378: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Sep 21 07:34:30.961397: | libevent_malloc: new ptr-libevent@0x55d95cd9c990 size 128
Sep 21 07:34:30.961421: |   #1 spent 0.288 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet()
Sep 21 07:34:30.961439: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2a" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:34:30.961442: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND
Sep 21 07:34:30.961444: | suspending state #1 and saving MD
Sep 21 07:34:30.961447: | #1 is busy; has a suspended MD
Sep 21 07:34:30.961461: | crypto helper 1 resuming
Sep 21 07:34:30.961486: | crypto helper 1 starting work-order 2 for state #1
Sep 21 07:34:30.961464: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2a" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266)
Sep 21 07:34:30.961497: | "westnet-eastnet-ikev2a" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448
Sep 21 07:34:30.961491: | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2
Sep 21 07:34:30.961502: | stop processing: state #1 connection "westnet-eastnet-ikev2a" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018)
Sep 21 07:34:30.961507: | #1 spent 0.626 milliseconds in ikev2_process_packet()
Sep 21 07:34:30.961511: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380)
Sep 21 07:34:30.961514: | processing: STOP state #0 (in process_md() at demux.c:382)
Sep 21 07:34:30.961517: | processing: STOP connection NULL (in process_md() at demux.c:383)
Sep 21 07:34:30.961520: | spent 0.64 milliseconds in comm_handle_cb() reading and processing packet
Sep 21 07:34:30.962070: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4
Sep 21 07:34:30.962465: | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.000974 seconds
Sep 21 07:34:30.962473: | (#1) spent 0.97 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr)
Sep 21 07:34:30.962475: | crypto helper 1 sending results from work-order 2 for state #1 to event queue
Sep 21 07:34:30.962477: | scheduling resume sending helper answer for #1
Sep 21 07:34:30.962479: | libevent_malloc: new ptr-libevent@0x7f3f94006b90 size 128
Sep 21 07:34:30.962485: | crypto helper 1 waiting (nothing to do)
Sep 21 07:34:30.962492: | processing resume sending helper answer for #1
Sep 21 07:34:30.962499: | start processing: state #1 connection "westnet-eastnet-ikev2a" from 192.1.2.23:500 (in resume_handler() at server.c:797)
Sep 21 07:34:30.962503: | crypto helper 1 replies to request ID 2
Sep 21 07:34:30.962505: | calling continuation function 0x55d95ac05630
Sep 21 07:34:30.962508: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2
Sep 21 07:34:30.962512: | creating state object #2 at 0x55d95cd9f1f0
Sep 21 07:34:30.962515: | State DB: adding IKEv2 state #2 in UNDEFINED
Sep 21 07:34:30.962519: | pstats #2 ikev2.child started
Sep 21 07:34:30.962522: | duplicating state object #1 "westnet-eastnet-ikev2a" as #2 for IPSEC SA
Sep 21 07:34:30.962527: | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1481)
Sep 21 07:34:30.962533: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1
Sep 21 07:34:30.962538: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1
Sep 21 07:34:30.962542: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1
Sep 21 07:34:30.962545: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Sep 21 07:34:30.962548: | libevent_free: release ptr-libevent@0x55d95cd9c990
Sep 21 07:34:30.962550: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55d95cd9c950
Sep 21 07:34:30.962553: | event_schedule: new EVENT_SA_REPLACE-pe@0x55d95cd9c950
Sep 21 07:34:30.962559: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1
Sep 21 07:34:30.962562: | libevent_malloc: new ptr-libevent@0x55d95cd9c990 size 128
Sep 21 07:34:30.962565: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA)
Sep 21 07:34:30.962571: | **emit ISAKMP Message:
Sep 21 07:34:30.962574: |    initiator cookie:
Sep 21 07:34:30.962576: |   8d d2 34 28  c7 e8 c1 2d
Sep 21 07:34:30.962578: |    responder cookie:
Sep 21 07:34:30.962580: |   b9 d2 a5 24  9f c6 1e 32
Sep 21 07:34:30.962583: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Sep 21 07:34:30.962586: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:34:30.962588: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Sep 21 07:34:30.962591: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Sep 21 07:34:30.962594: |    Message ID: 1 (0x1)
Sep 21 07:34:30.962596: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Sep 21 07:34:30.962599: | ***emit IKEv2 Encryption Payload:
Sep 21 07:34:30.962602: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:30.962604: |    flags: none (0x0)
Sep 21 07:34:30.962607: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Sep 21 07:34:30.962610: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:30.962613: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Sep 21 07:34:30.962620: | IKEv2 CERT: send a certificate?
Sep 21 07:34:30.962623: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK
Sep 21 07:34:30.962625: | IDr payload will be sent
Sep 21 07:34:30.962640: | ****emit IKEv2 Identification - Initiator - Payload:
Sep 21 07:34:30.962643: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:30.962645: |    flags: none (0x0)
Sep 21 07:34:30.962648: |    ID type: ID_FQDN (0x2)
Sep 21 07:34:30.962651: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi)
Sep 21 07:34:30.962654: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:30.962657: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload
Sep 21 07:34:30.962659: | my identity  77 65 73 74
Sep 21 07:34:30.962662: | emitting length of IKEv2 Identification - Initiator - Payload: 12
Sep 21 07:34:30.962671: | ****emit IKEv2 Identification - Responder - Payload:
Sep 21 07:34:30.962673: |    next payload type: ISAKMP_NEXT_v2AUTH (0x27)
Sep 21 07:34:30.962676: |    flags: none (0x0)
Sep 21 07:34:30.962678: |    ID type: ID_FQDN (0x2)
Sep 21 07:34:30.962681: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH
Sep 21 07:34:30.962684: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr)
Sep 21 07:34:30.962687: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:30.962690: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload
Sep 21 07:34:30.962692: | IDr  65 61 73 74
Sep 21 07:34:30.962694: | emitting length of IKEv2 Identification - Responder - Payload: 12
Sep 21 07:34:30.962697: | not sending INITIAL_CONTACT
Sep 21 07:34:30.962700: | ****emit IKEv2 Authentication Payload:
Sep 21 07:34:30.962702: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:30.962705: |    flags: none (0x0)
Sep 21 07:34:30.962707: |    auth method: IKEv2_AUTH_SHARED (0x2)
Sep 21 07:34:30.962710: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH)
Sep 21 07:34:30.962715: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:30.962718: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret
Sep 21 07:34:30.962723: | started looking for secret for @west->@east of kind PKK_PSK
Sep 21 07:34:30.962726: | actually looking for secret for @west->@east of kind PKK_PSK
Sep 21 07:34:30.962729: | line 1: key type PKK_PSK(@west) to type PKK_PSK
Sep 21 07:34:30.962733: | 1: compared key @east to @west / @east -> 004
Sep 21 07:34:30.962736: | 2: compared key @west to @west / @east -> 014
Sep 21 07:34:30.962739: | line 1: match=014
Sep 21 07:34:30.962741: | match 014 beats previous best_match 000 match=0x55d95cd8b400 (line=1)
Sep 21 07:34:30.962744: | concluding with best_match=014 best=0x55d95cd8b400 (lineno=1)
Sep 21 07:34:30.962818: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload
Sep 21 07:34:30.962824: | PSK auth  23 16 dd a1  2d 49 4a ed  96 c0 06 7f  ed dd 6a 3f
Sep 21 07:34:30.962827: | PSK auth  d3 0e d9 36  92 cb 36 fb  b7 2f 8d bd  f4 6c 99 09
Sep 21 07:34:30.962829: | PSK auth  a8 54 b5 84  6f 3c c2 fc  b8 06 cf 52  5d 8a b2 b2
Sep 21 07:34:30.962832: | PSK auth  dd 4b 52 5e  d9 fe 34 90  39 15 9f 64  c7 76 87 96
Sep 21 07:34:30.962834: | emitting length of IKEv2 Authentication Payload: 72
Sep 21 07:34:30.962837: | getting first pending from state #1
Sep 21 07:34:30.962857: | netlink_get_spi: allocated 0xbd1cd64f for esp.0@192.1.2.45
Sep 21 07:34:30.962861: | constructing ESP/AH proposals with all DH removed  for westnet-eastnet-ikev2a (IKE SA initiator emitting ESP/AH proposals)
Sep 21 07:34:30.962865: | converting proposal AES_GCM_16_256-NONE to ikev2 ...
Sep 21 07:34:30.962871: | ...  ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED
Sep 21 07:34:30.962874: | converting proposal AES_GCM_16_128-NONE to ikev2 ...
Sep 21 07:34:30.962877: | ...  ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED
Sep 21 07:34:30.962881: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Sep 21 07:34:30.962885: | ...  ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Sep 21 07:34:30.962888: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Sep 21 07:34:30.962892: | ...  ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Sep 21 07:34:30.962901: "westnet-eastnet-ikev2a": constructed local ESP/AH proposals for westnet-eastnet-ikev2a (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Sep 21 07:34:30.962910: | Emitting ikev2_proposals ...
Sep 21 07:34:30.962913: | ****emit IKEv2 Security Association Payload:
Sep 21 07:34:30.962915: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:30.962918: |    flags: none (0x0)
Sep 21 07:34:30.962921: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Sep 21 07:34:30.962924: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:30.962926: | discarding INTEG=NONE
Sep 21 07:34:30.962928: | discarding DH=NONE
Sep 21 07:34:30.962931: | *****emit IKEv2 Proposal Substructure Payload:
Sep 21 07:34:30.962933: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:30.962936: |    prop #: 1 (0x1)
Sep 21 07:34:30.962938: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:34:30.962940: |    spi size: 4 (0x4)
Sep 21 07:34:30.962943: |    # transforms: 2 (0x2)
Sep 21 07:34:30.962946: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Sep 21 07:34:30.962951: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Sep 21 07:34:30.962953: | our spi  bd 1c d6 4f
Sep 21 07:34:30.962955: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.962958: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.962961: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:30.962963: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:34:30.962966: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.962969: | *******emit IKEv2 Attribute Substructure Payload:
Sep 21 07:34:30.962971: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:30.962974: |    length/value: 256 (0x100)
Sep 21 07:34:30.962976: | emitting length of IKEv2 Transform Substructure Payload: 12
Sep 21 07:34:30.962978: | discarding INTEG=NONE
Sep 21 07:34:30.962981: | discarding DH=NONE
Sep 21 07:34:30.962983: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.962985: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:30.962988: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:34:30.962990: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:34:30.962993: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.962996: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.962999: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.963001: | emitting length of IKEv2 Proposal Substructure Payload: 32
Sep 21 07:34:30.963004: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Sep 21 07:34:30.963007: | discarding INTEG=NONE
Sep 21 07:34:30.963009: | discarding DH=NONE
Sep 21 07:34:30.963011: | *****emit IKEv2 Proposal Substructure Payload:
Sep 21 07:34:30.963014: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:30.963016: |    prop #: 2 (0x2)
Sep 21 07:34:30.963018: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:34:30.963021: |    spi size: 4 (0x4)
Sep 21 07:34:30.963023: |    # transforms: 2 (0x2)
Sep 21 07:34:30.963026: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:30.963029: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Sep 21 07:34:30.963032: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Sep 21 07:34:30.963034: | our spi  bd 1c d6 4f
Sep 21 07:34:30.963036: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.963039: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.963041: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:30.963043: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:34:30.963046: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.963049: | *******emit IKEv2 Attribute Substructure Payload:
Sep 21 07:34:30.963051: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:30.963053: |    length/value: 128 (0x80)
Sep 21 07:34:30.963056: | emitting length of IKEv2 Transform Substructure Payload: 12
Sep 21 07:34:30.963058: | discarding INTEG=NONE
Sep 21 07:34:30.963060: | discarding DH=NONE
Sep 21 07:34:30.963063: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.963065: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:30.963067: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:34:30.963070: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:34:30.963073: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.963077: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.963079: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.963082: | emitting length of IKEv2 Proposal Substructure Payload: 32
Sep 21 07:34:30.963084: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Sep 21 07:34:30.963099: | discarding DH=NONE
Sep 21 07:34:30.963102: | *****emit IKEv2 Proposal Substructure Payload:
Sep 21 07:34:30.963104: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:30.963106: |    prop #: 3 (0x3)
Sep 21 07:34:30.963109: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:34:30.963111: |    spi size: 4 (0x4)
Sep 21 07:34:30.963113: |    # transforms: 4 (0x4)
Sep 21 07:34:30.963116: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:30.963119: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Sep 21 07:34:30.963121: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Sep 21 07:34:30.963123: | our spi  bd 1c d6 4f
Sep 21 07:34:30.963126: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.963128: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.963130: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:30.963133: |    IKEv2 transform ID: AES_CBC (0xc)
Sep 21 07:34:30.963135: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.963138: | *******emit IKEv2 Attribute Substructure Payload:
Sep 21 07:34:30.963140: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:30.963142: |    length/value: 256 (0x100)
Sep 21 07:34:30.963145: | emitting length of IKEv2 Transform Substructure Payload: 12
Sep 21 07:34:30.963147: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.963150: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.963152: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:34:30.963155: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Sep 21 07:34:30.963158: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.963160: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.963163: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.963165: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.963167: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.963170: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:34:30.963172: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Sep 21 07:34:30.963175: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.963178: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.963180: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.963182: | discarding DH=NONE
Sep 21 07:34:30.963185: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.963187: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:30.963189: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:34:30.963192: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:34:30.963194: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.963197: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.963201: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.963203: | emitting length of IKEv2 Proposal Substructure Payload: 48
Sep 21 07:34:30.963206: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Sep 21 07:34:30.963208: | discarding DH=NONE
Sep 21 07:34:30.963210: | *****emit IKEv2 Proposal Substructure Payload:
Sep 21 07:34:30.963213: |    last proposal: v2_PROPOSAL_LAST (0x0)
Sep 21 07:34:30.963215: |    prop #: 4 (0x4)
Sep 21 07:34:30.963232: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:34:30.963234: |    spi size: 4 (0x4)
Sep 21 07:34:30.963236: |    # transforms: 4 (0x4)
Sep 21 07:34:30.963239: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:30.963242: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Sep 21 07:34:30.963245: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Sep 21 07:34:30.963247: | our spi  bd 1c d6 4f
Sep 21 07:34:30.963249: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.963252: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.963254: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:30.963257: |    IKEv2 transform ID: AES_CBC (0xc)
Sep 21 07:34:30.963259: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.963262: | *******emit IKEv2 Attribute Substructure Payload:
Sep 21 07:34:30.963264: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:30.963267: |    length/value: 128 (0x80)
Sep 21 07:34:30.963282: | emitting length of IKEv2 Transform Substructure Payload: 12
Sep 21 07:34:30.963284: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.963286: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.963289: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:34:30.963291: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Sep 21 07:34:30.963294: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.963296: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.963299: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.963301: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.963304: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.963306: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:34:30.963308: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Sep 21 07:34:30.963311: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.963314: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.963316: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.963318: | discarding DH=NONE
Sep 21 07:34:30.963321: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:30.963323: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:30.963325: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:34:30.963328: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:34:30.963330: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:30.963333: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:30.963339: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:30.963341: | emitting length of IKEv2 Proposal Substructure Payload: 48
Sep 21 07:34:30.963344: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Sep 21 07:34:30.963346: | emitting length of IKEv2 Security Association Payload: 164
Sep 21 07:34:30.963349: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Sep 21 07:34:30.963352: | ****emit IKEv2 Traffic Selector - Initiator - Payload:
Sep 21 07:34:30.963355: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:30.963357: |    flags: none (0x0)
Sep 21 07:34:30.963359: |    number of TS: 1 (0x1)
Sep 21 07:34:30.963362: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi)
Sep 21 07:34:30.963365: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:30.963368: | *****emit IKEv2 Traffic Selector:
Sep 21 07:34:30.963370: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Sep 21 07:34:30.963373: |    IP Protocol ID: 0 (0x0)
Sep 21 07:34:30.963375: |    start port: 0 (0x0)
Sep 21 07:34:30.963377: |    end port: 65535 (0xffff)
Sep 21 07:34:30.963380: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector
Sep 21 07:34:30.963382: | IP start  c0 00 01 00
Sep 21 07:34:30.963385: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector
Sep 21 07:34:30.963387: | IP end  c0 00 01 ff
Sep 21 07:34:30.963389: | emitting length of IKEv2 Traffic Selector: 16
Sep 21 07:34:30.963392: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24
Sep 21 07:34:30.963394: | ****emit IKEv2 Traffic Selector - Responder - Payload:
Sep 21 07:34:30.963396: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:30.963399: |    flags: none (0x0)
Sep 21 07:34:30.963401: |    number of TS: 1 (0x1)
Sep 21 07:34:30.963404: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr)
Sep 21 07:34:30.963407: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:30.963409: | *****emit IKEv2 Traffic Selector:
Sep 21 07:34:30.963411: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Sep 21 07:34:30.963414: |    IP Protocol ID: 0 (0x0)
Sep 21 07:34:30.963416: |    start port: 0 (0x0)
Sep 21 07:34:30.963418: |    end port: 65535 (0xffff)
Sep 21 07:34:30.963421: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector
Sep 21 07:34:30.963423: | IP start  c0 00 02 00
Sep 21 07:34:30.963425: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector
Sep 21 07:34:30.963427: | IP end  c0 00 02 ff
Sep 21 07:34:30.963430: | emitting length of IKEv2 Traffic Selector: 16
Sep 21 07:34:30.963432: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24
Sep 21 07:34:30.963435: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE
Sep 21 07:34:30.963437: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED
Sep 21 07:34:30.963441: | adding 1 bytes of padding (including 1 byte padding-length)
Sep 21 07:34:30.963443: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Sep 21 07:34:30.963446: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Sep 21 07:34:30.963449: | emitting length of IKEv2 Encryption Payload: 337
Sep 21 07:34:30.963451: | emitting length of ISAKMP Message: 365
Sep 21 07:34:30.963468: | suspend processing: state #1 connection "westnet-eastnet-ikev2a" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:34:30.963473: | start processing: state #2 connection "westnet-eastnet-ikev2a" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:34:30.963478: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK
Sep 21 07:34:30.963481: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2
Sep 21 07:34:30.963484: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA)
Sep 21 07:34:30.963487: | Message ID: updating counters for #2 to 0 after switching state
Sep 21 07:34:30.963492: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1
Sep 21 07:34:30.963497: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1
Sep 21 07:34:30.963501: "westnet-eastnet-ikev2a" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
Sep 21 07:34:30.963510: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500)
Sep 21 07:34:30.963516: | sending 365 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1)
Sep 21 07:34:30.963531: |   8d d2 34 28  c7 e8 c1 2d  b9 d2 a5 24  9f c6 1e 32
Sep 21 07:34:30.963534: |   2e 20 23 08  00 00 00 01  00 00 01 6d  23 00 01 51
Sep 21 07:34:30.963536: |   0a 3a 78 d7  47 65 53 55  72 f0 16 05  1b f0 33 5b
Sep 21 07:34:30.963538: |   85 78 d5 f8  e2 8d 5d 76  78 dd a4 85  5a df ff f2
Sep 21 07:34:30.963541: |   21 f3 20 e7  0f f6 7e 8f  49 f2 cd 1a  f5 55 02 a3
Sep 21 07:34:30.963543: |   e6 51 4a 15  62 00 4c fe  01 3d ee de  94 18 75 c5
Sep 21 07:34:30.963545: |   b2 d4 c1 b2  a8 23 f4 0d  b6 ba aa 9a  71 a8 9a f4
Sep 21 07:34:30.963548: |   ba ba fc 99  fa 9d ca 6e  54 ee ff d6  f2 7e fd f0
Sep 21 07:34:30.963550: |   bf 0c b2 1b  78 60 9d be  f6 5c 68 d9  1f 78 44 f5
Sep 21 07:34:30.963552: |   e6 16 34 c4  ed e2 ed 0e  50 10 ce 71  a7 dd 95 b5
Sep 21 07:34:30.963555: |   f1 18 1f c6  86 d3 dc 86  c2 3d 10 47  1f b9 df c8
Sep 21 07:34:30.963557: |   ad ad bd c4  d0 5c dd b4  73 1a 8d 82  e0 b7 19 1a
Sep 21 07:34:30.963559: |   e8 c3 9d 96  43 32 7f d8  3a 41 2c 00  a4 2b a0 5e
Sep 21 07:34:30.963562: |   b0 8b 6a 64  b0 31 57 27  4f 35 9f b1  69 57 3c ad
Sep 21 07:34:30.963564: |   4a 0c bb 7e  69 ef d0 fe  2e 6e 69 97  1f d6 0f 4a
Sep 21 07:34:30.963566: |   cc 77 74 98  81 da d0 6c  da 21 c6 66  e4 c9 7c 4c
Sep 21 07:34:30.963568: |   bd c2 a1 ea  db d3 3a 84  06 df 27 0a  59 79 5c 85
Sep 21 07:34:30.963571: |   f2 a0 16 29  b6 47 2a 20  07 05 80 e5  94 0d 5b a3
Sep 21 07:34:30.963573: |   f5 b3 92 17  52 d9 30 7c  12 72 97 19  24 c9 2e 5d
Sep 21 07:34:30.963575: |   97 5c 50 4d  31 78 9d 8b  bd 00 94 f8  68 71 63 34
Sep 21 07:34:30.963578: |   e7 68 86 27  23 19 c9 7b  09 ad f0 83  1d 48 26 ba
Sep 21 07:34:30.963580: |   f6 ef d7 ca  20 71 27 dc  20 70 a0 da  d6 dc ba 83
Sep 21 07:34:30.963582: |   3c 63 9c 5f  59 38 15 ca  27 bb 5a a2  bf
Sep 21 07:34:30.963618: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms
Sep 21 07:34:30.963621: "westnet-eastnet-ikev2a" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds
Sep 21 07:34:30.963628: | event_schedule: new EVENT_RETRANSMIT-pe@0x55d95cd9c5f0
Sep 21 07:34:30.963631: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2
Sep 21 07:34:30.963635: | libevent_malloc: new ptr-libevent@0x55d95cd9fcb0 size 128
Sep 21 07:34:30.963639: | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49917.331892
Sep 21 07:34:30.963643: | resume sending helper answer for #1 suppresed complete_v2_state_transition()
Sep 21 07:34:30.963648: | #1 spent 1.12 milliseconds in resume sending helper answer
Sep 21 07:34:30.963653: | stop processing: state #2 connection "westnet-eastnet-ikev2a" from 192.1.2.23:500 (in resume_handler() at server.c:833)
Sep 21 07:34:30.963656: | libevent_free: release ptr-libevent@0x7f3f94006b90
Sep 21 07:34:31.000468: | spent 0.00292 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Sep 21 07:34:31.000490: | *received 225 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500)
Sep 21 07:34:31.000494: |   8d d2 34 28  c7 e8 c1 2d  b9 d2 a5 24  9f c6 1e 32
Sep 21 07:34:31.000497: |   2e 20 23 20  00 00 00 01  00 00 00 e1  24 00 00 c5
Sep 21 07:34:31.000499: |   89 e3 ef 60  91 64 d2 bd  2d 2b 9e ee  8b f8 72 e9
Sep 21 07:34:31.000502: |   d5 cc 4c a6  e5 01 59 0c  85 54 e0 0f  e0 91 90 a9
Sep 21 07:34:31.000504: |   a7 cc 78 71  6a 98 5e f3  d0 78 8a 0e  07 e1 e4 61
Sep 21 07:34:31.000506: |   e8 6b dc a5  2b 2e 3a a4  64 5d 01 84  b2 82 23 a0
Sep 21 07:34:31.000509: |   46 49 a2 5b  74 3b 37 06  d9 f9 ce 5a  d1 e5 25 85
Sep 21 07:34:31.000511: |   a9 24 f8 9c  35 2f a9 f2  bf ee ff b8  04 94 b6 e6
Sep 21 07:34:31.000514: |   f9 8f d2 60  a7 07 29 68  c4 22 d4 5a  e4 00 1e 87
Sep 21 07:34:31.000516: |   cb 71 23 56  d5 30 6a 06  c8 4a 10 1a  cc aa 5c 0d
Sep 21 07:34:31.000518: |   25 22 63 76  c0 61 58 7d  47 9a ce 17  94 62 fa 1d
Sep 21 07:34:31.000520: |   bc f9 20 e6  36 93 1d d9  17 c8 1d c8  a1 36 68 02
Sep 21 07:34:31.000523: |   b3 05 f5 38  57 1d 75 9f  91 07 05 ff  81 fd 62 c0
Sep 21 07:34:31.000525: |   25 a5 be c7  5a b4 71 c8  15 e3 05 fa  d1 40 01 64
Sep 21 07:34:31.000527: |   8d
Sep 21 07:34:31.000532: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378)
Sep 21 07:34:31.000536: | **parse ISAKMP Message:
Sep 21 07:34:31.000539: |    initiator cookie:
Sep 21 07:34:31.000541: |   8d d2 34 28  c7 e8 c1 2d
Sep 21 07:34:31.000544: |    responder cookie:
Sep 21 07:34:31.000546: |   b9 d2 a5 24  9f c6 1e 32
Sep 21 07:34:31.000549: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Sep 21 07:34:31.000552: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:34:31.000554: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Sep 21 07:34:31.000557: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Sep 21 07:34:31.000559: |    Message ID: 1 (0x1)
Sep 21 07:34:31.000562: |    length: 225 (0xe1)
Sep 21 07:34:31.000565: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35)
Sep 21 07:34:31.000568: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response 
Sep 21 07:34:31.000573: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa)
Sep 21 07:34:31.000579: | start processing: state #1 connection "westnet-eastnet-ikev2a" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016)
Sep 21 07:34:31.000583: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip)
Sep 21 07:34:31.000588: | suspend processing: state #1 connection "westnet-eastnet-ikev2a" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062)
Sep 21 07:34:31.000592: | start processing: state #2 connection "westnet-eastnet-ikev2a" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062)
Sep 21 07:34:31.000595: | #2 is idle
Sep 21 07:34:31.000597: | #2 idle
Sep 21 07:34:31.000600: | unpacking clear payload
Sep 21 07:34:31.000602: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
Sep 21 07:34:31.000605: | ***parse IKEv2 Encryption Payload:
Sep 21 07:34:31.000608: |    next payload type: ISAKMP_NEXT_v2IDr (0x24)
Sep 21 07:34:31.000610: |    flags: none (0x0)
Sep 21 07:34:31.000613: |    length: 197 (0xc5)
Sep 21 07:34:31.000615: | processing payload: ISAKMP_NEXT_v2SK (len=193)
Sep 21 07:34:31.000618: | #2 in state PARENT_I2: sent v2I2, expected v2R2
Sep 21 07:34:31.000633: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success
Sep 21 07:34:31.000636: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr)
Sep 21 07:34:31.000639: | **parse IKEv2 Identification - Responder - Payload:
Sep 21 07:34:31.000641: |    next payload type: ISAKMP_NEXT_v2AUTH (0x27)
Sep 21 07:34:31.000644: |    flags: none (0x0)
Sep 21 07:34:31.000646: |    length: 12 (0xc)
Sep 21 07:34:31.000649: |    ID type: ID_FQDN (0x2)
Sep 21 07:34:31.000651: | processing payload: ISAKMP_NEXT_v2IDr (len=4)
Sep 21 07:34:31.000654: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH)
Sep 21 07:34:31.000659: | **parse IKEv2 Authentication Payload:
Sep 21 07:34:31.000662: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Sep 21 07:34:31.000664: |    flags: none (0x0)
Sep 21 07:34:31.000667: |    length: 72 (0x48)
Sep 21 07:34:31.000669: |    auth method: IKEv2_AUTH_SHARED (0x2)
Sep 21 07:34:31.000672: | processing payload: ISAKMP_NEXT_v2AUTH (len=64)
Sep 21 07:34:31.000674: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Sep 21 07:34:31.000677: | **parse IKEv2 Security Association Payload:
Sep 21 07:34:31.000679: |    next payload type: ISAKMP_NEXT_v2TSi (0x2c)
Sep 21 07:34:31.000682: |    flags: none (0x0)
Sep 21 07:34:31.000684: |    length: 36 (0x24)
Sep 21 07:34:31.000687: | processing payload: ISAKMP_NEXT_v2SA (len=32)
Sep 21 07:34:31.000689: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi)
Sep 21 07:34:31.000691: | **parse IKEv2 Traffic Selector - Initiator - Payload:
Sep 21 07:34:31.000694: |    next payload type: ISAKMP_NEXT_v2TSr (0x2d)
Sep 21 07:34:31.000696: |    flags: none (0x0)
Sep 21 07:34:31.000699: |    length: 24 (0x18)
Sep 21 07:34:31.000701: |    number of TS: 1 (0x1)
Sep 21 07:34:31.000704: | processing payload: ISAKMP_NEXT_v2TSi (len=16)
Sep 21 07:34:31.000706: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr)
Sep 21 07:34:31.000709: | **parse IKEv2 Traffic Selector - Responder - Payload:
Sep 21 07:34:31.000711: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:31.000714: |    flags: none (0x0)
Sep 21 07:34:31.000716: |    length: 24 (0x18)
Sep 21 07:34:31.000718: |    number of TS: 1 (0x1)
Sep 21 07:34:31.000721: | processing payload: ISAKMP_NEXT_v2TSr (len=16)
Sep 21 07:34:31.000724: | selected state microcode Initiator: process IKE_AUTH response
Sep 21 07:34:31.000726: | Now let's proceed with state specific processing
Sep 21 07:34:31.000729: | calling processor Initiator: process IKE_AUTH response
Sep 21 07:34:31.000735: | offered CA: '%none'
Sep 21 07:34:31.000739: "westnet-eastnet-ikev2a" #2: IKEv2 mode peer ID is ID_FQDN: '@east'
Sep 21 07:34:31.000778: | verifying AUTH payload
Sep 21 07:34:31.000788: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret
Sep 21 07:34:31.000794: | started looking for secret for @west->@east of kind PKK_PSK
Sep 21 07:34:31.000797: | actually looking for secret for @west->@east of kind PKK_PSK
Sep 21 07:34:31.000801: | line 1: key type PKK_PSK(@west) to type PKK_PSK
Sep 21 07:34:31.000805: | 1: compared key @east to @west / @east -> 004
Sep 21 07:34:31.000808: | 2: compared key @west to @west / @east -> 014
Sep 21 07:34:31.000811: | line 1: match=014
Sep 21 07:34:31.000814: | match 014 beats previous best_match 000 match=0x55d95cd8b400 (line=1)
Sep 21 07:34:31.000817: | concluding with best_match=014 best=0x55d95cd8b400 (lineno=1)
Sep 21 07:34:31.000885: "westnet-eastnet-ikev2a" #2: Authenticated using authby=secret
Sep 21 07:34:31.000894: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA)
Sep 21 07:34:31.000898: | #1 will expire in 3600 seconds (policy doesn't allow re-key)
Sep 21 07:34:31.000901: | state #1 requesting EVENT_SA_REPLACE to be deleted
Sep 21 07:34:31.000905: | libevent_free: release ptr-libevent@0x55d95cd9c990
Sep 21 07:34:31.000908: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55d95cd9c950
Sep 21 07:34:31.000911: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55d95cd9c950
Sep 21 07:34:31.000914: | inserting event EVENT_SA_EXPIRE, timeout in 3600 seconds for #1
Sep 21 07:34:31.000917: | libevent_malloc: new ptr-libevent@0x55d95cd9c990 size 128
Sep 21 07:34:31.001024: | pstats #1 ikev2.ike established
Sep 21 07:34:31.001029: | TSi: parsing 1 traffic selectors
Sep 21 07:34:31.001033: | ***parse IKEv2 Traffic Selector:
Sep 21 07:34:31.001035: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Sep 21 07:34:31.001038: |    IP Protocol ID: 0 (0x0)
Sep 21 07:34:31.001041: |    length: 16 (0x10)
Sep 21 07:34:31.001043: |    start port: 0 (0x0)
Sep 21 07:34:31.001046: |    end port: 65535 (0xffff)
Sep 21 07:34:31.001049: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Sep 21 07:34:31.001053: | TS low  c0 00 01 00
Sep 21 07:34:31.001056: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Sep 21 07:34:31.001058: | TS high  c0 00 01 ff
Sep 21 07:34:31.001061: | TSi: parsed 1 traffic selectors
Sep 21 07:34:31.001063: | TSr: parsing 1 traffic selectors
Sep 21 07:34:31.001066: | ***parse IKEv2 Traffic Selector:
Sep 21 07:34:31.001068: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Sep 21 07:34:31.001071: |    IP Protocol ID: 0 (0x0)
Sep 21 07:34:31.001073: |    length: 16 (0x10)
Sep 21 07:34:31.001076: |    start port: 0 (0x0)
Sep 21 07:34:31.001078: |    end port: 65535 (0xffff)
Sep 21 07:34:31.001081: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Sep 21 07:34:31.001083: | TS low  c0 00 02 00
Sep 21 07:34:31.001086: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Sep 21 07:34:31.001088: | TS high  c0 00 02 ff
Sep 21 07:34:31.001090: | TSr: parsed 1 traffic selectors
Sep 21 07:34:31.001097: | evaluating our conn="westnet-eastnet-ikev2a" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their:
Sep 21 07:34:31.001102: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Sep 21 07:34:31.001109: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Sep 21 07:34:31.001112: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Sep 21 07:34:31.001115: |           TSi[0] port match: YES fitness 65536
Sep 21 07:34:31.001118: |         narrow protocol end=*0 == TSi[0]=*0: 0
Sep 21 07:34:31.001121: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Sep 21 07:34:31.001126: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Sep 21 07:34:31.001132: |         match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32
Sep 21 07:34:31.001135: |         narrow port end=0..65535 == TSr[0]=0..65535: 0
Sep 21 07:34:31.001138: |           TSr[0] port match: YES fitness 65536
Sep 21 07:34:31.001141: |         narrow protocol end=*0 == TSr[0]=*0: 0
Sep 21 07:34:31.001144: |         match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255
Sep 21 07:34:31.001146: | best fit so far: TSi[0] TSr[0]
Sep 21 07:34:31.001149: | found an acceptable TSi/TSr Traffic Selector
Sep 21 07:34:31.001151: | printing contents struct traffic_selector
Sep 21 07:34:31.001153: |   ts_type: IKEv2_TS_IPV6_ADDR_RANGE
Sep 21 07:34:31.001156: |   ipprotoid: 0
Sep 21 07:34:31.001158: |   port range: 0-65535
Sep 21 07:34:31.001162: |   ip range: 192.0.1.0-192.0.1.255
Sep 21 07:34:31.001165: | printing contents struct traffic_selector
Sep 21 07:34:31.001167: |   ts_type: IKEv2_TS_IPV6_ADDR_RANGE
Sep 21 07:34:31.001169: |   ipprotoid: 0
Sep 21 07:34:31.001171: |   port range: 0-65535
Sep 21 07:34:31.001175: |   ip range: 192.0.2.0-192.0.2.255
Sep 21 07:34:31.001189: | using existing local ESP/AH proposals for westnet-eastnet-ikev2a (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Sep 21 07:34:31.001193: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals
Sep 21 07:34:31.001197: | local proposal 1 type ENCR has 1 transforms
Sep 21 07:34:31.001199: | local proposal 1 type PRF has 0 transforms
Sep 21 07:34:31.001202: | local proposal 1 type INTEG has 1 transforms
Sep 21 07:34:31.001204: | local proposal 1 type DH has 1 transforms
Sep 21 07:34:31.001207: | local proposal 1 type ESN has 1 transforms
Sep 21 07:34:31.001210: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH
Sep 21 07:34:31.001213: | local proposal 2 type ENCR has 1 transforms
Sep 21 07:34:31.001216: | local proposal 2 type PRF has 0 transforms
Sep 21 07:34:31.001218: | local proposal 2 type INTEG has 1 transforms
Sep 21 07:34:31.001223: | local proposal 2 type DH has 1 transforms
Sep 21 07:34:31.001225: | local proposal 2 type ESN has 1 transforms
Sep 21 07:34:31.001228: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH
Sep 21 07:34:31.001231: | local proposal 3 type ENCR has 1 transforms
Sep 21 07:34:31.001233: | local proposal 3 type PRF has 0 transforms
Sep 21 07:34:31.001235: | local proposal 3 type INTEG has 2 transforms
Sep 21 07:34:31.001238: | local proposal 3 type DH has 1 transforms
Sep 21 07:34:31.001240: | local proposal 3 type ESN has 1 transforms
Sep 21 07:34:31.001243: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH
Sep 21 07:34:31.001246: | local proposal 4 type ENCR has 1 transforms
Sep 21 07:34:31.001249: | local proposal 4 type PRF has 0 transforms
Sep 21 07:34:31.001251: | local proposal 4 type INTEG has 2 transforms
Sep 21 07:34:31.001254: | local proposal 4 type DH has 1 transforms
Sep 21 07:34:31.001256: | local proposal 4 type ESN has 1 transforms
Sep 21 07:34:31.001259: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH
Sep 21 07:34:31.001262: | ***parse IKEv2 Proposal Substructure Payload:
Sep 21 07:34:31.001265: |    last proposal: v2_PROPOSAL_LAST (0x0)
Sep 21 07:34:31.001267: |    length: 32 (0x20)
Sep 21 07:34:31.001270: |    prop #: 1 (0x1)
Sep 21 07:34:31.001272: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:34:31.001275: |    spi size: 4 (0x4)
Sep 21 07:34:31.001277: |    # transforms: 2 (0x2)
Sep 21 07:34:31.001281: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Sep 21 07:34:31.001283: | remote SPI  29 48 b9 f3
Sep 21 07:34:31.001287: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals
Sep 21 07:34:31.001289: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:31.001292: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:31.001295: |    length: 12 (0xc)
Sep 21 07:34:31.001297: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:31.001300: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:34:31.001303: | *****parse IKEv2 Attribute Substructure Payload:
Sep 21 07:34:31.001305: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:31.001308: |    length/value: 256 (0x100)
Sep 21 07:34:31.001313: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Sep 21 07:34:31.001315: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:31.001318: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:31.001320: |    length: 8 (0x8)
Sep 21 07:34:31.001323: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:34:31.001325: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:34:31.001329: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0
Sep 21 07:34:31.001332: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none
Sep 21 07:34:31.001337: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN
Sep 21 07:34:31.001340: | remote proposal 1 matches local proposal 1
Sep 21 07:34:31.001342: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match]
Sep 21 07:34:31.001347: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=2948b9f3;ENCR=AES_GCM_C_256;ESN=DISABLED
Sep 21 07:34:31.001350: | converting proposal to internal trans attrs
Sep 21 07:34:31.001355: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36
Sep 21 07:34:31.001524: |   #1 spent 1.02 milliseconds
Sep 21 07:34:31.001529: | install_ipsec_sa() for #2: inbound and outbound
Sep 21 07:34:31.001532: | could_route called for westnet-eastnet-ikev2a (kind=CK_PERMANENT)
Sep 21 07:34:31.001534: | FOR_EACH_CONNECTION_... in route_owner
Sep 21 07:34:31.001538: |  conn westnet-eastnet-ikev2a mark 0/00000000, 0/00000000 vs
Sep 21 07:34:31.001540: |  conn westnet-eastnet-ikev2a mark 0/00000000, 0/00000000
Sep 21 07:34:31.001545: |  conn westnet-eastnet-ikev2a mark 0/00000000, 0/00000000 vs
Sep 21 07:34:31.001548: |  conn westnet-eastnet-ikev2c mark 0/00000000, 0/00000000
Sep 21 07:34:31.001550: |  conn westnet-eastnet-ikev2a mark 0/00000000, 0/00000000 vs
Sep 21 07:34:31.001553: |  conn westnet-eastnet-ikev2b mark 0/00000000, 0/00000000
Sep 21 07:34:31.001559: | route owner of "westnet-eastnet-ikev2a" unrouted: NULL; eroute owner: NULL
Sep 21 07:34:31.001563: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Sep 21 07:34:31.001567: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Sep 21 07:34:31.001570: | AES_GCM_16 requires 4 salt bytes
Sep 21 07:34:31.001572: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Sep 21 07:34:31.001577: | setting IPsec SA replay-window to 32
Sep 21 07:34:31.001580: | NIC esp-hw-offload not for connection 'westnet-eastnet-ikev2a' not available on interface eth1
Sep 21 07:34:31.001583: | netlink: enabling tunnel mode
Sep 21 07:34:31.001586: | netlink: setting IPsec SA replay-window to 32 using old-style req
Sep 21 07:34:31.001589: | netlink: esp-hw-offload not set for IPsec SA
Sep 21 07:34:31.001675: | netlink response for Add SA esp.2948b9f3@192.1.2.23 included non-error error
Sep 21 07:34:31.001679: | set up outgoing SA, ref=0/0
Sep 21 07:34:31.001682: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Sep 21 07:34:31.001685: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Sep 21 07:34:31.001688: | AES_GCM_16 requires 4 salt bytes
Sep 21 07:34:31.001690: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Sep 21 07:34:31.001694: | setting IPsec SA replay-window to 32
Sep 21 07:34:31.001697: | NIC esp-hw-offload not for connection 'westnet-eastnet-ikev2a' not available on interface eth1
Sep 21 07:34:31.001700: | netlink: enabling tunnel mode
Sep 21 07:34:31.001702: | netlink: setting IPsec SA replay-window to 32 using old-style req
Sep 21 07:34:31.001705: | netlink: esp-hw-offload not set for IPsec SA
Sep 21 07:34:31.001754: | netlink response for Add SA esp.bd1cd64f@192.1.2.45 included non-error error
Sep 21 07:34:31.001758: | priority calculation of connection "westnet-eastnet-ikev2a" is 0xfe7e7
Sep 21 07:34:31.001765: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute)
Sep 21 07:34:31.001769: | IPsec Sa SPD priority set to 1042407
Sep 21 07:34:31.001839: | raw_eroute result=success
Sep 21 07:34:31.001845: | set up incoming SA, ref=0/0
Sep 21 07:34:31.001847: | sr for #2: unrouted
Sep 21 07:34:31.001850: | route_and_eroute() for proto 0, and source port 0 dest port 0
Sep 21 07:34:31.001853: | FOR_EACH_CONNECTION_... in route_owner
Sep 21 07:34:31.001856: |  conn westnet-eastnet-ikev2a mark 0/00000000, 0/00000000 vs
Sep 21 07:34:31.001859: |  conn westnet-eastnet-ikev2a mark 0/00000000, 0/00000000
Sep 21 07:34:31.001861: |  conn westnet-eastnet-ikev2a mark 0/00000000, 0/00000000 vs
Sep 21 07:34:31.001864: |  conn westnet-eastnet-ikev2c mark 0/00000000, 0/00000000
Sep 21 07:34:31.001867: |  conn westnet-eastnet-ikev2a mark 0/00000000, 0/00000000 vs
Sep 21 07:34:31.001870: |  conn westnet-eastnet-ikev2b mark 0/00000000, 0/00000000
Sep 21 07:34:31.001873: | route owner of "westnet-eastnet-ikev2a" unrouted: NULL; eroute owner: NULL
Sep 21 07:34:31.001877: | route_and_eroute with c: westnet-eastnet-ikev2a (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2
Sep 21 07:34:31.001880: | priority calculation of connection "westnet-eastnet-ikev2a" is 0xfe7e7
Sep 21 07:34:31.001888: | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute)
Sep 21 07:34:31.001891: | IPsec Sa SPD priority set to 1042407
Sep 21 07:34:31.001914: | raw_eroute result=success
Sep 21 07:34:31.001918: | running updown command "ipsec _updown" for verb up 
Sep 21 07:34:31.001920: | command executing up-client
Sep 21 07:34:31.001944: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2a' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONT_REKEY+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI
Sep 21 07:34:31.001951: | popen cmd is 1048 chars long
Sep 21 07:34:31.001954: | cmd(   0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ike:
Sep 21 07:34:31.001957: | cmd(  80):v2a' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PL:
Sep 21 07:34:31.001959: | cmd( 160):UTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0':
Sep 21 07:34:31.001962: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL:
Sep 21 07:34:31.001964: | cmd( 320):UTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=':
Sep 21 07:34:31.001966: | cmd( 400):@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_:
Sep 21 07:34:31.001968: | cmd( 480):PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLU:
Sep 21 07:34:31.001971: | cmd( 560):TO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCR:
Sep 21 07:34:31.001973: | cmd( 640):YPT+TUNNEL+DONT_REKEY+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CO:
Sep 21 07:34:31.001975: | cmd( 720):NN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER:
Sep 21 07:34:31.001978: | cmd( 800):_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='':
Sep 21 07:34:31.001980: | cmd( 880): PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' :
Sep 21 07:34:31.001982: | cmd( 960):VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2948b9f3 SPI_OUT=0xbd1cd64f ipsec _upd:
Sep 21 07:34:31.001985: | cmd(1040):own 2>&1:
Sep 21 07:34:31.014683: | route_and_eroute: firewall_notified: true
Sep 21 07:34:31.014696: | running updown command "ipsec _updown" for verb prepare 
Sep 21 07:34:31.014700: | command executing prepare-client
Sep 21 07:34:31.014732: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2a' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONT_REKEY+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARE
Sep 21 07:34:31.014735: | popen cmd is 1053 chars long
Sep 21 07:34:31.014738: | cmd(   0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne:
Sep 21 07:34:31.014741: | cmd(  80):t-ikev2a' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.4:
Sep 21 07:34:31.014747: | cmd( 160):5' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0:
Sep 21 07:34:31.014750: | cmd( 240):.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL=':
Sep 21 07:34:31.014752: | cmd( 320):0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER:
Sep 21 07:34:31.014755: | cmd( 400):_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' P:
Sep 21 07:34:31.014757: | cmd( 480):LUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0:
Sep 21 07:34:31.014760: | cmd( 560):' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK:
Sep 21 07:34:31.014762: | cmd( 640):+ENCRYPT+TUNNEL+DONT_REKEY+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLU:
Sep 21 07:34:31.014765: | cmd( 720):TO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS:
Sep 21 07:34:31.014767: | cmd( 800):_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANN:
Sep 21 07:34:31.014770: | cmd( 880):ER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFAC:
Sep 21 07:34:31.014772: | cmd( 960):E='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2948b9f3 SPI_OUT=0xbd1cd64f ipsec:
Sep 21 07:34:31.014775: | cmd(1040): _updown 2>&1:
Sep 21 07:34:31.023872: | running updown command "ipsec _updown" for verb route 
Sep 21 07:34:31.023899: | command executing route-client
Sep 21 07:34:31.023930: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2a' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+DONT_REKEY+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='n
Sep 21 07:34:31.023933: | popen cmd is 1051 chars long
Sep 21 07:34:31.023936: | cmd(   0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-:
Sep 21 07:34:31.023939: | cmd(  80):ikev2a' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45':
Sep 21 07:34:31.023941: | cmd( 160): PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1:
Sep 21 07:34:31.023944: | cmd( 240):.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0':
Sep 21 07:34:31.023946: | cmd( 320): PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_I:
Sep 21 07:34:31.023949: | cmd( 400):D='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLU:
Sep 21 07:34:31.023952: | cmd( 480):TO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' :
Sep 21 07:34:31.023954: | cmd( 560):PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+E:
Sep 21 07:34:31.023957: | cmd( 640):NCRYPT+TUNNEL+DONT_REKEY+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO:
Sep 21 07:34:31.023959: | cmd( 720):_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_P:
Sep 21 07:34:31.023962: | cmd( 800):EER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER:
Sep 21 07:34:31.023964: | cmd( 880):='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=:
Sep 21 07:34:31.023970: | cmd( 960):'' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x2948b9f3 SPI_OUT=0xbd1cd64f ipsec _:
Sep 21 07:34:31.023972: | cmd(1040):updown 2>&1:
Sep 21 07:34:31.039080: | route_and_eroute: instance "westnet-eastnet-ikev2a", setting eroute_owner {spd=0x55d95cd96ee0,sr=0x55d95cd96ee0} to #2 (was #0) (newest_ipsec_sa=#0)
Sep 21 07:34:31.039384: |   #1 spent 0.978 milliseconds in install_ipsec_sa()
Sep 21 07:34:31.039393: | inR2: instance westnet-eastnet-ikev2a[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1
Sep 21 07:34:31.039398: | state #2 requesting EVENT_RETRANSMIT to be deleted
Sep 21 07:34:31.039401: | #2 STATE_PARENT_I2: retransmits: cleared
Sep 21 07:34:31.039406: | libevent_free: release ptr-libevent@0x55d95cd9fcb0
Sep 21 07:34:31.039410: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55d95cd9c5f0
Sep 21 07:34:31.039417: | #2 spent 1.78 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet()
Sep 21 07:34:31.039425: | [RE]START processing: state #2 connection "westnet-eastnet-ikev2a" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:34:31.039429: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK
Sep 21 07:34:31.039432: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I
Sep 21 07:34:31.039436: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA)
Sep 21 07:34:31.039440: | Message ID: updating counters for #2 to 1 after switching state
Sep 21 07:34:31.039446: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1
Sep 21 07:34:31.039452: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1
Sep 21 07:34:31.039455: | pstats #2 ikev2.child established
Sep 21 07:34:31.039463: "westnet-eastnet-ikev2a" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0]
Sep 21 07:34:31.039477: | NAT-T: encaps is 'auto'
Sep 21 07:34:31.039483: "westnet-eastnet-ikev2a" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x2948b9f3 <0xbd1cd64f xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive}
Sep 21 07:34:31.039488: | releasing whack for #2 (sock=fd@27)
Sep 21 07:34:31.039492: | close_any(fd@27) (in release_whack() at state.c:654)
Sep 21 07:34:31.039494: | releasing whack and unpending for parent #1
Sep 21 07:34:31.039497: | unpending state #1 connection "westnet-eastnet-ikev2a"
Sep 21 07:34:31.039502: | delete from pending Child SA with 192.1.2.23 "westnet-eastnet-ikev2a"
Sep 21 07:34:31.039505: | removing pending policy for no connection {0x55d95cd1da70}
Sep 21 07:34:31.039512: | close_any(fd@26) (in release_whack() at state.c:654)
Sep 21 07:34:31.039516: | #2 will expire in 28800 seconds (policy doesn't allow re-key)
Sep 21 07:34:31.039519: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55d95cd9c5f0
Sep 21 07:34:31.039523: | inserting event EVENT_SA_EXPIRE, timeout in 28800 seconds for #2
Sep 21 07:34:31.039527: | libevent_malloc: new ptr-libevent@0x55d95cd9fcb0 size 128
Sep 21 07:34:31.039534: | stop processing: state #2 connection "westnet-eastnet-ikev2a" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018)
Sep 21 07:34:31.039539: | #1 spent 2.16 milliseconds in ikev2_process_packet()
Sep 21 07:34:31.039544: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380)
Sep 21 07:34:31.039547: | processing: STOP state #0 (in process_md() at demux.c:382)
Sep 21 07:34:31.039550: | processing: STOP connection NULL (in process_md() at demux.c:383)
Sep 21 07:34:31.039554: | spent 2.17 milliseconds in comm_handle_cb() reading and processing packet
Sep 21 07:34:31.039567: | processing signal PLUTO_SIGCHLD
Sep 21 07:34:31.039572: | waitpid returned ECHILD (no child processes left)
Sep 21 07:34:31.039577: | spent 0.00458 milliseconds in signal handler PLUTO_SIGCHLD
Sep 21 07:34:31.039582: | processing signal PLUTO_SIGCHLD
Sep 21 07:34:31.039586: | waitpid returned ECHILD (no child processes left)
Sep 21 07:34:31.039590: | spent 0.0036 milliseconds in signal handler PLUTO_SIGCHLD
Sep 21 07:34:31.039592: | processing signal PLUTO_SIGCHLD
Sep 21 07:34:31.039596: | waitpid returned ECHILD (no child processes left)
Sep 21 07:34:31.039599: | spent 0.00368 milliseconds in signal handler PLUTO_SIGCHLD
Sep 21 07:34:32.284054: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:34:32.284080: | dup_any(fd@16) -> fd@25 (in whack_process() at rcv_whack.c:590)
Sep 21 07:34:32.284084: | FOR_EACH_CONNECTION_... in conn_by_name
Sep 21 07:34:32.284089: | start processing: connection "westnet-eastnet-ikev2b" (in initiate_a_connection() at initiate.c:186)
Sep 21 07:34:32.284093: | connection 'westnet-eastnet-ikev2b' +POLICY_UP
Sep 21 07:34:32.284096: | dup_any(fd@25) -> fd@26 (in initiate_a_connection() at initiate.c:342)
Sep 21 07:34:32.284099: | FOR_EACH_STATE_... in find_phase1_state
Sep 21 07:34:32.284103: | FOR_EACH_STATE_... in find_pending_phase2
Sep 21 07:34:32.284108: | creating state object #3 at 0x55d95cda3c70
Sep 21 07:34:32.284111: | State DB: adding IKEv2 state #3 in UNDEFINED
Sep 21 07:34:32.284118: | pstats #3 ikev2.child started
Sep 21 07:34:32.284121: | duplicating state object #1 "westnet-eastnet-ikev2a" as #3 for IPSEC SA
Sep 21 07:34:32.284127: | #3 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1481)
Sep 21 07:34:32.284134: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1
Sep 21 07:34:32.284138: | in connection_discard for connection westnet-eastnet-ikev2a
Sep 21 07:34:32.284142: | suspend processing: connection "westnet-eastnet-ikev2b" (in ikev2_initiate_child_sa() at ikev2_parent.c:5634)
Sep 21 07:34:32.284147: | start processing: state #3 connection "westnet-eastnet-ikev2b" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634)
Sep 21 07:34:32.284151: | child state #3: UNDEFINED(ignore) => V2_CREATE_I0(established IKE SA)
Sep 21 07:34:32.284155: | constructing ESP/AH proposals with no default DH  for westnet-eastnet-ikev2b (ESP/AH initiator emitting proposals)
Sep 21 07:34:32.284161: | converting proposal AES_GCM_16_256-NONE to ikev2 ...
Sep 21 07:34:32.284167: | ...  ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;ESN=DISABLED
Sep 21 07:34:32.284170: | converting proposal AES_GCM_16_128-NONE to ikev2 ...
Sep 21 07:34:32.284174: | ...  ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;ESN=DISABLED
Sep 21 07:34:32.284177: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Sep 21 07:34:32.284181: | ...  ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;ESN=DISABLED
Sep 21 07:34:32.284184: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Sep 21 07:34:32.284188: | ...  ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;ESN=DISABLED
Sep 21 07:34:32.284196: "westnet-eastnet-ikev2b": constructed local ESP/AH proposals for westnet-eastnet-ikev2b (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;ESN=DISABLED
Sep 21 07:34:32.284206: | #3 schedule initiate IPsec SA PSK+ENCRYPT+TUNNEL+DONT_REKEY+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO using IKE# 1 pfs=no-pfs
Sep 21 07:34:32.284209: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x55d95cd1c4b0
Sep 21 07:34:32.284213: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3
Sep 21 07:34:32.284216: | libevent_malloc: new ptr-libevent@0x55d95cd9ee80 size 128
Sep 21 07:34:32.284220: | processing: RESET whack log_fd (was fd@16) (in ikev2_initiate_child_sa() at ikev2_parent.c:5734)
Sep 21 07:34:32.284228: | RESET processing: state #3 connection "westnet-eastnet-ikev2b" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734)
Sep 21 07:34:32.284231: | RESET processing: connection "westnet-eastnet-ikev2b" (in ikev2_initiate_child_sa() at ikev2_parent.c:5734)
Sep 21 07:34:32.284234: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349)
Sep 21 07:34:32.284238: | close_any(fd@25) (in initiate_connection() at initiate.c:372)
Sep 21 07:34:32.284241: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:34:32.284247: | spent 0.201 milliseconds in whack
Sep 21 07:34:32.284254: | timer_event_cb: processing event@0x55d95cd1c4b0
Sep 21 07:34:32.284257: | handling event EVENT_v2_INITIATE_CHILD for child state #3
Sep 21 07:34:32.284262: | start processing: state #3 connection "westnet-eastnet-ikev2b" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250)
Sep 21 07:34:32.284268: | adding Child Initiator nonce ni work-order 3 for state #3
Sep 21 07:34:32.284271: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55d95cd96670
Sep 21 07:34:32.284275: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3
Sep 21 07:34:32.284278: | libevent_malloc: new ptr-libevent@0x55d95cd9ea30 size 128
Sep 21 07:34:32.284285: | libevent_free: release ptr-libevent@0x55d95cd9ee80
Sep 21 07:34:32.284288: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x55d95cd1c4b0
Sep 21 07:34:32.284293: | #3 spent 0.0377 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD
Sep 21 07:34:32.284298: | stop processing: state #3 connection "westnet-eastnet-ikev2b" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557)
Sep 21 07:34:32.284309: | crypto helper 2 resuming
Sep 21 07:34:32.284313: | crypto helper 2 starting work-order 3 for state #3
Sep 21 07:34:32.284317: | crypto helper 2 doing build nonce (Child Initiator nonce ni); request ID 3
Sep 21 07:34:32.284342: | crypto helper 2 finished build nonce (Child Initiator nonce ni); request ID 3 time elapsed 0.000024 seconds
Sep 21 07:34:32.284347: | (#3) spent 0.0289 milliseconds in crypto helper computing work-order 3: Child Initiator nonce ni (pcr)
Sep 21 07:34:32.284350: | crypto helper 2 sending results from work-order 3 for state #3 to event queue
Sep 21 07:34:32.284353: | scheduling resume sending helper answer for #3
Sep 21 07:34:32.284356: | libevent_malloc: new ptr-libevent@0x7f3f98000ca0 size 128
Sep 21 07:34:32.284359: | libevent_realloc: release ptr-libevent@0x55d95cd79a30
Sep 21 07:34:32.284362: | libevent_realloc: new ptr-libevent@0x55d95cda62e0 size 128
Sep 21 07:34:32.284369: | crypto helper 2 waiting (nothing to do)
Sep 21 07:34:32.284377: | processing resume sending helper answer for #3
Sep 21 07:34:32.284382: | start processing: state #3 connection "westnet-eastnet-ikev2b" from 192.1.2.23:500 (in resume_handler() at server.c:797)
Sep 21 07:34:32.284385: | crypto helper 2 replies to request ID 3
Sep 21 07:34:32.284388: | calling continuation function 0x55d95ac05630
Sep 21 07:34:32.284392: | ikev2_child_outI_continue for #3 STATE_V2_CREATE_I0
Sep 21 07:34:32.284395: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Sep 21 07:34:32.284397: | libevent_free: release ptr-libevent@0x55d95cd9ea30
Sep 21 07:34:32.284400: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55d95cd96670
Sep 21 07:34:32.284403: | event_schedule: new EVENT_SA_REPLACE-pe@0x55d95cd1c4b0
Sep 21 07:34:32.284406: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #3
Sep 21 07:34:32.284409: | libevent_malloc: new ptr-libevent@0x55d95cd9ea30 size 128
Sep 21 07:34:32.284414: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1
Sep 21 07:34:32.284417: | scheduling callback v2_msgid_schedule_next_initiator (#1)
Sep 21 07:34:32.284420: | libevent_malloc: new ptr-libevent@0x55d95cd9ee80 size 128
Sep 21 07:34:32.284425: | [RE]START processing: state #3 connection "westnet-eastnet-ikev2b" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:34:32.284430: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_SUSPEND
Sep 21 07:34:32.284433: | suspending state #3 and saving MD
Sep 21 07:34:32.284435: | #3 is busy; has a suspended MD
Sep 21 07:34:32.284440: | [RE]START processing: state #3 connection "westnet-eastnet-ikev2b" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266)
Sep 21 07:34:32.284443: | "westnet-eastnet-ikev2b" #3 complete v2 state STATE_V2_CREATE_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448
Sep 21 07:34:32.284446: | resume sending helper answer for #3 suppresed complete_v2_state_transition()
Sep 21 07:34:32.284450: | #3 spent 0.0644 milliseconds in resume sending helper answer
Sep 21 07:34:32.284455: | stop processing: state #3 connection "westnet-eastnet-ikev2b" from 192.1.2.23:500 (in resume_handler() at server.c:833)
Sep 21 07:34:32.284458: | libevent_free: release ptr-libevent@0x7f3f98000ca0
Sep 21 07:34:32.284462: | processing callback v2_msgid_schedule_next_initiator for #1
Sep 21 07:34:32.284467: | start processing: state #1 connection "westnet-eastnet-ikev2a" from 192.1.2.23:500 (in callback_handler() at server.c:904)
Sep 21 07:34:32.284472: | Message ID: #1.#3 resuming SA using IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1
Sep 21 07:34:32.284477: | suspend processing: state #1 connection "westnet-eastnet-ikev2a" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553)
Sep 21 07:34:32.284481: | start processing: state #3 connection "westnet-eastnet-ikev2b" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553)
Sep 21 07:34:32.284487: | **emit ISAKMP Message:
Sep 21 07:34:32.284490: |    initiator cookie:
Sep 21 07:34:32.284492: |   8d d2 34 28  c7 e8 c1 2d
Sep 21 07:34:32.284495: |    responder cookie:
Sep 21 07:34:32.284497: |   b9 d2 a5 24  9f c6 1e 32
Sep 21 07:34:32.284499: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Sep 21 07:34:32.284502: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:34:32.284505: |    exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24)
Sep 21 07:34:32.284508: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Sep 21 07:34:32.284510: |    Message ID: 2 (0x2)
Sep 21 07:34:32.284513: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Sep 21 07:34:32.284516: | ***emit IKEv2 Encryption Payload:
Sep 21 07:34:32.284518: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:32.284521: |    flags: none (0x0)
Sep 21 07:34:32.284524: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Sep 21 07:34:32.284527: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:32.284530: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Sep 21 07:34:32.284549: | netlink_get_spi: allocated 0x667f9644 for esp.0@192.1.2.45
Sep 21 07:34:32.284552: | Emitting ikev2_proposals ...
Sep 21 07:34:32.284555: | ****emit IKEv2 Security Association Payload:
Sep 21 07:34:32.284557: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:32.284560: |    flags: none (0x0)
Sep 21 07:34:32.284563: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Sep 21 07:34:32.284565: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:32.284568: | discarding INTEG=NONE
Sep 21 07:34:32.284571: | *****emit IKEv2 Proposal Substructure Payload:
Sep 21 07:34:32.284573: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:32.284575: |    prop #: 1 (0x1)
Sep 21 07:34:32.284578: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:34:32.284580: |    spi size: 4 (0x4)
Sep 21 07:34:32.284583: |    # transforms: 2 (0x2)
Sep 21 07:34:32.284586: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Sep 21 07:34:32.284590: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Sep 21 07:34:32.284593: | our spi  66 7f 96 44
Sep 21 07:34:32.284596: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:32.284598: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:32.284601: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:32.284603: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:34:32.284606: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:32.284609: | *******emit IKEv2 Attribute Substructure Payload:
Sep 21 07:34:32.284612: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:32.284614: |    length/value: 256 (0x100)
Sep 21 07:34:32.284617: | emitting length of IKEv2 Transform Substructure Payload: 12
Sep 21 07:34:32.284619: | discarding INTEG=NONE
Sep 21 07:34:32.284622: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:32.284624: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:32.284626: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:34:32.284629: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:34:32.284632: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:32.284635: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:32.284637: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:32.284640: | emitting length of IKEv2 Proposal Substructure Payload: 32
Sep 21 07:34:32.284643: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Sep 21 07:34:32.284645: | discarding INTEG=NONE
Sep 21 07:34:32.284647: | *****emit IKEv2 Proposal Substructure Payload:
Sep 21 07:34:32.284650: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:32.284652: |    prop #: 2 (0x2)
Sep 21 07:34:32.284655: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:34:32.284657: |    spi size: 4 (0x4)
Sep 21 07:34:32.284659: |    # transforms: 2 (0x2)
Sep 21 07:34:32.284662: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:32.284665: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Sep 21 07:34:32.284668: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Sep 21 07:34:32.284670: | our spi  66 7f 96 44
Sep 21 07:34:32.284672: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:32.284675: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:32.284677: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:32.284679: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:34:32.284682: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:32.284685: | *******emit IKEv2 Attribute Substructure Payload:
Sep 21 07:34:32.284687: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:32.284689: |    length/value: 128 (0x80)
Sep 21 07:34:32.284692: | emitting length of IKEv2 Transform Substructure Payload: 12
Sep 21 07:34:32.284694: | discarding INTEG=NONE
Sep 21 07:34:32.284696: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:32.284699: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:32.284701: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:34:32.284703: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:34:32.284706: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:32.284710: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:32.284713: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:32.284715: | emitting length of IKEv2 Proposal Substructure Payload: 32
Sep 21 07:34:32.284718: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Sep 21 07:34:32.284720: | *****emit IKEv2 Proposal Substructure Payload:
Sep 21 07:34:32.284723: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:32.284725: |    prop #: 3 (0x3)
Sep 21 07:34:32.284727: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:34:32.284730: |    spi size: 4 (0x4)
Sep 21 07:34:32.284732: |    # transforms: 4 (0x4)
Sep 21 07:34:32.284735: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:32.284738: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Sep 21 07:34:32.284740: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Sep 21 07:34:32.284743: | our spi  66 7f 96 44
Sep 21 07:34:32.284745: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:32.284747: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:32.284750: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:32.284753: |    IKEv2 transform ID: AES_CBC (0xc)
Sep 21 07:34:32.284755: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:32.284758: | *******emit IKEv2 Attribute Substructure Payload:
Sep 21 07:34:32.284760: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:32.284763: |    length/value: 256 (0x100)
Sep 21 07:34:32.284765: | emitting length of IKEv2 Transform Substructure Payload: 12
Sep 21 07:34:32.284768: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:32.284770: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:32.284772: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:34:32.284775: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Sep 21 07:34:32.284778: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:32.284780: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:32.284787: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:32.284792: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:32.284795: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:32.284798: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:34:32.284800: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Sep 21 07:34:32.284803: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:32.284806: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:32.284808: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:32.284811: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:32.284813: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:32.284815: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:34:32.284818: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:34:32.284821: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:32.284823: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:32.284827: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:32.284829: | emitting length of IKEv2 Proposal Substructure Payload: 48
Sep 21 07:34:32.284832: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Sep 21 07:34:32.284834: | *****emit IKEv2 Proposal Substructure Payload:
Sep 21 07:34:32.284837: |    last proposal: v2_PROPOSAL_LAST (0x0)
Sep 21 07:34:32.284839: |    prop #: 4 (0x4)
Sep 21 07:34:32.284842: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:34:32.284844: |    spi size: 4 (0x4)
Sep 21 07:34:32.284846: |    # transforms: 4 (0x4)
Sep 21 07:34:32.284849: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:32.284852: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Sep 21 07:34:32.284855: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Sep 21 07:34:32.284857: | our spi  66 7f 96 44
Sep 21 07:34:32.284859: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:32.284862: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:32.284864: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:32.284866: |    IKEv2 transform ID: AES_CBC (0xc)
Sep 21 07:34:32.284869: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:32.284872: | *******emit IKEv2 Attribute Substructure Payload:
Sep 21 07:34:32.284874: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:32.284876: |    length/value: 128 (0x80)
Sep 21 07:34:32.284879: | emitting length of IKEv2 Transform Substructure Payload: 12
Sep 21 07:34:32.284881: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:32.284884: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:32.284886: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:34:32.284889: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Sep 21 07:34:32.284891: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:32.284894: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:32.284897: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:32.284899: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:32.284901: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:32.284904: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:34:32.284906: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Sep 21 07:34:32.284909: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:32.284912: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:32.284914: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:32.284917: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:32.284919: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:32.284921: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:34:32.284924: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:34:32.284927: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:32.284930: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:32.284932: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:32.284934: | emitting length of IKEv2 Proposal Substructure Payload: 48
Sep 21 07:34:32.284940: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Sep 21 07:34:32.284942: | emitting length of IKEv2 Security Association Payload: 164
Sep 21 07:34:32.284945: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Sep 21 07:34:32.284948: | ****emit IKEv2 Nonce Payload:
Sep 21 07:34:32.284950: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:32.284952: |    flags: none (0x0)
Sep 21 07:34:32.284956: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni)
Sep 21 07:34:32.284958: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:32.284961: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
Sep 21 07:34:32.284964: | IKEv2 nonce  f0 d7 57 a7  19 95 e6 2f  d7 72 be f5  34 76 67 4f
Sep 21 07:34:32.284966: | IKEv2 nonce  cd 12 14 c1  50 76 2b 3e  50 d2 19 33  18 e5 25 ab
Sep 21 07:34:32.284968: | emitting length of IKEv2 Nonce Payload: 36
Sep 21 07:34:32.284972: | ****emit IKEv2 Traffic Selector - Initiator - Payload:
Sep 21 07:34:32.284974: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:32.284977: |    flags: none (0x0)
Sep 21 07:34:32.284979: |    number of TS: 1 (0x1)
Sep 21 07:34:32.284982: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi)
Sep 21 07:34:32.284985: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:32.284987: | *****emit IKEv2 Traffic Selector:
Sep 21 07:34:32.284990: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Sep 21 07:34:32.284993: |    IP Protocol ID: 0 (0x0)
Sep 21 07:34:32.284995: |    start port: 0 (0x0)
Sep 21 07:34:32.284997: |    end port: 65535 (0xffff)
Sep 21 07:34:32.285000: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector
Sep 21 07:34:32.285003: | IP start  c0 00 01 00
Sep 21 07:34:32.285005: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector
Sep 21 07:34:32.285008: | IP end  c0 00 01 ff
Sep 21 07:34:32.285010: | emitting length of IKEv2 Traffic Selector: 16
Sep 21 07:34:32.285013: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24
Sep 21 07:34:32.285015: | ****emit IKEv2 Traffic Selector - Responder - Payload:
Sep 21 07:34:32.285017: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:32.285020: |    flags: none (0x0)
Sep 21 07:34:32.285022: |    number of TS: 1 (0x1)
Sep 21 07:34:32.285025: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr)
Sep 21 07:34:32.285028: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:32.285030: | *****emit IKEv2 Traffic Selector:
Sep 21 07:34:32.285033: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Sep 21 07:34:32.285035: |    IP Protocol ID: 0 (0x0)
Sep 21 07:34:32.285037: |    start port: 0 (0x0)
Sep 21 07:34:32.285040: |    end port: 65535 (0xffff)
Sep 21 07:34:32.285042: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector
Sep 21 07:34:32.285044: | IP start  c0 00 c8 00
Sep 21 07:34:32.285047: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector
Sep 21 07:34:32.285049: | IP end  c0 00 c8 ff
Sep 21 07:34:32.285051: | emitting length of IKEv2 Traffic Selector: 16
Sep 21 07:34:32.285054: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24
Sep 21 07:34:32.285057: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE
Sep 21 07:34:32.285060: | adding 1 bytes of padding (including 1 byte padding-length)
Sep 21 07:34:32.285063: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Sep 21 07:34:32.285067: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Sep 21 07:34:32.285069: | emitting length of IKEv2 Encryption Payload: 277
Sep 21 07:34:32.285072: | emitting length of ISAKMP Message: 305
Sep 21 07:34:32.285091: | [RE]START processing: state #3 connection "westnet-eastnet-ikev2b" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:34:32.285095: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_OK
Sep 21 07:34:32.285098: | IKEv2: transition from state STATE_V2_CREATE_I0 to state STATE_V2_CREATE_I
Sep 21 07:34:32.285101: | child state #3: V2_CREATE_I0(established IKE SA) => V2_CREATE_I(established IKE SA)
Sep 21 07:34:32.285104: | Message ID: updating counters for #3 to 4294967295 after switching state
Sep 21 07:34:32.285107: | Message ID: IKE #1 skipping update_recv as MD is fake
Sep 21 07:34:32.285112: | Message ID: sent #1.#3 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->2 wip.responder=-1
Sep 21 07:34:32.285115: "westnet-eastnet-ikev2b" #3: STATE_V2_CREATE_I: sent IPsec Child req wait response
Sep 21 07:34:32.285123: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500)
Sep 21 07:34:32.285129: | sending 305 bytes for STATE_V2_CREATE_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1)
Sep 21 07:34:32.285131: |   8d d2 34 28  c7 e8 c1 2d  b9 d2 a5 24  9f c6 1e 32
Sep 21 07:34:32.285134: |   2e 20 24 08  00 00 00 02  00 00 01 31  21 00 01 15
Sep 21 07:34:32.285136: |   31 5b b0 61  ed a7 8c f4  3d f2 ce 09  a4 75 2a 6c
Sep 21 07:34:32.285138: |   d2 95 e6 9f  e9 9a 63 26  cf 5b b4 34  9b fa 77 85
Sep 21 07:34:32.285140: |   59 01 b0 cf  e3 90 c4 5d  e7 f1 c3 50  5c 8b 80 a8
Sep 21 07:34:32.285143: |   1b d5 b1 8a  59 ff ae f7  6a 63 4a ed  73 4d 6b a3
Sep 21 07:34:32.285145: |   77 d7 17 9f  1b 09 46 28  12 bc 99 65  77 42 4c 52
Sep 21 07:34:32.285147: |   51 e3 92 c9  8b 92 87 1d  5d 7c bc 8d  ee 2d d5 3e
Sep 21 07:34:32.285149: |   36 d2 c9 42  59 8b b9 c7  d0 5c d1 ab  7e c1 52 01
Sep 21 07:34:32.285151: |   81 e8 e1 13  3c e0 5f 40  3c b2 3f be  cf 20 7a 14
Sep 21 07:34:32.285154: |   39 29 24 49  5f 80 9d cb  02 8d 1b 60  f5 95 8a ba
Sep 21 07:34:32.285156: |   45 72 54 02  64 29 3f dc  b6 68 f2 6d  80 55 5b 13
Sep 21 07:34:32.285158: |   6e b7 a9 21  d4 27 f3 b6  5f 7b 38 27  ae 5d 89 40
Sep 21 07:34:32.285160: |   44 42 94 fd  ee 0c fe 13  f6 2f 9a a2  5f 24 48 32
Sep 21 07:34:32.285163: |   81 5b ce db  f2 df e3 67  b5 34 ba e8  60 b9 59 f5
Sep 21 07:34:32.285165: |   56 6f d9 c8  0c f5 7b 72  75 01 da ee  21 c5 60 b1
Sep 21 07:34:32.285167: |   88 30 e4 2c  10 ff c9 1d  be 55 5f 39  eb 05 2d 99
Sep 21 07:34:32.285169: |   b8 55 fd cc  01 fa a8 ea  aa 13 3e 09  45 93 b0 94
Sep 21 07:34:32.285172: |   9e e9 40 f7  d4 dc 6c 4a  2b f8 e1 3a  cd 4c 5a ab
Sep 21 07:34:32.285174: |   54
Sep 21 07:34:32.285217: | state #3 requesting EVENT_SA_REPLACE to be deleted
Sep 21 07:34:32.285221: | libevent_free: release ptr-libevent@0x55d95cd9ea30
Sep 21 07:34:32.285224: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55d95cd1c4b0
Sep 21 07:34:32.285226: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms
Sep 21 07:34:32.285229: "westnet-eastnet-ikev2b" #3: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds
Sep 21 07:34:32.285234: | event_schedule: new EVENT_RETRANSMIT-pe@0x55d95cd1c4b0
Sep 21 07:34:32.285238: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #3
Sep 21 07:34:32.285240: | libevent_malloc: new ptr-libevent@0x55d95cd9ea30 size 128
Sep 21 07:34:32.285245: | #3 STATE_V2_CREATE_I: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49918.653499
Sep 21 07:34:32.285250: | stop processing: state #3 connection "westnet-eastnet-ikev2b" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557)
Sep 21 07:34:32.285254: | resume processing: state #1 connection "westnet-eastnet-ikev2a" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557)
Sep 21 07:34:32.285262: | #1 spent 0.766 milliseconds in callback v2_msgid_schedule_next_initiator
Sep 21 07:34:32.285267: | stop processing: state #1 connection "westnet-eastnet-ikev2a" from 192.1.2.23:500 (in callback_handler() at server.c:908)
Sep 21 07:34:32.285270: | libevent_free: release ptr-libevent@0x55d95cd9ee80
Sep 21 07:34:32.286397: | spent 0.00229 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Sep 21 07:34:32.286414: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500)
Sep 21 07:34:32.286417: |   8d d2 34 28  c7 e8 c1 2d  b9 d2 a5 24  9f c6 1e 32
Sep 21 07:34:32.286420: |   2e 20 24 20  00 00 00 02  00 00 00 41  29 00 00 25
Sep 21 07:34:32.286422: |   59 4a bf e3  bb 9e 45 41  2c 3c 4e df  42 d7 51 6c
Sep 21 07:34:32.286424: |   2a 8b 34 8b  ee f6 15 21  9f a1 a0 2d  18 59 67 d3
Sep 21 07:34:32.286427: |   fe
Sep 21 07:34:32.286431: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378)
Sep 21 07:34:32.286434: | **parse ISAKMP Message:
Sep 21 07:34:32.286437: |    initiator cookie:
Sep 21 07:34:32.286439: |   8d d2 34 28  c7 e8 c1 2d
Sep 21 07:34:32.286441: |    responder cookie:
Sep 21 07:34:32.286443: |   b9 d2 a5 24  9f c6 1e 32
Sep 21 07:34:32.286446: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Sep 21 07:34:32.286449: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:34:32.286451: |    exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24)
Sep 21 07:34:32.286454: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Sep 21 07:34:32.286456: |    Message ID: 2 (0x2)
Sep 21 07:34:32.286459: |    length: 65 (0x41)
Sep 21 07:34:32.286462: |  processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36)
Sep 21 07:34:32.286465: | I am the IKE SA Original Initiator receiving an IKEv2 CREATE_CHILD_SA response 
Sep 21 07:34:32.286469: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa)
Sep 21 07:34:32.286476: | start processing: state #1 connection "westnet-eastnet-ikev2a" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016)
Sep 21 07:34:32.286479: | State DB: found IKEv2 state #3 in V2_CREATE_I (find_v2_sa_by_initiator_wip)
Sep 21 07:34:32.286484: | suspend processing: state #1 connection "westnet-eastnet-ikev2a" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062)
Sep 21 07:34:32.286502: | start processing: state #3 connection "westnet-eastnet-ikev2b" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062)
Sep 21 07:34:32.286504: | #3 is idle
Sep 21 07:34:32.286507: | #3 idle
Sep 21 07:34:32.286509: | unpacking clear payload
Sep 21 07:34:32.286511: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
Sep 21 07:34:32.286514: | ***parse IKEv2 Encryption Payload:
Sep 21 07:34:32.286517: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Sep 21 07:34:32.286519: |    flags: none (0x0)
Sep 21 07:34:32.286521: |    length: 37 (0x25)
Sep 21 07:34:32.286524: | processing payload: ISAKMP_NEXT_v2SK (len=33)
Sep 21 07:34:32.286526: | #3 in state V2_CREATE_I: sent IPsec Child req wait response
Sep 21 07:34:32.286539: | #3 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success
Sep 21 07:34:32.286542: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Sep 21 07:34:32.286545: | **parse IKEv2 Notify Payload:
Sep 21 07:34:32.286548: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:32.286550: |    flags: none (0x0)
Sep 21 07:34:32.286552: |    length: 8 (0x8)
Sep 21 07:34:32.286555: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:34:32.286557: |    SPI size: 0 (0x0)
Sep 21 07:34:32.286560: |    Notify Message Type: v2N_TS_UNACCEPTABLE (0x26)
Sep 21 07:34:32.286562: | processing payload: ISAKMP_NEXT_v2N (len=0)
Sep 21 07:34:32.286565: | selected state microcode roof
Sep 21 07:34:32.286570: "westnet-eastnet-ikev2b" #3: dropping unexpected CREATE_CHILD_SA message containing TS_UNACCEPTABLE notification; message payloads: SK; encrypted payloads: N; missing payloads: SA,Ni,TSi,TSr
Sep 21 07:34:32.286581: | [RE]START processing: state #3 connection "westnet-eastnet-ikev2b" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:34:32.286600: | #3 complete_v2_state_transition() V2_CREATE_I->NULL with status STF_FATAL
Sep 21 07:34:32.286673: | release_pending_whacks: state #3 fd@26 .st_dev=9 .st_ino=3980022
Sep 21 07:34:32.286682: | close_any(fd@26) (in release_whack() at state.c:654)
Sep 21 07:34:32.286686: | pstats #3 ikev2.child deleted other
Sep 21 07:34:32.286690: | #3 spent 0.131 milliseconds in total
Sep 21 07:34:32.286695: | [RE]START processing: state #3 connection "westnet-eastnet-ikev2b" from 192.1.2.23:500 (in delete_state() at state.c:879)
Sep 21 07:34:32.286781: "westnet-eastnet-ikev2b" #3: deleting state (STATE_V2_CREATE_I) aged 0.002s and NOT sending notification
Sep 21 07:34:32.286794: | child state #3: V2_CREATE_I(established IKE SA) => delete
Sep 21 07:34:32.286798: | child state #3: V2_CREATE_I(established IKE SA) => CHILDSA_DEL(informational)
Sep 21 07:34:32.286802: | state #3 requesting EVENT_RETRANSMIT to be deleted
Sep 21 07:34:32.286805: | #3 STATE_CHILDSA_DEL: retransmits: cleared
Sep 21 07:34:32.286809: | libevent_free: release ptr-libevent@0x55d95cd9ea30
Sep 21 07:34:32.286812: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55d95cd1c4b0
Sep 21 07:34:32.286816: | priority calculation of connection "westnet-eastnet-ikev2b" is 0xfe7e7
Sep 21 07:34:32.286824: | delete inbound eroute 192.0.200.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute)
Sep 21 07:34:32.286843: | raw_eroute result=success
Sep 21 07:34:32.286848: | in connection_discard for connection westnet-eastnet-ikev2b
Sep 21 07:34:32.286851: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL
Sep 21 07:34:32.286855: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore)
Sep 21 07:34:32.286861: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143)
Sep 21 07:34:32.286866: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018)
Sep 21 07:34:32.286871: | #1 spent 0.391 milliseconds in ikev2_process_packet()
Sep 21 07:34:32.286875: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380)
Sep 21 07:34:32.286878: | processing: STOP state #0 (in process_md() at demux.c:382)
Sep 21 07:34:32.286881: | processing: STOP connection NULL (in process_md() at demux.c:383)
Sep 21 07:34:32.286886: | spent 0.407 milliseconds in comm_handle_cb() reading and processing packet
Sep 21 07:34:32.360205: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:34:32.360226: | dup_any(fd@16) -> fd@25 (in whack_process() at rcv_whack.c:590)
Sep 21 07:34:32.360229: | FOR_EACH_CONNECTION_... in conn_by_name
Sep 21 07:34:32.360234: | start processing: connection "westnet-eastnet-ikev2c" (in initiate_a_connection() at initiate.c:186)
Sep 21 07:34:32.360238: | connection 'westnet-eastnet-ikev2c' +POLICY_UP
Sep 21 07:34:32.360241: | dup_any(fd@25) -> fd@26 (in initiate_a_connection() at initiate.c:342)
Sep 21 07:34:32.360244: | FOR_EACH_STATE_... in find_phase1_state
Sep 21 07:34:32.360248: | FOR_EACH_STATE_... in find_pending_phase2
Sep 21 07:34:32.360254: | creating state object #4 at 0x55d95cda3c70
Sep 21 07:34:32.360257: | State DB: adding IKEv2 state #4 in UNDEFINED
Sep 21 07:34:32.360262: | pstats #4 ikev2.child started
Sep 21 07:34:32.360265: | duplicating state object #1 "westnet-eastnet-ikev2a" as #4 for IPSEC SA
Sep 21 07:34:32.360272: | #4 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1481)
Sep 21 07:34:32.360279: | Message ID: init_child #1.#4; ike: initiator.sent=2 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1
Sep 21 07:34:32.360285: | in connection_discard for connection westnet-eastnet-ikev2a
Sep 21 07:34:32.360289: | suspend processing: connection "westnet-eastnet-ikev2c" (in ikev2_initiate_child_sa() at ikev2_parent.c:5634)
Sep 21 07:34:32.360294: | start processing: state #4 connection "westnet-eastnet-ikev2c" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634)
Sep 21 07:34:32.360301: | child state #4: UNDEFINED(ignore) => V2_CREATE_I0(established IKE SA)
Sep 21 07:34:32.360305: | constructing ESP/AH proposals with no default DH  for westnet-eastnet-ikev2c (ESP/AH initiator emitting proposals)
Sep 21 07:34:32.360310: | converting proposal AES_GCM_16_256-NONE to ikev2 ...
Sep 21 07:34:32.360315: | ...  ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;ESN=DISABLED
Sep 21 07:34:32.360317: | converting proposal AES_GCM_16_128-NONE to ikev2 ...
Sep 21 07:34:32.360319: | ...  ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;ESN=DISABLED
Sep 21 07:34:32.360321: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Sep 21 07:34:32.360324: | ...  ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;ESN=DISABLED
Sep 21 07:34:32.360326: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Sep 21 07:34:32.360328: | ...  ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;ESN=DISABLED
Sep 21 07:34:32.360332: "westnet-eastnet-ikev2c": constructed local ESP/AH proposals for westnet-eastnet-ikev2c (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;ESN=DISABLED
Sep 21 07:34:32.360342: | #4 schedule initiate IPsec SA PSK+ENCRYPT+TUNNEL+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO using IKE# 1 pfs=no-pfs
Sep 21 07:34:32.360347: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x55d95cd1c4b0
Sep 21 07:34:32.360351: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #4
Sep 21 07:34:32.360355: | libevent_malloc: new ptr-libevent@0x55d95cd9ea30 size 128
Sep 21 07:34:32.360359: | processing: RESET whack log_fd (was fd@16) (in ikev2_initiate_child_sa() at ikev2_parent.c:5734)
Sep 21 07:34:32.360363: | RESET processing: state #4 connection "westnet-eastnet-ikev2c" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734)
Sep 21 07:34:32.360366: | RESET processing: connection "westnet-eastnet-ikev2c" (in ikev2_initiate_child_sa() at ikev2_parent.c:5734)
Sep 21 07:34:32.360368: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349)
Sep 21 07:34:32.360371: | close_any(fd@25) (in initiate_connection() at initiate.c:372)
Sep 21 07:34:32.360374: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:34:32.360382: | spent 0.182 milliseconds in whack
Sep 21 07:34:32.360388: | timer_event_cb: processing event@0x55d95cd1c4b0
Sep 21 07:34:32.360391: | handling event EVENT_v2_INITIATE_CHILD for child state #4
Sep 21 07:34:32.360395: | start processing: state #4 connection "westnet-eastnet-ikev2c" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250)
Sep 21 07:34:32.360400: | adding Child Initiator nonce ni work-order 4 for state #4
Sep 21 07:34:32.360403: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55d95cd96710
Sep 21 07:34:32.360406: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4
Sep 21 07:34:32.360408: | libevent_malloc: new ptr-libevent@0x55d95cd9ee80 size 128
Sep 21 07:34:32.360416: | libevent_free: release ptr-libevent@0x55d95cd9ea30
Sep 21 07:34:32.360419: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x55d95cd1c4b0
Sep 21 07:34:32.360424: | #4 spent 0.0336 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD
Sep 21 07:34:32.360424: | crypto helper 4 resuming
Sep 21 07:34:32.360443: | crypto helper 4 starting work-order 4 for state #4
Sep 21 07:34:32.360432: | stop processing: state #4 connection "westnet-eastnet-ikev2c" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557)
Sep 21 07:34:32.360449: | crypto helper 4 doing build nonce (Child Initiator nonce ni); request ID 4
Sep 21 07:34:32.360487: | crypto helper 4 finished build nonce (Child Initiator nonce ni); request ID 4 time elapsed 0.000038 seconds
Sep 21 07:34:32.360496: | (#4) spent 0.0435 milliseconds in crypto helper computing work-order 4: Child Initiator nonce ni (pcr)
Sep 21 07:34:32.360499: | crypto helper 4 sending results from work-order 4 for state #4 to event queue
Sep 21 07:34:32.360501: | scheduling resume sending helper answer for #4
Sep 21 07:34:32.360504: | libevent_malloc: new ptr-libevent@0x7f3f8c000ca0 size 128
Sep 21 07:34:32.360510: | crypto helper 4 waiting (nothing to do)
Sep 21 07:34:32.360517: | processing resume sending helper answer for #4
Sep 21 07:34:32.360523: | start processing: state #4 connection "westnet-eastnet-ikev2c" from 192.1.2.23:500 (in resume_handler() at server.c:797)
Sep 21 07:34:32.360526: | crypto helper 4 replies to request ID 4
Sep 21 07:34:32.360527: | calling continuation function 0x55d95ac05630
Sep 21 07:34:32.360530: | ikev2_child_outI_continue for #4 STATE_V2_CREATE_I0
Sep 21 07:34:32.360532: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Sep 21 07:34:32.360534: | libevent_free: release ptr-libevent@0x55d95cd9ee80
Sep 21 07:34:32.360536: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55d95cd96710
Sep 21 07:34:32.360538: | event_schedule: new EVENT_SA_REPLACE-pe@0x55d95cd1c4b0
Sep 21 07:34:32.360541: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #4
Sep 21 07:34:32.360544: | libevent_malloc: new ptr-libevent@0x55d95cd9ee80 size 128
Sep 21 07:34:32.360548: | [RE]START processing: state #4 connection "westnet-eastnet-ikev2c" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:34:32.360551: | #4 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_SUSPEND
Sep 21 07:34:32.360553: | suspending state #4 and saving MD
Sep 21 07:34:32.360554: | #4 is busy; has a suspended MD
Sep 21 07:34:32.360557: | [RE]START processing: state #4 connection "westnet-eastnet-ikev2c" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266)
Sep 21 07:34:32.360559: | "westnet-eastnet-ikev2c" #4 complete v2 state STATE_V2_CREATE_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448
Sep 21 07:34:32.360561: | resume sending helper answer for #4 suppresed complete_v2_state_transition()
Sep 21 07:34:32.360564: | #4 spent 0.0375 milliseconds in resume sending helper answer
Sep 21 07:34:32.360567: | stop processing: state #4 connection "westnet-eastnet-ikev2c" from 192.1.2.23:500 (in resume_handler() at server.c:833)
Sep 21 07:34:32.360569: | libevent_free: release ptr-libevent@0x7f3f8c000ca0