Sep 21 07:34:39.438608: FIPS Product: YES Sep 21 07:34:39.438640: FIPS Kernel: NO Sep 21 07:34:39.438642: FIPS Mode: NO Sep 21 07:34:39.438644: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:34:39.438836: Initializing NSS Sep 21 07:34:39.438844: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:34:39.467396: NSS initialized Sep 21 07:34:39.467407: NSS crypto library initialized Sep 21 07:34:39.467409: FIPS HMAC integrity support [enabled] Sep 21 07:34:39.467410: FIPS mode disabled for pluto daemon Sep 21 07:34:39.510633: FIPS HMAC integrity verification self-test FAILED Sep 21 07:34:39.510740: libcap-ng support [enabled] Sep 21 07:34:39.510750: Linux audit support [enabled] Sep 21 07:34:39.510776: Linux audit activated Sep 21 07:34:39.510782: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:16781 Sep 21 07:34:39.510789: core dump dir: /tmp Sep 21 07:34:39.510791: secrets file: /etc/ipsec.secrets Sep 21 07:34:39.510792: leak-detective disabled Sep 21 07:34:39.510793: NSS crypto [enabled] Sep 21 07:34:39.510794: XAUTH PAM support [enabled] Sep 21 07:34:39.510865: | libevent is using pluto's memory allocator Sep 21 07:34:39.510869: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:34:39.510880: | libevent_malloc: new ptr-libevent@0x558d8810b0b0 size 40 Sep 21 07:34:39.510884: | libevent_malloc: new ptr-libevent@0x558d8810c360 size 40 Sep 21 07:34:39.510886: | libevent_malloc: new ptr-libevent@0x558d8810c390 size 40 Sep 21 07:34:39.510888: | creating event base Sep 21 07:34:39.510889: | libevent_malloc: new ptr-libevent@0x558d8810c320 size 56 Sep 21 07:34:39.510891: | libevent_malloc: new ptr-libevent@0x558d8810c3c0 size 664 Sep 21 07:34:39.510900: | libevent_malloc: new ptr-libevent@0x558d8810c660 size 24 Sep 21 07:34:39.510903: | libevent_malloc: new ptr-libevent@0x558d880fddb0 size 384 Sep 21 07:34:39.510911: | libevent_malloc: new ptr-libevent@0x558d8810c680 size 16 Sep 21 07:34:39.510913: | libevent_malloc: new ptr-libevent@0x558d8810c6a0 size 40 Sep 21 07:34:39.510914: | libevent_malloc: new ptr-libevent@0x558d8810c6d0 size 48 Sep 21 07:34:39.510919: | libevent_realloc: new ptr-libevent@0x558d8808e370 size 256 Sep 21 07:34:39.510920: | libevent_malloc: new ptr-libevent@0x558d8810c710 size 16 Sep 21 07:34:39.510924: | libevent_free: release ptr-libevent@0x558d8810c320 Sep 21 07:34:39.510926: | libevent initialized Sep 21 07:34:39.510929: | libevent_realloc: new ptr-libevent@0x558d8810c730 size 64 Sep 21 07:34:39.510931: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:34:39.510945: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:34:39.510947: NAT-Traversal support [enabled] Sep 21 07:34:39.510949: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:34:39.510953: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:34:39.510955: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:34:39.510982: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:34:39.510985: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:34:39.510986: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:34:39.511018: Encryption algorithms: Sep 21 07:34:39.511025: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:34:39.511027: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:34:39.511029: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:34:39.511031: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:34:39.511033: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:34:39.511040: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:34:39.511042: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:34:39.511044: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:34:39.511047: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:34:39.511049: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:34:39.511051: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:34:39.511053: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:34:39.511055: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:34:39.511057: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:34:39.511059: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:34:39.511061: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:34:39.511062: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:34:39.511067: Hash algorithms: Sep 21 07:34:39.511069: MD5 IKEv1: IKE IKEv2: Sep 21 07:34:39.511071: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:34:39.511072: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:34:39.511074: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:34:39.511076: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:34:39.511084: PRF algorithms: Sep 21 07:34:39.511086: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:34:39.511088: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:34:39.511090: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:34:39.511092: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:34:39.511094: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:34:39.511095: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:34:39.511110: Integrity algorithms: Sep 21 07:34:39.511112: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:34:39.511114: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:34:39.511116: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:34:39.511119: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:34:39.511121: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:34:39.511123: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:34:39.511125: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:34:39.511126: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:34:39.511128: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:34:39.511136: DH algorithms: Sep 21 07:34:39.511138: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:34:39.511139: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:34:39.511141: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:34:39.511144: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:34:39.511146: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:34:39.511147: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:34:39.511149: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:34:39.511151: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:34:39.511153: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:34:39.511154: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:34:39.511156: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:34:39.511158: testing CAMELLIA_CBC: Sep 21 07:34:39.511159: Camellia: 16 bytes with 128-bit key Sep 21 07:34:39.511246: Camellia: 16 bytes with 128-bit key Sep 21 07:34:39.511263: Camellia: 16 bytes with 256-bit key Sep 21 07:34:39.511281: Camellia: 16 bytes with 256-bit key Sep 21 07:34:39.511297: testing AES_GCM_16: Sep 21 07:34:39.511300: empty string Sep 21 07:34:39.511318: one block Sep 21 07:34:39.511333: two blocks Sep 21 07:34:39.511348: two blocks with associated data Sep 21 07:34:39.511363: testing AES_CTR: Sep 21 07:34:39.511365: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:34:39.511381: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:34:39.511397: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:34:39.511413: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:34:39.511428: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:34:39.511443: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:34:39.511459: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:34:39.511474: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:34:39.511490: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:34:39.511506: testing AES_CBC: Sep 21 07:34:39.511508: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:34:39.511523: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:34:39.511540: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:34:39.511557: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:34:39.511578: testing AES_XCBC: Sep 21 07:34:39.511580: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:34:39.511652: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:34:39.511728: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:34:39.511837: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:34:39.511916: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:34:39.512042: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:34:39.512198: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:34:39.512516: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:34:39.512666: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:34:39.512752: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:34:39.513161: testing HMAC_MD5: Sep 21 07:34:39.513169: RFC 2104: MD5_HMAC test 1 Sep 21 07:34:39.513282: RFC 2104: MD5_HMAC test 2 Sep 21 07:34:39.513419: RFC 2104: MD5_HMAC test 3 Sep 21 07:34:39.513604: 8 CPU cores online Sep 21 07:34:39.513610: starting up 7 crypto helpers Sep 21 07:34:39.513644: started thread for crypto helper 0 Sep 21 07:34:39.513649: | starting up helper thread 0 Sep 21 07:34:39.513664: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:34:39.513666: | crypto helper 0 waiting (nothing to do) Sep 21 07:34:39.513672: started thread for crypto helper 1 Sep 21 07:34:39.513675: | starting up helper thread 1 Sep 21 07:34:39.513694: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:34:39.513696: | crypto helper 1 waiting (nothing to do) Sep 21 07:34:39.513703: started thread for crypto helper 2 Sep 21 07:34:39.513724: | starting up helper thread 2 Sep 21 07:34:39.513734: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:34:39.513737: | crypto helper 2 waiting (nothing to do) Sep 21 07:34:39.513738: started thread for crypto helper 3 Sep 21 07:34:39.513740: | starting up helper thread 3 Sep 21 07:34:39.513752: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:34:39.513754: | crypto helper 3 waiting (nothing to do) Sep 21 07:34:39.513768: started thread for crypto helper 4 Sep 21 07:34:39.513769: | starting up helper thread 4 Sep 21 07:34:39.513781: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:34:39.513788: | crypto helper 4 waiting (nothing to do) Sep 21 07:34:39.513803: started thread for crypto helper 5 Sep 21 07:34:39.513838: started thread for crypto helper 6 Sep 21 07:34:39.513842: | checking IKEv1 state table Sep 21 07:34:39.513849: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:34:39.513852: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:34:39.513854: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:34:39.513857: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:34:39.513859: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:34:39.513861: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:34:39.513863: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:34:39.513866: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:34:39.513868: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:34:39.513869: | starting up helper thread 6 Sep 21 07:34:39.513883: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:34:39.513900: | crypto helper 6 waiting (nothing to do) Sep 21 07:34:39.513870: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:34:39.513875: | starting up helper thread 5 Sep 21 07:34:39.513939: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:34:39.513942: | crypto helper 5 waiting (nothing to do) Sep 21 07:34:39.513914: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:34:39.513977: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:34:39.513981: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:34:39.513983: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:34:39.513984: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:34:39.513986: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:34:39.513987: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:34:39.513989: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:34:39.513990: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:34:39.513991: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:34:39.513993: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:34:39.513994: | -> UNDEFINED EVENT_NULL Sep 21 07:34:39.513996: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:34:39.513997: | -> UNDEFINED EVENT_NULL Sep 21 07:34:39.513999: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:34:39.514000: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:34:39.514002: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:34:39.514003: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:34:39.514005: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:34:39.514006: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:34:39.514007: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:34:39.514009: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:34:39.514010: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:34:39.514012: | -> UNDEFINED EVENT_NULL Sep 21 07:34:39.514013: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:34:39.514015: | -> UNDEFINED EVENT_NULL Sep 21 07:34:39.514016: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:34:39.514021: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:34:39.514023: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:34:39.514024: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:34:39.514026: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:34:39.514027: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:34:39.514029: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:34:39.514030: | -> UNDEFINED EVENT_NULL Sep 21 07:34:39.514031: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:34:39.514033: | -> UNDEFINED EVENT_NULL Sep 21 07:34:39.514034: | INFO: category: informational flags: 0: Sep 21 07:34:39.514036: | -> UNDEFINED EVENT_NULL Sep 21 07:34:39.514037: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:34:39.514039: | -> UNDEFINED EVENT_NULL Sep 21 07:34:39.514040: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:34:39.514041: | -> XAUTH_R1 EVENT_NULL Sep 21 07:34:39.514043: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:34:39.514044: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:34:39.514046: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:34:39.514047: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:34:39.514049: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:34:39.514050: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:34:39.514052: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:34:39.514053: | -> UNDEFINED EVENT_NULL Sep 21 07:34:39.514055: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:34:39.514056: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:34:39.514058: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:34:39.514059: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:34:39.514061: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:34:39.514062: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:34:39.514067: | checking IKEv2 state table Sep 21 07:34:39.514072: | PARENT_I0: category: ignore flags: 0: Sep 21 07:34:39.514074: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:34:39.514076: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:34:39.514078: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:34:39.514079: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:34:39.514081: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:34:39.514083: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:34:39.514084: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:34:39.514086: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:34:39.514087: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:34:39.514089: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:34:39.514091: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:34:39.514092: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:34:39.514094: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:34:39.514095: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:34:39.514097: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:34:39.514098: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:34:39.514100: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:34:39.514101: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:34:39.514103: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:34:39.514104: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:34:39.514106: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:34:39.514109: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:34:39.514110: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:34:39.514112: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:34:39.514113: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:34:39.514115: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:34:39.514117: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:34:39.514118: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:34:39.514120: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:34:39.514121: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:34:39.514123: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:34:39.514125: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:34:39.514126: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:34:39.514128: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:34:39.514130: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:34:39.514131: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:34:39.514133: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:34:39.514135: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:34:39.514136: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:34:39.514138: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:34:39.514140: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:34:39.514141: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:34:39.514143: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:34:39.514144: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:34:39.514146: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:34:39.514148: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:34:39.514195: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:34:39.514243: | Hard-wiring algorithms Sep 21 07:34:39.514246: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:34:39.514249: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:34:39.514250: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:34:39.514252: | adding 3DES_CBC to kernel algorithm db Sep 21 07:34:39.514253: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:34:39.514255: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:34:39.514256: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:34:39.514258: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:34:39.514259: | adding AES_CTR to kernel algorithm db Sep 21 07:34:39.514260: | adding AES_CBC to kernel algorithm db Sep 21 07:34:39.514262: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:34:39.514263: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:34:39.514265: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:34:39.514266: | adding NULL to kernel algorithm db Sep 21 07:34:39.514268: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:34:39.514269: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:34:39.514271: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:34:39.514272: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:34:39.514274: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:34:39.514276: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:34:39.514277: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:34:39.514279: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:34:39.514280: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:34:39.514281: | adding NONE to kernel algorithm db Sep 21 07:34:39.514298: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:34:39.514303: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:34:39.514304: | setup kernel fd callback Sep 21 07:34:39.514306: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x558d88111dd0 Sep 21 07:34:39.514309: | libevent_malloc: new ptr-libevent@0x558d8811def0 size 128 Sep 21 07:34:39.514311: | libevent_malloc: new ptr-libevent@0x558d881110b0 size 16 Sep 21 07:34:39.514315: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x558d88111d90 Sep 21 07:34:39.514319: | libevent_malloc: new ptr-libevent@0x558d8811df80 size 128 Sep 21 07:34:39.514320: | libevent_malloc: new ptr-libevent@0x558d881110d0 size 16 Sep 21 07:34:39.514461: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:34:39.514467: selinux support is enabled. Sep 21 07:34:39.514528: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:34:39.514649: | unbound context created - setting debug level to 5 Sep 21 07:34:39.514670: | /etc/hosts lookups activated Sep 21 07:34:39.514683: | /etc/resolv.conf usage activated Sep 21 07:34:39.514721: | outgoing-port-avoid set 0-65535 Sep 21 07:34:39.514738: | outgoing-port-permit set 32768-60999 Sep 21 07:34:39.514740: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:34:39.514742: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:34:39.514744: | Setting up events, loop start Sep 21 07:34:39.514746: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x558d8810c320 Sep 21 07:34:39.514748: | libevent_malloc: new ptr-libevent@0x558d881284f0 size 128 Sep 21 07:34:39.514750: | libevent_malloc: new ptr-libevent@0x558d88128580 size 16 Sep 21 07:34:39.514755: | libevent_realloc: new ptr-libevent@0x558d8808c5b0 size 256 Sep 21 07:34:39.514757: | libevent_malloc: new ptr-libevent@0x558d881285a0 size 8 Sep 21 07:34:39.514759: | libevent_realloc: new ptr-libevent@0x558d8811d2f0 size 144 Sep 21 07:34:39.514760: | libevent_malloc: new ptr-libevent@0x558d881285c0 size 152 Sep 21 07:34:39.514763: | libevent_malloc: new ptr-libevent@0x558d88128660 size 16 Sep 21 07:34:39.514765: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:34:39.514767: | libevent_malloc: new ptr-libevent@0x558d88128680 size 8 Sep 21 07:34:39.514769: | libevent_malloc: new ptr-libevent@0x558d881286a0 size 152 Sep 21 07:34:39.514771: | signal event handler PLUTO_SIGTERM installed Sep 21 07:34:39.514772: | libevent_malloc: new ptr-libevent@0x558d88128740 size 8 Sep 21 07:34:39.514774: | libevent_malloc: new ptr-libevent@0x558d88128760 size 152 Sep 21 07:34:39.514775: | signal event handler PLUTO_SIGHUP installed Sep 21 07:34:39.514777: | libevent_malloc: new ptr-libevent@0x558d88128800 size 8 Sep 21 07:34:39.514779: | libevent_realloc: release ptr-libevent@0x558d8811d2f0 Sep 21 07:34:39.514780: | libevent_realloc: new ptr-libevent@0x558d88128820 size 256 Sep 21 07:34:39.514782: | libevent_malloc: new ptr-libevent@0x558d8811d2f0 size 152 Sep 21 07:34:39.514802: | signal event handler PLUTO_SIGSYS installed Sep 21 07:34:39.515039: | created addconn helper (pid:16823) using fork+execve Sep 21 07:34:39.515052: | forked child 16823 Sep 21 07:34:39.515081: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:39.515093: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:34:39.515100: listening for IKE messages Sep 21 07:34:39.515153: | Inspecting interface lo Sep 21 07:34:39.515160: | found lo with address 127.0.0.1 Sep 21 07:34:39.515163: | Inspecting interface eth0 Sep 21 07:34:39.515180: | found eth0 with address 192.0.1.254 Sep 21 07:34:39.515182: | Inspecting interface eth1 Sep 21 07:34:39.515186: | found eth1 with address 192.1.2.45 Sep 21 07:34:39.515231: Kernel supports NIC esp-hw-offload Sep 21 07:34:39.515242: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 Sep 21 07:34:39.515266: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:34:39.515275: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:34:39.515279: adding interface eth1/eth1 192.1.2.45:4500 Sep 21 07:34:39.515304: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 Sep 21 07:34:39.515324: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:34:39.515327: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:34:39.515330: adding interface eth0/eth0 192.0.1.254:4500 Sep 21 07:34:39.515355: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:34:39.515374: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:34:39.515377: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:34:39.515380: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:34:39.515430: | no interfaces to sort Sep 21 07:34:39.515438: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:34:39.515447: | add_fd_read_event_handler: new ethX-pe@0x558d88128b90 Sep 21 07:34:39.515450: | libevent_malloc: new ptr-libevent@0x558d88128bd0 size 128 Sep 21 07:34:39.515453: | libevent_malloc: new ptr-libevent@0x558d88128c60 size 16 Sep 21 07:34:39.515460: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:34:39.515462: | add_fd_read_event_handler: new ethX-pe@0x558d88128c80 Sep 21 07:34:39.515465: | libevent_malloc: new ptr-libevent@0x558d88128cc0 size 128 Sep 21 07:34:39.515467: | libevent_malloc: new ptr-libevent@0x558d88128d50 size 16 Sep 21 07:34:39.515471: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:34:39.515474: | add_fd_read_event_handler: new ethX-pe@0x558d88128d70 Sep 21 07:34:39.515476: | libevent_malloc: new ptr-libevent@0x558d88128db0 size 128 Sep 21 07:34:39.515478: | libevent_malloc: new ptr-libevent@0x558d88128e40 size 16 Sep 21 07:34:39.515483: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Sep 21 07:34:39.515485: | add_fd_read_event_handler: new ethX-pe@0x558d88128e60 Sep 21 07:34:39.515488: | libevent_malloc: new ptr-libevent@0x558d88128ea0 size 128 Sep 21 07:34:39.515490: | libevent_malloc: new ptr-libevent@0x558d88128f30 size 16 Sep 21 07:34:39.515495: | setup callback for interface eth0 192.0.1.254:500 fd 19 Sep 21 07:34:39.515497: | add_fd_read_event_handler: new ethX-pe@0x558d88128f50 Sep 21 07:34:39.515499: | libevent_malloc: new ptr-libevent@0x558d88128f90 size 128 Sep 21 07:34:39.515502: | libevent_malloc: new ptr-libevent@0x558d88129020 size 16 Sep 21 07:34:39.515506: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Sep 21 07:34:39.515509: | add_fd_read_event_handler: new ethX-pe@0x558d88129040 Sep 21 07:34:39.515511: | libevent_malloc: new ptr-libevent@0x558d88129080 size 128 Sep 21 07:34:39.515514: | libevent_malloc: new ptr-libevent@0x558d88129110 size 16 Sep 21 07:34:39.515518: | setup callback for interface eth1 192.1.2.45:500 fd 17 Sep 21 07:34:39.515523: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:34:39.515526: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:34:39.515546: loading secrets from "/etc/ipsec.secrets" Sep 21 07:34:39.515557: | id type added to secret(0x558d8811e0d0) PKK_PSK: @west Sep 21 07:34:39.515561: | id type added to secret(0x558d8811e0d0) PKK_PSK: @east Sep 21 07:34:39.515566: | Processing PSK at line 1: passed Sep 21 07:34:39.515568: | certs and keys locked by 'process_secret' Sep 21 07:34:39.515572: | certs and keys unlocked by 'process_secret' Sep 21 07:34:39.515577: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:34:39.515586: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:34:39.515594: | spent 0.515 milliseconds in whack Sep 21 07:34:39.543143: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:39.543165: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:34:39.543170: listening for IKE messages Sep 21 07:34:39.543200: | Inspecting interface lo Sep 21 07:34:39.543210: | found lo with address 127.0.0.1 Sep 21 07:34:39.543225: | Inspecting interface eth0 Sep 21 07:34:39.543228: | found eth0 with address 192.0.1.254 Sep 21 07:34:39.543230: | Inspecting interface eth1 Sep 21 07:34:39.543232: | found eth1 with address 192.1.2.45 Sep 21 07:34:39.543279: | no interfaces to sort Sep 21 07:34:39.543286: | libevent_free: release ptr-libevent@0x558d88128bd0 Sep 21 07:34:39.543288: | free_event_entry: release EVENT_NULL-pe@0x558d88128b90 Sep 21 07:34:39.543290: | add_fd_read_event_handler: new ethX-pe@0x558d88128b90 Sep 21 07:34:39.543293: | libevent_malloc: new ptr-libevent@0x558d88128bd0 size 128 Sep 21 07:34:39.543297: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:34:39.543300: | libevent_free: release ptr-libevent@0x558d88128cc0 Sep 21 07:34:39.543301: | free_event_entry: release EVENT_NULL-pe@0x558d88128c80 Sep 21 07:34:39.543303: | add_fd_read_event_handler: new ethX-pe@0x558d88128c80 Sep 21 07:34:39.543304: | libevent_malloc: new ptr-libevent@0x558d88128cc0 size 128 Sep 21 07:34:39.543307: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:34:39.543310: | libevent_free: release ptr-libevent@0x558d88128db0 Sep 21 07:34:39.543311: | free_event_entry: release EVENT_NULL-pe@0x558d88128d70 Sep 21 07:34:39.543313: | add_fd_read_event_handler: new ethX-pe@0x558d88128d70 Sep 21 07:34:39.543314: | libevent_malloc: new ptr-libevent@0x558d88128db0 size 128 Sep 21 07:34:39.543317: | setup callback for interface eth0 192.0.1.254:4500 fd 20 Sep 21 07:34:39.543320: | libevent_free: release ptr-libevent@0x558d88128ea0 Sep 21 07:34:39.543321: | free_event_entry: release EVENT_NULL-pe@0x558d88128e60 Sep 21 07:34:39.543322: | add_fd_read_event_handler: new ethX-pe@0x558d88128e60 Sep 21 07:34:39.543324: | libevent_malloc: new ptr-libevent@0x558d88128ea0 size 128 Sep 21 07:34:39.543327: | setup callback for interface eth0 192.0.1.254:500 fd 19 Sep 21 07:34:39.543329: | libevent_free: release ptr-libevent@0x558d88128f90 Sep 21 07:34:39.543331: | free_event_entry: release EVENT_NULL-pe@0x558d88128f50 Sep 21 07:34:39.543332: | add_fd_read_event_handler: new ethX-pe@0x558d88128f50 Sep 21 07:34:39.543334: | libevent_malloc: new ptr-libevent@0x558d88128f90 size 128 Sep 21 07:34:39.543337: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Sep 21 07:34:39.543339: | libevent_free: release ptr-libevent@0x558d88129080 Sep 21 07:34:39.543340: | free_event_entry: release EVENT_NULL-pe@0x558d88129040 Sep 21 07:34:39.543342: | add_fd_read_event_handler: new ethX-pe@0x558d88129040 Sep 21 07:34:39.543343: | libevent_malloc: new ptr-libevent@0x558d88129080 size 128 Sep 21 07:34:39.543346: | setup callback for interface eth1 192.1.2.45:500 fd 17 Sep 21 07:34:39.543348: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:34:39.543349: forgetting secrets Sep 21 07:34:39.543355: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:34:39.543367: loading secrets from "/etc/ipsec.secrets" Sep 21 07:34:39.543375: | id type added to secret(0x558d8811e0d0) PKK_PSK: @west Sep 21 07:34:39.543379: | id type added to secret(0x558d8811e0d0) PKK_PSK: @east Sep 21 07:34:39.543382: | Processing PSK at line 1: passed Sep 21 07:34:39.543383: | certs and keys locked by 'process_secret' Sep 21 07:34:39.543385: | certs and keys unlocked by 'process_secret' Sep 21 07:34:39.543388: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:34:39.543394: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:34:39.543401: | spent 0.265 milliseconds in whack Sep 21 07:34:39.543804: | processing signal PLUTO_SIGCHLD Sep 21 07:34:39.543827: | waitpid returned pid 16823 (exited with status 0) Sep 21 07:34:39.543830: | reaped addconn helper child (status 0) Sep 21 07:34:39.543833: | waitpid returned ECHILD (no child processes left) Sep 21 07:34:39.543836: | spent 0.0122 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:34:39.603296: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:39.603320: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:34:39.603324: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:34:39.603327: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:34:39.603329: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:34:39.603333: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:34:39.603340: | Added new connection west with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:34:39.603398: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:34:39.603401: | from whack: got --esp= Sep 21 07:34:39.603423: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:34:39.603426: | counting wild cards for @west is 0 Sep 21 07:34:39.603428: | counting wild cards for @east is 0 Sep 21 07:34:39.603435: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:34:39.603437: | new hp@0x558d880f5550 Sep 21 07:34:39.603440: added connection description "west" Sep 21 07:34:39.603448: | ike_life: 70s; ipsec_life: 50s; rekey_margin: 5s; rekey_fuzz: 0%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:34:39.603470: | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Sep 21 07:34:39.603475: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:34:39.603481: | spent 0.193 milliseconds in whack Sep 21 07:34:39.603518: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:39.603528: add keyid @west Sep 21 07:34:39.603545: | add pubkey 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 Sep 21 07:34:39.603547: | add pubkey 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e Sep 21 07:34:39.603549: | add pubkey b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 Sep 21 07:34:39.603551: | add pubkey 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 Sep 21 07:34:39.603553: | add pubkey 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 Sep 21 07:34:39.603568: | add pubkey f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c Sep 21 07:34:39.603570: | add pubkey ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a Sep 21 07:34:39.603572: | add pubkey 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 Sep 21 07:34:39.603574: | add pubkey b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 Sep 21 07:34:39.603576: | add pubkey 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a Sep 21 07:34:39.603578: | add pubkey 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 Sep 21 07:34:39.603580: | add pubkey ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc Sep 21 07:34:39.603582: | add pubkey 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e Sep 21 07:34:39.603584: | add pubkey d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 Sep 21 07:34:39.603586: | add pubkey 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d Sep 21 07:34:39.603588: | add pubkey 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f Sep 21 07:34:39.603590: | add pubkey c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 Sep 21 07:34:39.603592: | add pubkey 15 04 37 f9 Sep 21 07:34:39.603632: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:34:39.603635: | computed rsa CKAID 7f 0f 03 50 Sep 21 07:34:39.603640: | keyid: *AQOm9dY/4 Sep 21 07:34:39.603643: | n a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 8b 49 Sep 21 07:34:39.603645: | n 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e b3 96 Sep 21 07:34:39.603650: | n 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 09 f0 Sep 21 07:34:39.603653: | n c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 8f 95 Sep 21 07:34:39.603655: | n 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 f5 99 Sep 21 07:34:39.603657: | n f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c ac 34 Sep 21 07:34:39.603659: | n ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a 94 d3 Sep 21 07:34:39.603661: | n d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 b2 2b Sep 21 07:34:39.603663: | n 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 7d 7a Sep 21 07:34:39.603665: | n 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a 8f 52 Sep 21 07:34:39.603667: | n a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 ca 80 Sep 21 07:34:39.603669: | n db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc 2a b3 Sep 21 07:34:39.603671: | n 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e d3 3a Sep 21 07:34:39.603673: | n 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 87 33 Sep 21 07:34:39.603674: | n 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d 6e e8 Sep 21 07:34:39.603676: | n 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f c9 20 Sep 21 07:34:39.603677: | n 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 15 04 Sep 21 07:34:39.603678: | n 37 f9 Sep 21 07:34:39.603680: | e 03 Sep 21 07:34:39.603681: | CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:34:39.603683: | CKAID 7f 0f 03 50 Sep 21 07:34:39.603689: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:34:39.603693: | spent 0.179 milliseconds in whack Sep 21 07:34:39.603715: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:39.603721: add keyid @east Sep 21 07:34:39.603724: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Sep 21 07:34:39.603725: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Sep 21 07:34:39.603726: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Sep 21 07:34:39.603728: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Sep 21 07:34:39.603729: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Sep 21 07:34:39.603731: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Sep 21 07:34:39.603732: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Sep 21 07:34:39.603733: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Sep 21 07:34:39.603735: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Sep 21 07:34:39.603736: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Sep 21 07:34:39.603738: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Sep 21 07:34:39.603739: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Sep 21 07:34:39.603740: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Sep 21 07:34:39.603742: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Sep 21 07:34:39.603743: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Sep 21 07:34:39.603744: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Sep 21 07:34:39.603746: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Sep 21 07:34:39.603747: | add pubkey 51 51 48 ef Sep 21 07:34:39.603756: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:34:39.603757: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:34:39.603761: | keyid: *AQO9bJbr3 Sep 21 07:34:39.603762: | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Sep 21 07:34:39.603764: | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Sep 21 07:34:39.603765: | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Sep 21 07:34:39.603766: | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Sep 21 07:34:39.603768: | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Sep 21 07:34:39.603769: | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Sep 21 07:34:39.603771: | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Sep 21 07:34:39.603772: | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Sep 21 07:34:39.603775: | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Sep 21 07:34:39.603777: | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Sep 21 07:34:39.603778: | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Sep 21 07:34:39.603780: | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Sep 21 07:34:39.603781: | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Sep 21 07:34:39.603787: | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Sep 21 07:34:39.603791: | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Sep 21 07:34:39.603794: | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Sep 21 07:34:39.603796: | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Sep 21 07:34:39.603798: | n 48 ef Sep 21 07:34:39.603799: | e 03 Sep 21 07:34:39.603802: | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:34:39.603804: | CKAID 8a 82 25 f1 Sep 21 07:34:39.603810: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:34:39.603815: | spent 0.0992 milliseconds in whack Sep 21 07:34:39.733966: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:39.733988: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Sep 21 07:34:39.733992: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:34:39.733998: | start processing: connection "west" (in initiate_a_connection() at initiate.c:186) Sep 21 07:34:39.734001: | connection 'west' +POLICY_UP Sep 21 07:34:39.734006: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Sep 21 07:34:39.734009: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:39.734032: | creating state object #1 at 0x558d8812aba0 Sep 21 07:34:39.734036: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:34:39.734044: | pstats #1 ikev2.ike started Sep 21 07:34:39.734049: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:34:39.734053: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:34:39.734060: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:34:39.734068: | suspend processing: connection "west" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:34:39.734075: | start processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:34:39.734080: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:34:39.734085: | Queuing pending IPsec SA negotiating with 192.1.2.23 "west" IKE SA #1 "west" Sep 21 07:34:39.734089: "west" #1: initiating v2 parent SA Sep 21 07:34:39.734099: | constructing local IKE proposals for west (IKE SA initiator selecting KE) Sep 21 07:34:39.734109: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:34:39.734119: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:34:39.734124: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:34:39.734132: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:34:39.734137: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:34:39.734145: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:34:39.734150: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:34:39.734163: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:34:39.734178: "west": constructed local IKE proposals for west (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:34:39.734187: | adding ikev2_outI1 KE work-order 1 for state #1 Sep 21 07:34:39.734191: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x558d8812d250 Sep 21 07:34:39.734195: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:34:39.734200: | libevent_malloc: new ptr-libevent@0x558d8812d290 size 128 Sep 21 07:34:39.734213: | #1 spent 0.214 milliseconds in ikev2_parent_outI1() Sep 21 07:34:39.734217: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:34:39.734216: | crypto helper 0 resuming Sep 21 07:34:39.734235: | crypto helper 0 starting work-order 1 for state #1 Sep 21 07:34:39.734241: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Sep 21 07:34:39.735294: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.001052 seconds Sep 21 07:34:39.735306: | (#1) spent 1.05 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Sep 21 07:34:39.735310: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Sep 21 07:34:39.735313: | scheduling resume sending helper answer for #1 Sep 21 07:34:39.735317: | libevent_malloc: new ptr-libevent@0x7f95cc006900 size 128 Sep 21 07:34:39.735324: | crypto helper 0 waiting (nothing to do) Sep 21 07:34:39.734227: | RESET processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:34:39.735352: | RESET processing: connection "west" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:34:39.735357: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:34:39.735362: | close_any(fd@23) (in initiate_connection() at initiate.c:372) Sep 21 07:34:39.735367: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:34:39.735372: | spent 0.305 milliseconds in whack Sep 21 07:34:39.735381: | processing resume sending helper answer for #1 Sep 21 07:34:39.735389: | start processing: state #1 connection "west" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:34:39.735393: | crypto helper 0 replies to request ID 1 Sep 21 07:34:39.735396: | calling continuation function 0x558d87a88630 Sep 21 07:34:39.735399: | ikev2_parent_outI1_continue for #1 Sep 21 07:34:39.735428: | **emit ISAKMP Message: Sep 21 07:34:39.735432: | initiator cookie: Sep 21 07:34:39.735435: | 69 ad 92 a7 75 19 56 db Sep 21 07:34:39.735437: | responder cookie: Sep 21 07:34:39.735440: | 00 00 00 00 00 00 00 00 Sep 21 07:34:39.735443: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:39.735447: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:34:39.735450: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:34:39.735454: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:34:39.735457: | Message ID: 0 (0x0) Sep 21 07:34:39.735460: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:39.735484: | using existing local IKE proposals for connection west (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:34:39.735491: | Emitting ikev2_proposals ... Sep 21 07:34:39.735495: | ***emit IKEv2 Security Association Payload: Sep 21 07:34:39.735498: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:39.735501: | flags: none (0x0) Sep 21 07:34:39.735506: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:34:39.735510: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:34:39.735513: | discarding INTEG=NONE Sep 21 07:34:39.735516: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:34:39.735519: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:39.735522: | prop #: 1 (0x1) Sep 21 07:34:39.735525: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:34:39.735527: | spi size: 0 (0x0) Sep 21 07:34:39.735530: | # transforms: 11 (0xb) Sep 21 07:34:39.735534: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:34:39.735538: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.735541: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735544: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:39.735547: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:34:39.735551: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.735555: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:34:39.735558: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:39.735561: | length/value: 256 (0x100) Sep 21 07:34:39.735564: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:34:39.735567: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.735570: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735573: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:34:39.735576: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:34:39.735581: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735585: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.735588: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.735591: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.735594: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735597: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:34:39.735600: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:34:39.735604: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735608: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.735611: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.735614: | discarding INTEG=NONE Sep 21 07:34:39.735617: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.735622: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735625: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.735628: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:34:39.735632: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735636: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.735639: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.735642: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.735645: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735648: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.735651: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:34:39.735655: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735659: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.735662: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.735665: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.735668: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735671: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.735674: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:34:39.735678: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735682: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.735685: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.735688: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.735691: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735694: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.735697: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:34:39.735701: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735705: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.735708: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.735711: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.735714: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735717: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.735720: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:34:39.735724: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735728: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.735732: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.735734: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.735737: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735740: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.735744: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:34:39.735748: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735752: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.735756: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.735759: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.735762: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735765: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.735768: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:34:39.735773: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735776: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.735780: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.735786: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.735792: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:39.735795: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.735798: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:34:39.735802: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735806: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.735810: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.735813: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:34:39.735817: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:34:39.735819: | discarding INTEG=NONE Sep 21 07:34:39.735822: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:34:39.735825: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:39.735828: | prop #: 2 (0x2) Sep 21 07:34:39.735831: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:34:39.735834: | spi size: 0 (0x0) Sep 21 07:34:39.735836: | # transforms: 11 (0xb) Sep 21 07:34:39.735841: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:39.735845: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:34:39.735848: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.735851: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735854: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:39.735857: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:34:39.735861: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.735864: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:34:39.735867: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:39.735870: | length/value: 128 (0x80) Sep 21 07:34:39.735873: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:34:39.735876: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.735879: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735882: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:34:39.735885: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:34:39.735889: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735893: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.735897: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.735899: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.735902: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735905: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:34:39.735912: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:34:39.735916: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735920: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.735923: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.735926: | discarding INTEG=NONE Sep 21 07:34:39.735929: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.735932: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735934: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.735937: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:34:39.735942: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735946: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.735949: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.735952: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.735955: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735958: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.735961: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:34:39.735965: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735969: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.735972: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.735975: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.735978: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735981: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.735984: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:34:39.735988: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.735992: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.735996: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.735998: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736001: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736004: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.736008: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:34:39.736012: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736016: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736019: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.736022: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736025: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736028: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.736031: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:34:39.736035: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736039: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736042: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.736046: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736049: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736052: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.736055: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:34:39.736059: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736063: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736066: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.736069: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736073: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736076: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.736079: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:34:39.736083: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736087: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736090: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.736093: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736096: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:39.736099: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.736102: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:34:39.736106: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736110: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736113: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.736116: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:34:39.736120: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:34:39.736123: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:34:39.736126: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:39.736129: | prop #: 3 (0x3) Sep 21 07:34:39.736132: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:34:39.736134: | spi size: 0 (0x0) Sep 21 07:34:39.736137: | # transforms: 13 (0xd) Sep 21 07:34:39.736142: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:39.736146: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:34:39.736149: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736152: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736155: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:39.736158: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:34:39.736161: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736165: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:34:39.736168: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:39.736170: | length/value: 256 (0x100) Sep 21 07:34:39.736174: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:34:39.736177: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736180: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736183: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:34:39.736186: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:34:39.736191: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736195: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736198: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.736201: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736204: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736207: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:34:39.736210: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:34:39.736215: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736218: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736222: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.736225: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736228: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736231: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:34:39.736234: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:34:39.736238: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736242: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736245: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.736248: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736251: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736254: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:34:39.736257: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:34:39.736261: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736265: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736268: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.736271: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736274: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736277: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.736280: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:34:39.736285: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736288: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736292: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.736295: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736298: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736301: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.736303: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:34:39.736308: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736312: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736315: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.736318: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736322: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736325: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.736328: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:34:39.736333: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736337: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736340: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.736343: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736346: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736349: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.736352: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:34:39.736356: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736360: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736363: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.736366: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736369: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736372: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.736375: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:34:39.736379: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736383: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736386: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.736389: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736392: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736395: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.736398: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:34:39.736403: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736407: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736410: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.736413: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736416: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736419: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.736422: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:34:39.736426: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736430: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736433: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.736436: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736439: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:39.736442: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.736445: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:34:39.736449: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736453: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736459: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.736462: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:34:39.736466: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:34:39.736469: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:34:39.736472: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:34:39.736475: | prop #: 4 (0x4) Sep 21 07:34:39.736478: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:34:39.736481: | spi size: 0 (0x0) Sep 21 07:34:39.736483: | # transforms: 13 (0xd) Sep 21 07:34:39.736488: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:39.736491: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:34:39.736495: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736498: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736501: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:39.736504: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:34:39.736507: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736511: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:34:39.736514: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:39.736517: | length/value: 128 (0x80) Sep 21 07:34:39.736520: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:34:39.736523: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736526: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736529: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:34:39.736532: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:34:39.736536: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736540: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736544: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.736546: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736549: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736552: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:34:39.736555: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:34:39.736559: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736563: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736567: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.736569: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736572: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736575: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:34:39.736578: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:34:39.736583: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736586: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736590: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.736592: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736596: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736599: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:34:39.736603: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:34:39.736608: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736611: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736615: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.736618: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736621: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736624: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.736627: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:34:39.736631: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736635: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736638: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.736641: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736644: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736647: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.736650: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:34:39.736654: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736658: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736662: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.736664: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736667: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736670: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.736673: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:34:39.736678: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736681: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736685: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.736687: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736690: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736693: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.736696: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:34:39.736701: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736705: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736708: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.736711: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736714: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736717: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.736720: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:34:39.736724: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736728: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736732: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.736736: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736739: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736742: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.736745: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:34:39.736749: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736753: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736756: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.736759: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736762: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736765: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.736768: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:34:39.736772: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736776: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736779: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.736782: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.736790: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:39.736794: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.736797: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:34:39.736801: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.736805: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.736808: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.736811: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:34:39.736815: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:34:39.736818: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:34:39.736822: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:34:39.736825: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:34:39.736828: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:39.736831: | flags: none (0x0) Sep 21 07:34:39.736834: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:34:39.736838: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:34:39.736842: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:34:39.736846: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:34:39.736850: | ikev2 g^x c4 99 ad 34 35 5e 0c f6 74 4a 60 17 14 4b 4f af Sep 21 07:34:39.736853: | ikev2 g^x 6e f2 69 d0 64 e6 59 d9 b5 db a9 79 e7 e5 dd 35 Sep 21 07:34:39.736856: | ikev2 g^x e2 e3 13 29 ac 92 ae bf 7b 97 89 61 33 6e 5c 33 Sep 21 07:34:39.736859: | ikev2 g^x 8c a4 ff d8 b4 6a e5 4f e4 88 ba 2c 78 0d 1c a9 Sep 21 07:34:39.736862: | ikev2 g^x 9e 57 ad 35 8f 78 26 29 57 e2 38 b6 9a 87 54 73 Sep 21 07:34:39.736865: | ikev2 g^x 5f 71 4f c2 ab b6 e2 a7 f1 a2 a6 0d e5 f5 30 6a Sep 21 07:34:39.736868: | ikev2 g^x 91 7f f4 4c 31 d2 d8 82 43 98 1d d0 23 31 67 af Sep 21 07:34:39.736871: | ikev2 g^x 32 ba 6f cb eb 4e 2e 32 6e 0c e8 b0 fd 59 e9 de Sep 21 07:34:39.736874: | ikev2 g^x 30 29 51 e9 5e 4b 11 33 4f 31 21 ea 8a 68 8f 67 Sep 21 07:34:39.736877: | ikev2 g^x 1d 89 29 6a 8a d1 9a 3e 1b ea bc e5 4d b2 81 37 Sep 21 07:34:39.736881: | ikev2 g^x 5c 7b 52 2e 72 46 84 4c f7 0f 46 12 5f 2b 04 89 Sep 21 07:34:39.736884: | ikev2 g^x af 5b df 5c 3d 63 0e aa ca 03 6f 39 42 61 6d cc Sep 21 07:34:39.736887: | ikev2 g^x 8a a0 c2 25 d9 59 45 eb 49 50 25 04 e7 25 a5 03 Sep 21 07:34:39.736890: | ikev2 g^x 3d 17 71 04 c8 1e b6 84 8a 5f 76 4d 69 b6 90 49 Sep 21 07:34:39.736893: | ikev2 g^x fb a7 2e d5 e0 06 25 80 2f 63 9e 75 a7 ee af 13 Sep 21 07:34:39.736896: | ikev2 g^x a5 22 41 f9 a0 e0 e6 d7 f8 c0 36 82 66 9e 65 71 Sep 21 07:34:39.736899: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:34:39.736902: | ***emit IKEv2 Nonce Payload: Sep 21 07:34:39.736905: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:34:39.736907: | flags: none (0x0) Sep 21 07:34:39.736911: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:34:39.736916: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:34:39.736919: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:34:39.736923: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:34:39.736926: | IKEv2 nonce 40 8a 74 b7 76 81 9b 51 72 97 44 10 4b d8 c5 8e Sep 21 07:34:39.736929: | IKEv2 nonce f6 fb 84 33 10 22 ea f0 b2 fc 61 2b 2e 8b 4b 06 Sep 21 07:34:39.736932: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:34:39.736936: | Adding a v2N Payload Sep 21 07:34:39.736938: | ***emit IKEv2 Notify Payload: Sep 21 07:34:39.736941: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:39.736944: | flags: none (0x0) Sep 21 07:34:39.736947: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:34:39.736950: | SPI size: 0 (0x0) Sep 21 07:34:39.736953: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:34:39.736958: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:34:39.736961: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:34:39.736964: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:34:39.736968: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:34:39.736971: | natd_hash: rcookie is zero Sep 21 07:34:39.736987: | natd_hash: hasher=0x558d87b5e7a0(20) Sep 21 07:34:39.736991: | natd_hash: icookie= 69 ad 92 a7 75 19 56 db Sep 21 07:34:39.736994: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:34:39.736996: | natd_hash: ip= c0 01 02 2d Sep 21 07:34:39.736999: | natd_hash: port= 01 f4 Sep 21 07:34:39.737002: | natd_hash: hash= 8a 49 b7 a9 70 c5 2a b1 06 4c 5d 5c d8 1c 46 be Sep 21 07:34:39.737005: | natd_hash: hash= 25 7a fb db Sep 21 07:34:39.737008: | Adding a v2N Payload Sep 21 07:34:39.737010: | ***emit IKEv2 Notify Payload: Sep 21 07:34:39.737013: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:39.737016: | flags: none (0x0) Sep 21 07:34:39.737019: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:34:39.737022: | SPI size: 0 (0x0) Sep 21 07:34:39.737025: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:34:39.737029: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:34:39.737032: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:34:39.737036: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:34:39.737039: | Notify data 8a 49 b7 a9 70 c5 2a b1 06 4c 5d 5c d8 1c 46 be Sep 21 07:34:39.737042: | Notify data 25 7a fb db Sep 21 07:34:39.737045: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:34:39.737048: | natd_hash: rcookie is zero Sep 21 07:34:39.737054: | natd_hash: hasher=0x558d87b5e7a0(20) Sep 21 07:34:39.737057: | natd_hash: icookie= 69 ad 92 a7 75 19 56 db Sep 21 07:34:39.737062: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:34:39.737065: | natd_hash: ip= c0 01 02 17 Sep 21 07:34:39.737067: | natd_hash: port= 01 f4 Sep 21 07:34:39.737070: | natd_hash: hash= 46 83 32 29 b2 cd ac 0e b2 79 7f 3f 08 4b ce 65 Sep 21 07:34:39.737073: | natd_hash: hash= 8b 96 f3 e0 Sep 21 07:34:39.737076: | Adding a v2N Payload Sep 21 07:34:39.737079: | ***emit IKEv2 Notify Payload: Sep 21 07:34:39.737082: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:39.737084: | flags: none (0x0) Sep 21 07:34:39.737087: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:34:39.737090: | SPI size: 0 (0x0) Sep 21 07:34:39.737093: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:34:39.737097: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:34:39.737101: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:34:39.737104: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:34:39.737107: | Notify data 46 83 32 29 b2 cd ac 0e b2 79 7f 3f 08 4b ce 65 Sep 21 07:34:39.737110: | Notify data 8b 96 f3 e0 Sep 21 07:34:39.737113: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:34:39.737116: | emitting length of ISAKMP Message: 828 Sep 21 07:34:39.737124: | stop processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:34:39.737134: | start processing: state #1 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:34:39.737139: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:34:39.737142: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:34:39.737146: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:34:39.737150: | Message ID: updating counters for #1 to 4294967295 after switching state Sep 21 07:34:39.737153: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:34:39.737160: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:34:39.737163: "west" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:34:39.737173: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Sep 21 07:34:39.737184: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:34:39.737188: | 69 ad 92 a7 75 19 56 db 00 00 00 00 00 00 00 00 Sep 21 07:34:39.737191: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:34:39.737193: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:34:39.737196: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:34:39.737199: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:34:39.737202: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:34:39.737205: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:34:39.737208: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:34:39.737210: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:34:39.737213: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:34:39.737216: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:34:39.737219: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:34:39.737222: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:34:39.737225: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:34:39.737227: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:34:39.737230: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:34:39.737233: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:34:39.737236: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:34:39.737240: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:34:39.737243: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:34:39.737246: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:34:39.737249: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:34:39.737252: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:34:39.737255: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:34:39.737257: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:34:39.737260: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:34:39.737263: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:34:39.737266: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:34:39.737269: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:34:39.737272: | 28 00 01 08 00 0e 00 00 c4 99 ad 34 35 5e 0c f6 Sep 21 07:34:39.737274: | 74 4a 60 17 14 4b 4f af 6e f2 69 d0 64 e6 59 d9 Sep 21 07:34:39.737277: | b5 db a9 79 e7 e5 dd 35 e2 e3 13 29 ac 92 ae bf Sep 21 07:34:39.737280: | 7b 97 89 61 33 6e 5c 33 8c a4 ff d8 b4 6a e5 4f Sep 21 07:34:39.737283: | e4 88 ba 2c 78 0d 1c a9 9e 57 ad 35 8f 78 26 29 Sep 21 07:34:39.737286: | 57 e2 38 b6 9a 87 54 73 5f 71 4f c2 ab b6 e2 a7 Sep 21 07:34:39.737289: | f1 a2 a6 0d e5 f5 30 6a 91 7f f4 4c 31 d2 d8 82 Sep 21 07:34:39.737291: | 43 98 1d d0 23 31 67 af 32 ba 6f cb eb 4e 2e 32 Sep 21 07:34:39.737294: | 6e 0c e8 b0 fd 59 e9 de 30 29 51 e9 5e 4b 11 33 Sep 21 07:34:39.737297: | 4f 31 21 ea 8a 68 8f 67 1d 89 29 6a 8a d1 9a 3e Sep 21 07:34:39.737300: | 1b ea bc e5 4d b2 81 37 5c 7b 52 2e 72 46 84 4c Sep 21 07:34:39.737303: | f7 0f 46 12 5f 2b 04 89 af 5b df 5c 3d 63 0e aa Sep 21 07:34:39.737306: | ca 03 6f 39 42 61 6d cc 8a a0 c2 25 d9 59 45 eb Sep 21 07:34:39.737309: | 49 50 25 04 e7 25 a5 03 3d 17 71 04 c8 1e b6 84 Sep 21 07:34:39.737312: | 8a 5f 76 4d 69 b6 90 49 fb a7 2e d5 e0 06 25 80 Sep 21 07:34:39.737314: | 2f 63 9e 75 a7 ee af 13 a5 22 41 f9 a0 e0 e6 d7 Sep 21 07:34:39.737317: | f8 c0 36 82 66 9e 65 71 29 00 00 24 40 8a 74 b7 Sep 21 07:34:39.737320: | 76 81 9b 51 72 97 44 10 4b d8 c5 8e f6 fb 84 33 Sep 21 07:34:39.737323: | 10 22 ea f0 b2 fc 61 2b 2e 8b 4b 06 29 00 00 08 Sep 21 07:34:39.737326: | 00 00 40 2e 29 00 00 1c 00 00 40 04 8a 49 b7 a9 Sep 21 07:34:39.737329: | 70 c5 2a b1 06 4c 5d 5c d8 1c 46 be 25 7a fb db Sep 21 07:34:39.737331: | 00 00 00 1c 00 00 40 05 46 83 32 29 b2 cd ac 0e Sep 21 07:34:39.737334: | b2 79 7f 3f 08 4b ce 65 8b 96 f3 e0 Sep 21 07:34:39.737407: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:39.737413: | libevent_free: release ptr-libevent@0x558d8812d290 Sep 21 07:34:39.737417: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x558d8812d250 Sep 21 07:34:39.737420: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=15000ms Sep 21 07:34:39.737425: | event_schedule: new EVENT_RETRANSMIT-pe@0x558d8812d250 Sep 21 07:34:39.737429: | inserting event EVENT_RETRANSMIT, timeout in 15 seconds for #1 Sep 21 07:34:39.737432: | libevent_malloc: new ptr-libevent@0x558d8812d290 size 128 Sep 21 07:34:39.737439: | #1 STATE_PARENT_I1: retransmits: first event in 15 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49926.105688 Sep 21 07:34:39.737444: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Sep 21 07:34:39.737450: | #1 spent 2.01 milliseconds in resume sending helper answer Sep 21 07:34:39.737456: | stop processing: state #1 connection "west" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:34:39.737459: | libevent_free: release ptr-libevent@0x7f95cc006900 Sep 21 07:34:39.741530: | spent 0.00233 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:39.741556: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:34:39.741560: | 69 ad 92 a7 75 19 56 db ac 0b 57 f1 09 63 64 a6 Sep 21 07:34:39.741565: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Sep 21 07:34:39.741568: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:34:39.741571: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:34:39.741574: | 04 00 00 0e 28 00 01 08 00 0e 00 00 c8 7b 1e 87 Sep 21 07:34:39.741577: | 7a 94 c8 27 3b 4f 55 cb d0 1a 3d 86 36 f0 6e 85 Sep 21 07:34:39.741579: | c6 49 7f a3 db 96 51 48 62 92 c8 9a 41 50 0a 8c Sep 21 07:34:39.741582: | 3f 2f 7c e8 bd 91 60 6a 21 73 d6 c1 22 71 04 88 Sep 21 07:34:39.741585: | d0 b1 d7 1b 8a 25 54 3c be 46 5e a7 8a ac eb 84 Sep 21 07:34:39.741588: | 48 95 1d 8a a3 c7 ec de 8f e3 12 c1 ef cc 30 53 Sep 21 07:34:39.741591: | e6 e2 47 c5 52 78 73 cd 3f 03 bf fb 06 04 7b ac Sep 21 07:34:39.741594: | 76 07 0d 57 48 fc 1d 99 0d f5 1b 0d 69 ef 12 84 Sep 21 07:34:39.741597: | c6 c5 fa 7b 78 9d 4b 86 ed 0a 9e d8 0d 10 92 18 Sep 21 07:34:39.741599: | fa bc a1 42 65 ea 7e 07 b0 7e f6 3d fd 9b 86 d6 Sep 21 07:34:39.741602: | 62 1d 75 39 20 47 a6 6b 68 2b 49 55 02 af 78 43 Sep 21 07:34:39.741605: | 20 0a 2e 71 36 1e 1d 85 1f ac b8 fd a6 4d 51 5b Sep 21 07:34:39.741608: | 3c 55 b5 05 44 3f 56 dc 57 5c 74 88 97 9c 35 ab Sep 21 07:34:39.741611: | 52 34 96 a9 81 60 97 c2 0a b5 af df b9 dd f7 7b Sep 21 07:34:39.741614: | 6c 0a c7 75 b9 cc 78 7e 96 57 34 00 51 d5 0d 73 Sep 21 07:34:39.741617: | 6a 23 73 be a4 bb 6e 9b 12 9d de e5 f7 37 a8 05 Sep 21 07:34:39.741620: | 97 9e 7f fa 99 c3 88 04 a7 2f 7b 24 29 00 00 24 Sep 21 07:34:39.741622: | 40 1d 22 09 e7 74 c5 44 d0 c6 25 35 3d 28 cd 65 Sep 21 07:34:39.741625: | 15 45 36 cb bd 38 51 6f 3b 9a 9f 8a 2c 96 12 16 Sep 21 07:34:39.741628: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:34:39.741631: | cb c6 47 a6 af 59 b4 e2 5a c5 03 56 9a 7f d9 48 Sep 21 07:34:39.741634: | 89 92 b4 3c 00 00 00 1c 00 00 40 05 8d 99 74 98 Sep 21 07:34:39.741637: | 78 63 70 8a 01 48 25 e8 0f 4a 91 65 17 fa c2 bd Sep 21 07:34:39.741642: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:39.741646: | **parse ISAKMP Message: Sep 21 07:34:39.741649: | initiator cookie: Sep 21 07:34:39.741651: | 69 ad 92 a7 75 19 56 db Sep 21 07:34:39.741654: | responder cookie: Sep 21 07:34:39.741657: | ac 0b 57 f1 09 63 64 a6 Sep 21 07:34:39.741660: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:34:39.741663: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:34:39.741666: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:34:39.741670: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:34:39.741672: | Message ID: 0 (0x0) Sep 21 07:34:39.741675: | length: 432 (0x1b0) Sep 21 07:34:39.741679: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:34:39.741683: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Sep 21 07:34:39.741688: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Sep 21 07:34:39.741695: | start processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:34:39.741701: | [RE]START processing: state #1 connection "west" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:34:39.741704: | #1 is idle Sep 21 07:34:39.741706: | #1 idle Sep 21 07:34:39.741709: | unpacking clear payload Sep 21 07:34:39.741712: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:34:39.741715: | ***parse IKEv2 Security Association Payload: Sep 21 07:34:39.741719: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:34:39.741721: | flags: none (0x0) Sep 21 07:34:39.741724: | length: 40 (0x28) Sep 21 07:34:39.741727: | processing payload: ISAKMP_NEXT_v2SA (len=36) Sep 21 07:34:39.741730: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:34:39.741733: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:34:39.741736: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:34:39.741741: | flags: none (0x0) Sep 21 07:34:39.741744: | length: 264 (0x108) Sep 21 07:34:39.741747: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:34:39.741750: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:34:39.741753: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:34:39.741756: | ***parse IKEv2 Nonce Payload: Sep 21 07:34:39.741759: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:34:39.741762: | flags: none (0x0) Sep 21 07:34:39.741764: | length: 36 (0x24) Sep 21 07:34:39.741767: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:34:39.741770: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:34:39.741773: | ***parse IKEv2 Notify Payload: Sep 21 07:34:39.741776: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:34:39.741779: | flags: none (0x0) Sep 21 07:34:39.741782: | length: 8 (0x8) Sep 21 07:34:39.741795: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:34:39.741798: | SPI size: 0 (0x0) Sep 21 07:34:39.741801: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:34:39.741804: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:34:39.741807: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:34:39.741810: | ***parse IKEv2 Notify Payload: Sep 21 07:34:39.741813: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:34:39.741816: | flags: none (0x0) Sep 21 07:34:39.741818: | length: 28 (0x1c) Sep 21 07:34:39.741821: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:34:39.741824: | SPI size: 0 (0x0) Sep 21 07:34:39.741827: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:34:39.741830: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:34:39.741833: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:34:39.741836: | ***parse IKEv2 Notify Payload: Sep 21 07:34:39.741839: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:39.741841: | flags: none (0x0) Sep 21 07:34:39.741844: | length: 28 (0x1c) Sep 21 07:34:39.741847: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:34:39.741850: | SPI size: 0 (0x0) Sep 21 07:34:39.741853: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:34:39.741856: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:34:39.741859: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Sep 21 07:34:39.741866: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:34:39.741870: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:34:39.741873: | Now let's proceed with state specific processing Sep 21 07:34:39.741876: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:34:39.741881: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Sep 21 07:34:39.741907: | using existing local IKE proposals for connection west (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:34:39.741911: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Sep 21 07:34:39.741915: | local proposal 1 type ENCR has 1 transforms Sep 21 07:34:39.741918: | local proposal 1 type PRF has 2 transforms Sep 21 07:34:39.741921: | local proposal 1 type INTEG has 1 transforms Sep 21 07:34:39.741924: | local proposal 1 type DH has 8 transforms Sep 21 07:34:39.741927: | local proposal 1 type ESN has 0 transforms Sep 21 07:34:39.741933: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:34:39.741936: | local proposal 2 type ENCR has 1 transforms Sep 21 07:34:39.741939: | local proposal 2 type PRF has 2 transforms Sep 21 07:34:39.741943: | local proposal 2 type INTEG has 1 transforms Sep 21 07:34:39.741946: | local proposal 2 type DH has 8 transforms Sep 21 07:34:39.741949: | local proposal 2 type ESN has 0 transforms Sep 21 07:34:39.741952: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:34:39.741955: | local proposal 3 type ENCR has 1 transforms Sep 21 07:34:39.741958: | local proposal 3 type PRF has 2 transforms Sep 21 07:34:39.741961: | local proposal 3 type INTEG has 2 transforms Sep 21 07:34:39.741964: | local proposal 3 type DH has 8 transforms Sep 21 07:34:39.741967: | local proposal 3 type ESN has 0 transforms Sep 21 07:34:39.741971: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:34:39.741974: | local proposal 4 type ENCR has 1 transforms Sep 21 07:34:39.741977: | local proposal 4 type PRF has 2 transforms Sep 21 07:34:39.741980: | local proposal 4 type INTEG has 2 transforms Sep 21 07:34:39.741983: | local proposal 4 type DH has 8 transforms Sep 21 07:34:39.741986: | local proposal 4 type ESN has 0 transforms Sep 21 07:34:39.741990: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:34:39.741994: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:34:39.741997: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:34:39.741999: | length: 36 (0x24) Sep 21 07:34:39.742002: | prop #: 1 (0x1) Sep 21 07:34:39.742005: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:34:39.742008: | spi size: 0 (0x0) Sep 21 07:34:39.742011: | # transforms: 3 (0x3) Sep 21 07:34:39.742015: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:34:39.742018: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:34:39.742022: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.742024: | length: 12 (0xc) Sep 21 07:34:39.742027: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:39.742030: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:34:39.742033: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:34:39.742037: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:39.742039: | length/value: 256 (0x100) Sep 21 07:34:39.742045: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:34:39.742048: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:34:39.742051: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.742054: | length: 8 (0x8) Sep 21 07:34:39.742057: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:34:39.742060: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:34:39.742064: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:34:39.742068: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:34:39.742071: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:39.742074: | length: 8 (0x8) Sep 21 07:34:39.742077: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:34:39.742080: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:34:39.742084: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:34:39.742089: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:34:39.742095: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:34:39.742098: | remote proposal 1 matches local proposal 1 Sep 21 07:34:39.742102: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Sep 21 07:34:39.742104: | converting proposal to internal trans attrs Sep 21 07:34:39.742119: | natd_hash: hasher=0x558d87b5e7a0(20) Sep 21 07:34:39.742124: | natd_hash: icookie= 69 ad 92 a7 75 19 56 db Sep 21 07:34:39.742127: | natd_hash: rcookie= ac 0b 57 f1 09 63 64 a6 Sep 21 07:34:39.742130: | natd_hash: ip= c0 01 02 2d Sep 21 07:34:39.742132: | natd_hash: port= 01 f4 Sep 21 07:34:39.742136: | natd_hash: hash= 8d 99 74 98 78 63 70 8a 01 48 25 e8 0f 4a 91 65 Sep 21 07:34:39.742138: | natd_hash: hash= 17 fa c2 bd Sep 21 07:34:39.742145: | natd_hash: hasher=0x558d87b5e7a0(20) Sep 21 07:34:39.742148: | natd_hash: icookie= 69 ad 92 a7 75 19 56 db Sep 21 07:34:39.742151: | natd_hash: rcookie= ac 0b 57 f1 09 63 64 a6 Sep 21 07:34:39.742153: | natd_hash: ip= c0 01 02 17 Sep 21 07:34:39.742156: | natd_hash: port= 01 f4 Sep 21 07:34:39.742159: | natd_hash: hash= cb c6 47 a6 af 59 b4 e2 5a c5 03 56 9a 7f d9 48 Sep 21 07:34:39.742161: | natd_hash: hash= 89 92 b4 3c Sep 21 07:34:39.742164: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:34:39.742167: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:34:39.742170: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:34:39.742174: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:34:39.742180: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:34:39.742184: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Sep 21 07:34:39.742188: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:34:39.742191: | #1 STATE_PARENT_I1: retransmits: cleared Sep 21 07:34:39.742195: | libevent_free: release ptr-libevent@0x558d8812d290 Sep 21 07:34:39.742199: | free_event_entry: release EVENT_RETRANSMIT-pe@0x558d8812d250 Sep 21 07:34:39.742202: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x558d8812d250 Sep 21 07:34:39.742206: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:34:39.742210: | libevent_malloc: new ptr-libevent@0x558d8812d290 size 128 Sep 21 07:34:39.742221: | #1 spent 0.339 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Sep 21 07:34:39.742226: | crypto helper 1 resuming Sep 21 07:34:39.742228: | [RE]START processing: state #1 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:34:39.742238: | crypto helper 1 starting work-order 2 for state #1 Sep 21 07:34:39.742248: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Sep 21 07:34:39.742255: | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Sep 21 07:34:39.742258: | suspending state #1 and saving MD Sep 21 07:34:39.742261: | #1 is busy; has a suspended MD Sep 21 07:34:39.742267: | [RE]START processing: state #1 connection "west" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:34:39.742272: | "west" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:34:39.742277: | stop processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:34:39.742282: | #1 spent 0.725 milliseconds in ikev2_process_packet() Sep 21 07:34:39.742287: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:34:39.742290: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:34:39.742294: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:39.742298: | spent 0.741 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:39.743192: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:34:39.743630: | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001374 seconds Sep 21 07:34:39.743638: | (#1) spent 1.38 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Sep 21 07:34:39.743641: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Sep 21 07:34:39.743644: | scheduling resume sending helper answer for #1 Sep 21 07:34:39.743649: | libevent_malloc: new ptr-libevent@0x7f95c4006b90 size 128 Sep 21 07:34:39.743656: | crypto helper 1 waiting (nothing to do) Sep 21 07:34:39.743667: | processing resume sending helper answer for #1 Sep 21 07:34:39.743677: | start processing: state #1 connection "west" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:34:39.743682: | crypto helper 1 replies to request ID 2 Sep 21 07:34:39.743685: | calling continuation function 0x558d87a88630 Sep 21 07:34:39.743688: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Sep 21 07:34:39.743696: | creating state object #2 at 0x558d8812faf0 Sep 21 07:34:39.743700: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:34:39.743704: | pstats #2 ikev2.child started Sep 21 07:34:39.743708: | duplicating state object #1 "west" as #2 for IPSEC SA Sep 21 07:34:39.743713: | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:34:39.743721: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:34:39.743728: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Sep 21 07:34:39.743734: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Sep 21 07:34:39.743737: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:39.743741: | libevent_free: release ptr-libevent@0x558d8812d290 Sep 21 07:34:39.743744: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x558d8812d250 Sep 21 07:34:39.743748: | event_schedule: new EVENT_SA_REPLACE-pe@0x558d8812d250 Sep 21 07:34:39.743752: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Sep 21 07:34:39.743755: | libevent_malloc: new ptr-libevent@0x558d8812d290 size 128 Sep 21 07:34:39.743760: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Sep 21 07:34:39.743765: | **emit ISAKMP Message: Sep 21 07:34:39.743768: | initiator cookie: Sep 21 07:34:39.743771: | 69 ad 92 a7 75 19 56 db Sep 21 07:34:39.743774: | responder cookie: Sep 21 07:34:39.743776: | ac 0b 57 f1 09 63 64 a6 Sep 21 07:34:39.743780: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:39.743793: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:34:39.743799: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:34:39.743802: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:34:39.743805: | Message ID: 1 (0x1) Sep 21 07:34:39.743809: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:39.743812: | ***emit IKEv2 Encryption Payload: Sep 21 07:34:39.743815: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:39.743818: | flags: none (0x0) Sep 21 07:34:39.743822: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:34:39.743826: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:34:39.743830: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:34:39.743838: | IKEv2 CERT: send a certificate? Sep 21 07:34:39.743843: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Sep 21 07:34:39.743846: | IDr payload will be sent Sep 21 07:34:39.743861: | ****emit IKEv2 Identification - Initiator - Payload: Sep 21 07:34:39.743865: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:39.743867: | flags: none (0x0) Sep 21 07:34:39.743870: | ID type: ID_FQDN (0x2) Sep 21 07:34:39.743875: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Sep 21 07:34:39.743879: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:34:39.743885: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Sep 21 07:34:39.743888: | my identity 77 65 73 74 Sep 21 07:34:39.743891: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Sep 21 07:34:39.743900: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:34:39.743904: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:34:39.743906: | flags: none (0x0) Sep 21 07:34:39.743909: | ID type: ID_FQDN (0x2) Sep 21 07:34:39.743913: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Sep 21 07:34:39.743918: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:34:39.743921: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:34:39.743925: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Sep 21 07:34:39.743928: | IDr 65 61 73 74 Sep 21 07:34:39.743931: | emitting length of IKEv2 Identification - Responder - Payload: 12 Sep 21 07:34:39.743934: | not sending INITIAL_CONTACT Sep 21 07:34:39.743937: | ****emit IKEv2 Authentication Payload: Sep 21 07:34:39.743941: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:39.743943: | flags: none (0x0) Sep 21 07:34:39.743947: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:34:39.743951: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:34:39.743955: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:34:39.743960: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Sep 21 07:34:39.743965: | started looking for secret for @west->@east of kind PKK_PSK Sep 21 07:34:39.743968: | actually looking for secret for @west->@east of kind PKK_PSK Sep 21 07:34:39.743972: | line 1: key type PKK_PSK(@west) to type PKK_PSK Sep 21 07:34:39.743977: | 1: compared key @east to @west / @east -> 004 Sep 21 07:34:39.743981: | 2: compared key @west to @west / @east -> 014 Sep 21 07:34:39.743984: | line 1: match=014 Sep 21 07:34:39.743988: | match 014 beats previous best_match 000 match=0x558d8811e0d0 (line=1) Sep 21 07:34:39.743991: | concluding with best_match=014 best=0x558d8811e0d0 (lineno=1) Sep 21 07:34:39.744056: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Sep 21 07:34:39.744060: | PSK auth bc 16 86 48 43 45 3d 1b 61 10 87 80 e3 cd 13 1c Sep 21 07:34:39.744063: | PSK auth 1a cf 98 19 55 66 fd 7f 21 46 93 76 e9 af 12 e9 Sep 21 07:34:39.744066: | PSK auth 7e f5 d2 2e c6 d1 09 e5 d9 2e 7f 29 5d ff 85 f0 Sep 21 07:34:39.744069: | PSK auth d1 24 62 88 a7 3f 7e 1d 42 dd 44 e3 07 55 bb 89 Sep 21 07:34:39.744072: | emitting length of IKEv2 Authentication Payload: 72 Sep 21 07:34:39.744076: | getting first pending from state #1 Sep 21 07:34:39.744096: | netlink_get_spi: allocated 0xe1ab4023 for esp.0@192.1.2.45 Sep 21 07:34:39.744101: | constructing ESP/AH proposals with all DH removed for west (IKE SA initiator emitting ESP/AH proposals) Sep 21 07:34:39.744108: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:34:39.744114: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:34:39.744118: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:34:39.744123: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:34:39.744127: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:34:39.744133: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:34:39.744137: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:34:39.744145: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:34:39.744156: "west": constructed local ESP/AH proposals for west (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:34:39.744166: | Emitting ikev2_proposals ... Sep 21 07:34:39.744170: | ****emit IKEv2 Security Association Payload: Sep 21 07:34:39.744173: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:39.744176: | flags: none (0x0) Sep 21 07:34:39.744180: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:34:39.744184: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:34:39.744187: | discarding INTEG=NONE Sep 21 07:34:39.744189: | discarding DH=NONE Sep 21 07:34:39.744193: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:34:39.744196: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:39.744199: | prop #: 1 (0x1) Sep 21 07:34:39.744202: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:34:39.744205: | spi size: 4 (0x4) Sep 21 07:34:39.744207: | # transforms: 2 (0x2) Sep 21 07:34:39.744211: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:34:39.744215: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:34:39.744218: | our spi e1 ab 40 23 Sep 21 07:34:39.744221: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.744224: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.744227: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:39.744230: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:34:39.744234: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.744237: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:34:39.744241: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:39.744244: | length/value: 256 (0x100) Sep 21 07:34:39.744247: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:34:39.744250: | discarding INTEG=NONE Sep 21 07:34:39.744252: | discarding DH=NONE Sep 21 07:34:39.744255: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.744258: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:39.744262: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:34:39.744265: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:34:39.744269: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.744273: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.744276: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.744279: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:34:39.744283: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:34:39.744286: | discarding INTEG=NONE Sep 21 07:34:39.744288: | discarding DH=NONE Sep 21 07:34:39.744291: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:34:39.744295: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:39.744297: | prop #: 2 (0x2) Sep 21 07:34:39.744300: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:34:39.744303: | spi size: 4 (0x4) Sep 21 07:34:39.744307: | # transforms: 2 (0x2) Sep 21 07:34:39.744312: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:39.744316: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:34:39.744319: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:34:39.744322: | our spi e1 ab 40 23 Sep 21 07:34:39.744325: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.744328: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.744331: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:39.744334: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:34:39.744338: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.744341: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:34:39.744344: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:39.744347: | length/value: 128 (0x80) Sep 21 07:34:39.744351: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:34:39.744353: | discarding INTEG=NONE Sep 21 07:34:39.744356: | discarding DH=NONE Sep 21 07:34:39.744359: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.744361: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:39.744365: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:34:39.744368: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:34:39.744372: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.744376: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.744379: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.744382: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:34:39.744386: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:34:39.744389: | discarding DH=NONE Sep 21 07:34:39.744392: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:34:39.744395: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:39.744398: | prop #: 3 (0x3) Sep 21 07:34:39.744400: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:34:39.744403: | spi size: 4 (0x4) Sep 21 07:34:39.744406: | # transforms: 4 (0x4) Sep 21 07:34:39.744410: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:39.744414: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:34:39.744418: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:34:39.744420: | our spi e1 ab 40 23 Sep 21 07:34:39.744423: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.744426: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.744429: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:39.744432: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:34:39.744436: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.744439: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:34:39.744442: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:39.744445: | length/value: 256 (0x100) Sep 21 07:34:39.744448: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:34:39.744452: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.744455: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.744458: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:34:39.744462: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:34:39.744466: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.744470: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.744474: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.744477: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.744480: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.744483: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:34:39.744486: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:34:39.744490: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.744494: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.744497: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.744500: | discarding DH=NONE Sep 21 07:34:39.744503: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.744506: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:39.744509: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:34:39.744512: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:34:39.744516: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.744520: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.744523: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.744527: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:34:39.744530: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:34:39.744533: | discarding DH=NONE Sep 21 07:34:39.744536: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:34:39.744539: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:34:39.744542: | prop #: 4 (0x4) Sep 21 07:34:39.744545: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:34:39.744547: | spi size: 4 (0x4) Sep 21 07:34:39.744550: | # transforms: 4 (0x4) Sep 21 07:34:39.744554: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:34:39.744558: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:34:39.744562: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:34:39.744564: | our spi e1 ab 40 23 Sep 21 07:34:39.744567: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.744570: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.744573: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:39.744576: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:34:39.744580: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.744584: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:34:39.744587: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:39.744590: | length/value: 128 (0x80) Sep 21 07:34:39.744593: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:34:39.744596: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.744599: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.744602: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:34:39.744605: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:34:39.744610: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.744614: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.744618: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.744621: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.744623: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.744627: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:34:39.744630: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:34:39.744634: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.744638: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.744641: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.744643: | discarding DH=NONE Sep 21 07:34:39.744647: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:34:39.744650: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:39.744653: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:34:39.744656: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:34:39.744660: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.744664: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:34:39.744667: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:34:39.744670: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:34:39.744674: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:34:39.744677: | emitting length of IKEv2 Security Association Payload: 164 Sep 21 07:34:39.744681: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:34:39.744685: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:34:39.744688: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:39.744691: | flags: none (0x0) Sep 21 07:34:39.744694: | number of TS: 1 (0x1) Sep 21 07:34:39.744698: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:34:39.744702: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:34:39.744705: | *****emit IKEv2 Traffic Selector: Sep 21 07:34:39.744708: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:34:39.744711: | IP Protocol ID: 0 (0x0) Sep 21 07:34:39.744714: | start port: 0 (0x0) Sep 21 07:34:39.744717: | end port: 65535 (0xffff) Sep 21 07:34:39.744721: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:34:39.744724: | IP start c0 00 01 00 Sep 21 07:34:39.744727: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:34:39.744730: | IP end c0 00 01 ff Sep 21 07:34:39.744733: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:34:39.744736: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:34:39.744739: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:34:39.744742: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:39.744745: | flags: none (0x0) Sep 21 07:34:39.744748: | number of TS: 1 (0x1) Sep 21 07:34:39.744752: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:34:39.744757: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:34:39.744760: | *****emit IKEv2 Traffic Selector: Sep 21 07:34:39.744763: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:34:39.744766: | IP Protocol ID: 0 (0x0) Sep 21 07:34:39.744769: | start port: 0 (0x0) Sep 21 07:34:39.744772: | end port: 65535 (0xffff) Sep 21 07:34:39.744775: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:34:39.744778: | IP start c0 00 02 00 Sep 21 07:34:39.744781: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:34:39.744790: | IP end c0 00 02 ff Sep 21 07:34:39.744793: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:34:39.744796: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:34:39.744800: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:34:39.744803: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:34:39.744806: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:34:39.744810: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:34:39.744814: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:34:39.744817: | emitting length of IKEv2 Encryption Payload: 337 Sep 21 07:34:39.744820: | emitting length of ISAKMP Message: 365 Sep 21 07:34:39.744839: | suspend processing: state #1 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:34:39.744846: | start processing: state #2 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:34:39.744851: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Sep 21 07:34:39.744855: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Sep 21 07:34:39.744859: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Sep 21 07:34:39.744862: | Message ID: updating counters for #2 to 0 after switching state Sep 21 07:34:39.744869: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Sep 21 07:34:39.744875: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Sep 21 07:34:39.744879: "west" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:34:39.744911: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Sep 21 07:34:39.744919: | sending 365 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:34:39.744923: | 69 ad 92 a7 75 19 56 db ac 0b 57 f1 09 63 64 a6 Sep 21 07:34:39.744926: | 2e 20 23 08 00 00 00 01 00 00 01 6d 23 00 01 51 Sep 21 07:34:39.744929: | 62 0f 0f c8 bc 8a 6f 3e 3e df 13 1c a4 23 5c 41 Sep 21 07:34:39.744931: | c5 e0 f4 71 66 9b 1e 7f d4 ab 0f 03 80 f7 8b e7 Sep 21 07:34:39.744934: | 08 bc 08 86 b4 08 05 0c 1d c9 dc 0f 4f 5d ce 86 Sep 21 07:34:39.744937: | c3 92 58 14 35 dc 72 23 8c 94 1f a4 8b 4f ac 9f Sep 21 07:34:39.744940: | 1e c4 8e 1c a6 0f b0 3f 53 ab d8 f5 c3 af af 8d Sep 21 07:34:39.744943: | 98 11 d0 56 d6 f8 78 24 22 ab 7a ae 28 8d 11 86 Sep 21 07:34:39.744946: | ab e5 5a b3 16 6e 8f 1e 19 18 7b 61 73 f7 08 6f Sep 21 07:34:39.744948: | 68 da 41 94 96 ae 8f 58 21 ce 21 44 c5 e3 c1 ad Sep 21 07:34:39.744951: | 80 94 55 d9 7c 07 ce a4 58 b6 51 fc a9 5a 44 c3 Sep 21 07:34:39.744954: | 52 22 50 b0 31 5f 9f 88 cb 27 59 46 4f 5e 0f 87 Sep 21 07:34:39.744957: | 48 f4 49 84 f8 c5 5a f3 37 78 2b f1 da 70 36 af Sep 21 07:34:39.744960: | 0a f0 f4 6e 06 bb 9d ba a7 f2 93 6e 72 f0 cd 66 Sep 21 07:34:39.744965: | 26 80 21 8d b0 b1 2d 50 7e 2a 4c a4 c0 2e b3 37 Sep 21 07:34:39.744968: | 15 59 e3 e6 88 a7 78 70 87 b2 85 92 b0 3a 1c 51 Sep 21 07:34:39.744970: | 76 d7 34 98 af b8 57 23 58 d3 dc 06 c6 6e 83 51 Sep 21 07:34:39.744973: | 69 f6 ce 7c 6b 66 39 52 16 14 c9 b0 ce 3a 59 a9 Sep 21 07:34:39.744976: | f5 ad b4 ab 0c 38 1a a6 ac 4b bc a8 a0 08 29 94 Sep 21 07:34:39.744979: | 31 5a b6 60 50 dc e0 ad d3 b1 50 61 1d ba f4 7e Sep 21 07:34:39.744982: | 89 fb 97 89 c2 52 92 0d a6 33 a4 24 db c3 ff 4e Sep 21 07:34:39.744985: | f0 5b 6b f5 97 94 29 f8 3b bb 08 42 55 84 fe 73 Sep 21 07:34:39.744987: | fb ed e1 70 13 a9 ef 3e 07 09 38 6c ae Sep 21 07:34:39.747380: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=15000ms Sep 21 07:34:39.747391: | event_schedule: new EVENT_RETRANSMIT-pe@0x558d8812cef0 Sep 21 07:34:39.747395: | inserting event EVENT_RETRANSMIT, timeout in 15 seconds for #2 Sep 21 07:34:39.747400: | libevent_malloc: new ptr-libevent@0x558d881305b0 size 128 Sep 21 07:34:39.747406: | #2 STATE_PARENT_I2: retransmits: first event in 15 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49926.115654 Sep 21 07:34:39.747410: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:34:39.747417: | #1 spent 1.35 milliseconds in resume sending helper answer Sep 21 07:34:39.747423: | stop processing: state #2 connection "west" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:34:39.747427: | libevent_free: release ptr-libevent@0x7f95c4006b90 Sep 21 07:34:39.789282: | spent 0.00256 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:39.789302: | *received 225 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:34:39.789306: | 69 ad 92 a7 75 19 56 db ac 0b 57 f1 09 63 64 a6 Sep 21 07:34:39.789309: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Sep 21 07:34:39.789312: | bb 97 1a 66 71 d9 7d e6 37 f3 59 68 81 9e 61 a1 Sep 21 07:34:39.789315: | 99 b2 a7 f3 e2 5a 07 99 0a 92 31 f4 7d 07 de 1b Sep 21 07:34:39.789318: | 62 3f 1b 1e a7 da 69 02 fe 9e a0 52 c1 2d 08 3f Sep 21 07:34:39.789321: | c0 da 12 e7 cd b4 a0 f2 63 c7 5d e9 7a cc bd ab Sep 21 07:34:39.789324: | 03 5f af 74 28 c1 99 fb a6 29 66 c5 42 c2 b4 88 Sep 21 07:34:39.789326: | fe 0f cd d9 1d df 71 29 e6 90 58 7e 96 08 aa a6 Sep 21 07:34:39.789329: | 37 68 d5 69 f0 da c5 21 4b ef 65 a7 c1 48 e6 c0 Sep 21 07:34:39.789332: | db 4a 2f c2 88 54 67 ce 53 d8 a7 76 5d c5 60 ea Sep 21 07:34:39.789335: | 01 8d c6 81 8e 9b 60 0b 38 07 e0 36 13 48 6f db Sep 21 07:34:39.789338: | d0 a2 15 40 47 52 07 26 ce 1b 77 03 a3 06 3b 99 Sep 21 07:34:39.789341: | 70 19 4a 22 4e c7 72 01 8f 7f 83 5b 50 46 04 6a Sep 21 07:34:39.789344: | 63 ae 33 36 ee 58 92 db ff 33 ba 29 62 a1 e6 31 Sep 21 07:34:39.789346: | 26 Sep 21 07:34:39.789352: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:39.789356: | **parse ISAKMP Message: Sep 21 07:34:39.789359: | initiator cookie: Sep 21 07:34:39.789362: | 69 ad 92 a7 75 19 56 db Sep 21 07:34:39.789364: | responder cookie: Sep 21 07:34:39.789367: | ac 0b 57 f1 09 63 64 a6 Sep 21 07:34:39.789370: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:34:39.789374: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:34:39.789377: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:34:39.789380: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:34:39.789383: | Message ID: 1 (0x1) Sep 21 07:34:39.789386: | length: 225 (0xe1) Sep 21 07:34:39.789389: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:34:39.789393: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:34:39.789398: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:34:39.789406: | start processing: state #1 connection "west" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:34:39.789412: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:34:39.789418: | suspend processing: state #1 connection "west" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:34:39.789424: | start processing: state #2 connection "west" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:34:39.789427: | #2 is idle Sep 21 07:34:39.789429: | #2 idle Sep 21 07:34:39.789432: | unpacking clear payload Sep 21 07:34:39.789435: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:34:39.789438: | ***parse IKEv2 Encryption Payload: Sep 21 07:34:39.789442: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:34:39.789444: | flags: none (0x0) Sep 21 07:34:39.789447: | length: 197 (0xc5) Sep 21 07:34:39.789450: | processing payload: ISAKMP_NEXT_v2SK (len=193) Sep 21 07:34:39.789454: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:34:39.789472: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:34:39.789476: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:34:39.789479: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:34:39.789482: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:34:39.789485: | flags: none (0x0) Sep 21 07:34:39.789488: | length: 12 (0xc) Sep 21 07:34:39.789491: | ID type: ID_FQDN (0x2) Sep 21 07:34:39.789494: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Sep 21 07:34:39.789497: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:34:39.789500: | **parse IKEv2 Authentication Payload: Sep 21 07:34:39.789503: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:34:39.789506: | flags: none (0x0) Sep 21 07:34:39.789509: | length: 72 (0x48) Sep 21 07:34:39.789512: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:34:39.789515: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Sep 21 07:34:39.789518: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:34:39.789521: | **parse IKEv2 Security Association Payload: Sep 21 07:34:39.789524: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:34:39.789526: | flags: none (0x0) Sep 21 07:34:39.789529: | length: 36 (0x24) Sep 21 07:34:39.789532: | processing payload: ISAKMP_NEXT_v2SA (len=32) Sep 21 07:34:39.789535: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:34:39.789538: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:34:39.789541: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:34:39.789544: | flags: none (0x0) Sep 21 07:34:39.789546: | length: 24 (0x18) Sep 21 07:34:39.789549: | number of TS: 1 (0x1) Sep 21 07:34:39.789552: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:34:39.789555: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:34:39.789558: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:34:39.789561: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:34:39.789563: | flags: none (0x0) Sep 21 07:34:39.789566: | length: 24 (0x18) Sep 21 07:34:39.789569: | number of TS: 1 (0x1) Sep 21 07:34:39.789572: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:34:39.789575: | selected state microcode Initiator: process IKE_AUTH response Sep 21 07:34:39.789578: | Now let's proceed with state specific processing Sep 21 07:34:39.789581: | calling processor Initiator: process IKE_AUTH response Sep 21 07:34:39.789587: | offered CA: '%none' Sep 21 07:34:39.789591: "west" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Sep 21 07:34:39.789629: | verifying AUTH payload Sep 21 07:34:39.789635: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Sep 21 07:34:39.789640: | started looking for secret for @west->@east of kind PKK_PSK Sep 21 07:34:39.789643: | actually looking for secret for @west->@east of kind PKK_PSK Sep 21 07:34:39.789647: | line 1: key type PKK_PSK(@west) to type PKK_PSK Sep 21 07:34:39.789651: | 1: compared key @east to @west / @east -> 004 Sep 21 07:34:39.789655: | 2: compared key @west to @west / @east -> 014 Sep 21 07:34:39.789660: | line 1: match=014 Sep 21 07:34:39.789664: | match 014 beats previous best_match 000 match=0x558d8811e0d0 (line=1) Sep 21 07:34:39.789667: | concluding with best_match=014 best=0x558d8811e0d0 (lineno=1) Sep 21 07:34:39.789729: "west" #2: Authenticated using authby=secret Sep 21 07:34:39.789736: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Sep 21 07:34:39.789741: | #1 will start re-keying in 65 seconds with margin of 5 seconds (attempting re-key) Sep 21 07:34:39.789745: | state #1 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:34:39.789749: | libevent_free: release ptr-libevent@0x558d8812d290 Sep 21 07:34:39.789752: | free_event_entry: release EVENT_SA_REPLACE-pe@0x558d8812d250 Sep 21 07:34:39.789756: | event_schedule: new EVENT_SA_REKEY-pe@0x558d8812d250 Sep 21 07:34:39.789760: | inserting event EVENT_SA_REKEY, timeout in 65 seconds for #1 Sep 21 07:34:39.789763: | libevent_malloc: new ptr-libevent@0x558d8812d290 size 128 Sep 21 07:34:39.790218: | pstats #1 ikev2.ike established Sep 21 07:34:39.790226: | TSi: parsing 1 traffic selectors Sep 21 07:34:39.790230: | ***parse IKEv2 Traffic Selector: Sep 21 07:34:39.790233: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:34:39.790236: | IP Protocol ID: 0 (0x0) Sep 21 07:34:39.790239: | length: 16 (0x10) Sep 21 07:34:39.790242: | start port: 0 (0x0) Sep 21 07:34:39.790245: | end port: 65535 (0xffff) Sep 21 07:34:39.790248: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:34:39.790251: | TS low c0 00 01 00 Sep 21 07:34:39.790254: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:34:39.790257: | TS high c0 00 01 ff Sep 21 07:34:39.790260: | TSi: parsed 1 traffic selectors Sep 21 07:34:39.790263: | TSr: parsing 1 traffic selectors Sep 21 07:34:39.790266: | ***parse IKEv2 Traffic Selector: Sep 21 07:34:39.790269: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:34:39.790272: | IP Protocol ID: 0 (0x0) Sep 21 07:34:39.790275: | length: 16 (0x10) Sep 21 07:34:39.790278: | start port: 0 (0x0) Sep 21 07:34:39.790281: | end port: 65535 (0xffff) Sep 21 07:34:39.790284: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:34:39.790286: | TS low c0 00 02 00 Sep 21 07:34:39.790290: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:34:39.790292: | TS high c0 00 02 ff Sep 21 07:34:39.790295: | TSr: parsed 1 traffic selectors Sep 21 07:34:39.790303: | evaluating our conn="west" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:34:39.790309: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:34:39.790317: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Sep 21 07:34:39.790321: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:34:39.790324: | TSi[0] port match: YES fitness 65536 Sep 21 07:34:39.790328: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:34:39.790332: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:34:39.790337: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:34:39.790348: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:34:39.790352: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:34:39.790355: | TSr[0] port match: YES fitness 65536 Sep 21 07:34:39.790358: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:34:39.790362: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:34:39.790365: | best fit so far: TSi[0] TSr[0] Sep 21 07:34:39.790368: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:34:39.790371: | printing contents struct traffic_selector Sep 21 07:34:39.790374: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:34:39.790376: | ipprotoid: 0 Sep 21 07:34:39.790379: | port range: 0-65535 Sep 21 07:34:39.790384: | ip range: 192.0.1.0-192.0.1.255 Sep 21 07:34:39.790389: | printing contents struct traffic_selector Sep 21 07:34:39.790392: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:34:39.790394: | ipprotoid: 0 Sep 21 07:34:39.790397: | port range: 0-65535 Sep 21 07:34:39.790402: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:34:39.790420: | using existing local ESP/AH proposals for west (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:34:39.790424: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Sep 21 07:34:39.790428: | local proposal 1 type ENCR has 1 transforms Sep 21 07:34:39.790431: | local proposal 1 type PRF has 0 transforms Sep 21 07:34:39.790435: | local proposal 1 type INTEG has 1 transforms Sep 21 07:34:39.790438: | local proposal 1 type DH has 1 transforms Sep 21 07:34:39.790441: | local proposal 1 type ESN has 1 transforms Sep 21 07:34:39.790445: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:34:39.790448: | local proposal 2 type ENCR has 1 transforms Sep 21 07:34:39.790451: | local proposal 2 type PRF has 0 transforms Sep 21 07:34:39.790454: | local proposal 2 type INTEG has 1 transforms Sep 21 07:34:39.790457: | local proposal 2 type DH has 1 transforms Sep 21 07:34:39.790460: | local proposal 2 type ESN has 1 transforms Sep 21 07:34:39.790464: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:34:39.790467: | local proposal 3 type ENCR has 1 transforms Sep 21 07:34:39.790470: | local proposal 3 type PRF has 0 transforms Sep 21 07:34:39.790473: | local proposal 3 type INTEG has 2 transforms Sep 21 07:34:39.790476: | local proposal 3 type DH has 1 transforms Sep 21 07:34:39.790480: | local proposal 3 type ESN has 1 transforms Sep 21 07:34:39.790483: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:34:39.790487: | local proposal 4 type ENCR has 1 transforms Sep 21 07:34:39.790490: | local proposal 4 type PRF has 0 transforms Sep 21 07:34:39.790493: | local proposal 4 type INTEG has 2 transforms Sep 21 07:34:39.790496: | local proposal 4 type DH has 1 transforms Sep 21 07:34:39.790499: | local proposal 4 type ESN has 1 transforms Sep 21 07:34:39.790503: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:34:39.790506: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:34:39.790509: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:34:39.790512: | length: 32 (0x20) Sep 21 07:34:39.790515: | prop #: 1 (0x1) Sep 21 07:34:39.790518: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:34:39.790521: | spi size: 4 (0x4) Sep 21 07:34:39.790524: | # transforms: 2 (0x2) Sep 21 07:34:39.790528: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:34:39.790531: | remote SPI 74 ea 41 75 Sep 21 07:34:39.790535: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:34:39.790538: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:34:39.790541: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:34:39.790544: | length: 12 (0xc) Sep 21 07:34:39.790547: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:34:39.790550: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:34:39.790554: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:34:39.790557: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:34:39.790560: | length/value: 256 (0x100) Sep 21 07:34:39.790565: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:34:39.790568: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:34:39.790571: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:34:39.790576: | length: 8 (0x8) Sep 21 07:34:39.790579: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:34:39.790582: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:34:39.790587: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:34:39.790591: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Sep 21 07:34:39.790597: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Sep 21 07:34:39.790600: | remote proposal 1 matches local proposal 1 Sep 21 07:34:39.790603: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Sep 21 07:34:39.790609: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=74ea4175;ENCR=AES_GCM_C_256;ESN=DISABLED Sep 21 07:34:39.790613: | converting proposal to internal trans attrs Sep 21 07:34:39.790619: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:34:39.790788: | #1 spent 1.11 milliseconds Sep 21 07:34:39.790794: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:34:39.790798: | could_route called for west (kind=CK_PERMANENT) Sep 21 07:34:39.790801: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:39.790804: | conn west mark 0/00000000, 0/00000000 vs Sep 21 07:34:39.790808: | conn west mark 0/00000000, 0/00000000 Sep 21 07:34:39.790814: | route owner of "west" unrouted: NULL; eroute owner: NULL Sep 21 07:34:39.790818: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:34:39.790823: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:34:39.790826: | AES_GCM_16 requires 4 salt bytes Sep 21 07:34:39.790829: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:34:39.790834: | setting IPsec SA replay-window to 32 Sep 21 07:34:39.790837: | NIC esp-hw-offload not for connection 'west' not available on interface eth1 Sep 21 07:34:39.790841: | netlink: enabling tunnel mode Sep 21 07:34:39.790844: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:39.790847: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:39.791173: | netlink response for Add SA esp.74ea4175@192.1.2.23 included non-error error Sep 21 07:34:39.791179: | set up outgoing SA, ref=0/0 Sep 21 07:34:39.791183: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:34:39.791186: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:34:39.791189: | AES_GCM_16 requires 4 salt bytes Sep 21 07:34:39.791193: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:34:39.791197: | setting IPsec SA replay-window to 32 Sep 21 07:34:39.791200: | NIC esp-hw-offload not for connection 'west' not available on interface eth1 Sep 21 07:34:39.791203: | netlink: enabling tunnel mode Sep 21 07:34:39.791207: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:39.791210: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:39.791408: | netlink response for Add SA esp.e1ab4023@192.1.2.45 included non-error error Sep 21 07:34:39.791415: | priority calculation of connection "west" is 0xfe7e7 Sep 21 07:34:39.791424: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) Sep 21 07:34:39.791428: | IPsec Sa SPD priority set to 1042407 Sep 21 07:34:39.791669: | raw_eroute result=success Sep 21 07:34:39.791675: | set up incoming SA, ref=0/0 Sep 21 07:34:39.791678: | sr for #2: unrouted Sep 21 07:34:39.791681: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:34:39.791684: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:39.791688: | conn west mark 0/00000000, 0/00000000 vs Sep 21 07:34:39.791691: | conn west mark 0/00000000, 0/00000000 Sep 21 07:34:39.791695: | route owner of "west" unrouted: NULL; eroute owner: NULL Sep 21 07:34:39.791700: | route_and_eroute with c: west (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:34:39.791706: | priority calculation of connection "west" is 0xfe7e7 Sep 21 07:34:39.791715: | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:34:39.791718: | IPsec Sa SPD priority set to 1042407 Sep 21 07:34:39.791853: | raw_eroute result=success Sep 21 07:34:39.791861: | running updown command "ipsec _updown" for verb up Sep 21 07:34:39.791864: | command executing up-client Sep 21 07:34:39.791901: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x74ea4175 SPI_OUT=0x Sep 21 07:34:39.791905: | popen cmd is 1023 chars long Sep 21 07:34:39.791909: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTERFA: Sep 21 07:34:39.791912: | cmd( 80):CE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' : Sep 21 07:34:39.791916: | cmd( 160):PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_M: Sep 21 07:34:39.791919: | cmd( 240):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638: Sep 21 07:34:39.791923: | cmd( 320):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_: Sep 21 07:34:39.791927: | cmd( 400):CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK=': Sep 21 07:34:39.791930: | cmd( 480):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: Sep 21 07:34:39.791934: | cmd( 560):O_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+: Sep 21 07:34:39.791937: | cmd( 640):IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL: Sep 21 07:34:39.791941: | cmd( 720):UTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS: Sep 21 07:34:39.791944: | cmd( 800):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU: Sep 21 07:34:39.791948: | cmd( 880):TO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR: Sep 21 07:34:39.791951: | cmd( 960):ED='no' SPI_IN=0x74ea4175 SPI_OUT=0xe1ab4023 ipsec _updown 2>&1: Sep 21 07:34:39.804435: | route_and_eroute: firewall_notified: true Sep 21 07:34:39.804449: | running updown command "ipsec _updown" for verb prepare Sep 21 07:34:39.804454: | command executing prepare-client Sep 21 07:34:39.804494: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x74ea4175 Sep 21 07:34:39.804502: | popen cmd is 1028 chars long Sep 21 07:34:39.804506: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_IN: Sep 21 07:34:39.804510: | cmd( 80):TERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@w: Sep 21 07:34:39.804513: | cmd( 160):est' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: Sep 21 07:34:39.804517: | cmd( 240):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: Sep 21 07:34:39.804520: | cmd( 320):'16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_: Sep 21 07:34:39.804524: | cmd( 400):PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_M: Sep 21 07:34:39.804527: | cmd( 480):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': Sep 21 07:34:39.804531: | cmd( 560): PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF: Sep 21 07:34:39.804534: | cmd( 640):S+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANEN: Sep 21 07:34:39.804537: | cmd( 720):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: Sep 21 07:34:39.804541: | cmd( 800):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: Sep 21 07:34:39.804544: | cmd( 880):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: Sep 21 07:34:39.804548: | cmd( 960):_SHARED='no' SPI_IN=0x74ea4175 SPI_OUT=0xe1ab4023 ipsec _updown 2>&1: Sep 21 07:34:39.817370: | running updown command "ipsec _updown" for verb route Sep 21 07:34:39.817388: | command executing route-client Sep 21 07:34:39.817428: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x74ea4175 SPI_ Sep 21 07:34:39.817433: | popen cmd is 1026 chars long Sep 21 07:34:39.817437: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='west' PLUTO_INTE: Sep 21 07:34:39.817441: | cmd( 80):RFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@wes: Sep 21 07:34:39.817445: | cmd( 160):t' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIEN: Sep 21 07:34:39.817449: | cmd( 240):T_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1: Sep 21 07:34:39.817453: | cmd( 320):6388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PE: Sep 21 07:34:39.817457: | cmd( 400):ER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MAS: Sep 21 07:34:39.817460: | cmd( 480):K='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' P: Sep 21 07:34:39.817464: | cmd( 560):LUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+: Sep 21 07:34:39.817467: | cmd( 640):UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT': Sep 21 07:34:39.817473: | cmd( 720): PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: Sep 21 07:34:39.817477: | cmd( 800):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : Sep 21 07:34:39.817480: | cmd( 880):PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: Sep 21 07:34:39.817484: | cmd( 960):HARED='no' SPI_IN=0x74ea4175 SPI_OUT=0xe1ab4023 ipsec _updown 2>&1: Sep 21 07:34:39.834998: | route_and_eroute: instance "west", setting eroute_owner {spd=0x558d88129a60,sr=0x558d88129a60} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:34:39.835107: | #1 spent 1.06 milliseconds in install_ipsec_sa() Sep 21 07:34:39.835113: | inR2: instance west[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:34:39.835117: | state #2 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:34:39.835120: | #2 STATE_PARENT_I2: retransmits: cleared Sep 21 07:34:39.835126: | libevent_free: release ptr-libevent@0x558d881305b0 Sep 21 07:34:39.835129: | free_event_entry: release EVENT_RETRANSMIT-pe@0x558d8812cef0 Sep 21 07:34:39.835134: | #2 spent 1.91 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Sep 21 07:34:39.835142: | [RE]START processing: state #2 connection "west" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:34:39.835146: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Sep 21 07:34:39.835150: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Sep 21 07:34:39.835154: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:34:39.835157: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:34:39.835163: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Sep 21 07:34:39.835168: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:34:39.835171: | pstats #2 ikev2.child established Sep 21 07:34:39.835180: "west" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Sep 21 07:34:39.835192: | NAT-T: encaps is 'auto' Sep 21 07:34:39.835198: "west" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x74ea4175 <0xe1ab4023 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Sep 21 07:34:39.835202: | releasing whack for #2 (sock=fd@25) Sep 21 07:34:39.835207: | close_any(fd@25) (in release_whack() at state.c:654) Sep 21 07:34:39.835209: | releasing whack and unpending for parent #1 Sep 21 07:34:39.835212: | unpending state #1 connection "west" Sep 21 07:34:39.835216: | delete from pending Child SA with 192.1.2.23 "west" Sep 21 07:34:39.835219: | removing pending policy for no connection {0x558d880fc7e0} Sep 21 07:34:39.835226: | close_any(fd@24) (in release_whack() at state.c:654) Sep 21 07:34:39.835231: | #2 will start re-keying in 45 seconds with margin of 5 seconds (attempting re-key) Sep 21 07:34:39.835234: | event_schedule: new EVENT_SA_REKEY-pe@0x558d8812cef0 Sep 21 07:34:39.835237: | inserting event EVENT_SA_REKEY, timeout in 45 seconds for #2 Sep 21 07:34:39.835240: | libevent_malloc: new ptr-libevent@0x558d881305b0 size 128 Sep 21 07:34:39.835246: | stop processing: state #2 connection "west" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:34:39.835250: | #1 spent 2.31 milliseconds in ikev2_process_packet() Sep 21 07:34:39.835254: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:34:39.835257: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:34:39.835259: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:39.835263: | spent 2.33 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:39.835278: | processing signal PLUTO_SIGCHLD Sep 21 07:34:39.835283: | waitpid returned ECHILD (no child processes left) Sep 21 07:34:39.835287: | spent 0.00497 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:34:39.835289: | processing signal PLUTO_SIGCHLD Sep 21 07:34:39.835292: | waitpid returned ECHILD (no child processes left) Sep 21 07:34:39.835295: | spent 0.00304 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:34:39.835297: | processing signal PLUTO_SIGCHLD Sep 21 07:34:39.835300: | waitpid returned ECHILD (no child processes left) Sep 21 07:34:39.835303: | spent 0.00302 milliseconds in signal handler PLUTO_SIGCHLD