Sep 21 07:34:38.579766: FIPS Product: YES
Sep 21 07:34:38.579815: FIPS Kernel: NO
Sep 21 07:34:38.579818: FIPS Mode: NO
Sep 21 07:34:38.579820: NSS DB directory: sql:/etc/ipsec.d
Sep 21 07:34:38.579977: Initializing NSS
Sep 21 07:34:38.579982: Opening NSS database "sql:/etc/ipsec.d" read-only
Sep 21 07:34:38.614051: NSS initialized
Sep 21 07:34:38.614067: NSS crypto library initialized
Sep 21 07:34:38.614070: FIPS HMAC integrity support [enabled]
Sep 21 07:34:38.614072: FIPS mode disabled for pluto daemon
Sep 21 07:34:38.671740: FIPS HMAC integrity verification self-test FAILED
Sep 21 07:34:38.671856: libcap-ng support [enabled]
Sep 21 07:34:38.671869: Linux audit support [enabled]
Sep 21 07:34:38.671902: Linux audit activated
Sep 21 07:34:38.671910: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:16164
Sep 21 07:34:38.671912: core dump dir: /tmp
Sep 21 07:34:38.671915: secrets file: /etc/ipsec.secrets
Sep 21 07:34:38.671917: leak-detective disabled
Sep 21 07:34:38.671919: NSS crypto [enabled]
Sep 21 07:34:38.671921: XAUTH PAM support [enabled]
Sep 21 07:34:38.671998: | libevent is using pluto's memory allocator
Sep 21 07:34:38.672006: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800)
Sep 21 07:34:38.672020: | libevent_malloc: new ptr-libevent@0x55f655b60fd0 size 40
Sep 21 07:34:38.672023: | libevent_malloc: new ptr-libevent@0x55f655b62280 size 40
Sep 21 07:34:38.672026: | libevent_malloc: new ptr-libevent@0x55f655b622b0 size 40
Sep 21 07:34:38.672029: | creating event base
Sep 21 07:34:38.672032: | libevent_malloc: new ptr-libevent@0x55f655b62240 size 56
Sep 21 07:34:38.672035: | libevent_malloc: new ptr-libevent@0x55f655b622e0 size 664
Sep 21 07:34:38.672046: | libevent_malloc: new ptr-libevent@0x55f655b62580 size 24
Sep 21 07:34:38.672049: | libevent_malloc: new ptr-libevent@0x55f655b53d10 size 384
Sep 21 07:34:38.672060: | libevent_malloc: new ptr-libevent@0x55f655b625a0 size 16
Sep 21 07:34:38.672062: | libevent_malloc: new ptr-libevent@0x55f655b625c0 size 40
Sep 21 07:34:38.672065: | libevent_malloc: new ptr-libevent@0x55f655b625f0 size 48
Sep 21 07:34:38.672072: | libevent_realloc: new ptr-libevent@0x55f655ae4370 size 256
Sep 21 07:34:38.672075: | libevent_malloc: new ptr-libevent@0x55f655b62630 size 16
Sep 21 07:34:38.672080: | libevent_free: release ptr-libevent@0x55f655b62240
Sep 21 07:34:38.672084: | libevent initialized
Sep 21 07:34:38.672087: | libevent_realloc: new ptr-libevent@0x55f655b62650 size 64
Sep 21 07:34:38.672091: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds
Sep 21 07:34:38.672108: | init_nat_traversal() initialized with keep_alive=0s
Sep 21 07:34:38.672111: NAT-Traversal support  [enabled]
Sep 21 07:34:38.672114: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized
Sep 21 07:34:38.672120: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized
Sep 21 07:34:38.672123: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds
Sep 21 07:34:38.672155: | global one-shot timer EVENT_REVIVE_CONNS initialized
Sep 21 07:34:38.672158: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds
Sep 21 07:34:38.672161: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds
Sep 21 07:34:38.672211: Encryption algorithms:
Sep 21 07:34:38.672220:   AES_CCM_16              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm, aes_ccm_c
Sep 21 07:34:38.672224:   AES_CCM_12              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_b
Sep 21 07:34:38.672227:   AES_CCM_8               IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_a
Sep 21 07:34:38.672231:   3DES_CBC                IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  [*192]  3des
Sep 21 07:34:38.672234:   CAMELLIA_CTR            IKEv1:     ESP     IKEv2:     ESP           {256,192,*128}
Sep 21 07:34:38.672244:   CAMELLIA_CBC            IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  camellia
Sep 21 07:34:38.672248:   AES_GCM_16              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm, aes_gcm_c
Sep 21 07:34:38.672252:   AES_GCM_12              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_b
Sep 21 07:34:38.672255:   AES_GCM_8               IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_a
Sep 21 07:34:38.672259:   AES_CTR                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aesctr
Sep 21 07:34:38.672262:   AES_CBC                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes
Sep 21 07:34:38.672266:   SERPENT_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  serpent
Sep 21 07:34:38.672269:   TWOFISH_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  twofish
Sep 21 07:34:38.672273:   TWOFISH_SSH             IKEv1: IKE         IKEv2: IKE ESP           {256,192,*128}  twofish_cbc_ssh
Sep 21 07:34:38.672277:   NULL_AUTH_AES_GMAC      IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_gmac
Sep 21 07:34:38.672279:   NULL                    IKEv1:     ESP     IKEv2:     ESP           []
Sep 21 07:34:38.672283:   CHACHA20_POLY1305       IKEv1:             IKEv2: IKE ESP           [*256]  chacha20poly1305
Sep 21 07:34:38.672289: Hash algorithms:
Sep 21 07:34:38.672292:   MD5                     IKEv1: IKE         IKEv2:                 
Sep 21 07:34:38.672295:   SHA1                    IKEv1: IKE         IKEv2:             FIPS  sha
Sep 21 07:34:38.672298:   SHA2_256                IKEv1: IKE         IKEv2:             FIPS  sha2, sha256
Sep 21 07:34:38.672301:   SHA2_384                IKEv1: IKE         IKEv2:             FIPS  sha384
Sep 21 07:34:38.672304:   SHA2_512                IKEv1: IKE         IKEv2:             FIPS  sha512
Sep 21 07:34:38.672316: PRF algorithms:
Sep 21 07:34:38.672319:   HMAC_MD5                IKEv1: IKE         IKEv2: IKE               md5
Sep 21 07:34:38.672322:   HMAC_SHA1               IKEv1: IKE         IKEv2: IKE         FIPS  sha, sha1
Sep 21 07:34:38.672326:   HMAC_SHA2_256           IKEv1: IKE         IKEv2: IKE         FIPS  sha2, sha256, sha2_256
Sep 21 07:34:38.672329:   HMAC_SHA2_384           IKEv1: IKE         IKEv2: IKE         FIPS  sha384, sha2_384
Sep 21 07:34:38.672332:   HMAC_SHA2_512           IKEv1: IKE         IKEv2: IKE         FIPS  sha512, sha2_512
Sep 21 07:34:38.672335:   AES_XCBC                IKEv1:             IKEv2: IKE               aes128_xcbc
Sep 21 07:34:38.672360: Integrity algorithms:
Sep 21 07:34:38.672363:   HMAC_MD5_96             IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        md5, hmac_md5
Sep 21 07:34:38.672367:   HMAC_SHA1_96            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha, sha1, sha1_96, hmac_sha1
Sep 21 07:34:38.672371:   HMAC_SHA2_512_256       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha512, sha2_512, sha2_512_256, hmac_sha2_512
Sep 21 07:34:38.672375:   HMAC_SHA2_384_192       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha384, sha2_384, sha2_384_192, hmac_sha2_384
Sep 21 07:34:38.672379:   HMAC_SHA2_256_128       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Sep 21 07:34:38.672381:   HMAC_SHA2_256_TRUNCBUG  IKEv1:     ESP AH  IKEv2:         AH      
Sep 21 07:34:38.672385:   AES_XCBC_96             IKEv1:     ESP AH  IKEv2: IKE ESP AH        aes_xcbc, aes128_xcbc, aes128_xcbc_96
Sep 21 07:34:38.672388:   AES_CMAC_96             IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  aes_cmac
Sep 21 07:34:38.672391:   NONE                    IKEv1:     ESP     IKEv2: IKE ESP     FIPS  null
Sep 21 07:34:38.672403: DH algorithms:
Sep 21 07:34:38.672406:   NONE                    IKEv1:             IKEv2: IKE ESP AH  FIPS  null, dh0
Sep 21 07:34:38.672409:   MODP1536                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        dh5
Sep 21 07:34:38.672412:   MODP2048                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh14
Sep 21 07:34:38.672416:   MODP3072                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh15
Sep 21 07:34:38.672419:   MODP4096                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh16
Sep 21 07:34:38.672422:   MODP6144                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh17
Sep 21 07:34:38.672425:   MODP8192                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh18
Sep 21 07:34:38.672428:   DH19                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_256, ecp256
Sep 21 07:34:38.672431:   DH20                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_384, ecp384
Sep 21 07:34:38.672434:   DH21                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_521, ecp521
Sep 21 07:34:38.672437:   DH31                    IKEv1: IKE         IKEv2: IKE ESP AH        curve25519
Sep 21 07:34:38.672439: testing CAMELLIA_CBC:
Sep 21 07:34:38.672442:   Camellia: 16 bytes with 128-bit key
Sep 21 07:34:38.672560:   Camellia: 16 bytes with 128-bit key
Sep 21 07:34:38.672589:   Camellia: 16 bytes with 256-bit key
Sep 21 07:34:38.672618:   Camellia: 16 bytes with 256-bit key
Sep 21 07:34:38.672645: testing AES_GCM_16:
Sep 21 07:34:38.672648:   empty string
Sep 21 07:34:38.672674:   one block
Sep 21 07:34:38.672700:   two blocks
Sep 21 07:34:38.672726:   two blocks with associated data
Sep 21 07:34:38.672751: testing AES_CTR:
Sep 21 07:34:38.672754:   Encrypting 16 octets using AES-CTR with 128-bit key
Sep 21 07:34:38.672781:   Encrypting 32 octets using AES-CTR with 128-bit key
Sep 21 07:34:38.672813:   Encrypting 36 octets using AES-CTR with 128-bit key
Sep 21 07:34:38.672843:   Encrypting 16 octets using AES-CTR with 192-bit key
Sep 21 07:34:38.672868:   Encrypting 32 octets using AES-CTR with 192-bit key
Sep 21 07:34:38.672895:   Encrypting 36 octets using AES-CTR with 192-bit key
Sep 21 07:34:38.672922:   Encrypting 16 octets using AES-CTR with 256-bit key
Sep 21 07:34:38.672947:   Encrypting 32 octets using AES-CTR with 256-bit key
Sep 21 07:34:38.672973:   Encrypting 36 octets using AES-CTR with 256-bit key
Sep 21 07:34:38.673002: testing AES_CBC:
Sep 21 07:34:38.673004:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Sep 21 07:34:38.673030:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Sep 21 07:34:38.673059:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Sep 21 07:34:38.673088:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Sep 21 07:34:38.673121: testing AES_XCBC:
Sep 21 07:34:38.673124:   RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input
Sep 21 07:34:38.673244:   RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input
Sep 21 07:34:38.673376:   RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input
Sep 21 07:34:38.673499:   RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input
Sep 21 07:34:38.673625:   RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input
Sep 21 07:34:38.673754:   RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input
Sep 21 07:34:38.673889:   RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input
Sep 21 07:34:38.674187:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Sep 21 07:34:38.674314:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Sep 21 07:34:38.674451:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Sep 21 07:34:38.674687: testing HMAC_MD5:
Sep 21 07:34:38.674690:   RFC 2104: MD5_HMAC test 1
Sep 21 07:34:38.674873:   RFC 2104: MD5_HMAC test 2
Sep 21 07:34:38.675030:   RFC 2104: MD5_HMAC test 3
Sep 21 07:34:38.675209: 8 CPU cores online
Sep 21 07:34:38.675213: starting up 7 crypto helpers
Sep 21 07:34:38.675256: started thread for crypto helper 0
Sep 21 07:34:38.675263: | starting up helper thread 0
Sep 21 07:34:38.675279: | status value returned by setting the priority of this thread (crypto helper 0) 22
Sep 21 07:34:38.675281: started thread for crypto helper 1
Sep 21 07:34:38.675293: | starting up helper thread 1
Sep 21 07:34:38.675282: | crypto helper 0 waiting (nothing to do)
Sep 21 07:34:38.675310: | status value returned by setting the priority of this thread (crypto helper 1) 22
Sep 21 07:34:38.675321: started thread for crypto helper 2
Sep 21 07:34:38.675329: | starting up helper thread 2
Sep 21 07:34:38.675330: | crypto helper 1 waiting (nothing to do)
Sep 21 07:34:38.675347: | status value returned by setting the priority of this thread (crypto helper 2) 22
Sep 21 07:34:38.675351: | crypto helper 2 waiting (nothing to do)
Sep 21 07:34:38.675356: | starting up helper thread 3
Sep 21 07:34:38.675352: started thread for crypto helper 3
Sep 21 07:34:38.675364: | status value returned by setting the priority of this thread (crypto helper 3) 22
Sep 21 07:34:38.675374: | crypto helper 3 waiting (nothing to do)
Sep 21 07:34:38.675390: started thread for crypto helper 4
Sep 21 07:34:38.675392: | starting up helper thread 4
Sep 21 07:34:38.675405: | status value returned by setting the priority of this thread (crypto helper 4) 22
Sep 21 07:34:38.675408: | crypto helper 4 waiting (nothing to do)
Sep 21 07:34:38.675418: started thread for crypto helper 5
Sep 21 07:34:38.675439: started thread for crypto helper 6
Sep 21 07:34:38.675443: | checking IKEv1 state table
Sep 21 07:34:38.675451: |   MAIN_R0: category: half-open IKE SA flags: 0:
Sep 21 07:34:38.675453: |     -> MAIN_R1 EVENT_SO_DISCARD
Sep 21 07:34:38.675456: |   MAIN_I1: category: half-open IKE SA flags: 0:
Sep 21 07:34:38.675458: |     -> MAIN_I2 EVENT_RETRANSMIT
Sep 21 07:34:38.675461: |   MAIN_R1: category: open IKE SA flags: 200:
Sep 21 07:34:38.675463: |     -> MAIN_R2 EVENT_RETRANSMIT
Sep 21 07:34:38.675465: |     -> UNDEFINED EVENT_RETRANSMIT
Sep 21 07:34:38.675467: |     -> UNDEFINED EVENT_RETRANSMIT
Sep 21 07:34:38.675470: |   MAIN_I2: category: open IKE SA flags: 0:
Sep 21 07:34:38.675472: |     -> MAIN_I3 EVENT_RETRANSMIT
Sep 21 07:34:38.675474: |     -> UNDEFINED EVENT_RETRANSMIT
Sep 21 07:34:38.675476: |     -> UNDEFINED EVENT_RETRANSMIT
Sep 21 07:34:38.675479: |   MAIN_R2: category: open IKE SA flags: 0:
Sep 21 07:34:38.675481: |     -> MAIN_R3 EVENT_SA_REPLACE
Sep 21 07:34:38.675483: |     -> MAIN_R3 EVENT_SA_REPLACE
Sep 21 07:34:38.675485: |     -> UNDEFINED EVENT_SA_REPLACE
Sep 21 07:34:38.675488: |   MAIN_I3: category: open IKE SA flags: 0:
Sep 21 07:34:38.675490: |     -> MAIN_I4 EVENT_SA_REPLACE
Sep 21 07:34:38.675492: |     -> MAIN_I4 EVENT_SA_REPLACE
Sep 21 07:34:38.675494: |     -> UNDEFINED EVENT_SA_REPLACE
Sep 21 07:34:38.675497: |   MAIN_R3: category: established IKE SA flags: 200:
Sep 21 07:34:38.675499: |     -> UNDEFINED EVENT_NULL
Sep 21 07:34:38.675502: |   MAIN_I4: category: established IKE SA flags: 0:
Sep 21 07:34:38.675504: |     -> UNDEFINED EVENT_NULL
Sep 21 07:34:38.675506: |   AGGR_R0: category: half-open IKE SA flags: 0:
Sep 21 07:34:38.675509: |     -> AGGR_R1 EVENT_SO_DISCARD
Sep 21 07:34:38.675511: |   AGGR_I1: category: half-open IKE SA flags: 0:
Sep 21 07:34:38.675513: |     -> AGGR_I2 EVENT_SA_REPLACE
Sep 21 07:34:38.675515: |     -> AGGR_I2 EVENT_SA_REPLACE
Sep 21 07:34:38.675518: |   AGGR_R1: category: open IKE SA flags: 200:
Sep 21 07:34:38.675520: |     -> AGGR_R2 EVENT_SA_REPLACE
Sep 21 07:34:38.675522: |     -> AGGR_R2 EVENT_SA_REPLACE
Sep 21 07:34:38.675525: |   AGGR_I2: category: established IKE SA flags: 200:
Sep 21 07:34:38.675527: |     -> UNDEFINED EVENT_NULL
Sep 21 07:34:38.675529: |   AGGR_R2: category: established IKE SA flags: 0:
Sep 21 07:34:38.675532: |     -> UNDEFINED EVENT_NULL
Sep 21 07:34:38.675534: |   QUICK_R0: category: established CHILD SA flags: 0:
Sep 21 07:34:38.675536: |     -> QUICK_R1 EVENT_RETRANSMIT
Sep 21 07:34:38.675539: |   QUICK_I1: category: established CHILD SA flags: 0:
Sep 21 07:34:38.675541: |     -> QUICK_I2 EVENT_SA_REPLACE
Sep 21 07:34:38.675544: |   QUICK_R1: category: established CHILD SA flags: 0:
Sep 21 07:34:38.675546: |     -> QUICK_R2 EVENT_SA_REPLACE
Sep 21 07:34:38.675548: |   QUICK_I2: category: established CHILD SA flags: 200:
Sep 21 07:34:38.675550: |     -> UNDEFINED EVENT_NULL
Sep 21 07:34:38.675556: |   QUICK_R2: category: established CHILD SA flags: 0:
Sep 21 07:34:38.675558: |     -> UNDEFINED EVENT_NULL
Sep 21 07:34:38.675560: |   INFO: category: informational flags: 0:
Sep 21 07:34:38.675563: |     -> UNDEFINED EVENT_NULL
Sep 21 07:34:38.675565: |   INFO_PROTECTED: category: informational flags: 0:
Sep 21 07:34:38.675567: |     -> UNDEFINED EVENT_NULL
Sep 21 07:34:38.675570: |   XAUTH_R0: category: established IKE SA flags: 0:
Sep 21 07:34:38.675572: |     -> XAUTH_R1 EVENT_NULL
Sep 21 07:34:38.675574: |   XAUTH_R1: category: established IKE SA flags: 0:
Sep 21 07:34:38.675577: |     -> MAIN_R3 EVENT_SA_REPLACE
Sep 21 07:34:38.675579: |   MODE_CFG_R0: category: informational flags: 0:
Sep 21 07:34:38.675581: |     -> MODE_CFG_R1 EVENT_SA_REPLACE
Sep 21 07:34:38.675584: |   MODE_CFG_R1: category: established IKE SA flags: 0:
Sep 21 07:34:38.675586: |     -> MODE_CFG_R2 EVENT_SA_REPLACE
Sep 21 07:34:38.675589: |   MODE_CFG_R2: category: established IKE SA flags: 0:
Sep 21 07:34:38.675591: |     -> UNDEFINED EVENT_NULL
Sep 21 07:34:38.675593: |   MODE_CFG_I1: category: established IKE SA flags: 0:
Sep 21 07:34:38.675596: |     -> MAIN_I4 EVENT_SA_REPLACE
Sep 21 07:34:38.675598: |   XAUTH_I0: category: established IKE SA flags: 0:
Sep 21 07:34:38.675600: |     -> XAUTH_I1 EVENT_RETRANSMIT
Sep 21 07:34:38.675603: |   XAUTH_I1: category: established IKE SA flags: 0:
Sep 21 07:34:38.675605: |     -> MAIN_I4 EVENT_RETRANSMIT
Sep 21 07:34:38.675611: | checking IKEv2 state table
Sep 21 07:34:38.675616: |   PARENT_I0: category: ignore flags: 0:
Sep 21 07:34:38.675619: |     -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT)
Sep 21 07:34:38.675622: |   PARENT_I1: category: half-open IKE SA flags: 0:
Sep 21 07:34:38.675625: |     -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification)
Sep 21 07:34:38.675627: |     -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH)
Sep 21 07:34:38.675630: |   PARENT_I2: category: open IKE SA flags: 0:
Sep 21 07:34:38.675633: |     -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification)
Sep 21 07:34:38.675635: |     -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification)
Sep 21 07:34:38.675638: |     -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification)
Sep 21 07:34:38.675640: |     -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response)
Sep 21 07:34:38.675643: |     -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification)
Sep 21 07:34:38.675645: |   PARENT_I3: category: established IKE SA flags: 0:
Sep 21 07:34:38.675648: |     -> PARENT_I3 EVENT_RETAIN (I3: Informational Request)
Sep 21 07:34:38.675650: |     -> PARENT_I3 EVENT_RETAIN (I3: Informational Response)
Sep 21 07:34:38.675653: |     -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request)
Sep 21 07:34:38.675655: |     -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response)
Sep 21 07:34:38.675657: |   PARENT_R0: category: half-open IKE SA flags: 0:
Sep 21 07:34:38.675660: |     -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT)
Sep 21 07:34:38.675663: |   PARENT_R1: category: half-open IKE SA flags: 0:
Sep 21 07:34:38.675665: |     -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED))
Sep 21 07:34:38.675667: |     -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request)
Sep 21 07:34:38.675670: |   PARENT_R2: category: established IKE SA flags: 0:
Sep 21 07:34:38.675673: |     -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request)
Sep 21 07:34:38.675675: |     -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response)
Sep 21 07:34:38.675677: |     -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request)
Sep 21 07:34:38.675680: |     -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response)
Sep 21 07:34:38.675682: |   V2_CREATE_I0: category: established IKE SA flags: 0:
Sep 21 07:34:38.675687: |     -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA)
Sep 21 07:34:38.675689: |   V2_CREATE_I: category: established IKE SA flags: 0:
Sep 21 07:34:38.675692: |     -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response)
Sep 21 07:34:38.675694: |   V2_REKEY_IKE_I0: category: established IKE SA flags: 0:
Sep 21 07:34:38.675697: |     -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey)
Sep 21 07:34:38.675700: |   V2_REKEY_IKE_I: category: established IKE SA flags: 0:
Sep 21 07:34:38.675702: |     -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response)
Sep 21 07:34:38.675705: |   V2_REKEY_CHILD_I0: category: established IKE SA flags: 0:
Sep 21 07:34:38.675708: |     -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA)
Sep 21 07:34:38.675710: |   V2_REKEY_CHILD_I: category: established IKE SA flags: 0: <none>
Sep 21 07:34:38.675713: |   V2_CREATE_R: category: established IKE SA flags: 0:
Sep 21 07:34:38.675716: |     -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request)
Sep 21 07:34:38.675718: |   V2_REKEY_IKE_R: category: established IKE SA flags: 0:
Sep 21 07:34:38.675721: |     -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey)
Sep 21 07:34:38.675724: |   V2_REKEY_CHILD_R: category: established IKE SA flags: 0: <none>
Sep 21 07:34:38.675726: |   V2_IPSEC_I: category: established CHILD SA flags: 0: <none>
Sep 21 07:34:38.675729: |   V2_IPSEC_R: category: established CHILD SA flags: 0: <none>
Sep 21 07:34:38.675732: |   IKESA_DEL: category: established IKE SA flags: 0:
Sep 21 07:34:38.675734: |     -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL)
Sep 21 07:34:38.675737: |   CHILDSA_DEL: category: informational flags: 0: <none>
Sep 21 07:34:38.675790: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+
Sep 21 07:34:38.675863: | Hard-wiring algorithms
Sep 21 07:34:38.675866: | adding AES_CCM_16 to kernel algorithm db
Sep 21 07:34:38.675870: | adding AES_CCM_12 to kernel algorithm db
Sep 21 07:34:38.675872: | adding AES_CCM_8 to kernel algorithm db
Sep 21 07:34:38.675874: | starting up helper thread 6
Sep 21 07:34:38.675880: | adding 3DES_CBC to kernel algorithm db
Sep 21 07:34:38.675887: | status value returned by setting the priority of this thread (crypto helper 6) 22
Sep 21 07:34:38.675872: | starting up helper thread 5
Sep 21 07:34:38.675890: | adding CAMELLIA_CBC to kernel algorithm db
Sep 21 07:34:38.675900: | status value returned by setting the priority of this thread (crypto helper 5) 22
Sep 21 07:34:38.675903: | adding AES_GCM_16 to kernel algorithm db
Sep 21 07:34:38.675891: | crypto helper 6 waiting (nothing to do)
Sep 21 07:34:38.675908: | adding AES_GCM_12 to kernel algorithm db
Sep 21 07:34:38.675915: | crypto helper 5 waiting (nothing to do)
Sep 21 07:34:38.675915: | adding AES_GCM_8 to kernel algorithm db
Sep 21 07:34:38.675922: | adding AES_CTR to kernel algorithm db
Sep 21 07:34:38.675925: | adding AES_CBC to kernel algorithm db
Sep 21 07:34:38.675927: | adding SERPENT_CBC to kernel algorithm db
Sep 21 07:34:38.675929: | adding TWOFISH_CBC to kernel algorithm db
Sep 21 07:34:38.675932: | adding NULL_AUTH_AES_GMAC to kernel algorithm db
Sep 21 07:34:38.675934: | adding NULL to kernel algorithm db
Sep 21 07:34:38.675936: | adding CHACHA20_POLY1305 to kernel algorithm db
Sep 21 07:34:38.675939: | adding HMAC_MD5_96 to kernel algorithm db
Sep 21 07:34:38.675941: | adding HMAC_SHA1_96 to kernel algorithm db
Sep 21 07:34:38.675943: | adding HMAC_SHA2_512_256 to kernel algorithm db
Sep 21 07:34:38.675946: | adding HMAC_SHA2_384_192 to kernel algorithm db
Sep 21 07:34:38.675948: | adding HMAC_SHA2_256_128 to kernel algorithm db
Sep 21 07:34:38.675950: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db
Sep 21 07:34:38.675953: | adding AES_XCBC_96 to kernel algorithm db
Sep 21 07:34:38.675955: | adding AES_CMAC_96 to kernel algorithm db
Sep 21 07:34:38.675957: | adding NONE to kernel algorithm db
Sep 21 07:34:38.675979: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes
Sep 21 07:34:38.675984: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds
Sep 21 07:34:38.675987: | setup kernel fd callback
Sep 21 07:34:38.675990: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55f655b67c60
Sep 21 07:34:38.675993: | libevent_malloc: new ptr-libevent@0x55f655b73d80 size 128
Sep 21 07:34:38.675996: | libevent_malloc: new ptr-libevent@0x55f655b66f40 size 16
Sep 21 07:34:38.676001: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55f655b67c20
Sep 21 07:34:38.676003: | libevent_malloc: new ptr-libevent@0x55f655b73e10 size 128
Sep 21 07:34:38.676005: | libevent_malloc: new ptr-libevent@0x55f655b66f60 size 16
Sep 21 07:34:38.676231: | global one-shot timer EVENT_CHECK_CRLS initialized
Sep 21 07:34:38.676240: selinux support is enabled.
Sep 21 07:34:38.676318: systemd watchdog not enabled - not sending watchdog keepalives
Sep 21 07:34:38.676483: | unbound context created - setting debug level to 5
Sep 21 07:34:38.676509: | /etc/hosts lookups activated
Sep 21 07:34:38.676524: | /etc/resolv.conf usage activated
Sep 21 07:34:38.676589: | outgoing-port-avoid set 0-65535
Sep 21 07:34:38.676618: | outgoing-port-permit set 32768-60999
Sep 21 07:34:38.676620: | Loading dnssec root key from:/var/lib/unbound/root.key
Sep 21 07:34:38.676623: | No additional dnssec trust anchors defined via dnssec-trusted= option
Sep 21 07:34:38.676626: | Setting up events, loop start
Sep 21 07:34:38.676629: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55f655b62240
Sep 21 07:34:38.676632: | libevent_malloc: new ptr-libevent@0x55f655b7e380 size 128
Sep 21 07:34:38.676635: | libevent_malloc: new ptr-libevent@0x55f655b7e410 size 16
Sep 21 07:34:38.676642: | libevent_realloc: new ptr-libevent@0x55f655ae25b0 size 256
Sep 21 07:34:38.676644: | libevent_malloc: new ptr-libevent@0x55f655b7e430 size 8
Sep 21 07:34:38.676647: | libevent_realloc: new ptr-libevent@0x55f655b73180 size 144
Sep 21 07:34:38.676650: | libevent_malloc: new ptr-libevent@0x55f655b7e450 size 152
Sep 21 07:34:38.676653: | libevent_malloc: new ptr-libevent@0x55f655b7e4f0 size 16
Sep 21 07:34:38.676657: | signal event handler PLUTO_SIGCHLD installed
Sep 21 07:34:38.676660: | libevent_malloc: new ptr-libevent@0x55f655b7e510 size 8
Sep 21 07:34:38.676662: | libevent_malloc: new ptr-libevent@0x55f655b7e530 size 152
Sep 21 07:34:38.676665: | signal event handler PLUTO_SIGTERM installed
Sep 21 07:34:38.676667: | libevent_malloc: new ptr-libevent@0x55f655b7e5d0 size 8
Sep 21 07:34:38.676670: | libevent_malloc: new ptr-libevent@0x55f655b7e5f0 size 152
Sep 21 07:34:38.676673: | signal event handler PLUTO_SIGHUP installed
Sep 21 07:34:38.676675: | libevent_malloc: new ptr-libevent@0x55f655b7e690 size 8
Sep 21 07:34:38.676677: | libevent_realloc: release ptr-libevent@0x55f655b73180
Sep 21 07:34:38.676680: | libevent_realloc: new ptr-libevent@0x55f655b7e6b0 size 256
Sep 21 07:34:38.676683: | libevent_malloc: new ptr-libevent@0x55f655b73180 size 152
Sep 21 07:34:38.676686: | signal event handler PLUTO_SIGSYS installed
Sep 21 07:34:38.677041: | created addconn helper (pid:16276) using fork+execve
Sep 21 07:34:38.677056: | forked child 16276
Sep 21 07:34:38.677089: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:34:38.677106: | pluto_sd: executing action action: reloading(4), status 0
Sep 21 07:34:38.677112: listening for IKE messages
Sep 21 07:34:38.677148: | Inspecting interface lo 
Sep 21 07:34:38.677154: | found lo with address 127.0.0.1
Sep 21 07:34:38.677156: | Inspecting interface eth0 
Sep 21 07:34:38.677160: | found eth0 with address 192.0.2.254
Sep 21 07:34:38.677162: | Inspecting interface eth1 
Sep 21 07:34:38.677166: | found eth1 with address 192.1.2.23
Sep 21 07:34:38.677215: Kernel supports NIC esp-hw-offload
Sep 21 07:34:38.677225: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500
Sep 21 07:34:38.677247: | NAT-Traversal: Trying sockopt style NAT-T
Sep 21 07:34:38.677255: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Sep 21 07:34:38.677259: adding interface eth1/eth1 192.1.2.23:4500
Sep 21 07:34:38.677284: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500
Sep 21 07:34:38.677306: | NAT-Traversal: Trying sockopt style NAT-T
Sep 21 07:34:38.677310: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Sep 21 07:34:38.677313: adding interface eth0/eth0 192.0.2.254:4500
Sep 21 07:34:38.677337: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500
Sep 21 07:34:38.677359: | NAT-Traversal: Trying sockopt style NAT-T
Sep 21 07:34:38.677362: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Sep 21 07:34:38.677366: adding interface lo/lo 127.0.0.1:4500
Sep 21 07:34:38.677419: | no interfaces to sort
Sep 21 07:34:38.677423: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
Sep 21 07:34:38.677432: | add_fd_read_event_handler: new ethX-pe@0x55f655b7ea20
Sep 21 07:34:38.677435: | libevent_malloc: new ptr-libevent@0x55f655b7ea60 size 128
Sep 21 07:34:38.677438: | libevent_malloc: new ptr-libevent@0x55f655b7eaf0 size 16
Sep 21 07:34:38.677446: | setup callback for interface lo 127.0.0.1:4500 fd 22
Sep 21 07:34:38.677449: | add_fd_read_event_handler: new ethX-pe@0x55f655b7eb10
Sep 21 07:34:38.677451: | libevent_malloc: new ptr-libevent@0x55f655b7eb50 size 128
Sep 21 07:34:38.677454: | libevent_malloc: new ptr-libevent@0x55f655b7ebe0 size 16
Sep 21 07:34:38.677458: | setup callback for interface lo 127.0.0.1:500 fd 21
Sep 21 07:34:38.677461: | add_fd_read_event_handler: new ethX-pe@0x55f655b7ec00
Sep 21 07:34:38.677463: | libevent_malloc: new ptr-libevent@0x55f655b7ec40 size 128
Sep 21 07:34:38.677466: | libevent_malloc: new ptr-libevent@0x55f655b7ecd0 size 16
Sep 21 07:34:38.677470: | setup callback for interface eth0 192.0.2.254:4500 fd 20
Sep 21 07:34:38.677473: | add_fd_read_event_handler: new ethX-pe@0x55f655b7ecf0
Sep 21 07:34:38.677475: | libevent_malloc: new ptr-libevent@0x55f655b7ed30 size 128
Sep 21 07:34:38.677478: | libevent_malloc: new ptr-libevent@0x55f655b7edc0 size 16
Sep 21 07:34:38.677482: | setup callback for interface eth0 192.0.2.254:500 fd 19
Sep 21 07:34:38.677484: | add_fd_read_event_handler: new ethX-pe@0x55f655b7ede0
Sep 21 07:34:38.677487: | libevent_malloc: new ptr-libevent@0x55f655b7ee20 size 128
Sep 21 07:34:38.677489: | libevent_malloc: new ptr-libevent@0x55f655b7eeb0 size 16
Sep 21 07:34:38.677494: | setup callback for interface eth1 192.1.2.23:4500 fd 18
Sep 21 07:34:38.677496: | add_fd_read_event_handler: new ethX-pe@0x55f655b7eed0
Sep 21 07:34:38.677499: | libevent_malloc: new ptr-libevent@0x55f655b7ef10 size 128
Sep 21 07:34:38.677501: | libevent_malloc: new ptr-libevent@0x55f655b7efa0 size 16
Sep 21 07:34:38.677505: | setup callback for interface eth1 192.1.2.23:500 fd 17
Sep 21 07:34:38.677510: | certs and keys locked by 'free_preshared_secrets'
Sep 21 07:34:38.677513: | certs and keys unlocked by 'free_preshared_secrets'
Sep 21 07:34:38.677531: loading secrets from "/etc/ipsec.secrets"
Sep 21 07:34:38.677546: | id type added to secret(0x55f655b73f60) PKK_PSK: @west
Sep 21 07:34:38.677550: | id type added to secret(0x55f655b73f60) PKK_PSK: @east
Sep 21 07:34:38.677554: | Processing PSK at line 1: passed
Sep 21 07:34:38.677556: | certs and keys locked by 'process_secret'
Sep 21 07:34:38.677560: | certs and keys unlocked by 'process_secret'
Sep 21 07:34:38.677565: | pluto_sd: executing action action: ready(5), status 0
Sep 21 07:34:38.677573: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:34:38.677580: | spent 0.495 milliseconds in whack
Sep 21 07:34:38.720392: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:34:38.720412: | pluto_sd: executing action action: reloading(4), status 0
Sep 21 07:34:38.720416: listening for IKE messages
Sep 21 07:34:38.720447: | Inspecting interface lo 
Sep 21 07:34:38.720457: | found lo with address 127.0.0.1
Sep 21 07:34:38.720459: | Inspecting interface eth0 
Sep 21 07:34:38.720462: | found eth0 with address 192.0.2.254
Sep 21 07:34:38.720463: | Inspecting interface eth1 
Sep 21 07:34:38.720466: | found eth1 with address 192.1.2.23
Sep 21 07:34:38.720513: | no interfaces to sort
Sep 21 07:34:38.720520: | libevent_free: release ptr-libevent@0x55f655b7ea60
Sep 21 07:34:38.720522: | free_event_entry: release EVENT_NULL-pe@0x55f655b7ea20
Sep 21 07:34:38.720524: | add_fd_read_event_handler: new ethX-pe@0x55f655b7ea20
Sep 21 07:34:38.720526: | libevent_malloc: new ptr-libevent@0x55f655b7ea60 size 128
Sep 21 07:34:38.720531: | setup callback for interface lo 127.0.0.1:4500 fd 22
Sep 21 07:34:38.720534: | libevent_free: release ptr-libevent@0x55f655b7eb50
Sep 21 07:34:38.720536: | free_event_entry: release EVENT_NULL-pe@0x55f655b7eb10
Sep 21 07:34:38.720537: | add_fd_read_event_handler: new ethX-pe@0x55f655b7eb10
Sep 21 07:34:38.720539: | libevent_malloc: new ptr-libevent@0x55f655b7eb50 size 128
Sep 21 07:34:38.720542: | setup callback for interface lo 127.0.0.1:500 fd 21
Sep 21 07:34:38.720545: | libevent_free: release ptr-libevent@0x55f655b7ec40
Sep 21 07:34:38.720547: | free_event_entry: release EVENT_NULL-pe@0x55f655b7ec00
Sep 21 07:34:38.720548: | add_fd_read_event_handler: new ethX-pe@0x55f655b7ec00
Sep 21 07:34:38.720550: | libevent_malloc: new ptr-libevent@0x55f655b7ec40 size 128
Sep 21 07:34:38.720553: | setup callback for interface eth0 192.0.2.254:4500 fd 20
Sep 21 07:34:38.720556: | libevent_free: release ptr-libevent@0x55f655b7ed30
Sep 21 07:34:38.720557: | free_event_entry: release EVENT_NULL-pe@0x55f655b7ecf0
Sep 21 07:34:38.720559: | add_fd_read_event_handler: new ethX-pe@0x55f655b7ecf0
Sep 21 07:34:38.720561: | libevent_malloc: new ptr-libevent@0x55f655b7ed30 size 128
Sep 21 07:34:38.720564: | setup callback for interface eth0 192.0.2.254:500 fd 19
Sep 21 07:34:38.720566: | libevent_free: release ptr-libevent@0x55f655b7ee20
Sep 21 07:34:38.720568: | free_event_entry: release EVENT_NULL-pe@0x55f655b7ede0
Sep 21 07:34:38.720570: | add_fd_read_event_handler: new ethX-pe@0x55f655b7ede0
Sep 21 07:34:38.720571: | libevent_malloc: new ptr-libevent@0x55f655b7ee20 size 128
Sep 21 07:34:38.720574: | setup callback for interface eth1 192.1.2.23:4500 fd 18
Sep 21 07:34:38.720577: | libevent_free: release ptr-libevent@0x55f655b7ef10
Sep 21 07:34:38.720579: | free_event_entry: release EVENT_NULL-pe@0x55f655b7eed0
Sep 21 07:34:38.720580: | add_fd_read_event_handler: new ethX-pe@0x55f655b7eed0
Sep 21 07:34:38.720582: | libevent_malloc: new ptr-libevent@0x55f655b7ef10 size 128
Sep 21 07:34:38.720585: | setup callback for interface eth1 192.1.2.23:500 fd 17
Sep 21 07:34:38.720587: | certs and keys locked by 'free_preshared_secrets'
Sep 21 07:34:38.720589: forgetting secrets
Sep 21 07:34:38.720594: | certs and keys unlocked by 'free_preshared_secrets'
Sep 21 07:34:38.720606: loading secrets from "/etc/ipsec.secrets"
Sep 21 07:34:38.720613: | id type added to secret(0x55f655b73f60) PKK_PSK: @west
Sep 21 07:34:38.720615: | id type added to secret(0x55f655b73f60) PKK_PSK: @east
Sep 21 07:34:38.720618: | Processing PSK at line 1: passed
Sep 21 07:34:38.720619: | certs and keys locked by 'process_secret'
Sep 21 07:34:38.720621: | certs and keys unlocked by 'process_secret'
Sep 21 07:34:38.720624: | pluto_sd: executing action action: ready(5), status 0
Sep 21 07:34:38.720630: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:34:38.720635: | spent 0.251 milliseconds in whack
Sep 21 07:34:38.721223: | processing signal PLUTO_SIGCHLD
Sep 21 07:34:38.721240: | waitpid returned pid 16276 (exited with status 0)
Sep 21 07:34:38.721243: | reaped addconn helper child (status 0)
Sep 21 07:34:38.721246: | waitpid returned ECHILD (no child processes left)
Sep 21 07:34:38.721249: | spent 0.0165 milliseconds in signal handler PLUTO_SIGCHLD
Sep 21 07:34:38.777091: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:34:38.777122: | FOR_EACH_CONNECTION_... in conn_by_name
Sep 21 07:34:38.777126: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Sep 21 07:34:38.777128: | FOR_EACH_CONNECTION_... in conn_by_name
Sep 21 07:34:38.777131: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Sep 21 07:34:38.777134: | FOR_EACH_CONNECTION_... in conn_by_name
Sep 21 07:34:38.777141: | Added new connection east with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Sep 21 07:34:38.777198: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31
Sep 21 07:34:38.777201: | from whack: got --esp=
Sep 21 07:34:38.777237: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128
Sep 21 07:34:38.777242: | counting wild cards for @west is 0
Sep 21 07:34:38.777245: | counting wild cards for @east is 0
Sep 21 07:34:38.777254: | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none
Sep 21 07:34:38.777258: | new hp@0x55f655b4b4b0
Sep 21 07:34:38.777262: added connection description "east"
Sep 21 07:34:38.777272: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 5s; rekey_fuzz: 0%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Sep 21 07:34:38.777284: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24
Sep 21 07:34:38.777291: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:34:38.777298: | spent 0.215 milliseconds in whack
Sep 21 07:34:38.777328: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:34:38.777337: add keyid @west
Sep 21 07:34:38.777341: | add pubkey  01 03 a6 f5  d6 3f e3 8f  6c 01 6a fc  7b 7c 6d 57
Sep 21 07:34:38.777343: | add pubkey  8b 49 39 0d  77 f7 ac e2  85 f1 98 1e  4b 6d a5 3e
Sep 21 07:34:38.777345: | add pubkey  b3 96 9a d1  99 5a bc 10  f2 97 de f2  28 f9 5f 92
Sep 21 07:34:38.777348: | add pubkey  09 f0 c8 d4  12 e4 60 6e  9c 60 98 10  01 7d 26 b7
Sep 21 07:34:38.777350: | add pubkey  8f 95 62 2d  87 dd cd de  f6 d3 8f 35  b0 50 d0 18
Sep 21 07:34:38.777352: | add pubkey  f5 99 f8 04  f1 ff 61 5b  bc 7f 1f c0  04 d8 e4 8c
Sep 21 07:34:38.777355: | add pubkey  ac 34 ad 7a  c1 da 3c 2d  8c 30 ae d6  3c 59 b1 3a
Sep 21 07:34:38.777357: | add pubkey  94 d3 d5 2a  73 91 bd 59  5f 3e 72 bf  4a 1b 9d c5
Sep 21 07:34:38.777359: | add pubkey  b2 2b 4d e7  0d 24 3e 77  f9 7f 2d d6  9d 29 ef 70
Sep 21 07:34:38.777362: | add pubkey  7d 7a 6d a2  b8 61 0c 4b  09 4a 06 71  84 70 85 9a
Sep 21 07:34:38.777364: | add pubkey  8f 52 a1 80  06 fd c6 fc  3e 27 fa 16  fa 32 83 a9
Sep 21 07:34:38.777366: | add pubkey  ca 80 db 0f  4a bf f7 e9  55 8e bd 29  4d 23 a6 dc
Sep 21 07:34:38.777369: | add pubkey  2a b3 5d 62  a9 21 1e be  83 d8 69 3c  03 0a 48 8e
Sep 21 07:34:38.777371: | add pubkey  d3 3a 11 f2  86 5a d1 30  65 bd c8 f4  83 87 ff 04
Sep 21 07:34:38.777374: | add pubkey  87 33 05 4f  e0 d8 8c fe  b3 19 4c dd  85 40 f3 4d
Sep 21 07:34:38.777376: | add pubkey  6e e8 49 14  06 2c 1f 59  59 05 8f 20  b0 ca 46 3f
Sep 21 07:34:38.777378: | add pubkey  c9 20 7e 04  30 7d 9a 80  6c 3f 0a 89  f7 d3 af d8
Sep 21 07:34:38.777380: | add pubkey  15 04 37 f9
Sep 21 07:34:38.777420: | computed rsa CKAID  b4 9f 1a ac  9e 45 6e 79  29 c8 81 97  3a 0c 6a d3
Sep 21 07:34:38.777423: | computed rsa CKAID  7f 0f 03 50
Sep 21 07:34:38.777428: | keyid: *AQOm9dY/4
Sep 21 07:34:38.777431: |   n  a6 f5 d6 3f  e3 8f 6c 01  6a fc 7b 7c  6d 57 8b 49
Sep 21 07:34:38.777433: |   n  39 0d 77 f7  ac e2 85 f1  98 1e 4b 6d  a5 3e b3 96
Sep 21 07:34:38.777439: |   n  9a d1 99 5a  bc 10 f2 97  de f2 28 f9  5f 92 09 f0
Sep 21 07:34:38.777441: |   n  c8 d4 12 e4  60 6e 9c 60  98 10 01 7d  26 b7 8f 95
Sep 21 07:34:38.777444: |   n  62 2d 87 dd  cd de f6 d3  8f 35 b0 50  d0 18 f5 99
Sep 21 07:34:38.777446: |   n  f8 04 f1 ff  61 5b bc 7f  1f c0 04 d8  e4 8c ac 34
Sep 21 07:34:38.777448: |   n  ad 7a c1 da  3c 2d 8c 30  ae d6 3c 59  b1 3a 94 d3
Sep 21 07:34:38.777450: |   n  d5 2a 73 91  bd 59 5f 3e  72 bf 4a 1b  9d c5 b2 2b
Sep 21 07:34:38.777453: |   n  4d e7 0d 24  3e 77 f9 7f  2d d6 9d 29  ef 70 7d 7a
Sep 21 07:34:38.777455: |   n  6d a2 b8 61  0c 4b 09 4a  06 71 84 70  85 9a 8f 52
Sep 21 07:34:38.777457: |   n  a1 80 06 fd  c6 fc 3e 27  fa 16 fa 32  83 a9 ca 80
Sep 21 07:34:38.777459: |   n  db 0f 4a bf  f7 e9 55 8e  bd 29 4d 23  a6 dc 2a b3
Sep 21 07:34:38.777462: |   n  5d 62 a9 21  1e be 83 d8  69 3c 03 0a  48 8e d3 3a
Sep 21 07:34:38.777464: |   n  11 f2 86 5a  d1 30 65 bd  c8 f4 83 87  ff 04 87 33
Sep 21 07:34:38.777466: |   n  05 4f e0 d8  8c fe b3 19  4c dd 85 40  f3 4d 6e e8
Sep 21 07:34:38.777468: |   n  49 14 06 2c  1f 59 59 05  8f 20 b0 ca  46 3f c9 20
Sep 21 07:34:38.777471: |   n  7e 04 30 7d  9a 80 6c 3f  0a 89 f7 d3  af d8 15 04
Sep 21 07:34:38.777473: |   n  37 f9
Sep 21 07:34:38.777475: |   e  03
Sep 21 07:34:38.777477: |   CKAID  b4 9f 1a ac  9e 45 6e 79  29 c8 81 97  3a 0c 6a d3
Sep 21 07:34:38.777479: |   CKAID  7f 0f 03 50
Sep 21 07:34:38.777487: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:34:38.777491: | spent 0.168 milliseconds in whack
Sep 21 07:34:38.777515: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:34:38.777522: add keyid @east
Sep 21 07:34:38.777526: | add pubkey  01 03 bd 6c  96 eb df 78  89 b3 ed 77  0d a1 7f 7b
Sep 21 07:34:38.777528: | add pubkey  e5 16 c2 c9  e4 7d 92 0a  90 9d 55 43  b4 62 13 03
Sep 21 07:34:38.777530: | add pubkey  85 7a e0 26  7b 54 1f ca  09 93 cf ff  25 c9 02 4c
Sep 21 07:34:38.777533: | add pubkey  78 ca 94 e5  3e ac d1 f9  a8 e5 bb 7f  cc 20 84 e0
Sep 21 07:34:38.777535: | add pubkey  21 c9 f0 0d  c5 44 ba f3  48 64 61 58  f6 0f 63 0d
Sep 21 07:34:38.777537: | add pubkey  d2 67 1e 59  8b ec f3 50  39 71 fb 39  da 11 64 b6
Sep 21 07:34:38.777540: | add pubkey  62 cd 5f d3  8d 2e c1 50  ed 9c 6e 22  0c 39 a7 ce
Sep 21 07:34:38.777542: | add pubkey  62 b5 af 8a  80 0f 2e 4c  05 5c 82 c7  8d 29 02 2e
Sep 21 07:34:38.777544: | add pubkey  bb 23 5f db  f2 9e b5 7d  e2 20 70 1a  63 f3 8e 5d
Sep 21 07:34:38.777546: | add pubkey  ac 47 f0 5c  26 4e b1 d0  42 60 52 4a  b0 77 25 ce
Sep 21 07:34:38.777549: | add pubkey  e0 98 2b 43  f4 c7 59 1a  64 01 83 ea  4e e3 1a 2a
Sep 21 07:34:38.777551: | add pubkey  92 b8 55 ab  63 dd 4b 70  47 29 dc e9  b4 60 bf 43
Sep 21 07:34:38.777553: | add pubkey  4d 58 8f 64  73 95 70 ac  35 89 b2 c2  9c d4 62 c0
Sep 21 07:34:38.777555: | add pubkey  5f 56 5f ad  1b e5 dd 49  93 6a f5 23  82 ed d4 e7
Sep 21 07:34:38.777558: | add pubkey  d5 f1 55 f2  2d a2 26 a6  36 53 2f 94  fb 99 22 5c
Sep 21 07:34:38.777560: | add pubkey  47 cc 6d 80  30 88 96 38  0c f5 f2 ed  37 d0 09 d5
Sep 21 07:34:38.777562: | add pubkey  07 8f 69 ef  a9 99 ce 4d  1a 77 9e 39  c4 38 f3 c5
Sep 21 07:34:38.777564: | add pubkey  51 51 48 ef
Sep 21 07:34:38.777575: | computed rsa CKAID  61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Sep 21 07:34:38.777577: | computed rsa CKAID  8a 82 25 f1
Sep 21 07:34:38.777581: | keyid: *AQO9bJbr3
Sep 21 07:34:38.777584: |   n  bd 6c 96 eb  df 78 89 b3  ed 77 0d a1  7f 7b e5 16
Sep 21 07:34:38.777586: |   n  c2 c9 e4 7d  92 0a 90 9d  55 43 b4 62  13 03 85 7a
Sep 21 07:34:38.777588: |   n  e0 26 7b 54  1f ca 09 93  cf ff 25 c9  02 4c 78 ca
Sep 21 07:34:38.777590: |   n  94 e5 3e ac  d1 f9 a8 e5  bb 7f cc 20  84 e0 21 c9
Sep 21 07:34:38.777592: |   n  f0 0d c5 44  ba f3 48 64  61 58 f6 0f  63 0d d2 67
Sep 21 07:34:38.777595: |   n  1e 59 8b ec  f3 50 39 71  fb 39 da 11  64 b6 62 cd
Sep 21 07:34:38.777597: |   n  5f d3 8d 2e  c1 50 ed 9c  6e 22 0c 39  a7 ce 62 b5
Sep 21 07:34:38.777602: |   n  af 8a 80 0f  2e 4c 05 5c  82 c7 8d 29  02 2e bb 23
Sep 21 07:34:38.777605: |   n  5f db f2 9e  b5 7d e2 20  70 1a 63 f3  8e 5d ac 47
Sep 21 07:34:38.777607: |   n  f0 5c 26 4e  b1 d0 42 60  52 4a b0 77  25 ce e0 98
Sep 21 07:34:38.777609: |   n  2b 43 f4 c7  59 1a 64 01  83 ea 4e e3  1a 2a 92 b8
Sep 21 07:34:38.777611: |   n  55 ab 63 dd  4b 70 47 29  dc e9 b4 60  bf 43 4d 58
Sep 21 07:34:38.777614: |   n  8f 64 73 95  70 ac 35 89  b2 c2 9c d4  62 c0 5f 56
Sep 21 07:34:38.777616: |   n  5f ad 1b e5  dd 49 93 6a  f5 23 82 ed  d4 e7 d5 f1
Sep 21 07:34:38.777618: |   n  55 f2 2d a2  26 a6 36 53  2f 94 fb 99  22 5c 47 cc
Sep 21 07:34:38.777620: |   n  6d 80 30 88  96 38 0c f5  f2 ed 37 d0  09 d5 07 8f
Sep 21 07:34:38.777623: |   n  69 ef a9 99  ce 4d 1a 77  9e 39 c4 38  f3 c5 51 51
Sep 21 07:34:38.777625: |   n  48 ef
Sep 21 07:34:38.777627: |   e  03
Sep 21 07:34:38.777629: |   CKAID  61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Sep 21 07:34:38.777631: |   CKAID  8a 82 25 f1
Sep 21 07:34:38.777638: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:34:38.777642: | spent 0.131 milliseconds in whack
Sep 21 07:34:39.586454: | spent 0.0029 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Sep 21 07:34:39.586480: | *received 828 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Sep 21 07:34:39.586483: |   ee ed 5a 05  21 55 05 c7  00 00 00 00  00 00 00 00
Sep 21 07:34:39.586485: |   21 20 22 08  00 00 00 00  00 00 03 3c  22 00 01 b4
Sep 21 07:34:39.586486: |   02 00 00 64  01 01 00 0b  03 00 00 0c  01 00 00 14
Sep 21 07:34:39.586487: |   80 0e 01 00  03 00 00 08  02 00 00 07  03 00 00 08
Sep 21 07:34:39.586489: |   02 00 00 05  03 00 00 08  04 00 00 0e  03 00 00 08
Sep 21 07:34:39.586503: |   04 00 00 0f  03 00 00 08  04 00 00 10  03 00 00 08
Sep 21 07:34:39.586505: |   04 00 00 12  03 00 00 08  04 00 00 13  03 00 00 08
Sep 21 07:34:39.586506: |   04 00 00 14  03 00 00 08  04 00 00 15  00 00 00 08
Sep 21 07:34:39.586507: |   04 00 00 1f  02 00 00 64  02 01 00 0b  03 00 00 0c
Sep 21 07:34:39.586509: |   01 00 00 14  80 0e 00 80  03 00 00 08  02 00 00 07
Sep 21 07:34:39.586510: |   03 00 00 08  02 00 00 05  03 00 00 08  04 00 00 0e
Sep 21 07:34:39.586511: |   03 00 00 08  04 00 00 0f  03 00 00 08  04 00 00 10
Sep 21 07:34:39.586513: |   03 00 00 08  04 00 00 12  03 00 00 08  04 00 00 13
Sep 21 07:34:39.586514: |   03 00 00 08  04 00 00 14  03 00 00 08  04 00 00 15
Sep 21 07:34:39.586516: |   00 00 00 08  04 00 00 1f  02 00 00 74  03 01 00 0d
Sep 21 07:34:39.586517: |   03 00 00 0c  01 00 00 0c  80 0e 01 00  03 00 00 08
Sep 21 07:34:39.586518: |   02 00 00 07  03 00 00 08  02 00 00 05  03 00 00 08
Sep 21 07:34:39.586520: |   03 00 00 0e  03 00 00 08  03 00 00 0c  03 00 00 08
Sep 21 07:34:39.586521: |   04 00 00 0e  03 00 00 08  04 00 00 0f  03 00 00 08
Sep 21 07:34:39.586522: |   04 00 00 10  03 00 00 08  04 00 00 12  03 00 00 08
Sep 21 07:34:39.586524: |   04 00 00 13  03 00 00 08  04 00 00 14  03 00 00 08
Sep 21 07:34:39.586525: |   04 00 00 15  00 00 00 08  04 00 00 1f  00 00 00 74
Sep 21 07:34:39.586526: |   04 01 00 0d  03 00 00 0c  01 00 00 0c  80 0e 00 80
Sep 21 07:34:39.586528: |   03 00 00 08  02 00 00 07  03 00 00 08  02 00 00 05
Sep 21 07:34:39.586529: |   03 00 00 08  03 00 00 0e  03 00 00 08  03 00 00 0c
Sep 21 07:34:39.586530: |   03 00 00 08  04 00 00 0e  03 00 00 08  04 00 00 0f
Sep 21 07:34:39.586532: |   03 00 00 08  04 00 00 10  03 00 00 08  04 00 00 12
Sep 21 07:34:39.586533: |   03 00 00 08  04 00 00 13  03 00 00 08  04 00 00 14
Sep 21 07:34:39.586535: |   03 00 00 08  04 00 00 15  00 00 00 08  04 00 00 1f
Sep 21 07:34:39.586536: |   28 00 01 08  00 0e 00 00  c5 0d 51 34  81 57 57 74
Sep 21 07:34:39.586537: |   82 92 8e 21  85 b5 a2 00  5a 8b 99 3c  e0 1b ad a9
Sep 21 07:34:39.586539: |   9b 1a 93 c2  6d 9b 25 05  ad 64 7e 89  63 ff 96 d3
Sep 21 07:34:39.586540: |   25 44 14 a3  f8 7c f3 5b  89 33 d6 87  0f cc e8 f4
Sep 21 07:34:39.586541: |   27 20 73 ef  00 5f 21 38  c4 30 03 68  6c ce 74 71
Sep 21 07:34:39.586543: |   59 12 d3 df  93 51 6f 8e  58 57 aa 88  39 e8 26 ce
Sep 21 07:34:39.586546: |   ab 92 e3 08  e5 f0 f0 3e  98 4c 9d a1  46 a9 fc 7c
Sep 21 07:34:39.586548: |   9e 5c 5e 70  a3 0e aa a2  f5 30 ad e1  6c bd 41 c1
Sep 21 07:34:39.586549: |   e5 64 12 49  ec 71 5a d2  9e 52 68 75  47 aa 88 30
Sep 21 07:34:39.586551: |   02 a1 db d7  95 f1 41 73  78 fe b7 97  1f 64 9e af
Sep 21 07:34:39.586552: |   41 99 0a e4  39 dc 26 85  b2 c1 93 74  24 4c e5 c3
Sep 21 07:34:39.586553: |   09 11 2a 4f  60 0f cd 0c  25 af b8 cb  14 17 85 c9
Sep 21 07:34:39.586555: |   b0 1c 8b 72  34 c5 9b b1  e4 b5 2f d6  5f 8f 0d 07
Sep 21 07:34:39.586556: |   dc 4e d2 00  1b 51 4c 87  ea e6 b9 51  6f e4 ae 12
Sep 21 07:34:39.586557: |   9e f0 49 18  2f c8 a1 0f  55 82 f7 93  e5 85 ac 98
Sep 21 07:34:39.586559: |   66 fc 08 5a  83 1f 16 4a  91 02 ab 8d  15 f2 29 75
Sep 21 07:34:39.586560: |   25 ea 03 75  1c c4 3d d7  29 00 00 24  35 70 4f db
Sep 21 07:34:39.586561: |   f1 1f cf d9  94 8a f1 53  70 1b 57 0a  2b 2e 3b 1b
Sep 21 07:34:39.586563: |   26 43 2f e8  0d c9 53 08  20 e1 05 3f  29 00 00 08
Sep 21 07:34:39.586564: |   00 00 40 2e  29 00 00 1c  00 00 40 04  82 e2 17 b3
Sep 21 07:34:39.586566: |   2e c5 29 2f  4a c5 37 a3  b0 6e bb 58  e8 0e 2f 0f
Sep 21 07:34:39.586567: |   00 00 00 1c  00 00 40 05  61 73 53 9e  07 96 cd c7
Sep 21 07:34:39.586568: |   19 9f 20 d2  68 91 8d 44  94 d5 35 ff
Sep 21 07:34:39.586573: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Sep 21 07:34:39.586575: | **parse ISAKMP Message:
Sep 21 07:34:39.586577: |    initiator cookie:
Sep 21 07:34:39.586578: |   ee ed 5a 05  21 55 05 c7
Sep 21 07:34:39.586580: |    responder cookie:
Sep 21 07:34:39.586581: |   00 00 00 00  00 00 00 00
Sep 21 07:34:39.586583: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Sep 21 07:34:39.586584: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:34:39.586586: |    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
Sep 21 07:34:39.586587: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Sep 21 07:34:39.586589: |    Message ID: 0 (0x0)
Sep 21 07:34:39.586591: |    length: 828 (0x33c)
Sep 21 07:34:39.586592: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34)
Sep 21 07:34:39.586598: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request 
Sep 21 07:34:39.586600: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi)
Sep 21 07:34:39.586602: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Sep 21 07:34:39.586604: | ***parse IKEv2 Security Association Payload:
Sep 21 07:34:39.586606: |    next payload type: ISAKMP_NEXT_v2KE (0x22)
Sep 21 07:34:39.586607: |    flags: none (0x0)
Sep 21 07:34:39.586609: |    length: 436 (0x1b4)
Sep 21 07:34:39.586610: | processing payload: ISAKMP_NEXT_v2SA (len=432)
Sep 21 07:34:39.586612: | Now let's proceed with payload (ISAKMP_NEXT_v2KE)
Sep 21 07:34:39.586613: | ***parse IKEv2 Key Exchange Payload:
Sep 21 07:34:39.586615: |    next payload type: ISAKMP_NEXT_v2Ni (0x28)
Sep 21 07:34:39.586616: |    flags: none (0x0)
Sep 21 07:34:39.586618: |    length: 264 (0x108)
Sep 21 07:34:39.586619: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:34:39.586621: | processing payload: ISAKMP_NEXT_v2KE (len=256)
Sep 21 07:34:39.586622: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
Sep 21 07:34:39.586624: | ***parse IKEv2 Nonce Payload:
Sep 21 07:34:39.586625: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Sep 21 07:34:39.586626: |    flags: none (0x0)
Sep 21 07:34:39.586628: |    length: 36 (0x24)
Sep 21 07:34:39.586629: | processing payload: ISAKMP_NEXT_v2Ni (len=32)
Sep 21 07:34:39.586631: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Sep 21 07:34:39.586632: | ***parse IKEv2 Notify Payload:
Sep 21 07:34:39.586634: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Sep 21 07:34:39.586635: |    flags: none (0x0)
Sep 21 07:34:39.586636: |    length: 8 (0x8)
Sep 21 07:34:39.586638: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:34:39.586639: |    SPI size: 0 (0x0)
Sep 21 07:34:39.586641: |    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
Sep 21 07:34:39.586644: | processing payload: ISAKMP_NEXT_v2N (len=0)
Sep 21 07:34:39.586645: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Sep 21 07:34:39.586647: | ***parse IKEv2 Notify Payload:
Sep 21 07:34:39.586648: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Sep 21 07:34:39.586650: |    flags: none (0x0)
Sep 21 07:34:39.586651: |    length: 28 (0x1c)
Sep 21 07:34:39.586653: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:34:39.586654: |    SPI size: 0 (0x0)
Sep 21 07:34:39.586656: |    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Sep 21 07:34:39.586657: | processing payload: ISAKMP_NEXT_v2N (len=20)
Sep 21 07:34:39.586658: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Sep 21 07:34:39.586660: | ***parse IKEv2 Notify Payload:
Sep 21 07:34:39.586661: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:39.586663: |    flags: none (0x0)
Sep 21 07:34:39.586664: |    length: 28 (0x1c)
Sep 21 07:34:39.586665: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:34:39.586667: |    SPI size: 0 (0x0)
Sep 21 07:34:39.586668: |    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Sep 21 07:34:39.586670: | processing payload: ISAKMP_NEXT_v2N (len=20)
Sep 21 07:34:39.586672: | DDOS disabled and no cookie sent, continuing
Sep 21 07:34:39.586675: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports
Sep 21 07:34:39.586679: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Sep 21 07:34:39.586681: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW
Sep 21 07:34:39.586683: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east)
Sep 21 07:34:39.586685: | find_next_host_connection returns empty
Sep 21 07:34:39.586687: | find_host_connection local=192.1.2.23:500 remote=<none:> policy=ECDSA+IKEV2_ALLOW but ignoring ports
Sep 21 07:34:39.586689: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW
Sep 21 07:34:39.586691: | find_next_host_connection returns empty
Sep 21 07:34:39.586693: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW
Sep 21 07:34:39.586696: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports
Sep 21 07:34:39.586698: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Sep 21 07:34:39.586700: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW
Sep 21 07:34:39.586702: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east)
Sep 21 07:34:39.586724: | find_next_host_connection returns empty
Sep 21 07:34:39.586727: | find_host_connection local=192.1.2.23:500 remote=<none:> policy=RSASIG+IKEV2_ALLOW but ignoring ports
Sep 21 07:34:39.586730: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW
Sep 21 07:34:39.586732: | find_next_host_connection returns empty
Sep 21 07:34:39.586734: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW
Sep 21 07:34:39.586737: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports
Sep 21 07:34:39.586739: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Sep 21 07:34:39.586741: | find_next_host_connection policy=PSK+IKEV2_ALLOW
Sep 21 07:34:39.586743: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east)
Sep 21 07:34:39.586744: | find_next_host_connection returns east
Sep 21 07:34:39.586746: | find_next_host_connection policy=PSK+IKEV2_ALLOW
Sep 21 07:34:39.586747: | find_next_host_connection returns empty
Sep 21 07:34:39.586749: | found connection: east with policy PSK+IKEV2_ALLOW
Sep 21 07:34:39.586763: | creating state object #1 at 0x55f655b82300
Sep 21 07:34:39.586765: | State DB: adding IKEv2 state #1 in UNDEFINED
Sep 21 07:34:39.586771: | pstats #1 ikev2.ike started
Sep 21 07:34:39.586773: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0
Sep 21 07:34:39.586778: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA)
Sep 21 07:34:39.586782: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1
Sep 21 07:34:39.586795: | start processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016)
Sep 21 07:34:39.586797: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Sep 21 07:34:39.586800: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064)
Sep 21 07:34:39.586802: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000
Sep 21 07:34:39.586804: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1
Sep 21 07:34:39.586807: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0
Sep 21 07:34:39.586809: | #1 in state PARENT_R0: processing SA_INIT request
Sep 21 07:34:39.586811: | selected state microcode Respond to IKE_SA_INIT
Sep 21 07:34:39.586812: | Now let's proceed with state specific processing
Sep 21 07:34:39.586814: | calling processor Respond to IKE_SA_INIT
Sep 21 07:34:39.586831: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668)
Sep 21 07:34:39.586833: | constructing local IKE proposals for east (IKE SA responder matching remote proposals)
Sep 21 07:34:39.586838: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Sep 21 07:34:39.586843: | ...  ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Sep 21 07:34:39.586845: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Sep 21 07:34:39.586849: | ...  ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Sep 21 07:34:39.586851: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Sep 21 07:34:39.586854: | ...  ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Sep 21 07:34:39.586857: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Sep 21 07:34:39.586860: | ...  ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Sep 21 07:34:39.586865: "east": constructed local IKE proposals for east (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Sep 21 07:34:39.586868: | Comparing remote proposals against IKE responder 4 local proposals
Sep 21 07:34:39.586871: | local proposal 1 type ENCR has 1 transforms
Sep 21 07:34:39.586873: | local proposal 1 type PRF has 2 transforms
Sep 21 07:34:39.586874: | local proposal 1 type INTEG has 1 transforms
Sep 21 07:34:39.586877: | local proposal 1 type DH has 8 transforms
Sep 21 07:34:39.586879: | local proposal 1 type ESN has 0 transforms
Sep 21 07:34:39.586881: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG
Sep 21 07:34:39.586882: | local proposal 2 type ENCR has 1 transforms
Sep 21 07:34:39.586884: | local proposal 2 type PRF has 2 transforms
Sep 21 07:34:39.586885: | local proposal 2 type INTEG has 1 transforms
Sep 21 07:34:39.586887: | local proposal 2 type DH has 8 transforms
Sep 21 07:34:39.586888: | local proposal 2 type ESN has 0 transforms
Sep 21 07:34:39.586890: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG
Sep 21 07:34:39.586891: | local proposal 3 type ENCR has 1 transforms
Sep 21 07:34:39.586893: | local proposal 3 type PRF has 2 transforms
Sep 21 07:34:39.586894: | local proposal 3 type INTEG has 2 transforms
Sep 21 07:34:39.586896: | local proposal 3 type DH has 8 transforms
Sep 21 07:34:39.586897: | local proposal 3 type ESN has 0 transforms
Sep 21 07:34:39.586899: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Sep 21 07:34:39.586900: | local proposal 4 type ENCR has 1 transforms
Sep 21 07:34:39.586902: | local proposal 4 type PRF has 2 transforms
Sep 21 07:34:39.586903: | local proposal 4 type INTEG has 2 transforms
Sep 21 07:34:39.586904: | local proposal 4 type DH has 8 transforms
Sep 21 07:34:39.586906: | local proposal 4 type ESN has 0 transforms
Sep 21 07:34:39.586907: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Sep 21 07:34:39.586909: | ****parse IKEv2 Proposal Substructure Payload:
Sep 21 07:34:39.586911: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:39.586913: |    length: 100 (0x64)
Sep 21 07:34:39.586914: |    prop #: 1 (0x1)
Sep 21 07:34:39.586915: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Sep 21 07:34:39.586917: |    spi size: 0 (0x0)
Sep 21 07:34:39.586918: |    # transforms: 11 (0xb)
Sep 21 07:34:39.586921: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals
Sep 21 07:34:39.586922: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.586924: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.586925: |    length: 12 (0xc)
Sep 21 07:34:39.586927: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:39.586928: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:34:39.586930: | ******parse IKEv2 Attribute Substructure Payload:
Sep 21 07:34:39.586931: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:39.586933: |    length/value: 256 (0x100)
Sep 21 07:34:39.586935: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Sep 21 07:34:39.586937: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.586939: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.586940: |    length: 8 (0x8)
Sep 21 07:34:39.586941: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:34:39.586943: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Sep 21 07:34:39.586945: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0
Sep 21 07:34:39.586947: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0
Sep 21 07:34:39.586949: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0
Sep 21 07:34:39.586950: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0
Sep 21 07:34:39.586952: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.586953: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.586955: |    length: 8 (0x8)
Sep 21 07:34:39.586956: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:34:39.586958: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Sep 21 07:34:39.586959: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.586961: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.586964: |    length: 8 (0x8)
Sep 21 07:34:39.586966: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.586967: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:34:39.586969: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0
Sep 21 07:34:39.586971: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0
Sep 21 07:34:39.586973: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0
Sep 21 07:34:39.586974: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0
Sep 21 07:34:39.586976: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.586977: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.586979: |    length: 8 (0x8)
Sep 21 07:34:39.586980: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.586982: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Sep 21 07:34:39.586983: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.586985: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.586986: |    length: 8 (0x8)
Sep 21 07:34:39.586987: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.586989: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Sep 21 07:34:39.586990: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.586992: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.586993: |    length: 8 (0x8)
Sep 21 07:34:39.586995: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.586996: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Sep 21 07:34:39.586998: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.586999: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587000: |    length: 8 (0x8)
Sep 21 07:34:39.587002: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.587003: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Sep 21 07:34:39.587005: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587006: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587008: |    length: 8 (0x8)
Sep 21 07:34:39.587009: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.587010: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Sep 21 07:34:39.587012: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587013: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587015: |    length: 8 (0x8)
Sep 21 07:34:39.587016: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.587017: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Sep 21 07:34:39.587019: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587020: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:39.587022: |    length: 8 (0x8)
Sep 21 07:34:39.587023: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.587025: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Sep 21 07:34:39.587027: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none
Sep 21 07:34:39.587029: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH
Sep 21 07:34:39.587031: | remote proposal 1 matches local proposal 1
Sep 21 07:34:39.587033: | ****parse IKEv2 Proposal Substructure Payload:
Sep 21 07:34:39.587034: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:39.587036: |    length: 100 (0x64)
Sep 21 07:34:39.587037: |    prop #: 2 (0x2)
Sep 21 07:34:39.587038: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Sep 21 07:34:39.587040: |    spi size: 0 (0x0)
Sep 21 07:34:39.587041: |    # transforms: 11 (0xb)
Sep 21 07:34:39.587043: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals
Sep 21 07:34:39.587045: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587046: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587048: |    length: 12 (0xc)
Sep 21 07:34:39.587050: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:39.587051: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:34:39.587053: | ******parse IKEv2 Attribute Substructure Payload:
Sep 21 07:34:39.587054: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:39.587056: |    length/value: 128 (0x80)
Sep 21 07:34:39.587057: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587059: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587060: |    length: 8 (0x8)
Sep 21 07:34:39.587062: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:34:39.587063: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Sep 21 07:34:39.587065: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587066: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587067: |    length: 8 (0x8)
Sep 21 07:34:39.587069: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:34:39.587070: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Sep 21 07:34:39.587072: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587073: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587074: |    length: 8 (0x8)
Sep 21 07:34:39.587076: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.587077: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:34:39.587079: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587080: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587082: |    length: 8 (0x8)
Sep 21 07:34:39.587083: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.587084: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Sep 21 07:34:39.587086: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587087: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587089: |    length: 8 (0x8)
Sep 21 07:34:39.587090: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.587092: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Sep 21 07:34:39.587093: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587095: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587096: |    length: 8 (0x8)
Sep 21 07:34:39.587097: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.587099: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Sep 21 07:34:39.587100: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587102: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587103: |    length: 8 (0x8)
Sep 21 07:34:39.587104: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.587106: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Sep 21 07:34:39.587107: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587109: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587110: |    length: 8 (0x8)
Sep 21 07:34:39.587112: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.587113: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Sep 21 07:34:39.587115: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587116: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587117: |    length: 8 (0x8)
Sep 21 07:34:39.587119: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.587120: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Sep 21 07:34:39.587122: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587123: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:39.587124: |    length: 8 (0x8)
Sep 21 07:34:39.587126: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.587127: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Sep 21 07:34:39.587129: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH
Sep 21 07:34:39.587131: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH
Sep 21 07:34:39.587133: | ****parse IKEv2 Proposal Substructure Payload:
Sep 21 07:34:39.587135: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:39.587136: |    length: 116 (0x74)
Sep 21 07:34:39.587138: |    prop #: 3 (0x3)
Sep 21 07:34:39.587139: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Sep 21 07:34:39.587140: |    spi size: 0 (0x0)
Sep 21 07:34:39.587142: |    # transforms: 13 (0xd)
Sep 21 07:34:39.587144: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals
Sep 21 07:34:39.587145: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587147: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587148: |    length: 12 (0xc)
Sep 21 07:34:39.587149: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:39.587151: |    IKEv2 transform ID: AES_CBC (0xc)
Sep 21 07:34:39.587152: | ******parse IKEv2 Attribute Substructure Payload:
Sep 21 07:34:39.587154: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:39.587155: |    length/value: 256 (0x100)
Sep 21 07:34:39.587157: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587158: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587159: |    length: 8 (0x8)
Sep 21 07:34:39.587161: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:34:39.587162: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Sep 21 07:34:39.587164: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587165: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587167: |    length: 8 (0x8)
Sep 21 07:34:39.587168: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:34:39.587169: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Sep 21 07:34:39.587171: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587172: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587174: |    length: 8 (0x8)
Sep 21 07:34:39.587175: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:34:39.587177: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Sep 21 07:34:39.587178: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587180: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587181: |    length: 8 (0x8)
Sep 21 07:34:39.587182: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:34:39.587184: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Sep 21 07:34:39.587185: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587187: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587188: |    length: 8 (0x8)
Sep 21 07:34:39.587190: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.587191: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:34:39.587193: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587194: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587195: |    length: 8 (0x8)
Sep 21 07:34:39.587197: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.587198: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Sep 21 07:34:39.587200: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587201: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587202: |    length: 8 (0x8)
Sep 21 07:34:39.587204: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.587205: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Sep 21 07:34:39.587207: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587208: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587209: |    length: 8 (0x8)
Sep 21 07:34:39.587211: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.587212: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Sep 21 07:34:39.587214: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587215: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587217: |    length: 8 (0x8)
Sep 21 07:34:39.587218: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.587219: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Sep 21 07:34:39.587221: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587223: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587225: |    length: 8 (0x8)
Sep 21 07:34:39.587226: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.587227: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Sep 21 07:34:39.587229: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587230: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587232: |    length: 8 (0x8)
Sep 21 07:34:39.587233: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.587235: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Sep 21 07:34:39.587236: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587238: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:39.587239: |    length: 8 (0x8)
Sep 21 07:34:39.587240: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.587242: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Sep 21 07:34:39.587244: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH
Sep 21 07:34:39.587245: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH
Sep 21 07:34:39.587247: | ****parse IKEv2 Proposal Substructure Payload:
Sep 21 07:34:39.587248: |    last proposal: v2_PROPOSAL_LAST (0x0)
Sep 21 07:34:39.587250: |    length: 116 (0x74)
Sep 21 07:34:39.587251: |    prop #: 4 (0x4)
Sep 21 07:34:39.587252: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Sep 21 07:34:39.587254: |    spi size: 0 (0x0)
Sep 21 07:34:39.587255: |    # transforms: 13 (0xd)
Sep 21 07:34:39.587257: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals
Sep 21 07:34:39.587258: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587260: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587261: |    length: 12 (0xc)
Sep 21 07:34:39.587263: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:39.587264: |    IKEv2 transform ID: AES_CBC (0xc)
Sep 21 07:34:39.587266: | ******parse IKEv2 Attribute Substructure Payload:
Sep 21 07:34:39.587267: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:39.587268: |    length/value: 128 (0x80)
Sep 21 07:34:39.587270: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587272: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587273: |    length: 8 (0x8)
Sep 21 07:34:39.587274: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:34:39.587276: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Sep 21 07:34:39.587277: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587279: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587280: |    length: 8 (0x8)
Sep 21 07:34:39.587281: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:34:39.587283: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Sep 21 07:34:39.587284: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587286: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587287: |    length: 8 (0x8)
Sep 21 07:34:39.587289: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:34:39.587290: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Sep 21 07:34:39.587292: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587293: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587294: |    length: 8 (0x8)
Sep 21 07:34:39.587296: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:34:39.587297: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Sep 21 07:34:39.587299: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587300: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587301: |    length: 8 (0x8)
Sep 21 07:34:39.587303: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.587304: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:34:39.587306: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587307: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587309: |    length: 8 (0x8)
Sep 21 07:34:39.587311: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.587312: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Sep 21 07:34:39.587314: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587315: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587317: |    length: 8 (0x8)
Sep 21 07:34:39.587318: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.587319: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Sep 21 07:34:39.587321: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587322: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587324: |    length: 8 (0x8)
Sep 21 07:34:39.587325: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.587327: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Sep 21 07:34:39.587328: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587330: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587331: |    length: 8 (0x8)
Sep 21 07:34:39.587332: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.587334: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Sep 21 07:34:39.587335: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587337: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587338: |    length: 8 (0x8)
Sep 21 07:34:39.587339: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.587341: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Sep 21 07:34:39.587342: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587344: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.587345: |    length: 8 (0x8)
Sep 21 07:34:39.587346: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.587348: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Sep 21 07:34:39.587349: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.587351: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:39.587352: |    length: 8 (0x8)
Sep 21 07:34:39.587354: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.587355: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Sep 21 07:34:39.587357: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH
Sep 21 07:34:39.587359: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH
Sep 21 07:34:39.587361: "east" #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519
Sep 21 07:34:39.587364: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048
Sep 21 07:34:39.587366: | converting proposal to internal trans attrs
Sep 21 07:34:39.587368: | natd_hash: rcookie is zero
Sep 21 07:34:39.587375: | natd_hash: hasher=0x55f6557fe7a0(20)
Sep 21 07:34:39.587376: | natd_hash: icookie=  ee ed 5a 05  21 55 05 c7
Sep 21 07:34:39.587378: | natd_hash: rcookie=  00 00 00 00  00 00 00 00
Sep 21 07:34:39.587379: | natd_hash: ip=  c0 01 02 17
Sep 21 07:34:39.587381: | natd_hash: port=  01 f4
Sep 21 07:34:39.587382: | natd_hash: hash=  61 73 53 9e  07 96 cd c7  19 9f 20 d2  68 91 8d 44
Sep 21 07:34:39.587383: | natd_hash: hash=  94 d5 35 ff
Sep 21 07:34:39.587385: | natd_hash: rcookie is zero
Sep 21 07:34:39.587389: | natd_hash: hasher=0x55f6557fe7a0(20)
Sep 21 07:34:39.587391: | natd_hash: icookie=  ee ed 5a 05  21 55 05 c7
Sep 21 07:34:39.587393: | natd_hash: rcookie=  00 00 00 00  00 00 00 00
Sep 21 07:34:39.587394: | natd_hash: ip=  c0 01 02 2d
Sep 21 07:34:39.587395: | natd_hash: port=  01 f4
Sep 21 07:34:39.587397: | natd_hash: hash=  82 e2 17 b3  2e c5 29 2f  4a c5 37 a3  b0 6e bb 58
Sep 21 07:34:39.587398: | natd_hash: hash=  e8 0e 2f 0f
Sep 21 07:34:39.587399: | NAT_TRAVERSAL encaps using auto-detect
Sep 21 07:34:39.587401: | NAT_TRAVERSAL this end is NOT behind NAT
Sep 21 07:34:39.587402: | NAT_TRAVERSAL that end is NOT behind NAT
Sep 21 07:34:39.587404: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45
Sep 21 07:34:39.587406: | adding ikev2_inI1outR1 KE work-order 1 for state #1
Sep 21 07:34:39.587408: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55f655b84f10
Sep 21 07:34:39.587410: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Sep 21 07:34:39.587412: | libevent_malloc: new ptr-libevent@0x55f655b84f50 size 128
Sep 21 07:34:39.587420: |   #1 spent 0.59 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet()
Sep 21 07:34:39.587424: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:34:39.587427: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND
Sep 21 07:34:39.587428: | suspending state #1 and saving MD
Sep 21 07:34:39.587430: | #1 is busy; has a suspended MD
Sep 21 07:34:39.587432: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266)
Sep 21 07:34:39.587434: | "east" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448
Sep 21 07:34:39.587437: | stop processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
Sep 21 07:34:39.587439: | #1 spent 0.95 milliseconds in ikev2_process_packet()
Sep 21 07:34:39.587442: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Sep 21 07:34:39.587443: | processing: STOP state #0 (in process_md() at demux.c:382)
Sep 21 07:34:39.587445: | processing: STOP connection NULL (in process_md() at demux.c:383)
Sep 21 07:34:39.587447: | spent 0.958 milliseconds in comm_handle_cb() reading and processing packet
Sep 21 07:34:39.587454: | crypto helper 0 resuming
Sep 21 07:34:39.587462: | crypto helper 0 starting work-order 1 for state #1
Sep 21 07:34:39.587466: | crypto helper 0 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1
Sep 21 07:34:39.588057: | crypto helper 0 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.000591 seconds
Sep 21 07:34:39.588065: | (#1) spent 0.596 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr)
Sep 21 07:34:39.588067: | crypto helper 0 sending results from work-order 1 for state #1 to event queue
Sep 21 07:34:39.588069: | scheduling resume sending helper answer for #1
Sep 21 07:34:39.588071: | libevent_malloc: new ptr-libevent@0x7f713c006900 size 128
Sep 21 07:34:39.588077: | crypto helper 0 waiting (nothing to do)
Sep 21 07:34:39.588111: | processing resume sending helper answer for #1
Sep 21 07:34:39.588119: | start processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797)
Sep 21 07:34:39.588123: | crypto helper 0 replies to request ID 1
Sep 21 07:34:39.588124: | calling continuation function 0x55f655728630
Sep 21 07:34:39.588126: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1
Sep 21 07:34:39.588152: | **emit ISAKMP Message:
Sep 21 07:34:39.588154: |    initiator cookie:
Sep 21 07:34:39.588155: |   ee ed 5a 05  21 55 05 c7
Sep 21 07:34:39.588157: |    responder cookie:
Sep 21 07:34:39.588158: |   63 c4 e5 ff  2e fe fb f8
Sep 21 07:34:39.588160: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Sep 21 07:34:39.588161: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:34:39.588165: |    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
Sep 21 07:34:39.588167: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Sep 21 07:34:39.588168: |    Message ID: 0 (0x0)
Sep 21 07:34:39.588170: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Sep 21 07:34:39.588172: | Emitting ikev2_proposal ...
Sep 21 07:34:39.588173: | ***emit IKEv2 Security Association Payload:
Sep 21 07:34:39.588175: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:39.588176: |    flags: none (0x0)
Sep 21 07:34:39.588178: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Sep 21 07:34:39.588180: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:39.588182: | ****emit IKEv2 Proposal Substructure Payload:
Sep 21 07:34:39.588183: |    last proposal: v2_PROPOSAL_LAST (0x0)
Sep 21 07:34:39.588185: |    prop #: 1 (0x1)
Sep 21 07:34:39.588186: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Sep 21 07:34:39.588188: |    spi size: 0 (0x0)
Sep 21 07:34:39.588189: |    # transforms: 3 (0x3)
Sep 21 07:34:39.588191: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Sep 21 07:34:39.588193: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.588194: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.588196: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:39.588197: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:34:39.588199: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:39.588201: | ******emit IKEv2 Attribute Substructure Payload:
Sep 21 07:34:39.588203: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:39.588204: |    length/value: 256 (0x100)
Sep 21 07:34:39.588206: | emitting length of IKEv2 Transform Substructure Payload: 12
Sep 21 07:34:39.588207: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.588209: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.588210: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:34:39.588212: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Sep 21 07:34:39.588214: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.588215: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:39.588217: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:39.588218: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.588220: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:39.588221: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:34:39.588223: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:34:39.588225: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.588226: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:39.588228: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:39.588229: | emitting length of IKEv2 Proposal Substructure Payload: 36
Sep 21 07:34:39.588231: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Sep 21 07:34:39.588232: | emitting length of IKEv2 Security Association Payload: 40
Sep 21 07:34:39.588234: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Sep 21 07:34:39.588236: | ***emit IKEv2 Key Exchange Payload:
Sep 21 07:34:39.588238: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:39.588240: |    flags: none (0x0)
Sep 21 07:34:39.588242: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:34:39.588243: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE)
Sep 21 07:34:39.588245: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:39.588247: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
Sep 21 07:34:39.588249: | ikev2 g^x  a3 0c 97 6a  be 08 e9 41  83 e3 d2 09  24 bc fd b9
Sep 21 07:34:39.588250: | ikev2 g^x  83 06 e9 d6  28 51 1f 19  7d 4d 0b 45  c8 f5 6a ed
Sep 21 07:34:39.588252: | ikev2 g^x  0b e8 67 db  1c cb cd cb  46 88 08 73  5e e0 49 0b
Sep 21 07:34:39.588253: | ikev2 g^x  93 50 14 58  b6 88 4d dd  23 f9 95 4a  1d 4e f7 b0
Sep 21 07:34:39.588254: | ikev2 g^x  3c 85 a9 96  0a 88 1a db  c2 ed 8d 52  4a f7 4a 8a
Sep 21 07:34:39.588256: | ikev2 g^x  a6 7f e4 ea  c3 27 96 60  9f d0 6b f0  b6 e6 62 99
Sep 21 07:34:39.588257: | ikev2 g^x  9d da d7 f9  f6 5a 3d 28  50 bf d1 41  cc f6 f0 a0
Sep 21 07:34:39.588258: | ikev2 g^x  18 48 e9 1f  fb a6 89 b1  11 72 15 6b  06 82 7e 5f
Sep 21 07:34:39.588260: | ikev2 g^x  69 07 9d 64  98 38 69 60  c4 11 06 f5  01 5d 6e f7
Sep 21 07:34:39.588261: | ikev2 g^x  cd 21 1a f2  31 31 ba ea  f0 fc e9 a6  72 46 f7 79
Sep 21 07:34:39.588263: | ikev2 g^x  13 33 fb 93  73 ae 02 b3  52 c6 03 4e  c8 c9 42 17
Sep 21 07:34:39.588264: | ikev2 g^x  17 18 77 74  fb 78 95 7b  ac 16 e9 3d  0f c7 c7 8a
Sep 21 07:34:39.588265: | ikev2 g^x  92 66 d9 df  75 3d 98 26  96 e2 42 d9  1a 0b 44 53
Sep 21 07:34:39.588267: | ikev2 g^x  6f 87 18 9c  72 28 67 87  99 4c 11 95  f4 25 7f 2f
Sep 21 07:34:39.588268: | ikev2 g^x  2b 99 e3 25  8b ae ea f6  f2 3e 7f 65  44 66 6a 30
Sep 21 07:34:39.588270: | ikev2 g^x  01 10 44 68  13 1a 50 01  6c 45 4b f9  ea b7 37 39
Sep 21 07:34:39.588271: | emitting length of IKEv2 Key Exchange Payload: 264
Sep 21 07:34:39.588273: | ***emit IKEv2 Nonce Payload:
Sep 21 07:34:39.588274: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Sep 21 07:34:39.588276: |    flags: none (0x0)
Sep 21 07:34:39.588277: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N
Sep 21 07:34:39.588279: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni)
Sep 21 07:34:39.588281: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:39.588282: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
Sep 21 07:34:39.588284: | IKEv2 nonce  24 84 01 d5  d1 bd 8c f5  39 c0 ac 41  6c b0 05 20
Sep 21 07:34:39.588285: | IKEv2 nonce  d4 6c c7 26  95 2a d9 f2  b5 fb 63 31  7b 7a 00 46
Sep 21 07:34:39.588287: | emitting length of IKEv2 Nonce Payload: 36
Sep 21 07:34:39.588288: | Adding a v2N Payload
Sep 21 07:34:39.588290: | ***emit IKEv2 Notify Payload:
Sep 21 07:34:39.588291: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:39.588292: |    flags: none (0x0)
Sep 21 07:34:39.588294: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:34:39.588295: |    SPI size: 0 (0x0)
Sep 21 07:34:39.588297: |    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
Sep 21 07:34:39.588299: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Sep 21 07:34:39.588300: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:39.588302: | emitting length of IKEv2 Notify Payload: 8
Sep 21 07:34:39.588304: |  NAT-Traversal support  [enabled] add v2N payloads.
Sep 21 07:34:39.588311: | natd_hash: hasher=0x55f6557fe7a0(20)
Sep 21 07:34:39.588313: | natd_hash: icookie=  ee ed 5a 05  21 55 05 c7
Sep 21 07:34:39.588314: | natd_hash: rcookie=  63 c4 e5 ff  2e fe fb f8
Sep 21 07:34:39.588316: | natd_hash: ip=  c0 01 02 17
Sep 21 07:34:39.588317: | natd_hash: port=  01 f4
Sep 21 07:34:39.588319: | natd_hash: hash=  99 f9 35 a1  17 5b d6 04  90 fd 81 a5  92 1d 8d d1
Sep 21 07:34:39.588321: | natd_hash: hash=  e5 62 50 48
Sep 21 07:34:39.588322: | Adding a v2N Payload
Sep 21 07:34:39.588323: | ***emit IKEv2 Notify Payload:
Sep 21 07:34:39.588325: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:39.588326: |    flags: none (0x0)
Sep 21 07:34:39.588328: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:34:39.588329: |    SPI size: 0 (0x0)
Sep 21 07:34:39.588331: |    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Sep 21 07:34:39.588332: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Sep 21 07:34:39.588334: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:39.588336: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Sep 21 07:34:39.588337: | Notify data  99 f9 35 a1  17 5b d6 04  90 fd 81 a5  92 1d 8d d1
Sep 21 07:34:39.588339: | Notify data  e5 62 50 48
Sep 21 07:34:39.588340: | emitting length of IKEv2 Notify Payload: 28
Sep 21 07:34:39.588343: | natd_hash: hasher=0x55f6557fe7a0(20)
Sep 21 07:34:39.588345: | natd_hash: icookie=  ee ed 5a 05  21 55 05 c7
Sep 21 07:34:39.588346: | natd_hash: rcookie=  63 c4 e5 ff  2e fe fb f8
Sep 21 07:34:39.588348: | natd_hash: ip=  c0 01 02 2d
Sep 21 07:34:39.588349: | natd_hash: port=  01 f4
Sep 21 07:34:39.588350: | natd_hash: hash=  78 1f d8 cd  2d 8b 7d 0f  d3 5f 2e 39  95 77 f7 5f
Sep 21 07:34:39.588352: | natd_hash: hash=  fe 2e 63 a0
Sep 21 07:34:39.588353: | Adding a v2N Payload
Sep 21 07:34:39.588354: | ***emit IKEv2 Notify Payload:
Sep 21 07:34:39.588356: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:39.588357: |    flags: none (0x0)
Sep 21 07:34:39.588358: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:34:39.588360: |    SPI size: 0 (0x0)
Sep 21 07:34:39.588361: |    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Sep 21 07:34:39.588363: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Sep 21 07:34:39.588365: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:39.588366: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Sep 21 07:34:39.588368: | Notify data  78 1f d8 cd  2d 8b 7d 0f  d3 5f 2e 39  95 77 f7 5f
Sep 21 07:34:39.588369: | Notify data  fe 2e 63 a0
Sep 21 07:34:39.588370: | emitting length of IKEv2 Notify Payload: 28
Sep 21 07:34:39.588372: | emitting length of ISAKMP Message: 432
Sep 21 07:34:39.588376: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:34:39.588378: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK
Sep 21 07:34:39.588380: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1
Sep 21 07:34:39.588382: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA)
Sep 21 07:34:39.588384: | Message ID: updating counters for #1 to 0 after switching state
Sep 21 07:34:39.588387: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1
Sep 21 07:34:39.588389: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1
Sep 21 07:34:39.588392: "east" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
Sep 21 07:34:39.588395: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500)
Sep 21 07:34:39.588400: | sending 432 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1)
Sep 21 07:34:39.588402: |   ee ed 5a 05  21 55 05 c7  63 c4 e5 ff  2e fe fb f8
Sep 21 07:34:39.588403: |   21 20 22 20  00 00 00 00  00 00 01 b0  22 00 00 28
Sep 21 07:34:39.588406: |   00 00 00 24  01 01 00 03  03 00 00 0c  01 00 00 14
Sep 21 07:34:39.588408: |   80 0e 01 00  03 00 00 08  02 00 00 07  00 00 00 08
Sep 21 07:34:39.588409: |   04 00 00 0e  28 00 01 08  00 0e 00 00  a3 0c 97 6a
Sep 21 07:34:39.588410: |   be 08 e9 41  83 e3 d2 09  24 bc fd b9  83 06 e9 d6
Sep 21 07:34:39.588412: |   28 51 1f 19  7d 4d 0b 45  c8 f5 6a ed  0b e8 67 db
Sep 21 07:34:39.588413: |   1c cb cd cb  46 88 08 73  5e e0 49 0b  93 50 14 58
Sep 21 07:34:39.588414: |   b6 88 4d dd  23 f9 95 4a  1d 4e f7 b0  3c 85 a9 96
Sep 21 07:34:39.588416: |   0a 88 1a db  c2 ed 8d 52  4a f7 4a 8a  a6 7f e4 ea
Sep 21 07:34:39.588417: |   c3 27 96 60  9f d0 6b f0  b6 e6 62 99  9d da d7 f9
Sep 21 07:34:39.588418: |   f6 5a 3d 28  50 bf d1 41  cc f6 f0 a0  18 48 e9 1f
Sep 21 07:34:39.588420: |   fb a6 89 b1  11 72 15 6b  06 82 7e 5f  69 07 9d 64
Sep 21 07:34:39.588421: |   98 38 69 60  c4 11 06 f5  01 5d 6e f7  cd 21 1a f2
Sep 21 07:34:39.588422: |   31 31 ba ea  f0 fc e9 a6  72 46 f7 79  13 33 fb 93
Sep 21 07:34:39.588424: |   73 ae 02 b3  52 c6 03 4e  c8 c9 42 17  17 18 77 74
Sep 21 07:34:39.588425: |   fb 78 95 7b  ac 16 e9 3d  0f c7 c7 8a  92 66 d9 df
Sep 21 07:34:39.588426: |   75 3d 98 26  96 e2 42 d9  1a 0b 44 53  6f 87 18 9c
Sep 21 07:34:39.588428: |   72 28 67 87  99 4c 11 95  f4 25 7f 2f  2b 99 e3 25
Sep 21 07:34:39.588429: |   8b ae ea f6  f2 3e 7f 65  44 66 6a 30  01 10 44 68
Sep 21 07:34:39.588430: |   13 1a 50 01  6c 45 4b f9  ea b7 37 39  29 00 00 24
Sep 21 07:34:39.588432: |   24 84 01 d5  d1 bd 8c f5  39 c0 ac 41  6c b0 05 20
Sep 21 07:34:39.588433: |   d4 6c c7 26  95 2a d9 f2  b5 fb 63 31  7b 7a 00 46
Sep 21 07:34:39.588434: |   29 00 00 08  00 00 40 2e  29 00 00 1c  00 00 40 04
Sep 21 07:34:39.588436: |   99 f9 35 a1  17 5b d6 04  90 fd 81 a5  92 1d 8d d1
Sep 21 07:34:39.588437: |   e5 62 50 48  00 00 00 1c  00 00 40 05  78 1f d8 cd
Sep 21 07:34:39.588438: |   2d 8b 7d 0f  d3 5f 2e 39  95 77 f7 5f  fe 2e 63 a0
Sep 21 07:34:39.588461: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Sep 21 07:34:39.588464: | libevent_free: release ptr-libevent@0x55f655b84f50
Sep 21 07:34:39.588466: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55f655b84f10
Sep 21 07:34:39.588467: | event_schedule: new EVENT_SO_DISCARD-pe@0x55f655b84f10
Sep 21 07:34:39.588470: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1
Sep 21 07:34:39.588471: | libevent_malloc: new ptr-libevent@0x55f655b84f50 size 128
Sep 21 07:34:39.588474: | resume sending helper answer for #1 suppresed complete_v2_state_transition()
Sep 21 07:34:39.588478: | #1 spent 0.345 milliseconds in resume sending helper answer
Sep 21 07:34:39.588481: | stop processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833)
Sep 21 07:34:39.588483: | libevent_free: release ptr-libevent@0x7f713c006900
Sep 21 07:34:39.590593: | spent 0.00225 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Sep 21 07:34:39.590615: | *received 365 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Sep 21 07:34:39.590619: |   ee ed 5a 05  21 55 05 c7  63 c4 e5 ff  2e fe fb f8
Sep 21 07:34:39.590621: |   2e 20 23 08  00 00 00 01  00 00 01 6d  23 00 01 51
Sep 21 07:34:39.590623: |   ae 13 34 93  73 7e 2e 48  74 6a 3c c8  40 94 99 27
Sep 21 07:34:39.590625: |   f0 e1 aa 05  73 f8 6f fd  81 c8 f5 9c  f1 53 9d be
Sep 21 07:34:39.590627: |   08 16 a1 77  77 a6 34 b5  89 04 64 a2  39 79 07 6f
Sep 21 07:34:39.590629: |   d2 8d 1b cb  89 99 62 54  47 bc 2e 79  83 49 7e 84
Sep 21 07:34:39.590631: |   17 f2 90 9e  f2 ac 94 04  e5 0d f9 2c  ab ea be ee
Sep 21 07:34:39.590633: |   d6 cf 56 26  61 df bb 07  35 ca 34 74  1d 54 fd 13
Sep 21 07:34:39.590635: |   19 34 db 30  4c 42 d1 e1  cc 57 9b 61  6f c2 22 73
Sep 21 07:34:39.590638: |   26 40 97 49  31 18 c6 a8  c3 5d a5 9e  d7 2e d0 a5
Sep 21 07:34:39.590640: |   a1 f0 0a 15  f7 81 67 e8  92 68 4e fc  b1 90 41 a2
Sep 21 07:34:39.590642: |   f9 bf 14 4d  82 bb 48 48  d9 7b 4e 22  5f 2e ef 47
Sep 21 07:34:39.590644: |   9c 3c 73 2d  ab 70 e1 fa  65 90 90 3a  90 42 b6 7b
Sep 21 07:34:39.590651: |   c7 4c fc 93  f4 93 d6 81  0e 82 33 a4  76 e8 10 ba
Sep 21 07:34:39.590653: |   99 5c 55 c2  9f ed e2 bd  35 a4 a5 38  fe de 51 97
Sep 21 07:34:39.590655: |   ee 69 28 5c  3b df 47 e3  18 1b 8e 86  b1 cb 92 9b
Sep 21 07:34:39.590658: |   2e b4 36 e2  ab 71 48 2b  46 e8 2a 30  f0 5f cf 14
Sep 21 07:34:39.590660: |   db 17 ed 36  cc 70 fa 5f  f3 66 fa 17  5a a0 af 3c
Sep 21 07:34:39.590662: |   b4 a0 43 c3  bf ee 63 71  32 bf 8d 63  ae 47 41 4a
Sep 21 07:34:39.590664: |   e1 e3 14 60  70 25 11 80  84 de 9a 0a  b4 c3 67 0b
Sep 21 07:34:39.590666: |   db 27 22 34  75 01 7a 60  8c 58 eb 45  4a 78 c8 3b
Sep 21 07:34:39.590668: |   f8 45 fb e9  18 64 ed 00  13 ba 2e 8c  3a e0 f2 58
Sep 21 07:34:39.590670: |   a3 32 88 02  ab 90 5c 31  7c f4 5a 54  fd
Sep 21 07:34:39.590675: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Sep 21 07:34:39.590678: | **parse ISAKMP Message:
Sep 21 07:34:39.590681: |    initiator cookie:
Sep 21 07:34:39.590683: |   ee ed 5a 05  21 55 05 c7
Sep 21 07:34:39.590685: |    responder cookie:
Sep 21 07:34:39.590687: |   63 c4 e5 ff  2e fe fb f8
Sep 21 07:34:39.590690: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Sep 21 07:34:39.590693: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:34:39.590695: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Sep 21 07:34:39.590698: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Sep 21 07:34:39.590700: |    Message ID: 1 (0x1)
Sep 21 07:34:39.590703: |    length: 365 (0x16d)
Sep 21 07:34:39.590706: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35)
Sep 21 07:34:39.590709: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request 
Sep 21 07:34:39.590712: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa)
Sep 21 07:34:39.590718: | start processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016)
Sep 21 07:34:39.590721: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Sep 21 07:34:39.590725: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064)
Sep 21 07:34:39.590728: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001
Sep 21 07:34:39.590732: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0
Sep 21 07:34:39.590734: | unpacking clear payload
Sep 21 07:34:39.590736: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
Sep 21 07:34:39.590739: | ***parse IKEv2 Encryption Payload:
Sep 21 07:34:39.590742: |    next payload type: ISAKMP_NEXT_v2IDi (0x23)
Sep 21 07:34:39.590744: |    flags: none (0x0)
Sep 21 07:34:39.590746: |    length: 337 (0x151)
Sep 21 07:34:39.590749: | processing payload: ISAKMP_NEXT_v2SK (len=333)
Sep 21 07:34:39.590753: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1
Sep 21 07:34:39.590756: | #1 in state PARENT_R1: received v2I1, sent v2R1
Sep 21 07:34:39.590759: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED)
Sep 21 07:34:39.590761: | Now let's proceed with state specific processing
Sep 21 07:34:39.590763: | calling processor Responder: process IKE_AUTH request (no SKEYSEED)
Sep 21 07:34:39.590767: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2
Sep 21 07:34:39.590770: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16
Sep 21 07:34:39.590773: | adding ikev2_inI2outR2 KE work-order 2 for state #1
Sep 21 07:34:39.590776: | state #1 requesting EVENT_SO_DISCARD to be deleted
Sep 21 07:34:39.590779: | libevent_free: release ptr-libevent@0x55f655b84f50
Sep 21 07:34:39.590782: | free_event_entry: release EVENT_SO_DISCARD-pe@0x55f655b84f10
Sep 21 07:34:39.590791: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55f655b84f10
Sep 21 07:34:39.590795: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Sep 21 07:34:39.590800: | libevent_malloc: new ptr-libevent@0x55f655b84f50 size 128
Sep 21 07:34:39.590823: |   #1 spent 0.0517 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet()
Sep 21 07:34:39.590829: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:34:39.590832: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND
Sep 21 07:34:39.590834: | suspending state #1 and saving MD
Sep 21 07:34:39.590836: | #1 is busy; has a suspended MD
Sep 21 07:34:39.590840: | [RE]START processing: state #1 connection "east" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266)
Sep 21 07:34:39.590844: | "east" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448
Sep 21 07:34:39.590848: | stop processing: state #1 connection "east" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
Sep 21 07:34:39.590852: | #1 spent 0.244 milliseconds in ikev2_process_packet()
Sep 21 07:34:39.590856: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Sep 21 07:34:39.590859: | processing: STOP state #0 (in process_md() at demux.c:382)
Sep 21 07:34:39.590859: | crypto helper 1 resuming
Sep 21 07:34:39.590870: | crypto helper 1 starting work-order 2 for state #1
Sep 21 07:34:39.590862: | processing: STOP connection NULL (in process_md() at demux.c:383)
Sep 21 07:34:39.590876: | crypto helper 1 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2
Sep 21 07:34:39.590882: | spent 0.268 milliseconds in comm_handle_cb() reading and processing packet
Sep 21 07:34:39.591399: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4
Sep 21 07:34:39.591657: | crypto helper 1 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.000781 seconds
Sep 21 07:34:39.591663: | (#1) spent 0.784 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr)
Sep 21 07:34:39.591665: | crypto helper 1 sending results from work-order 2 for state #1 to event queue
Sep 21 07:34:39.591666: | scheduling resume sending helper answer for #1
Sep 21 07:34:39.591669: | libevent_malloc: new ptr-libevent@0x7f7134006b90 size 128
Sep 21 07:34:39.591674: | crypto helper 1 waiting (nothing to do)
Sep 21 07:34:39.591679: | processing resume sending helper answer for #1
Sep 21 07:34:39.591686: | start processing: state #1 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:797)
Sep 21 07:34:39.591689: | crypto helper 1 replies to request ID 2
Sep 21 07:34:39.591690: | calling continuation function 0x55f655728630
Sep 21 07:34:39.591692: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2
Sep 21 07:34:39.591694: | #1 in state PARENT_R1: received v2I1, sent v2R1
Sep 21 07:34:39.591704: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success
Sep 21 07:34:39.591706: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi)
Sep 21 07:34:39.591708: | **parse IKEv2 Identification - Initiator - Payload:
Sep 21 07:34:39.591710: |    next payload type: ISAKMP_NEXT_v2IDr (0x24)
Sep 21 07:34:39.591711: |    flags: none (0x0)
Sep 21 07:34:39.591713: |    length: 12 (0xc)
Sep 21 07:34:39.591714: |    ID type: ID_FQDN (0x2)
Sep 21 07:34:39.591716: | processing payload: ISAKMP_NEXT_v2IDi (len=4)
Sep 21 07:34:39.591717: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr)
Sep 21 07:34:39.591719: | **parse IKEv2 Identification - Responder - Payload:
Sep 21 07:34:39.591720: |    next payload type: ISAKMP_NEXT_v2AUTH (0x27)
Sep 21 07:34:39.591722: |    flags: none (0x0)
Sep 21 07:34:39.591723: |    length: 12 (0xc)
Sep 21 07:34:39.591724: |    ID type: ID_FQDN (0x2)
Sep 21 07:34:39.591726: | processing payload: ISAKMP_NEXT_v2IDr (len=4)
Sep 21 07:34:39.591727: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH)
Sep 21 07:34:39.591729: | **parse IKEv2 Authentication Payload:
Sep 21 07:34:39.591731: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Sep 21 07:34:39.591732: |    flags: none (0x0)
Sep 21 07:34:39.591736: |    length: 72 (0x48)
Sep 21 07:34:39.591737: |    auth method: IKEv2_AUTH_SHARED (0x2)
Sep 21 07:34:39.591739: | processing payload: ISAKMP_NEXT_v2AUTH (len=64)
Sep 21 07:34:39.591740: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Sep 21 07:34:39.591742: | **parse IKEv2 Security Association Payload:
Sep 21 07:34:39.591743: |    next payload type: ISAKMP_NEXT_v2TSi (0x2c)
Sep 21 07:34:39.591744: |    flags: none (0x0)
Sep 21 07:34:39.591746: |    length: 164 (0xa4)
Sep 21 07:34:39.591747: | processing payload: ISAKMP_NEXT_v2SA (len=160)
Sep 21 07:34:39.591749: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi)
Sep 21 07:34:39.591750: | **parse IKEv2 Traffic Selector - Initiator - Payload:
Sep 21 07:34:39.591752: |    next payload type: ISAKMP_NEXT_v2TSr (0x2d)
Sep 21 07:34:39.591753: |    flags: none (0x0)
Sep 21 07:34:39.591754: |    length: 24 (0x18)
Sep 21 07:34:39.591756: |    number of TS: 1 (0x1)
Sep 21 07:34:39.591757: | processing payload: ISAKMP_NEXT_v2TSi (len=16)
Sep 21 07:34:39.591759: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr)
Sep 21 07:34:39.591760: | **parse IKEv2 Traffic Selector - Responder - Payload:
Sep 21 07:34:39.591762: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:39.591763: |    flags: none (0x0)
Sep 21 07:34:39.591764: |    length: 24 (0x18)
Sep 21 07:34:39.591766: |    number of TS: 1 (0x1)
Sep 21 07:34:39.591767: | processing payload: ISAKMP_NEXT_v2TSr (len=16)
Sep 21 07:34:39.591769: | selected state microcode Responder: process IKE_AUTH request
Sep 21 07:34:39.591770: | Now let's proceed with state specific processing
Sep 21 07:34:39.591771: | calling processor Responder: process IKE_AUTH request
Sep 21 07:34:39.591775: "east" #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr}
Sep 21 07:34:39.591779: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668)
Sep 21 07:34:39.591781: | received IDr payload - extracting our alleged ID
Sep 21 07:34:39.591806: | refine_host_connection for IKEv2: starting with "east"
Sep 21 07:34:39.591811: |    match_id a=@west
Sep 21 07:34:39.591812: |             b=@west
Sep 21 07:34:39.591827: |    results  matched
Sep 21 07:34:39.591829: | refine_host_connection: checking "east" against "east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0))
Sep 21 07:34:39.591831: | Warning: not switching back to template of current instance
Sep 21 07:34:39.591832: | Peer expects us to be @east (ID_FQDN) according to its IDr payload
Sep 21 07:34:39.591834: | This connection's local id is @east (ID_FQDN)
Sep 21 07:34:39.591836: | refine_host_connection: checked east against east, now for see if best
Sep 21 07:34:39.591838: | started looking for secret for @east->@west of kind PKK_PSK
Sep 21 07:34:39.591840: | actually looking for secret for @east->@west of kind PKK_PSK
Sep 21 07:34:39.591842: | line 1: key type PKK_PSK(@east) to type PKK_PSK
Sep 21 07:34:39.591844: | 1: compared key @east to @east / @west -> 010
Sep 21 07:34:39.591846: | 2: compared key @west to @east / @west -> 014
Sep 21 07:34:39.591847: | line 1: match=014
Sep 21 07:34:39.591849: | match 014 beats previous best_match 000 match=0x55f655b73f60 (line=1)
Sep 21 07:34:39.591851: | concluding with best_match=014 best=0x55f655b73f60 (lineno=1)
Sep 21 07:34:39.591852: | returning because exact peer id match
Sep 21 07:34:39.591854: | offered CA: '%none'
Sep 21 07:34:39.591856: "east" #1: IKEv2 mode peer ID is ID_FQDN: '@west'
Sep 21 07:34:39.591870: | verifying AUTH payload
Sep 21 07:34:39.591872: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret
Sep 21 07:34:39.591874: | started looking for secret for @east->@west of kind PKK_PSK
Sep 21 07:34:39.591876: | actually looking for secret for @east->@west of kind PKK_PSK
Sep 21 07:34:39.591877: | line 1: key type PKK_PSK(@east) to type PKK_PSK
Sep 21 07:34:39.591879: | 1: compared key @east to @east / @west -> 010
Sep 21 07:34:39.591881: | 2: compared key @west to @east / @west -> 014
Sep 21 07:34:39.591884: | line 1: match=014
Sep 21 07:34:39.591886: | match 014 beats previous best_match 000 match=0x55f655b73f60 (line=1)
Sep 21 07:34:39.591887: | concluding with best_match=014 best=0x55f655b73f60 (lineno=1)
Sep 21 07:34:39.591925: "east" #1: Authenticated using authby=secret
Sep 21 07:34:39.591928: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA)
Sep 21 07:34:39.591931: | #1 will start re-keying in 3598 seconds with margin of 2 seconds (attempting re-key)
Sep 21 07:34:39.591932: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Sep 21 07:34:39.591934: | libevent_free: release ptr-libevent@0x55f655b84f50
Sep 21 07:34:39.591936: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55f655b84f10
Sep 21 07:34:39.591938: | event_schedule: new EVENT_SA_REKEY-pe@0x55f655b84f10
Sep 21 07:34:39.591940: | inserting event EVENT_SA_REKEY, timeout in 3598 seconds for #1
Sep 21 07:34:39.591942: | libevent_malloc: new ptr-libevent@0x55f655b84f50 size 128
Sep 21 07:34:39.592011: | pstats #1 ikev2.ike established
Sep 21 07:34:39.592016: | **emit ISAKMP Message:
Sep 21 07:34:39.592018: |    initiator cookie:
Sep 21 07:34:39.592019: |   ee ed 5a 05  21 55 05 c7
Sep 21 07:34:39.592021: |    responder cookie:
Sep 21 07:34:39.592022: |   63 c4 e5 ff  2e fe fb f8
Sep 21 07:34:39.592024: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Sep 21 07:34:39.592025: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:34:39.592027: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Sep 21 07:34:39.592029: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Sep 21 07:34:39.592030: |    Message ID: 1 (0x1)
Sep 21 07:34:39.592032: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Sep 21 07:34:39.592034: | IKEv2 CERT: send a certificate?
Sep 21 07:34:39.592036: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK
Sep 21 07:34:39.592037: | ***emit IKEv2 Encryption Payload:
Sep 21 07:34:39.592039: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:39.592040: |    flags: none (0x0)
Sep 21 07:34:39.592042: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Sep 21 07:34:39.592046: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:39.592068: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Sep 21 07:34:39.592075: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED
Sep 21 07:34:39.592099: | ****emit IKEv2 Identification - Responder - Payload:
Sep 21 07:34:39.592103: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:39.592106: |    flags: none (0x0)
Sep 21 07:34:39.592108: |    ID type: ID_FQDN (0x2)
Sep 21 07:34:39.592112: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr)
Sep 21 07:34:39.592115: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:39.592119: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload
Sep 21 07:34:39.592122: | my identity  65 61 73 74
Sep 21 07:34:39.592124: | emitting length of IKEv2 Identification - Responder - Payload: 12
Sep 21 07:34:39.592132: | assembled IDr payload
Sep 21 07:34:39.592134: | CHILD SA proposals received
Sep 21 07:34:39.592137: | going to assemble AUTH payload
Sep 21 07:34:39.592139: | ****emit IKEv2 Authentication Payload:
Sep 21 07:34:39.592142: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Sep 21 07:34:39.592145: |    flags: none (0x0)
Sep 21 07:34:39.592147: |    auth method: IKEv2_AUTH_SHARED (0x2)
Sep 21 07:34:39.592151: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA
Sep 21 07:34:39.592154: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH)
Sep 21 07:34:39.592160: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:39.592164: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret
Sep 21 07:34:39.592168: | started looking for secret for @east->@west of kind PKK_PSK
Sep 21 07:34:39.592171: | actually looking for secret for @east->@west of kind PKK_PSK
Sep 21 07:34:39.592174: | line 1: key type PKK_PSK(@east) to type PKK_PSK
Sep 21 07:34:39.592178: | 1: compared key @east to @east / @west -> 010
Sep 21 07:34:39.592181: | 2: compared key @west to @east / @west -> 014
Sep 21 07:34:39.592184: | line 1: match=014
Sep 21 07:34:39.592187: | match 014 beats previous best_match 000 match=0x55f655b73f60 (line=1)
Sep 21 07:34:39.592189: | concluding with best_match=014 best=0x55f655b73f60 (lineno=1)
Sep 21 07:34:39.592231: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload
Sep 21 07:34:39.592234: | PSK auth  89 b2 ab 60  6c 4e cf 3d  86 fc 88 67  0e cc 83 ea
Sep 21 07:34:39.592235: | PSK auth  c9 a5 ce d1  b6 42 c2 9d  31 34 45 b6  31 d8 80 54
Sep 21 07:34:39.592237: | PSK auth  06 c0 c3 b5  9b 74 d0 a7  bc 50 12 76  16 14 12 06
Sep 21 07:34:39.592238: | PSK auth  fc ae b5 2e  7f 19 f4 f6  a4 c7 01 7b  0a b2 47 ea
Sep 21 07:34:39.592240: | emitting length of IKEv2 Authentication Payload: 72
Sep 21 07:34:39.592245: | creating state object #2 at 0x55f655b85ab0
Sep 21 07:34:39.592247: | State DB: adding IKEv2 state #2 in UNDEFINED
Sep 21 07:34:39.592249: | pstats #2 ikev2.child started
Sep 21 07:34:39.592251: | duplicating state object #1 "east" as #2 for IPSEC SA
Sep 21 07:34:39.592254: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1481)
Sep 21 07:34:39.592257: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1
Sep 21 07:34:39.592260: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1
Sep 21 07:34:39.592263: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1
Sep 21 07:34:39.592265: | Child SA TS Request has ike->sa == md->st; so using parent connection
Sep 21 07:34:39.592267: | TSi: parsing 1 traffic selectors
Sep 21 07:34:39.592268: | ***parse IKEv2 Traffic Selector:
Sep 21 07:34:39.592270: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Sep 21 07:34:39.592271: |    IP Protocol ID: 0 (0x0)
Sep 21 07:34:39.592273: |    length: 16 (0x10)
Sep 21 07:34:39.592274: |    start port: 0 (0x0)
Sep 21 07:34:39.592276: |    end port: 65535 (0xffff)
Sep 21 07:34:39.592278: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Sep 21 07:34:39.592279: | TS low  c0 00 01 00
Sep 21 07:34:39.592281: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Sep 21 07:34:39.592282: | TS high  c0 00 01 ff
Sep 21 07:34:39.592284: | TSi: parsed 1 traffic selectors
Sep 21 07:34:39.592285: | TSr: parsing 1 traffic selectors
Sep 21 07:34:39.592287: | ***parse IKEv2 Traffic Selector:
Sep 21 07:34:39.592288: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Sep 21 07:34:39.592290: |    IP Protocol ID: 0 (0x0)
Sep 21 07:34:39.592291: |    length: 16 (0x10)
Sep 21 07:34:39.592292: |    start port: 0 (0x0)
Sep 21 07:34:39.592294: |    end port: 65535 (0xffff)
Sep 21 07:34:39.592295: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Sep 21 07:34:39.592297: | TS low  c0 00 02 00
Sep 21 07:34:39.592298: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Sep 21 07:34:39.592299: | TS high  c0 00 02 ff
Sep 21 07:34:39.592301: | TSr: parsed 1 traffic selectors
Sep 21 07:34:39.592302: | looking for best SPD in current connection
Sep 21 07:34:39.592306: | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their:
Sep 21 07:34:39.592311: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Sep 21 07:34:39.592315: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Sep 21 07:34:39.592317: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Sep 21 07:34:39.592319: |           TSi[0] port match: YES fitness 65536
Sep 21 07:34:39.592320: |         narrow protocol end=*0 == TSi[0]=*0: 0
Sep 21 07:34:39.592322: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Sep 21 07:34:39.592325: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Sep 21 07:34:39.592328: |         match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32
Sep 21 07:34:39.592330: |         narrow port end=0..65535 == TSr[0]=0..65535: 0
Sep 21 07:34:39.592331: |           TSr[0] port match: YES fitness 65536
Sep 21 07:34:39.592333: |         narrow protocol end=*0 == TSr[0]=*0: 0
Sep 21 07:34:39.592335: |         match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255
Sep 21 07:34:39.592336: | best fit so far: TSi[0] TSr[0]
Sep 21 07:34:39.592338: |     found better spd route for TSi[0],TSr[0]
Sep 21 07:34:39.592339: | looking for better host pair
Sep 21 07:34:39.592342: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Sep 21 07:34:39.592345: |   checking hostpair 192.0.2.0/24:0 -> 192.0.1.0/24:0 is found
Sep 21 07:34:39.592346: |   investigating connection "east" as a better match
Sep 21 07:34:39.592348: |    match_id a=@west
Sep 21 07:34:39.592350: |             b=@west
Sep 21 07:34:39.592351: |    results  matched
Sep 21 07:34:39.592354: | evaluating our conn="east" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their:
Sep 21 07:34:39.592356: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Sep 21 07:34:39.592359: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Sep 21 07:34:39.592361: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Sep 21 07:34:39.592363: |           TSi[0] port match: YES fitness 65536
Sep 21 07:34:39.592364: |         narrow protocol end=*0 == TSi[0]=*0: 0
Sep 21 07:34:39.592366: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Sep 21 07:34:39.592368: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Sep 21 07:34:39.592371: |         match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32
Sep 21 07:34:39.592373: |         narrow port end=0..65535 == TSr[0]=0..65535: 0
Sep 21 07:34:39.592374: |           TSr[0] port match: YES fitness 65536
Sep 21 07:34:39.592376: |         narrow protocol end=*0 == TSr[0]=*0: 0
Sep 21 07:34:39.592378: |         match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255
Sep 21 07:34:39.592379: | best fit so far: TSi[0] TSr[0]
Sep 21 07:34:39.592381: |   did not find a better connection using host pair
Sep 21 07:34:39.592382: | printing contents struct traffic_selector
Sep 21 07:34:39.592384: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Sep 21 07:34:39.592385: |   ipprotoid: 0
Sep 21 07:34:39.592386: |   port range: 0-65535
Sep 21 07:34:39.592389: |   ip range: 192.0.2.0-192.0.2.255
Sep 21 07:34:39.592390: | printing contents struct traffic_selector
Sep 21 07:34:39.592391: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Sep 21 07:34:39.592393: |   ipprotoid: 0
Sep 21 07:34:39.592394: |   port range: 0-65535
Sep 21 07:34:39.592396: |   ip range: 192.0.1.0-192.0.1.255
Sep 21 07:34:39.592399: | constructing ESP/AH proposals with all DH removed  for east (IKE_AUTH responder matching remote ESP/AH proposals)
Sep 21 07:34:39.592402: | converting proposal AES_GCM_16_256-NONE to ikev2 ...
Sep 21 07:34:39.592406: | ...  ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED
Sep 21 07:34:39.592408: | converting proposal AES_GCM_16_128-NONE to ikev2 ...
Sep 21 07:34:39.592410: | ...  ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED
Sep 21 07:34:39.592414: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Sep 21 07:34:39.592416: | ...  ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Sep 21 07:34:39.592418: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Sep 21 07:34:39.592420: | ...  ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Sep 21 07:34:39.592425: "east": constructed local ESP/AH proposals for east (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Sep 21 07:34:39.592427: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals
Sep 21 07:34:39.592429: | local proposal 1 type ENCR has 1 transforms
Sep 21 07:34:39.592431: | local proposal 1 type PRF has 0 transforms
Sep 21 07:34:39.592432: | local proposal 1 type INTEG has 1 transforms
Sep 21 07:34:39.592434: | local proposal 1 type DH has 1 transforms
Sep 21 07:34:39.592435: | local proposal 1 type ESN has 1 transforms
Sep 21 07:34:39.592437: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH
Sep 21 07:34:39.592439: | local proposal 2 type ENCR has 1 transforms
Sep 21 07:34:39.592440: | local proposal 2 type PRF has 0 transforms
Sep 21 07:34:39.592442: | local proposal 2 type INTEG has 1 transforms
Sep 21 07:34:39.592443: | local proposal 2 type DH has 1 transforms
Sep 21 07:34:39.592444: | local proposal 2 type ESN has 1 transforms
Sep 21 07:34:39.592446: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH
Sep 21 07:34:39.592448: | local proposal 3 type ENCR has 1 transforms
Sep 21 07:34:39.592449: | local proposal 3 type PRF has 0 transforms
Sep 21 07:34:39.592450: | local proposal 3 type INTEG has 2 transforms
Sep 21 07:34:39.592452: | local proposal 3 type DH has 1 transforms
Sep 21 07:34:39.592453: | local proposal 3 type ESN has 1 transforms
Sep 21 07:34:39.592455: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH
Sep 21 07:34:39.592456: | local proposal 4 type ENCR has 1 transforms
Sep 21 07:34:39.592458: | local proposal 4 type PRF has 0 transforms
Sep 21 07:34:39.592459: | local proposal 4 type INTEG has 2 transforms
Sep 21 07:34:39.592461: | local proposal 4 type DH has 1 transforms
Sep 21 07:34:39.592462: | local proposal 4 type ESN has 1 transforms
Sep 21 07:34:39.592464: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH
Sep 21 07:34:39.592466: | ***parse IKEv2 Proposal Substructure Payload:
Sep 21 07:34:39.592467: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:39.592469: |    length: 32 (0x20)
Sep 21 07:34:39.592470: |    prop #: 1 (0x1)
Sep 21 07:34:39.592472: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:34:39.592473: |    spi size: 4 (0x4)
Sep 21 07:34:39.592474: |    # transforms: 2 (0x2)
Sep 21 07:34:39.592476: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Sep 21 07:34:39.592478: | remote SPI  7b 3b 98 77
Sep 21 07:34:39.592480: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals
Sep 21 07:34:39.592482: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.592483: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.592485: |    length: 12 (0xc)
Sep 21 07:34:39.592486: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:39.592488: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:34:39.592489: | *****parse IKEv2 Attribute Substructure Payload:
Sep 21 07:34:39.592491: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:39.592492: |    length/value: 256 (0x100)
Sep 21 07:34:39.592495: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Sep 21 07:34:39.592498: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.592499: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:39.592501: |    length: 8 (0x8)
Sep 21 07:34:39.592502: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:34:39.592504: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:34:39.592506: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0
Sep 21 07:34:39.592508: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0
Sep 21 07:34:39.592509: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0
Sep 21 07:34:39.592511: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0
Sep 21 07:34:39.592513: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none
Sep 21 07:34:39.592516: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN
Sep 21 07:34:39.592517: | remote proposal 1 matches local proposal 1
Sep 21 07:34:39.592519: | ***parse IKEv2 Proposal Substructure Payload:
Sep 21 07:34:39.592520: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:39.592522: |    length: 32 (0x20)
Sep 21 07:34:39.592523: |    prop #: 2 (0x2)
Sep 21 07:34:39.592524: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:34:39.592526: |    spi size: 4 (0x4)
Sep 21 07:34:39.592527: |    # transforms: 2 (0x2)
Sep 21 07:34:39.592529: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Sep 21 07:34:39.592530: | remote SPI  7b 3b 98 77
Sep 21 07:34:39.592532: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals
Sep 21 07:34:39.592534: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.592535: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.592537: |    length: 12 (0xc)
Sep 21 07:34:39.592538: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:39.592539: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:34:39.592541: | *****parse IKEv2 Attribute Substructure Payload:
Sep 21 07:34:39.592542: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:39.592544: |    length/value: 128 (0x80)
Sep 21 07:34:39.592545: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.592547: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:39.592548: |    length: 8 (0x8)
Sep 21 07:34:39.592550: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:34:39.592551: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:34:39.592553: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN
Sep 21 07:34:39.592555: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN
Sep 21 07:34:39.592556: | ***parse IKEv2 Proposal Substructure Payload:
Sep 21 07:34:39.592558: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:34:39.592559: |    length: 48 (0x30)
Sep 21 07:34:39.592560: |    prop #: 3 (0x3)
Sep 21 07:34:39.592562: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:34:39.592563: |    spi size: 4 (0x4)
Sep 21 07:34:39.592564: |    # transforms: 4 (0x4)
Sep 21 07:34:39.592566: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Sep 21 07:34:39.592567: | remote SPI  7b 3b 98 77
Sep 21 07:34:39.592569: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals
Sep 21 07:34:39.592571: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.592572: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.592573: |    length: 12 (0xc)
Sep 21 07:34:39.592575: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:39.592576: |    IKEv2 transform ID: AES_CBC (0xc)
Sep 21 07:34:39.592578: | *****parse IKEv2 Attribute Substructure Payload:
Sep 21 07:34:39.592579: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:39.592580: |    length/value: 256 (0x100)
Sep 21 07:34:39.592583: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.592584: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.592586: |    length: 8 (0x8)
Sep 21 07:34:39.592587: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:34:39.592589: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Sep 21 07:34:39.592590: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.592592: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.592593: |    length: 8 (0x8)
Sep 21 07:34:39.592595: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:34:39.592596: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Sep 21 07:34:39.592598: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.592599: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:39.592600: |    length: 8 (0x8)
Sep 21 07:34:39.592602: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:34:39.592603: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:34:39.592605: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN
Sep 21 07:34:39.592607: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN
Sep 21 07:34:39.592608: | ***parse IKEv2 Proposal Substructure Payload:
Sep 21 07:34:39.592610: |    last proposal: v2_PROPOSAL_LAST (0x0)
Sep 21 07:34:39.592611: |    length: 48 (0x30)
Sep 21 07:34:39.592612: |    prop #: 4 (0x4)
Sep 21 07:34:39.592614: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:34:39.592615: |    spi size: 4 (0x4)
Sep 21 07:34:39.592616: |    # transforms: 4 (0x4)
Sep 21 07:34:39.592618: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Sep 21 07:34:39.592619: | remote SPI  7b 3b 98 77
Sep 21 07:34:39.592621: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals
Sep 21 07:34:39.592622: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.592624: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.592625: |    length: 12 (0xc)
Sep 21 07:34:39.592627: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:39.592628: |    IKEv2 transform ID: AES_CBC (0xc)
Sep 21 07:34:39.592629: | *****parse IKEv2 Attribute Substructure Payload:
Sep 21 07:34:39.592631: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:39.592632: |    length/value: 128 (0x80)
Sep 21 07:34:39.592634: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.592635: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.592637: |    length: 8 (0x8)
Sep 21 07:34:39.592638: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:34:39.592639: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Sep 21 07:34:39.592641: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.592642: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.592644: |    length: 8 (0x8)
Sep 21 07:34:39.592645: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:34:39.592647: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Sep 21 07:34:39.592648: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.592650: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:39.592651: |    length: 8 (0x8)
Sep 21 07:34:39.592652: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:34:39.592654: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:34:39.592656: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN
Sep 21 07:34:39.592657: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN
Sep 21 07:34:39.592660: "east" #1: proposal 1:ESP:SPI=7b3b9877;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED
Sep 21 07:34:39.592665: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=7b3b9877;ENCR=AES_GCM_C_256;ESN=DISABLED
Sep 21 07:34:39.592667: | converting proposal to internal trans attrs
Sep 21 07:34:39.592680: | netlink_get_spi: allocated 0x707b3df1 for esp.0@192.1.2.23
Sep 21 07:34:39.592682: | Emitting ikev2_proposal ...
Sep 21 07:34:39.592684: | ****emit IKEv2 Security Association Payload:
Sep 21 07:34:39.592685: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:39.592687: |    flags: none (0x0)
Sep 21 07:34:39.592689: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Sep 21 07:34:39.592690: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:39.592692: | *****emit IKEv2 Proposal Substructure Payload:
Sep 21 07:34:39.592694: |    last proposal: v2_PROPOSAL_LAST (0x0)
Sep 21 07:34:39.592695: |    prop #: 1 (0x1)
Sep 21 07:34:39.592696: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:34:39.592698: |    spi size: 4 (0x4)
Sep 21 07:34:39.592699: |    # transforms: 2 (0x2)
Sep 21 07:34:39.592701: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Sep 21 07:34:39.592703: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Sep 21 07:34:39.592704: | our spi  70 7b 3d f1
Sep 21 07:34:39.592706: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.592707: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.592709: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:34:39.592710: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:34:39.592712: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:39.592714: | *******emit IKEv2 Attribute Substructure Payload:
Sep 21 07:34:39.592715: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:34:39.592716: |    length/value: 256 (0x100)
Sep 21 07:34:39.592718: | emitting length of IKEv2 Transform Substructure Payload: 12
Sep 21 07:34:39.592720: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:34:39.592721: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:34:39.592722: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:34:39.592724: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:34:39.592726: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:34:39.592727: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:34:39.592729: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:34:39.592731: | emitting length of IKEv2 Proposal Substructure Payload: 32
Sep 21 07:34:39.592732: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Sep 21 07:34:39.592734: | emitting length of IKEv2 Security Association Payload: 36
Sep 21 07:34:39.592735: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Sep 21 07:34:39.592737: | ****emit IKEv2 Traffic Selector - Initiator - Payload:
Sep 21 07:34:39.592739: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:39.592740: |    flags: none (0x0)
Sep 21 07:34:39.592741: |    number of TS: 1 (0x1)
Sep 21 07:34:39.592743: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi)
Sep 21 07:34:39.592745: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:39.592747: | *****emit IKEv2 Traffic Selector:
Sep 21 07:34:39.592748: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Sep 21 07:34:39.592751: |    IP Protocol ID: 0 (0x0)
Sep 21 07:34:39.592752: |    start port: 0 (0x0)
Sep 21 07:34:39.592754: |    end port: 65535 (0xffff)
Sep 21 07:34:39.592756: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector
Sep 21 07:34:39.592757: | IP start  c0 00 01 00
Sep 21 07:34:39.592759: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector
Sep 21 07:34:39.592760: | IP end  c0 00 01 ff
Sep 21 07:34:39.592761: | emitting length of IKEv2 Traffic Selector: 16
Sep 21 07:34:39.592763: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24
Sep 21 07:34:39.592764: | ****emit IKEv2 Traffic Selector - Responder - Payload:
Sep 21 07:34:39.592766: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:34:39.592767: |    flags: none (0x0)
Sep 21 07:34:39.592769: |    number of TS: 1 (0x1)
Sep 21 07:34:39.592771: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr)
Sep 21 07:34:39.592772: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet'
Sep 21 07:34:39.592774: | *****emit IKEv2 Traffic Selector:
Sep 21 07:34:39.592775: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Sep 21 07:34:39.592777: |    IP Protocol ID: 0 (0x0)
Sep 21 07:34:39.592778: |    start port: 0 (0x0)
Sep 21 07:34:39.592779: |    end port: 65535 (0xffff)
Sep 21 07:34:39.592781: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector
Sep 21 07:34:39.592803: | IP start  c0 00 02 00
Sep 21 07:34:39.592807: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector
Sep 21 07:34:39.592808: | IP end  c0 00 02 ff
Sep 21 07:34:39.592809: | emitting length of IKEv2 Traffic Selector: 16
Sep 21 07:34:39.592811: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24
Sep 21 07:34:39.592813: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED
Sep 21 07:34:39.592815: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36
Sep 21 07:34:39.592921: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established
Sep 21 07:34:39.592926: |     #1 spent 1.14 milliseconds
Sep 21 07:34:39.592928: | install_ipsec_sa() for #2: inbound and outbound
Sep 21 07:34:39.592930: | could_route called for east (kind=CK_PERMANENT)
Sep 21 07:34:39.592931: | FOR_EACH_CONNECTION_... in route_owner
Sep 21 07:34:39.592933: |  conn east mark 0/00000000, 0/00000000 vs
Sep 21 07:34:39.592935: |  conn east mark 0/00000000, 0/00000000
Sep 21 07:34:39.592938: | route owner of "east" unrouted: NULL; eroute owner: NULL
Sep 21 07:34:39.592941: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Sep 21 07:34:39.592943: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Sep 21 07:34:39.592945: | AES_GCM_16 requires 4 salt bytes
Sep 21 07:34:39.592946: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Sep 21 07:34:39.592949: | setting IPsec SA replay-window to 32
Sep 21 07:34:39.592951: | NIC esp-hw-offload not for connection 'east' not available on interface eth1
Sep 21 07:34:39.592953: | netlink: enabling tunnel mode
Sep 21 07:34:39.592955: | netlink: setting IPsec SA replay-window to 32 using old-style req
Sep 21 07:34:39.592956: | netlink: esp-hw-offload not set for IPsec SA
Sep 21 07:34:39.593040: | netlink response for Add SA esp.7b3b9877@192.1.2.45 included non-error error
Sep 21 07:34:39.593044: | set up outgoing SA, ref=0/0
Sep 21 07:34:39.593047: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Sep 21 07:34:39.593050: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Sep 21 07:34:39.593053: | AES_GCM_16 requires 4 salt bytes
Sep 21 07:34:39.593057: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Sep 21 07:34:39.593061: | setting IPsec SA replay-window to 32
Sep 21 07:34:39.593076: | NIC esp-hw-offload not for connection 'east' not available on interface eth1
Sep 21 07:34:39.593081: | netlink: enabling tunnel mode
Sep 21 07:34:39.593084: | netlink: setting IPsec SA replay-window to 32 using old-style req
Sep 21 07:34:39.593087: | netlink: esp-hw-offload not set for IPsec SA
Sep 21 07:34:39.593151: | netlink response for Add SA esp.707b3df1@192.1.2.23 included non-error error
Sep 21 07:34:39.593156: | priority calculation of connection "east" is 0xfe7e7
Sep 21 07:34:39.593164: | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute)
Sep 21 07:34:39.593168: | IPsec Sa SPD priority set to 1042407
Sep 21 07:34:39.593242: | raw_eroute result=success
Sep 21 07:34:39.593246: | set up incoming SA, ref=0/0
Sep 21 07:34:39.593262: | sr for #2: unrouted
Sep 21 07:34:39.593266: | route_and_eroute() for proto 0, and source port 0 dest port 0
Sep 21 07:34:39.593268: | FOR_EACH_CONNECTION_... in route_owner
Sep 21 07:34:39.593286: |  conn east mark 0/00000000, 0/00000000 vs
Sep 21 07:34:39.593289: |  conn east mark 0/00000000, 0/00000000
Sep 21 07:34:39.593293: | route owner of "east" unrouted: NULL; eroute owner: NULL
Sep 21 07:34:39.593297: | route_and_eroute with c: east (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2
Sep 21 07:34:39.593301: | priority calculation of connection "east" is 0xfe7e7
Sep 21 07:34:39.593309: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45 (raw_eroute)
Sep 21 07:34:39.593325: | IPsec Sa SPD priority set to 1042407
Sep 21 07:34:39.593365: | raw_eroute result=success
Sep 21 07:34:39.593369: | running updown command "ipsec _updown" for verb up 
Sep 21 07:34:39.593371: | command executing up-client
Sep 21 07:34:39.593416: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x7b3b9877 SPI_OUT=0x707
Sep 21 07:34:39.593421: | popen cmd is 1020 chars long
Sep 21 07:34:39.593425: | cmd(   0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFA:
Sep 21 07:34:39.593429: | cmd(  80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' :
Sep 21 07:34:39.593432: | cmd( 160):PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_M:
Sep 21 07:34:39.593435: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638:
Sep 21 07:34:39.593438: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_:
Sep 21 07:34:39.593440: | cmd( 400):CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK=':
Sep 21 07:34:39.593441: | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT:
Sep 21 07:34:39.593443: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKE:
Sep 21 07:34:39.593444: | cmd( 640):V2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO:
Sep 21 07:34:39.593446: | cmd( 720):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN:
Sep 21 07:34:39.593447: | cmd( 800):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_:
Sep 21 07:34:39.593451: | cmd( 880):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=:
Sep 21 07:34:39.593452: | cmd( 960):'no' SPI_IN=0x7b3b9877 SPI_OUT=0x707b3df1 ipsec _updown 2>&1:
Sep 21 07:34:39.600815: | route_and_eroute: firewall_notified: true
Sep 21 07:34:39.600830: | running updown command "ipsec _updown" for verb prepare 
Sep 21 07:34:39.600833: | command executing prepare-client
Sep 21 07:34:39.600854: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x7b3b9877 SPI
Sep 21 07:34:39.600857: | popen cmd is 1025 chars long
Sep 21 07:34:39.600859: | cmd(   0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_IN:
Sep 21 07:34:39.600860: | cmd(  80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@e:
Sep 21 07:34:39.600862: | cmd( 160):ast' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLI:
Sep 21 07:34:39.600863: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=:
Sep 21 07:34:39.600865: | cmd( 320):'16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_:
Sep 21 07:34:39.600867: | cmd( 400):PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_M:
Sep 21 07:34:39.600868: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='':
Sep 21 07:34:39.600870: | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF:
Sep 21 07:34:39.600871: | cmd( 640):S+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' :
Sep 21 07:34:39.600873: | cmd( 720):PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_D:
Sep 21 07:34:39.600874: | cmd( 800):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' P:
Sep 21 07:34:39.600876: | cmd( 880):LUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH:
Sep 21 07:34:39.600877: | cmd( 960):ARED='no' SPI_IN=0x7b3b9877 SPI_OUT=0x707b3df1 ipsec _updown 2>&1:
Sep 21 07:34:39.610869: | running updown command "ipsec _updown" for verb route 
Sep 21 07:34:39.610880: | command executing route-client
Sep 21 07:34:39.610902: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x7b3b9877 SPI_OUT
Sep 21 07:34:39.610906: | popen cmd is 1023 chars long
Sep 21 07:34:39.610908: | cmd(   0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east' PLUTO_INTE:
Sep 21 07:34:39.610910: | cmd(  80):RFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@eas:
Sep 21 07:34:39.610912: | cmd( 160):t' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIEN:
Sep 21 07:34:39.610913: | cmd( 240):T_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1:
Sep 21 07:34:39.610915: | cmd( 320):6388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PE:
Sep 21 07:34:39.610916: | cmd( 400):ER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MAS:
Sep 21 07:34:39.610918: | cmd( 480):K='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' P:
Sep 21 07:34:39.610920: | cmd( 560):LUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+:
Sep 21 07:34:39.610921: | cmd( 640):IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL:
Sep 21 07:34:39.610923: | cmd( 720):UTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS:
Sep 21 07:34:39.610924: | cmd( 800):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU:
Sep 21 07:34:39.610926: | cmd( 880):TO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR:
Sep 21 07:34:39.610927: | cmd( 960):ED='no' SPI_IN=0x7b3b9877 SPI_OUT=0x707b3df1 ipsec _updown 2>&1:
Sep 21 07:34:39.619756: | route_and_eroute: instance "east", setting eroute_owner {spd=0x55f655b7f8f0,sr=0x55f655b7f8f0} to #2 (was #0) (newest_ipsec_sa=#0)
Sep 21 07:34:39.619837: |     #1 spent 0.98 milliseconds in install_ipsec_sa()
Sep 21 07:34:39.619844: | ISAKMP_v2_IKE_AUTH: instance east[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1
Sep 21 07:34:39.619847: | adding 1 bytes of padding (including 1 byte padding-length)
Sep 21 07:34:39.619849: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Sep 21 07:34:39.619851: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Sep 21 07:34:39.619853: | emitting length of IKEv2 Encryption Payload: 197
Sep 21 07:34:39.619855: | emitting length of ISAKMP Message: 225
Sep 21 07:34:39.619871: | ikev2_parent_inI2outR2_continue_tail returned STF_OK
Sep 21 07:34:39.619875: |   #1 spent 2.16 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet()
Sep 21 07:34:39.619880: | suspend processing: state #1 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:34:39.619883: | start processing: state #2 connection "east" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:34:39.619886: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK
Sep 21 07:34:39.619889: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R
Sep 21 07:34:39.619891: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA)
Sep 21 07:34:39.619893: | Message ID: updating counters for #2 to 1 after switching state
Sep 21 07:34:39.619897: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1
Sep 21 07:34:39.619900: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1
Sep 21 07:34:39.619902: | pstats #2 ikev2.child established
Sep 21 07:34:39.619910: "east" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0]
Sep 21 07:34:39.619916: | NAT-T: encaps is 'auto'
Sep 21 07:34:39.619921: "east" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0x7b3b9877 <0x707b3df1 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive}
Sep 21 07:34:39.619930: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500)
Sep 21 07:34:39.619937: | sending 225 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1)
Sep 21 07:34:39.619940: |   ee ed 5a 05  21 55 05 c7  63 c4 e5 ff  2e fe fb f8
Sep 21 07:34:39.619943: |   2e 20 23 20  00 00 00 01  00 00 00 e1  24 00 00 c5
Sep 21 07:34:39.619945: |   e2 85 10 a4  07 24 66 11  65 5a 94 e4  1e 0a 6a 4d
Sep 21 07:34:39.619948: |   19 24 8d 7c  9e 95 02 81  d9 5a 61 e4  b7 cc d0 1f
Sep 21 07:34:39.619950: |   d3 9c 2f b2  e9 c1 44 de  bc 18 79 b7  48 4a 17 7b
Sep 21 07:34:39.619953: |   b8 c5 48 22  6e a1 f7 c2  e7 08 07 5b  c8 e5 46 12
Sep 21 07:34:39.619956: |   a3 70 b9 1e  d9 62 3b df  fc 3e e0 ed  07 44 95 04
Sep 21 07:34:39.619958: |   b4 fd 2e 4f  a2 ba 36 cd  98 d8 25 b1  19 97 ab da
Sep 21 07:34:39.619961: |   d0 70 24 04  4a ac 48 e1  95 65 78 76  67 91 8a 41
Sep 21 07:34:39.619963: |   63 dc 13 0f  3a fa f9 7e  18 10 06 1b  3e fa 86 14
Sep 21 07:34:39.619966: |   c0 4e 0c d6  1a 31 b5 7b  ac 3c f4 c4  2d 30 86 d4
Sep 21 07:34:39.619968: |   d6 7c 82 5f  c9 a9 07 56  d2 8b 26 bc  40 a8 ae 85
Sep 21 07:34:39.619969: |   97 92 d2 91  62 d1 89 2f  e2 3e 8b 7b  31 27 4e 77
Sep 21 07:34:39.619970: |   12 df 96 b3  0a 22 04 e0  48 05 1d f0  bb b2 81 4e
Sep 21 07:34:39.619972: |   a5
Sep 21 07:34:39.620006: | releasing whack for #2 (sock=fd@-1)
Sep 21 07:34:39.620008: | releasing whack and unpending for parent #1
Sep 21 07:34:39.620010: | unpending state #1 connection "east"
Sep 21 07:34:39.620013: | #2 will start re-keying in 28798 seconds with margin of 2 seconds (attempting re-key)
Sep 21 07:34:39.620016: | event_schedule: new EVENT_SA_REKEY-pe@0x7f713c002b20
Sep 21 07:34:39.620018: | inserting event EVENT_SA_REKEY, timeout in 28798 seconds for #2
Sep 21 07:34:39.620021: | libevent_malloc: new ptr-libevent@0x55f655b89460 size 128
Sep 21 07:34:39.620024: | resume sending helper answer for #1 suppresed complete_v2_state_transition()
Sep 21 07:34:39.620028: | #1 spent 2.38 milliseconds in resume sending helper answer
Sep 21 07:34:39.620032: | stop processing: state #2 connection "east" from 192.1.2.45:500 (in resume_handler() at server.c:833)
Sep 21 07:34:39.620035: | libevent_free: release ptr-libevent@0x7f7134006b90
Sep 21 07:34:39.620043: | processing signal PLUTO_SIGCHLD
Sep 21 07:34:39.620047: | waitpid returned ECHILD (no child processes left)
Sep 21 07:34:39.620050: | spent 0.00426 milliseconds in signal handler PLUTO_SIGCHLD
Sep 21 07:34:39.620051: | processing signal PLUTO_SIGCHLD
Sep 21 07:34:39.620053: | waitpid returned ECHILD (no child processes left)
Sep 21 07:34:39.620056: | spent 0.00226 milliseconds in signal handler PLUTO_SIGCHLD
Sep 21 07:34:39.620057: | processing signal PLUTO_SIGCHLD
Sep 21 07:34:39.620059: | waitpid returned ECHILD (no child processes left)
Sep 21 07:34:39.620061: | spent 0.00221 milliseconds in signal handler PLUTO_SIGCHLD