Sep 21 07:33:35.353519: FIPS Product: YES
Sep 21 07:33:35.353548: FIPS Kernel: NO
Sep 21 07:33:35.353551: FIPS Mode: NO
Sep 21 07:33:35.353552: NSS DB directory: sql:/etc/ipsec.d
Sep 21 07:33:35.353685: Initializing NSS
Sep 21 07:33:35.353691: Opening NSS database "sql:/etc/ipsec.d" read-only
Sep 21 07:33:35.382763: NSS initialized
Sep 21 07:33:35.382774: NSS crypto library initialized
Sep 21 07:33:35.382776: FIPS HMAC integrity support [enabled]
Sep 21 07:33:35.382777: FIPS mode disabled for pluto daemon
Sep 21 07:33:35.423266: FIPS HMAC integrity verification self-test FAILED
Sep 21 07:33:35.423359: libcap-ng support [enabled]
Sep 21 07:33:35.423366: Linux audit support [enabled]
Sep 21 07:33:35.423386: Linux audit activated
Sep 21 07:33:35.423392: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:23489
Sep 21 07:33:35.423394: core dump dir: /var/tmp
Sep 21 07:33:35.423395: secrets file: /etc/ipsec.secrets
Sep 21 07:33:35.423396: leak-detective disabled
Sep 21 07:33:35.423398: NSS crypto [enabled]
Sep 21 07:33:35.423399: XAUTH PAM support [enabled]
Sep 21 07:33:35.423455: | libevent is using pluto's memory allocator
Sep 21 07:33:35.423463: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800)
Sep 21 07:33:35.423472: | libevent_malloc: new ptr-libevent@0x556ff0c2bfd0 size 40
Sep 21 07:33:35.423474: | libevent_malloc: new ptr-libevent@0x556ff0c2d280 size 40
Sep 21 07:33:35.423476: | libevent_malloc: new ptr-libevent@0x556ff0c2d2b0 size 40
Sep 21 07:33:35.423478: | creating event base
Sep 21 07:33:35.423479: | libevent_malloc: new ptr-libevent@0x556ff0c2d240 size 56
Sep 21 07:33:35.423482: | libevent_malloc: new ptr-libevent@0x556ff0c2d2e0 size 664
Sep 21 07:33:35.423490: | libevent_malloc: new ptr-libevent@0x556ff0c2d580 size 24
Sep 21 07:33:35.423493: | libevent_malloc: new ptr-libevent@0x556ff0c1ecf0 size 384
Sep 21 07:33:35.423500: | libevent_malloc: new ptr-libevent@0x556ff0c2d5a0 size 16
Sep 21 07:33:35.423501: | libevent_malloc: new ptr-libevent@0x556ff0c2d5c0 size 40
Sep 21 07:33:35.423503: | libevent_malloc: new ptr-libevent@0x556ff0c2d5f0 size 48
Sep 21 07:33:35.423508: | libevent_realloc: new ptr-libevent@0x556ff0baf370 size 256
Sep 21 07:33:35.423509: | libevent_malloc: new ptr-libevent@0x556ff0c2d630 size 16
Sep 21 07:33:35.423514: | libevent_free: release ptr-libevent@0x556ff0c2d240
Sep 21 07:33:35.423516: | libevent initialized
Sep 21 07:33:35.423518: | libevent_realloc: new ptr-libevent@0x556ff0c2d650 size 64
Sep 21 07:33:35.423521: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds
Sep 21 07:33:35.423531: | init_nat_traversal() initialized with keep_alive=0s
Sep 21 07:33:35.423533: NAT-Traversal support  [enabled]
Sep 21 07:33:35.423534: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized
Sep 21 07:33:35.423538: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized
Sep 21 07:33:35.423541: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds
Sep 21 07:33:35.423565: | global one-shot timer EVENT_REVIVE_CONNS initialized
Sep 21 07:33:35.423567: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds
Sep 21 07:33:35.423569: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds
Sep 21 07:33:35.423606: Encryption algorithms:
Sep 21 07:33:35.423613:   AES_CCM_16              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm, aes_ccm_c
Sep 21 07:33:35.423615:   AES_CCM_12              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_b
Sep 21 07:33:35.423617:   AES_CCM_8               IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_a
Sep 21 07:33:35.423619:   3DES_CBC                IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  [*192]  3des
Sep 21 07:33:35.423621:   CAMELLIA_CTR            IKEv1:     ESP     IKEv2:     ESP           {256,192,*128}
Sep 21 07:33:35.423629:   CAMELLIA_CBC            IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  camellia
Sep 21 07:33:35.423632:   AES_GCM_16              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm, aes_gcm_c
Sep 21 07:33:35.423634:   AES_GCM_12              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_b
Sep 21 07:33:35.423636:   AES_GCM_8               IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_a
Sep 21 07:33:35.423638:   AES_CTR                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aesctr
Sep 21 07:33:35.423640:   AES_CBC                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes
Sep 21 07:33:35.423642:   SERPENT_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  serpent
Sep 21 07:33:35.423645:   TWOFISH_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  twofish
Sep 21 07:33:35.423647:   TWOFISH_SSH             IKEv1: IKE         IKEv2: IKE ESP           {256,192,*128}  twofish_cbc_ssh
Sep 21 07:33:35.423649:   NULL_AUTH_AES_GMAC      IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_gmac
Sep 21 07:33:35.423650:   NULL                    IKEv1:     ESP     IKEv2:     ESP           []
Sep 21 07:33:35.423652:   CHACHA20_POLY1305       IKEv1:             IKEv2: IKE ESP           [*256]  chacha20poly1305
Sep 21 07:33:35.423657: Hash algorithms:
Sep 21 07:33:35.423659:   MD5                     IKEv1: IKE         IKEv2:                 
Sep 21 07:33:35.423661:   SHA1                    IKEv1: IKE         IKEv2:             FIPS  sha
Sep 21 07:33:35.423663:   SHA2_256                IKEv1: IKE         IKEv2:             FIPS  sha2, sha256
Sep 21 07:33:35.423664:   SHA2_384                IKEv1: IKE         IKEv2:             FIPS  sha384
Sep 21 07:33:35.423666:   SHA2_512                IKEv1: IKE         IKEv2:             FIPS  sha512
Sep 21 07:33:35.423674: PRF algorithms:
Sep 21 07:33:35.423676:   HMAC_MD5                IKEv1: IKE         IKEv2: IKE               md5
Sep 21 07:33:35.423678:   HMAC_SHA1               IKEv1: IKE         IKEv2: IKE         FIPS  sha, sha1
Sep 21 07:33:35.423680:   HMAC_SHA2_256           IKEv1: IKE         IKEv2: IKE         FIPS  sha2, sha256, sha2_256
Sep 21 07:33:35.423682:   HMAC_SHA2_384           IKEv1: IKE         IKEv2: IKE         FIPS  sha384, sha2_384
Sep 21 07:33:35.423684:   HMAC_SHA2_512           IKEv1: IKE         IKEv2: IKE         FIPS  sha512, sha2_512
Sep 21 07:33:35.423686:   AES_XCBC                IKEv1:             IKEv2: IKE               aes128_xcbc
Sep 21 07:33:35.423714: Integrity algorithms:
Sep 21 07:33:35.423716:   HMAC_MD5_96             IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        md5, hmac_md5
Sep 21 07:33:35.423718:   HMAC_SHA1_96            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha, sha1, sha1_96, hmac_sha1
Sep 21 07:33:35.423720:   HMAC_SHA2_512_256       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha512, sha2_512, sha2_512_256, hmac_sha2_512
Sep 21 07:33:35.423723:   HMAC_SHA2_384_192       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha384, sha2_384, sha2_384_192, hmac_sha2_384
Sep 21 07:33:35.423725:   HMAC_SHA2_256_128       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Sep 21 07:33:35.423727:   HMAC_SHA2_256_TRUNCBUG  IKEv1:     ESP AH  IKEv2:         AH      
Sep 21 07:33:35.423729:   AES_XCBC_96             IKEv1:     ESP AH  IKEv2: IKE ESP AH        aes_xcbc, aes128_xcbc, aes128_xcbc_96
Sep 21 07:33:35.423731:   AES_CMAC_96             IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  aes_cmac
Sep 21 07:33:35.423733:   NONE                    IKEv1:     ESP     IKEv2: IKE ESP     FIPS  null
Sep 21 07:33:35.423741: DH algorithms:
Sep 21 07:33:35.423743:   NONE                    IKEv1:             IKEv2: IKE ESP AH  FIPS  null, dh0
Sep 21 07:33:35.423744:   MODP1536                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        dh5
Sep 21 07:33:35.423746:   MODP2048                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh14
Sep 21 07:33:35.423749:   MODP3072                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh15
Sep 21 07:33:35.423751:   MODP4096                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh16
Sep 21 07:33:35.423753:   MODP6144                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh17
Sep 21 07:33:35.423755:   MODP8192                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh18
Sep 21 07:33:35.423756:   DH19                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_256, ecp256
Sep 21 07:33:35.423758:   DH20                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_384, ecp384
Sep 21 07:33:35.423760:   DH21                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_521, ecp521
Sep 21 07:33:35.423762:   DH31                    IKEv1: IKE         IKEv2: IKE ESP AH        curve25519
Sep 21 07:33:35.423763: testing CAMELLIA_CBC:
Sep 21 07:33:35.423765:   Camellia: 16 bytes with 128-bit key
Sep 21 07:33:35.423870:   Camellia: 16 bytes with 128-bit key
Sep 21 07:33:35.423890:   Camellia: 16 bytes with 256-bit key
Sep 21 07:33:35.423907:   Camellia: 16 bytes with 256-bit key
Sep 21 07:33:35.423924: testing AES_GCM_16:
Sep 21 07:33:35.423926:   empty string
Sep 21 07:33:35.423943:   one block
Sep 21 07:33:35.423958:   two blocks
Sep 21 07:33:35.423973:   two blocks with associated data
Sep 21 07:33:35.423988: testing AES_CTR:
Sep 21 07:33:35.423990:   Encrypting 16 octets using AES-CTR with 128-bit key
Sep 21 07:33:35.424006:   Encrypting 32 octets using AES-CTR with 128-bit key
Sep 21 07:33:35.424022:   Encrypting 36 octets using AES-CTR with 128-bit key
Sep 21 07:33:35.424037:   Encrypting 16 octets using AES-CTR with 192-bit key
Sep 21 07:33:35.424052:   Encrypting 32 octets using AES-CTR with 192-bit key
Sep 21 07:33:35.424068:   Encrypting 36 octets using AES-CTR with 192-bit key
Sep 21 07:33:35.424083:   Encrypting 16 octets using AES-CTR with 256-bit key
Sep 21 07:33:35.424098:   Encrypting 32 octets using AES-CTR with 256-bit key
Sep 21 07:33:35.424113:   Encrypting 36 octets using AES-CTR with 256-bit key
Sep 21 07:33:35.424130: testing AES_CBC:
Sep 21 07:33:35.424132:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Sep 21 07:33:35.424147:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Sep 21 07:33:35.424163:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Sep 21 07:33:35.424180:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Sep 21 07:33:35.424200: testing AES_XCBC:
Sep 21 07:33:35.424202:   RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input
Sep 21 07:33:35.424273:   RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input
Sep 21 07:33:35.424351:   RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input
Sep 21 07:33:35.424423:   RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input
Sep 21 07:33:35.424495:   RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input
Sep 21 07:33:35.424568:   RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input
Sep 21 07:33:35.424643:   RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input
Sep 21 07:33:35.424825:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Sep 21 07:33:35.424915:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Sep 21 07:33:35.425023:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Sep 21 07:33:35.425163: testing HMAC_MD5:
Sep 21 07:33:35.425165:   RFC 2104: MD5_HMAC test 1
Sep 21 07:33:35.425269:   RFC 2104: MD5_HMAC test 2
Sep 21 07:33:35.425359:   RFC 2104: MD5_HMAC test 3
Sep 21 07:33:35.425473: 8 CPU cores online
Sep 21 07:33:35.425475: starting up 7 crypto helpers
Sep 21 07:33:35.425500: started thread for crypto helper 0
Sep 21 07:33:35.425516: started thread for crypto helper 1
Sep 21 07:33:35.425524: | starting up helper thread 1
Sep 21 07:33:35.425537: | starting up helper thread 2
Sep 21 07:33:35.425544: | status value returned by setting the priority of this thread (crypto helper 1) 22
Sep 21 07:33:35.425565: | status value returned by setting the priority of this thread (crypto helper 2) 22
Sep 21 07:33:35.425531: started thread for crypto helper 2
Sep 21 07:33:35.425583: | crypto helper 2 waiting (nothing to do)
Sep 21 07:33:35.425536: | starting up helper thread 0
Sep 21 07:33:35.425615: | crypto helper 1 waiting (nothing to do)
Sep 21 07:33:35.425618: | status value returned by setting the priority of this thread (crypto helper 0) 22
Sep 21 07:33:35.425620: | crypto helper 0 waiting (nothing to do)
Sep 21 07:33:35.425624: started thread for crypto helper 3
Sep 21 07:33:35.425628: | starting up helper thread 3
Sep 21 07:33:35.425637: | status value returned by setting the priority of this thread (crypto helper 3) 22
Sep 21 07:33:35.425639: | crypto helper 3 waiting (nothing to do)
Sep 21 07:33:35.425646: started thread for crypto helper 4
Sep 21 07:33:35.425647: | starting up helper thread 4
Sep 21 07:33:35.425658: | status value returned by setting the priority of this thread (crypto helper 4) 22
Sep 21 07:33:35.425660: | crypto helper 4 waiting (nothing to do)
Sep 21 07:33:35.425667: started thread for crypto helper 5
Sep 21 07:33:35.425681: started thread for crypto helper 6
Sep 21 07:33:35.425684: | starting up helper thread 6
Sep 21 07:33:35.425685: | checking IKEv1 state table
Sep 21 07:33:35.425688: | starting up helper thread 5
Sep 21 07:33:35.425700: |   MAIN_R0: category: half-open IKE SA flags: 0:
Sep 21 07:33:35.425702: |     -> MAIN_R1 EVENT_SO_DISCARD
Sep 21 07:33:35.425703: | status value returned by setting the priority of this thread (crypto helper 5) 22
Sep 21 07:33:35.425704: |   MAIN_I1: category: half-open IKE SA flags: 0:
Sep 21 07:33:35.425707: | crypto helper 5 waiting (nothing to do)
Sep 21 07:33:35.425693: | status value returned by setting the priority of this thread (crypto helper 6) 22
Sep 21 07:33:35.425707: |     -> MAIN_I2 EVENT_RETRANSMIT
Sep 21 07:33:35.425718: |   MAIN_R1: category: open IKE SA flags: 200:
Sep 21 07:33:35.425721: |     -> MAIN_R2 EVENT_RETRANSMIT
Sep 21 07:33:35.425724: |     -> UNDEFINED EVENT_RETRANSMIT
Sep 21 07:33:35.425728: |     -> UNDEFINED EVENT_RETRANSMIT
Sep 21 07:33:35.425731: |   MAIN_I2: category: open IKE SA flags: 0:
Sep 21 07:33:35.425734: |     -> MAIN_I3 EVENT_RETRANSMIT
Sep 21 07:33:35.425737: |     -> UNDEFINED EVENT_RETRANSMIT
Sep 21 07:33:35.425739: |     -> UNDEFINED EVENT_RETRANSMIT
Sep 21 07:33:35.425742: |   MAIN_R2: category: open IKE SA flags: 0:
Sep 21 07:33:35.425745: |     -> MAIN_R3 EVENT_SA_REPLACE
Sep 21 07:33:35.425748: |     -> MAIN_R3 EVENT_SA_REPLACE
Sep 21 07:33:35.425751: |     -> UNDEFINED EVENT_SA_REPLACE
Sep 21 07:33:35.425754: |   MAIN_I3: category: open IKE SA flags: 0:
Sep 21 07:33:35.425756: |     -> MAIN_I4 EVENT_SA_REPLACE
Sep 21 07:33:35.425759: |     -> MAIN_I4 EVENT_SA_REPLACE
Sep 21 07:33:35.425762: |     -> UNDEFINED EVENT_SA_REPLACE
Sep 21 07:33:35.425715: | crypto helper 6 waiting (nothing to do)
Sep 21 07:33:35.425765: |   MAIN_R3: category: established IKE SA flags: 200:
Sep 21 07:33:35.425772: |     -> UNDEFINED EVENT_NULL
Sep 21 07:33:35.425773: |   MAIN_I4: category: established IKE SA flags: 0:
Sep 21 07:33:35.425775: |     -> UNDEFINED EVENT_NULL
Sep 21 07:33:35.425777: |   AGGR_R0: category: half-open IKE SA flags: 0:
Sep 21 07:33:35.425778: |     -> AGGR_R1 EVENT_SO_DISCARD
Sep 21 07:33:35.425780: |   AGGR_I1: category: half-open IKE SA flags: 0:
Sep 21 07:33:35.425781: |     -> AGGR_I2 EVENT_SA_REPLACE
Sep 21 07:33:35.425785: |     -> AGGR_I2 EVENT_SA_REPLACE
Sep 21 07:33:35.425791: |   AGGR_R1: category: open IKE SA flags: 200:
Sep 21 07:33:35.425792: |     -> AGGR_R2 EVENT_SA_REPLACE
Sep 21 07:33:35.425794: |     -> AGGR_R2 EVENT_SA_REPLACE
Sep 21 07:33:35.425795: |   AGGR_I2: category: established IKE SA flags: 200:
Sep 21 07:33:35.425797: |     -> UNDEFINED EVENT_NULL
Sep 21 07:33:35.425798: |   AGGR_R2: category: established IKE SA flags: 0:
Sep 21 07:33:35.425800: |     -> UNDEFINED EVENT_NULL
Sep 21 07:33:35.425801: |   QUICK_R0: category: established CHILD SA flags: 0:
Sep 21 07:33:35.425805: |     -> QUICK_R1 EVENT_RETRANSMIT
Sep 21 07:33:35.425807: |   QUICK_I1: category: established CHILD SA flags: 0:
Sep 21 07:33:35.425808: |     -> QUICK_I2 EVENT_SA_REPLACE
Sep 21 07:33:35.425810: |   QUICK_R1: category: established CHILD SA flags: 0:
Sep 21 07:33:35.425825: |     -> QUICK_R2 EVENT_SA_REPLACE
Sep 21 07:33:35.425826: |   QUICK_I2: category: established CHILD SA flags: 200:
Sep 21 07:33:35.425828: |     -> UNDEFINED EVENT_NULL
Sep 21 07:33:35.425829: |   QUICK_R2: category: established CHILD SA flags: 0:
Sep 21 07:33:35.425831: |     -> UNDEFINED EVENT_NULL
Sep 21 07:33:35.425832: |   INFO: category: informational flags: 0:
Sep 21 07:33:35.425833: |     -> UNDEFINED EVENT_NULL
Sep 21 07:33:35.425835: |   INFO_PROTECTED: category: informational flags: 0:
Sep 21 07:33:35.425836: |     -> UNDEFINED EVENT_NULL
Sep 21 07:33:35.425838: |   XAUTH_R0: category: established IKE SA flags: 0:
Sep 21 07:33:35.425839: |     -> XAUTH_R1 EVENT_NULL
Sep 21 07:33:35.425841: |   XAUTH_R1: category: established IKE SA flags: 0:
Sep 21 07:33:35.425842: |     -> MAIN_R3 EVENT_SA_REPLACE
Sep 21 07:33:35.425844: |   MODE_CFG_R0: category: informational flags: 0:
Sep 21 07:33:35.425845: |     -> MODE_CFG_R1 EVENT_SA_REPLACE
Sep 21 07:33:35.425847: |   MODE_CFG_R1: category: established IKE SA flags: 0:
Sep 21 07:33:35.425848: |     -> MODE_CFG_R2 EVENT_SA_REPLACE
Sep 21 07:33:35.425850: |   MODE_CFG_R2: category: established IKE SA flags: 0:
Sep 21 07:33:35.425851: |     -> UNDEFINED EVENT_NULL
Sep 21 07:33:35.425853: |   MODE_CFG_I1: category: established IKE SA flags: 0:
Sep 21 07:33:35.425854: |     -> MAIN_I4 EVENT_SA_REPLACE
Sep 21 07:33:35.425856: |   XAUTH_I0: category: established IKE SA flags: 0:
Sep 21 07:33:35.425857: |     -> XAUTH_I1 EVENT_RETRANSMIT
Sep 21 07:33:35.425859: |   XAUTH_I1: category: established IKE SA flags: 0:
Sep 21 07:33:35.425860: |     -> MAIN_I4 EVENT_RETRANSMIT
Sep 21 07:33:35.425865: | checking IKEv2 state table
Sep 21 07:33:35.425869: |   PARENT_I0: category: ignore flags: 0:
Sep 21 07:33:35.425870: |     -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT)
Sep 21 07:33:35.425872: |   PARENT_I1: category: half-open IKE SA flags: 0:
Sep 21 07:33:35.425874: |     -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification)
Sep 21 07:33:35.425876: |     -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH)
Sep 21 07:33:35.425877: |   PARENT_I2: category: open IKE SA flags: 0:
Sep 21 07:33:35.425879: |     -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification)
Sep 21 07:33:35.425880: |     -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification)
Sep 21 07:33:35.425882: |     -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification)
Sep 21 07:33:35.425884: |     -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response)
Sep 21 07:33:35.425885: |     -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification)
Sep 21 07:33:35.425887: |   PARENT_I3: category: established IKE SA flags: 0:
Sep 21 07:33:35.425888: |     -> PARENT_I3 EVENT_RETAIN (I3: Informational Request)
Sep 21 07:33:35.425890: |     -> PARENT_I3 EVENT_RETAIN (I3: Informational Response)
Sep 21 07:33:35.425891: |     -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request)
Sep 21 07:33:35.425893: |     -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response)
Sep 21 07:33:35.425895: |   PARENT_R0: category: half-open IKE SA flags: 0:
Sep 21 07:33:35.425896: |     -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT)
Sep 21 07:33:35.425898: |   PARENT_R1: category: half-open IKE SA flags: 0:
Sep 21 07:33:35.425899: |     -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED))
Sep 21 07:33:35.425901: |     -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request)
Sep 21 07:33:35.425903: |   PARENT_R2: category: established IKE SA flags: 0:
Sep 21 07:33:35.425905: |     -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request)
Sep 21 07:33:35.425907: |     -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response)
Sep 21 07:33:35.425908: |     -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request)
Sep 21 07:33:35.425910: |     -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response)
Sep 21 07:33:35.425911: |   V2_CREATE_I0: category: established IKE SA flags: 0:
Sep 21 07:33:35.425913: |     -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA)
Sep 21 07:33:35.425915: |   V2_CREATE_I: category: established IKE SA flags: 0:
Sep 21 07:33:35.425916: |     -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response)
Sep 21 07:33:35.425918: |   V2_REKEY_IKE_I0: category: established IKE SA flags: 0:
Sep 21 07:33:35.425919: |     -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey)
Sep 21 07:33:35.425921: |   V2_REKEY_IKE_I: category: established IKE SA flags: 0:
Sep 21 07:33:35.425923: |     -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response)
Sep 21 07:33:35.425924: |   V2_REKEY_CHILD_I0: category: established IKE SA flags: 0:
Sep 21 07:33:35.425926: |     -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA)
Sep 21 07:33:35.425928: |   V2_REKEY_CHILD_I: category: established IKE SA flags: 0: <none>
Sep 21 07:33:35.425929: |   V2_CREATE_R: category: established IKE SA flags: 0:
Sep 21 07:33:35.425931: |     -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request)
Sep 21 07:33:35.425932: |   V2_REKEY_IKE_R: category: established IKE SA flags: 0:
Sep 21 07:33:35.425934: |     -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey)
Sep 21 07:33:35.425936: |   V2_REKEY_CHILD_R: category: established IKE SA flags: 0: <none>
Sep 21 07:33:35.425937: |   V2_IPSEC_I: category: established CHILD SA flags: 0: <none>
Sep 21 07:33:35.425939: |   V2_IPSEC_R: category: established CHILD SA flags: 0: <none>
Sep 21 07:33:35.425941: |   IKESA_DEL: category: established IKE SA flags: 0:
Sep 21 07:33:35.425942: |     -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL)
Sep 21 07:33:35.425944: |   CHILDSA_DEL: category: informational flags: 0: <none>
Sep 21 07:33:35.425986: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+
Sep 21 07:33:35.426038: | Hard-wiring algorithms
Sep 21 07:33:35.426041: | adding AES_CCM_16 to kernel algorithm db
Sep 21 07:33:35.426044: | adding AES_CCM_12 to kernel algorithm db
Sep 21 07:33:35.426045: | adding AES_CCM_8 to kernel algorithm db
Sep 21 07:33:35.426046: | adding 3DES_CBC to kernel algorithm db
Sep 21 07:33:35.426048: | adding CAMELLIA_CBC to kernel algorithm db
Sep 21 07:33:35.426049: | adding AES_GCM_16 to kernel algorithm db
Sep 21 07:33:35.426051: | adding AES_GCM_12 to kernel algorithm db
Sep 21 07:33:35.426052: | adding AES_GCM_8 to kernel algorithm db
Sep 21 07:33:35.426053: | adding AES_CTR to kernel algorithm db
Sep 21 07:33:35.426055: | adding AES_CBC to kernel algorithm db
Sep 21 07:33:35.426056: | adding SERPENT_CBC to kernel algorithm db
Sep 21 07:33:35.426058: | adding TWOFISH_CBC to kernel algorithm db
Sep 21 07:33:35.426059: | adding NULL_AUTH_AES_GMAC to kernel algorithm db
Sep 21 07:33:35.426061: | adding NULL to kernel algorithm db
Sep 21 07:33:35.426062: | adding CHACHA20_POLY1305 to kernel algorithm db
Sep 21 07:33:35.426064: | adding HMAC_MD5_96 to kernel algorithm db
Sep 21 07:33:35.426065: | adding HMAC_SHA1_96 to kernel algorithm db
Sep 21 07:33:35.426067: | adding HMAC_SHA2_512_256 to kernel algorithm db
Sep 21 07:33:35.426068: | adding HMAC_SHA2_384_192 to kernel algorithm db
Sep 21 07:33:35.426070: | adding HMAC_SHA2_256_128 to kernel algorithm db
Sep 21 07:33:35.426071: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db
Sep 21 07:33:35.426073: | adding AES_XCBC_96 to kernel algorithm db
Sep 21 07:33:35.426074: | adding AES_CMAC_96 to kernel algorithm db
Sep 21 07:33:35.426075: | adding NONE to kernel algorithm db
Sep 21 07:33:35.426092: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes
Sep 21 07:33:35.426096: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds
Sep 21 07:33:35.426098: | setup kernel fd callback
Sep 21 07:33:35.426100: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x556ff0c32cf0
Sep 21 07:33:35.426102: | libevent_malloc: new ptr-libevent@0x556ff0c3ee90 size 128
Sep 21 07:33:35.426104: | libevent_malloc: new ptr-libevent@0x556ff0c31fd0 size 16
Sep 21 07:33:35.426108: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x556ff0c32cb0
Sep 21 07:33:35.426110: | libevent_malloc: new ptr-libevent@0x556ff0c3ef20 size 128
Sep 21 07:33:35.426111: | libevent_malloc: new ptr-libevent@0x556ff0c31ff0 size 16
Sep 21 07:33:35.426251: | global one-shot timer EVENT_CHECK_CRLS initialized
Sep 21 07:33:35.426256: selinux support is enabled.
Sep 21 07:33:35.426570: systemd watchdog not enabled - not sending watchdog keepalives
Sep 21 07:33:35.426720: | unbound context created - setting debug level to 5
Sep 21 07:33:35.426752: | /etc/hosts lookups activated
Sep 21 07:33:35.426770: | /etc/resolv.conf usage activated
Sep 21 07:33:35.426853: | outgoing-port-avoid set 0-65535
Sep 21 07:33:35.426872: | outgoing-port-permit set 32768-60999
Sep 21 07:33:35.426874: | Loading dnssec root key from:/var/lib/unbound/root.key
Sep 21 07:33:35.426876: | No additional dnssec trust anchors defined via dnssec-trusted= option
Sep 21 07:33:35.426879: | Setting up events, loop start
Sep 21 07:33:35.426881: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x556ff0c2d240
Sep 21 07:33:35.426883: | libevent_malloc: new ptr-libevent@0x556ff0c49490 size 128
Sep 21 07:33:35.426885: | libevent_malloc: new ptr-libevent@0x556ff0c49520 size 16
Sep 21 07:33:35.426891: | libevent_realloc: new ptr-libevent@0x556ff0bad5b0 size 256
Sep 21 07:33:35.426893: | libevent_malloc: new ptr-libevent@0x556ff0c49540 size 8
Sep 21 07:33:35.426895: | libevent_realloc: new ptr-libevent@0x556ff0c3e210 size 144
Sep 21 07:33:35.426896: | libevent_malloc: new ptr-libevent@0x556ff0c49560 size 152
Sep 21 07:33:35.426899: | libevent_malloc: new ptr-libevent@0x556ff0c49600 size 16
Sep 21 07:33:35.426901: | signal event handler PLUTO_SIGCHLD installed
Sep 21 07:33:35.426903: | libevent_malloc: new ptr-libevent@0x556ff0c49620 size 8
Sep 21 07:33:35.426904: | libevent_malloc: new ptr-libevent@0x556ff0c49640 size 152
Sep 21 07:33:35.426906: | signal event handler PLUTO_SIGTERM installed
Sep 21 07:33:35.426908: | libevent_malloc: new ptr-libevent@0x556ff0c496e0 size 8
Sep 21 07:33:35.426909: | libevent_malloc: new ptr-libevent@0x556ff0c49700 size 152
Sep 21 07:33:35.426911: | signal event handler PLUTO_SIGHUP installed
Sep 21 07:33:35.426913: | libevent_malloc: new ptr-libevent@0x556ff0c497a0 size 8
Sep 21 07:33:35.426914: | libevent_realloc: release ptr-libevent@0x556ff0c3e210
Sep 21 07:33:35.426916: | libevent_realloc: new ptr-libevent@0x556ff0c497c0 size 256
Sep 21 07:33:35.426917: | libevent_malloc: new ptr-libevent@0x556ff0c3e210 size 152
Sep 21 07:33:35.426919: | signal event handler PLUTO_SIGSYS installed
Sep 21 07:33:35.427153: | created addconn helper (pid:23515) using fork+execve
Sep 21 07:33:35.427164: | forked child 23515
Sep 21 07:33:35.427194: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:33:35.427207: | pluto_sd: executing action action: reloading(4), status 0
Sep 21 07:33:35.427213: listening for IKE messages
Sep 21 07:33:35.427241: | Inspecting interface lo 
Sep 21 07:33:35.427246: | found lo with address 127.0.0.1
Sep 21 07:33:35.427248: | Inspecting interface eth0 
Sep 21 07:33:35.427251: | found eth0 with address 192.0.2.254
Sep 21 07:33:35.427252: | Inspecting interface eth1 
Sep 21 07:33:35.427255: | found eth1 with address 192.1.2.23
Sep 21 07:33:35.427290: Kernel supports NIC esp-hw-offload
Sep 21 07:33:35.427297: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500
Sep 21 07:33:35.427314: | NAT-Traversal: Trying sockopt style NAT-T
Sep 21 07:33:35.427321: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Sep 21 07:33:35.427324: adding interface eth1/eth1 192.1.2.23:4500
Sep 21 07:33:35.427344: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500
Sep 21 07:33:35.427361: | NAT-Traversal: Trying sockopt style NAT-T
Sep 21 07:33:35.427364: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Sep 21 07:33:35.427366: adding interface eth0/eth0 192.0.2.254:4500
Sep 21 07:33:35.427385: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500
Sep 21 07:33:35.427402: | NAT-Traversal: Trying sockopt style NAT-T
Sep 21 07:33:35.427404: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Sep 21 07:33:35.427406: adding interface lo/lo 127.0.0.1:4500
Sep 21 07:33:35.427454: | no interfaces to sort
Sep 21 07:33:35.427457: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
Sep 21 07:33:35.427462: | add_fd_read_event_handler: new ethX-pe@0x556ff0c49b30
Sep 21 07:33:35.427464: | libevent_malloc: new ptr-libevent@0x556ff0c49b70 size 128
Sep 21 07:33:35.427466: | libevent_malloc: new ptr-libevent@0x556ff0c49c00 size 16
Sep 21 07:33:35.427472: | setup callback for interface lo 127.0.0.1:4500 fd 22
Sep 21 07:33:35.427473: | add_fd_read_event_handler: new ethX-pe@0x556ff0c49c20
Sep 21 07:33:35.427475: | libevent_malloc: new ptr-libevent@0x556ff0c49c60 size 128
Sep 21 07:33:35.427477: | libevent_malloc: new ptr-libevent@0x556ff0c49cf0 size 16
Sep 21 07:33:35.427480: | setup callback for interface lo 127.0.0.1:500 fd 21
Sep 21 07:33:35.427481: | add_fd_read_event_handler: new ethX-pe@0x556ff0c49d10
Sep 21 07:33:35.427483: | libevent_malloc: new ptr-libevent@0x556ff0c49d50 size 128
Sep 21 07:33:35.427484: | libevent_malloc: new ptr-libevent@0x556ff0c49de0 size 16
Sep 21 07:33:35.427487: | setup callback for interface eth0 192.0.2.254:4500 fd 20
Sep 21 07:33:35.427489: | add_fd_read_event_handler: new ethX-pe@0x556ff0c49e00
Sep 21 07:33:35.427491: | libevent_malloc: new ptr-libevent@0x556ff0c49e40 size 128
Sep 21 07:33:35.427492: | libevent_malloc: new ptr-libevent@0x556ff0c49ed0 size 16
Sep 21 07:33:35.427495: | setup callback for interface eth0 192.0.2.254:500 fd 19
Sep 21 07:33:35.427497: | add_fd_read_event_handler: new ethX-pe@0x556ff0c49ef0
Sep 21 07:33:35.427498: | libevent_malloc: new ptr-libevent@0x556ff0c49f30 size 128
Sep 21 07:33:35.427500: | libevent_malloc: new ptr-libevent@0x556ff0c49fc0 size 16
Sep 21 07:33:35.427503: | setup callback for interface eth1 192.1.2.23:4500 fd 18
Sep 21 07:33:35.427504: | add_fd_read_event_handler: new ethX-pe@0x556ff0c49fe0
Sep 21 07:33:35.427506: | libevent_malloc: new ptr-libevent@0x556ff0c4a020 size 128
Sep 21 07:33:35.427508: | libevent_malloc: new ptr-libevent@0x556ff0c4a0b0 size 16
Sep 21 07:33:35.427511: | setup callback for interface eth1 192.1.2.23:500 fd 17
Sep 21 07:33:35.427514: | certs and keys locked by 'free_preshared_secrets'
Sep 21 07:33:35.427515: | certs and keys unlocked by 'free_preshared_secrets'
Sep 21 07:33:35.427532: loading secrets from "/etc/ipsec.secrets"
Sep 21 07:33:35.427544: | saving Modulus
Sep 21 07:33:35.427547: | saving PublicExponent
Sep 21 07:33:35.427549: | ignoring PrivateExponent
Sep 21 07:33:35.427551: | ignoring Prime1
Sep 21 07:33:35.427553: | ignoring Prime2
Sep 21 07:33:35.427555: | ignoring Exponent1
Sep 21 07:33:35.427557: | ignoring Exponent2
Sep 21 07:33:35.427559: | ignoring Coefficient
Sep 21 07:33:35.427561: | ignoring CKAIDNSS
Sep 21 07:33:35.427584: | computed rsa CKAID  61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Sep 21 07:33:35.427586: | computed rsa CKAID  8a 82 25 f1
Sep 21 07:33:35.427589: loaded private key for keyid: PKK_RSA:AQO9bJbr3
Sep 21 07:33:35.427593: | certs and keys locked by 'process_secret'
Sep 21 07:33:35.427596: | certs and keys unlocked by 'process_secret'
Sep 21 07:33:35.427599: | pluto_sd: executing action action: ready(5), status 0
Sep 21 07:33:35.427606: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:33:35.427614: | spent 0.427 milliseconds in whack
Sep 21 07:33:35.454589: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:33:35.454609: | pluto_sd: executing action action: reloading(4), status 0
Sep 21 07:33:35.454614: listening for IKE messages
Sep 21 07:33:35.454644: | Inspecting interface lo 
Sep 21 07:33:35.454649: | found lo with address 127.0.0.1
Sep 21 07:33:35.454651: | Inspecting interface eth0 
Sep 21 07:33:35.454654: | found eth0 with address 192.0.2.254
Sep 21 07:33:35.454656: | Inspecting interface eth1 
Sep 21 07:33:35.454659: | found eth1 with address 192.1.2.23
Sep 21 07:33:35.454716: | no interfaces to sort
Sep 21 07:33:35.454723: | libevent_free: release ptr-libevent@0x556ff0c49b70
Sep 21 07:33:35.454726: | free_event_entry: release EVENT_NULL-pe@0x556ff0c49b30
Sep 21 07:33:35.454728: | add_fd_read_event_handler: new ethX-pe@0x556ff0c49b30
Sep 21 07:33:35.454730: | libevent_malloc: new ptr-libevent@0x556ff0c49b70 size 128
Sep 21 07:33:35.454735: | setup callback for interface lo 127.0.0.1:4500 fd 22
Sep 21 07:33:35.454738: | libevent_free: release ptr-libevent@0x556ff0c49c60
Sep 21 07:33:35.454740: | free_event_entry: release EVENT_NULL-pe@0x556ff0c49c20
Sep 21 07:33:35.454742: | add_fd_read_event_handler: new ethX-pe@0x556ff0c49c20
Sep 21 07:33:35.454743: | libevent_malloc: new ptr-libevent@0x556ff0c49c60 size 128
Sep 21 07:33:35.454747: | setup callback for interface lo 127.0.0.1:500 fd 21
Sep 21 07:33:35.454750: | libevent_free: release ptr-libevent@0x556ff0c49d50
Sep 21 07:33:35.454751: | free_event_entry: release EVENT_NULL-pe@0x556ff0c49d10
Sep 21 07:33:35.454753: | add_fd_read_event_handler: new ethX-pe@0x556ff0c49d10
Sep 21 07:33:35.454755: | libevent_malloc: new ptr-libevent@0x556ff0c49d50 size 128
Sep 21 07:33:35.454758: | setup callback for interface eth0 192.0.2.254:4500 fd 20
Sep 21 07:33:35.454761: | libevent_free: release ptr-libevent@0x556ff0c49e40
Sep 21 07:33:35.454762: | free_event_entry: release EVENT_NULL-pe@0x556ff0c49e00
Sep 21 07:33:35.454764: | add_fd_read_event_handler: new ethX-pe@0x556ff0c49e00
Sep 21 07:33:35.454766: | libevent_malloc: new ptr-libevent@0x556ff0c49e40 size 128
Sep 21 07:33:35.454769: | setup callback for interface eth0 192.0.2.254:500 fd 19
Sep 21 07:33:35.454771: | libevent_free: release ptr-libevent@0x556ff0c49f30
Sep 21 07:33:35.454773: | free_event_entry: release EVENT_NULL-pe@0x556ff0c49ef0
Sep 21 07:33:35.454775: | add_fd_read_event_handler: new ethX-pe@0x556ff0c49ef0
Sep 21 07:33:35.454777: | libevent_malloc: new ptr-libevent@0x556ff0c49f30 size 128
Sep 21 07:33:35.454780: | setup callback for interface eth1 192.1.2.23:4500 fd 18
Sep 21 07:33:35.454788: | libevent_free: release ptr-libevent@0x556ff0c4a020
Sep 21 07:33:35.454792: | free_event_entry: release EVENT_NULL-pe@0x556ff0c49fe0
Sep 21 07:33:35.454794: | add_fd_read_event_handler: new ethX-pe@0x556ff0c49fe0
Sep 21 07:33:35.454796: | libevent_malloc: new ptr-libevent@0x556ff0c4a020 size 128
Sep 21 07:33:35.454799: | setup callback for interface eth1 192.1.2.23:500 fd 17
Sep 21 07:33:35.454802: | certs and keys locked by 'free_preshared_secrets'
Sep 21 07:33:35.454803: forgetting secrets
Sep 21 07:33:35.454810: | certs and keys unlocked by 'free_preshared_secrets'
Sep 21 07:33:35.454820: loading secrets from "/etc/ipsec.secrets"
Sep 21 07:33:35.454831: | saving Modulus
Sep 21 07:33:35.454833: | saving PublicExponent
Sep 21 07:33:35.454835: | ignoring PrivateExponent
Sep 21 07:33:35.454837: | ignoring Prime1
Sep 21 07:33:35.454839: | ignoring Prime2
Sep 21 07:33:35.454841: | ignoring Exponent1
Sep 21 07:33:35.454843: | ignoring Exponent2
Sep 21 07:33:35.454844: | ignoring Coefficient
Sep 21 07:33:35.454846: | ignoring CKAIDNSS
Sep 21 07:33:35.454860: | computed rsa CKAID  61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Sep 21 07:33:35.454862: | computed rsa CKAID  8a 82 25 f1
Sep 21 07:33:35.454864: loaded private key for keyid: PKK_RSA:AQO9bJbr3
Sep 21 07:33:35.454868: | certs and keys locked by 'process_secret'
Sep 21 07:33:35.454874: | certs and keys unlocked by 'process_secret'
Sep 21 07:33:35.454878: | pluto_sd: executing action action: ready(5), status 0
Sep 21 07:33:35.454884: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:33:35.454889: | spent 0.298 milliseconds in whack
Sep 21 07:33:35.455269: | processing signal PLUTO_SIGCHLD
Sep 21 07:33:35.455277: | waitpid returned pid 23515 (exited with status 0)
Sep 21 07:33:35.455279: | reaped addconn helper child (status 0)
Sep 21 07:33:35.455283: | waitpid returned ECHILD (no child processes left)
Sep 21 07:33:35.455285: | spent 0.0122 milliseconds in signal handler PLUTO_SIGCHLD
Sep 21 07:33:35.511179: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:33:35.511202: | FOR_EACH_CONNECTION_... in conn_by_name
Sep 21 07:33:35.511206: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Sep 21 07:33:35.511208: | FOR_EACH_CONNECTION_... in conn_by_name
Sep 21 07:33:35.511210: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Sep 21 07:33:35.511214: | FOR_EACH_CONNECTION_... in conn_by_name
Sep 21 07:33:35.511222: | Added new connection westnet-eastnet-ikev2 with policy ENCRYPT+TUNNEL+PFS+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Sep 21 07:33:35.511226: | No AUTH policy was set - defaulting to RSASIG
Sep 21 07:33:35.511283: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31
Sep 21 07:33:35.511287: | from whack: got --esp=
Sep 21 07:33:35.511324: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128
Sep 21 07:33:35.511330: | counting wild cards for @west is 0
Sep 21 07:33:35.511334: | counting wild cards for @east is 0
Sep 21 07:33:35.511343: | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none
Sep 21 07:33:35.511347: | new hp@0x556ff0c164e0
Sep 21 07:33:35.511350: added connection description "westnet-eastnet-ikev2"
Sep 21 07:33:35.511362: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
Sep 21 07:33:35.511373: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24
Sep 21 07:33:35.511381: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:33:35.511388: | spent 0.219 milliseconds in whack
Sep 21 07:33:35.511423: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:33:35.511434: add keyid @west
Sep 21 07:33:35.511438: | add pubkey  01 03 a6 f5  d6 3f e3 8f  6c 01 6a fc  7b 7c 6d 57
Sep 21 07:33:35.511440: | add pubkey  8b 49 39 0d  77 f7 ac e2  85 f1 98 1e  4b 6d a5 3e
Sep 21 07:33:35.511443: | add pubkey  b3 96 9a d1  99 5a bc 10  f2 97 de f2  28 f9 5f 92
Sep 21 07:33:35.511445: | add pubkey  09 f0 c8 d4  12 e4 60 6e  9c 60 98 10  01 7d 26 b7
Sep 21 07:33:35.511447: | add pubkey  8f 95 62 2d  87 dd cd de  f6 d3 8f 35  b0 50 d0 18
Sep 21 07:33:35.511449: | add pubkey  f5 99 f8 04  f1 ff 61 5b  bc 7f 1f c0  04 d8 e4 8c
Sep 21 07:33:35.511452: | add pubkey  ac 34 ad 7a  c1 da 3c 2d  8c 30 ae d6  3c 59 b1 3a
Sep 21 07:33:35.511454: | add pubkey  94 d3 d5 2a  73 91 bd 59  5f 3e 72 bf  4a 1b 9d c5
Sep 21 07:33:35.511456: | add pubkey  b2 2b 4d e7  0d 24 3e 77  f9 7f 2d d6  9d 29 ef 70
Sep 21 07:33:35.511458: | add pubkey  7d 7a 6d a2  b8 61 0c 4b  09 4a 06 71  84 70 85 9a
Sep 21 07:33:35.511461: | add pubkey  8f 52 a1 80  06 fd c6 fc  3e 27 fa 16  fa 32 83 a9
Sep 21 07:33:35.511467: | add pubkey  ca 80 db 0f  4a bf f7 e9  55 8e bd 29  4d 23 a6 dc
Sep 21 07:33:35.511470: | add pubkey  2a b3 5d 62  a9 21 1e be  83 d8 69 3c  03 0a 48 8e
Sep 21 07:33:35.511472: | add pubkey  d3 3a 11 f2  86 5a d1 30  65 bd c8 f4  83 87 ff 04
Sep 21 07:33:35.511474: | add pubkey  87 33 05 4f  e0 d8 8c fe  b3 19 4c dd  85 40 f3 4d
Sep 21 07:33:35.511477: | add pubkey  6e e8 49 14  06 2c 1f 59  59 05 8f 20  b0 ca 46 3f
Sep 21 07:33:35.511479: | add pubkey  c9 20 7e 04  30 7d 9a 80  6c 3f 0a 89  f7 d3 af d8
Sep 21 07:33:35.511481: | add pubkey  15 04 37 f9
Sep 21 07:33:35.511503: | computed rsa CKAID  b4 9f 1a ac  9e 45 6e 79  29 c8 81 97  3a 0c 6a d3
Sep 21 07:33:35.511506: | computed rsa CKAID  7f 0f 03 50
Sep 21 07:33:35.511513: | keyid: *AQOm9dY/4
Sep 21 07:33:35.511515: |   n  a6 f5 d6 3f  e3 8f 6c 01  6a fc 7b 7c  6d 57 8b 49
Sep 21 07:33:35.511518: |   n  39 0d 77 f7  ac e2 85 f1  98 1e 4b 6d  a5 3e b3 96
Sep 21 07:33:35.511520: |   n  9a d1 99 5a  bc 10 f2 97  de f2 28 f9  5f 92 09 f0
Sep 21 07:33:35.511522: |   n  c8 d4 12 e4  60 6e 9c 60  98 10 01 7d  26 b7 8f 95
Sep 21 07:33:35.511524: |   n  62 2d 87 dd  cd de f6 d3  8f 35 b0 50  d0 18 f5 99
Sep 21 07:33:35.511526: |   n  f8 04 f1 ff  61 5b bc 7f  1f c0 04 d8  e4 8c ac 34
Sep 21 07:33:35.511528: |   n  ad 7a c1 da  3c 2d 8c 30  ae d6 3c 59  b1 3a 94 d3
Sep 21 07:33:35.511530: |   n  d5 2a 73 91  bd 59 5f 3e  72 bf 4a 1b  9d c5 b2 2b
Sep 21 07:33:35.511533: |   n  4d e7 0d 24  3e 77 f9 7f  2d d6 9d 29  ef 70 7d 7a
Sep 21 07:33:35.511535: |   n  6d a2 b8 61  0c 4b 09 4a  06 71 84 70  85 9a 8f 52
Sep 21 07:33:35.511537: |   n  a1 80 06 fd  c6 fc 3e 27  fa 16 fa 32  83 a9 ca 80
Sep 21 07:33:35.511539: |   n  db 0f 4a bf  f7 e9 55 8e  bd 29 4d 23  a6 dc 2a b3
Sep 21 07:33:35.511542: |   n  5d 62 a9 21  1e be 83 d8  69 3c 03 0a  48 8e d3 3a
Sep 21 07:33:35.511544: |   n  11 f2 86 5a  d1 30 65 bd  c8 f4 83 87  ff 04 87 33
Sep 21 07:33:35.511546: |   n  05 4f e0 d8  8c fe b3 19  4c dd 85 40  f3 4d 6e e8
Sep 21 07:33:35.511548: |   n  49 14 06 2c  1f 59 59 05  8f 20 b0 ca  46 3f c9 20
Sep 21 07:33:35.511551: |   n  7e 04 30 7d  9a 80 6c 3f  0a 89 f7 d3  af d8 15 04
Sep 21 07:33:35.511553: |   n  37 f9
Sep 21 07:33:35.511555: |   e  03
Sep 21 07:33:35.511557: |   CKAID  b4 9f 1a ac  9e 45 6e 79  29 c8 81 97  3a 0c 6a d3
Sep 21 07:33:35.511559: |   CKAID  7f 0f 03 50
Sep 21 07:33:35.511567: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:33:35.511572: | spent 0.153 milliseconds in whack
Sep 21 07:33:35.511609: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721)
Sep 21 07:33:35.511618: add keyid @east
Sep 21 07:33:35.511621: | add pubkey  01 03 bd 6c  96 eb df 78  89 b3 ed 77  0d a1 7f 7b
Sep 21 07:33:35.511623: | add pubkey  e5 16 c2 c9  e4 7d 92 0a  90 9d 55 43  b4 62 13 03
Sep 21 07:33:35.511626: | add pubkey  85 7a e0 26  7b 54 1f ca  09 93 cf ff  25 c9 02 4c
Sep 21 07:33:35.511628: | add pubkey  78 ca 94 e5  3e ac d1 f9  a8 e5 bb 7f  cc 20 84 e0
Sep 21 07:33:35.511630: | add pubkey  21 c9 f0 0d  c5 44 ba f3  48 64 61 58  f6 0f 63 0d
Sep 21 07:33:35.511632: | add pubkey  d2 67 1e 59  8b ec f3 50  39 71 fb 39  da 11 64 b6
Sep 21 07:33:35.511635: | add pubkey  62 cd 5f d3  8d 2e c1 50  ed 9c 6e 22  0c 39 a7 ce
Sep 21 07:33:35.511637: | add pubkey  62 b5 af 8a  80 0f 2e 4c  05 5c 82 c7  8d 29 02 2e
Sep 21 07:33:35.511639: | add pubkey  bb 23 5f db  f2 9e b5 7d  e2 20 70 1a  63 f3 8e 5d
Sep 21 07:33:35.511641: | add pubkey  ac 47 f0 5c  26 4e b1 d0  42 60 52 4a  b0 77 25 ce
Sep 21 07:33:35.511644: | add pubkey  e0 98 2b 43  f4 c7 59 1a  64 01 83 ea  4e e3 1a 2a
Sep 21 07:33:35.511646: | add pubkey  92 b8 55 ab  63 dd 4b 70  47 29 dc e9  b4 60 bf 43
Sep 21 07:33:35.511648: | add pubkey  4d 58 8f 64  73 95 70 ac  35 89 b2 c2  9c d4 62 c0
Sep 21 07:33:35.511650: | add pubkey  5f 56 5f ad  1b e5 dd 49  93 6a f5 23  82 ed d4 e7
Sep 21 07:33:35.511653: | add pubkey  d5 f1 55 f2  2d a2 26 a6  36 53 2f 94  fb 99 22 5c
Sep 21 07:33:35.511655: | add pubkey  47 cc 6d 80  30 88 96 38  0c f5 f2 ed  37 d0 09 d5
Sep 21 07:33:35.511660: | add pubkey  07 8f 69 ef  a9 99 ce 4d  1a 77 9e 39  c4 38 f3 c5
Sep 21 07:33:35.511662: | add pubkey  51 51 48 ef
Sep 21 07:33:35.511672: | computed rsa CKAID  61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Sep 21 07:33:35.511675: | computed rsa CKAID  8a 82 25 f1
Sep 21 07:33:35.511679: | keyid: *AQO9bJbr3
Sep 21 07:33:35.511681: |   n  bd 6c 96 eb  df 78 89 b3  ed 77 0d a1  7f 7b e5 16
Sep 21 07:33:35.511684: |   n  c2 c9 e4 7d  92 0a 90 9d  55 43 b4 62  13 03 85 7a
Sep 21 07:33:35.511686: |   n  e0 26 7b 54  1f ca 09 93  cf ff 25 c9  02 4c 78 ca
Sep 21 07:33:35.511688: |   n  94 e5 3e ac  d1 f9 a8 e5  bb 7f cc 20  84 e0 21 c9
Sep 21 07:33:35.511690: |   n  f0 0d c5 44  ba f3 48 64  61 58 f6 0f  63 0d d2 67
Sep 21 07:33:35.511692: |   n  1e 59 8b ec  f3 50 39 71  fb 39 da 11  64 b6 62 cd
Sep 21 07:33:35.511694: |   n  5f d3 8d 2e  c1 50 ed 9c  6e 22 0c 39  a7 ce 62 b5
Sep 21 07:33:35.511696: |   n  af 8a 80 0f  2e 4c 05 5c  82 c7 8d 29  02 2e bb 23
Sep 21 07:33:35.511698: |   n  5f db f2 9e  b5 7d e2 20  70 1a 63 f3  8e 5d ac 47
Sep 21 07:33:35.511701: |   n  f0 5c 26 4e  b1 d0 42 60  52 4a b0 77  25 ce e0 98
Sep 21 07:33:35.511703: |   n  2b 43 f4 c7  59 1a 64 01  83 ea 4e e3  1a 2a 92 b8
Sep 21 07:33:35.511705: |   n  55 ab 63 dd  4b 70 47 29  dc e9 b4 60  bf 43 4d 58
Sep 21 07:33:35.511707: |   n  8f 64 73 95  70 ac 35 89  b2 c2 9c d4  62 c0 5f 56
Sep 21 07:33:35.511709: |   n  5f ad 1b e5  dd 49 93 6a  f5 23 82 ed  d4 e7 d5 f1
Sep 21 07:33:35.511711: |   n  55 f2 2d a2  26 a6 36 53  2f 94 fb 99  22 5c 47 cc
Sep 21 07:33:35.511713: |   n  6d 80 30 88  96 38 0c f5  f2 ed 37 d0  09 d5 07 8f
Sep 21 07:33:35.511715: |   n  69 ef a9 99  ce 4d 1a 77  9e 39 c4 38  f3 c5 51 51
Sep 21 07:33:35.511717: |   n  48 ef
Sep 21 07:33:35.511719: |   e  03
Sep 21 07:33:35.511722: |   CKAID  61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Sep 21 07:33:35.511724: |   CKAID  8a 82 25 f1
Sep 21 07:33:35.511731: | close_any(fd@16) (in whack_process() at rcv_whack.c:700)
Sep 21 07:33:35.511735: | spent 0.13 milliseconds in whack
Sep 21 07:33:36.339379: | spent 0.00294 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Sep 21 07:33:36.339403: | *received 828 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Sep 21 07:33:36.339406: |   44 43 18 88  8e 8c 79 17  00 00 00 00  00 00 00 00
Sep 21 07:33:36.339407: |   21 20 22 08  00 00 00 00  00 00 03 3c  22 00 01 b4
Sep 21 07:33:36.339409: |   02 00 00 64  01 01 00 0b  03 00 00 0c  01 00 00 14
Sep 21 07:33:36.339410: |   80 0e 01 00  03 00 00 08  02 00 00 07  03 00 00 08
Sep 21 07:33:36.339411: |   02 00 00 05  03 00 00 08  04 00 00 0e  03 00 00 08
Sep 21 07:33:36.339413: |   04 00 00 0f  03 00 00 08  04 00 00 10  03 00 00 08
Sep 21 07:33:36.339414: |   04 00 00 12  03 00 00 08  04 00 00 13  03 00 00 08
Sep 21 07:33:36.339429: |   04 00 00 14  03 00 00 08  04 00 00 15  00 00 00 08
Sep 21 07:33:36.339430: |   04 00 00 1f  02 00 00 64  02 01 00 0b  03 00 00 0c
Sep 21 07:33:36.339431: |   01 00 00 14  80 0e 00 80  03 00 00 08  02 00 00 07
Sep 21 07:33:36.339433: |   03 00 00 08  02 00 00 05  03 00 00 08  04 00 00 0e
Sep 21 07:33:36.339434: |   03 00 00 08  04 00 00 0f  03 00 00 08  04 00 00 10
Sep 21 07:33:36.339435: |   03 00 00 08  04 00 00 12  03 00 00 08  04 00 00 13
Sep 21 07:33:36.339437: |   03 00 00 08  04 00 00 14  03 00 00 08  04 00 00 15
Sep 21 07:33:36.339438: |   00 00 00 08  04 00 00 1f  02 00 00 74  03 01 00 0d
Sep 21 07:33:36.339439: |   03 00 00 0c  01 00 00 0c  80 0e 01 00  03 00 00 08
Sep 21 07:33:36.339441: |   02 00 00 07  03 00 00 08  02 00 00 05  03 00 00 08
Sep 21 07:33:36.339442: |   03 00 00 0e  03 00 00 08  03 00 00 0c  03 00 00 08
Sep 21 07:33:36.339443: |   04 00 00 0e  03 00 00 08  04 00 00 0f  03 00 00 08
Sep 21 07:33:36.339445: |   04 00 00 10  03 00 00 08  04 00 00 12  03 00 00 08
Sep 21 07:33:36.339446: |   04 00 00 13  03 00 00 08  04 00 00 14  03 00 00 08
Sep 21 07:33:36.339448: |   04 00 00 15  00 00 00 08  04 00 00 1f  00 00 00 74
Sep 21 07:33:36.339449: |   04 01 00 0d  03 00 00 0c  01 00 00 0c  80 0e 00 80
Sep 21 07:33:36.339453: |   03 00 00 08  02 00 00 07  03 00 00 08  02 00 00 05
Sep 21 07:33:36.339454: |   03 00 00 08  03 00 00 0e  03 00 00 08  03 00 00 0c
Sep 21 07:33:36.339456: |   03 00 00 08  04 00 00 0e  03 00 00 08  04 00 00 0f
Sep 21 07:33:36.339457: |   03 00 00 08  04 00 00 10  03 00 00 08  04 00 00 12
Sep 21 07:33:36.339458: |   03 00 00 08  04 00 00 13  03 00 00 08  04 00 00 14
Sep 21 07:33:36.339460: |   03 00 00 08  04 00 00 15  00 00 00 08  04 00 00 1f
Sep 21 07:33:36.339461: |   28 00 01 08  00 0e 00 00  a1 58 22 66  a9 3c cb 60
Sep 21 07:33:36.339462: |   57 4c d3 92  4e cd ba db  bb b8 8c 89  e0 4a 20 dd
Sep 21 07:33:36.339464: |   d5 b2 73 55  47 a6 3c a8  7d 98 13 fd  4b 9f 1a 11
Sep 21 07:33:36.339465: |   da 73 f2 ce  03 85 f8 2a  4a 87 6c 21  cc 71 46 5a
Sep 21 07:33:36.339467: |   39 09 2d 46  31 aa ac ed  91 7f da 98  60 63 e4 cf
Sep 21 07:33:36.339468: |   0c e6 fa a7  8f e8 fd e0  a7 f6 4a 94  92 3c 20 7b
Sep 21 07:33:36.339469: |   af 43 a4 87  f7 05 c9 83  4f df 4c e1  67 8e 10 c3
Sep 21 07:33:36.339471: |   7a b4 31 c8  bb 1a e1 20  03 d2 e2 ba  a9 d2 fb 32
Sep 21 07:33:36.339472: |   b6 45 b5 8b  07 3a f1 ec  7e bd 2f ea  12 70 65 44
Sep 21 07:33:36.339473: |   40 bf f7 14  ac 99 14 5e  6f c5 b5 4d  e5 94 56 3b
Sep 21 07:33:36.339475: |   98 dd 5b 03  ed ac 7c 4f  ce fd 3d b7  73 fb a6 eb
Sep 21 07:33:36.339476: |   c7 2e 6d 04  e2 e3 d0 04  63 c8 c7 64  83 74 7d f6
Sep 21 07:33:36.339477: |   73 89 50 17  7e 89 2a f5  fb 27 d0 aa  bf b4 54 e8
Sep 21 07:33:36.339479: |   ae e5 04 4e  2e a9 cf a6  dd 27 8e 3d  82 5a 7b 78
Sep 21 07:33:36.339480: |   a4 27 ab 8e  22 f6 36 87  d3 42 a5 e8  0c 95 e3 3d
Sep 21 07:33:36.339481: |   65 5e 8a 43  ef b7 8a 54  06 d1 73 77  41 a3 a1 46
Sep 21 07:33:36.339483: |   77 77 1c b8  0f 3c 26 f6  29 00 00 24  43 22 13 ea
Sep 21 07:33:36.339484: |   ac 9b 3f fe  8c f9 8b 20  39 6e d1 d8  85 cd b9 8f
Sep 21 07:33:36.339485: |   37 c2 29 4a  36 d0 b2 4a  c4 89 c6 17  29 00 00 08
Sep 21 07:33:36.339487: |   00 00 40 2e  29 00 00 1c  00 00 40 04  89 e9 2c 81
Sep 21 07:33:36.339488: |   f6 ac 6f 7f  5e 17 c8 aa  76 b0 48 4a  ed 2e 9a 4e
Sep 21 07:33:36.339490: |   00 00 00 1c  00 00 40 05  b4 53 a4 ab  49 f4 e0 26
Sep 21 07:33:36.339491: |   4c 3c 81 4f  25 b6 8f 57  27 e8 82 c0
Sep 21 07:33:36.339496: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Sep 21 07:33:36.339498: | **parse ISAKMP Message:
Sep 21 07:33:36.339500: |    initiator cookie:
Sep 21 07:33:36.339501: |   44 43 18 88  8e 8c 79 17
Sep 21 07:33:36.339503: |    responder cookie:
Sep 21 07:33:36.339504: |   00 00 00 00  00 00 00 00
Sep 21 07:33:36.339507: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Sep 21 07:33:36.339509: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:33:36.339512: |    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
Sep 21 07:33:36.339514: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Sep 21 07:33:36.339516: |    Message ID: 0 (0x0)
Sep 21 07:33:36.339519: |    length: 828 (0x33c)
Sep 21 07:33:36.339521: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34)
Sep 21 07:33:36.339525: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request 
Sep 21 07:33:36.339528: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi)
Sep 21 07:33:36.339530: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Sep 21 07:33:36.339534: | ***parse IKEv2 Security Association Payload:
Sep 21 07:33:36.339536: |    next payload type: ISAKMP_NEXT_v2KE (0x22)
Sep 21 07:33:36.339539: |    flags: none (0x0)
Sep 21 07:33:36.339541: |    length: 436 (0x1b4)
Sep 21 07:33:36.339543: | processing payload: ISAKMP_NEXT_v2SA (len=432)
Sep 21 07:33:36.339546: | Now let's proceed with payload (ISAKMP_NEXT_v2KE)
Sep 21 07:33:36.339548: | ***parse IKEv2 Key Exchange Payload:
Sep 21 07:33:36.339549: |    next payload type: ISAKMP_NEXT_v2Ni (0x28)
Sep 21 07:33:36.339551: |    flags: none (0x0)
Sep 21 07:33:36.339552: |    length: 264 (0x108)
Sep 21 07:33:36.339553: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:33:36.339557: | processing payload: ISAKMP_NEXT_v2KE (len=256)
Sep 21 07:33:36.339559: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
Sep 21 07:33:36.339560: | ***parse IKEv2 Nonce Payload:
Sep 21 07:33:36.339562: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Sep 21 07:33:36.339563: |    flags: none (0x0)
Sep 21 07:33:36.339564: |    length: 36 (0x24)
Sep 21 07:33:36.339566: | processing payload: ISAKMP_NEXT_v2Ni (len=32)
Sep 21 07:33:36.339567: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Sep 21 07:33:36.339569: | ***parse IKEv2 Notify Payload:
Sep 21 07:33:36.339570: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Sep 21 07:33:36.339572: |    flags: none (0x0)
Sep 21 07:33:36.339573: |    length: 8 (0x8)
Sep 21 07:33:36.339575: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:33:36.339576: |    SPI size: 0 (0x0)
Sep 21 07:33:36.339578: |    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
Sep 21 07:33:36.339579: | processing payload: ISAKMP_NEXT_v2N (len=0)
Sep 21 07:33:36.339581: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Sep 21 07:33:36.339582: | ***parse IKEv2 Notify Payload:
Sep 21 07:33:36.339584: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Sep 21 07:33:36.339585: |    flags: none (0x0)
Sep 21 07:33:36.339586: |    length: 28 (0x1c)
Sep 21 07:33:36.339588: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:33:36.339589: |    SPI size: 0 (0x0)
Sep 21 07:33:36.339591: |    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Sep 21 07:33:36.339592: | processing payload: ISAKMP_NEXT_v2N (len=20)
Sep 21 07:33:36.339594: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Sep 21 07:33:36.339595: | ***parse IKEv2 Notify Payload:
Sep 21 07:33:36.339597: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:33:36.339598: |    flags: none (0x0)
Sep 21 07:33:36.339599: |    length: 28 (0x1c)
Sep 21 07:33:36.339601: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:33:36.339602: |    SPI size: 0 (0x0)
Sep 21 07:33:36.339604: |    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Sep 21 07:33:36.339605: | processing payload: ISAKMP_NEXT_v2N (len=20)
Sep 21 07:33:36.339607: | DDOS disabled and no cookie sent, continuing
Sep 21 07:33:36.339611: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports
Sep 21 07:33:36.339614: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Sep 21 07:33:36.339616: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW
Sep 21 07:33:36.339618: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ikev2)
Sep 21 07:33:36.339620: | find_next_host_connection returns empty
Sep 21 07:33:36.339623: | find_host_connection local=192.1.2.23:500 remote=<none:> policy=ECDSA+IKEV2_ALLOW but ignoring ports
Sep 21 07:33:36.339624: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW
Sep 21 07:33:36.339626: | find_next_host_connection returns empty
Sep 21 07:33:36.339628: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW
Sep 21 07:33:36.339631: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports
Sep 21 07:33:36.339634: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Sep 21 07:33:36.339635: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW
Sep 21 07:33:36.339637: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ikev2)
Sep 21 07:33:36.339639: | find_next_host_connection returns westnet-eastnet-ikev2
Sep 21 07:33:36.339640: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW
Sep 21 07:33:36.339641: | find_next_host_connection returns empty
Sep 21 07:33:36.339643: | found connection: westnet-eastnet-ikev2 with policy RSASIG+IKEV2_ALLOW
Sep 21 07:33:36.339657: | creating state object #1 at 0x556ff0c4d3a0
Sep 21 07:33:36.339660: | State DB: adding IKEv2 state #1 in UNDEFINED
Sep 21 07:33:36.339667: | pstats #1 ikev2.ike started
Sep 21 07:33:36.339669: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0
Sep 21 07:33:36.339671: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA)
Sep 21 07:33:36.339674: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1
Sep 21 07:33:36.339680: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016)
Sep 21 07:33:36.339682: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Sep 21 07:33:36.339685: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064)
Sep 21 07:33:36.339687: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000
Sep 21 07:33:36.339690: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1
Sep 21 07:33:36.339693: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0
Sep 21 07:33:36.339694: | #1 in state PARENT_R0: processing SA_INIT request
Sep 21 07:33:36.339696: | selected state microcode Respond to IKE_SA_INIT
Sep 21 07:33:36.339698: | Now let's proceed with state specific processing
Sep 21 07:33:36.339699: | calling processor Respond to IKE_SA_INIT
Sep 21 07:33:36.339706: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668)
Sep 21 07:33:36.339708: | constructing local IKE proposals for westnet-eastnet-ikev2 (IKE SA responder matching remote proposals)
Sep 21 07:33:36.339713: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Sep 21 07:33:36.339718: | ...  ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Sep 21 07:33:36.339720: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Sep 21 07:33:36.339723: | ...  ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Sep 21 07:33:36.339726: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Sep 21 07:33:36.339729: | ...  ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Sep 21 07:33:36.339731: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Sep 21 07:33:36.339734: | ...  ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Sep 21 07:33:36.339740: "westnet-eastnet-ikev2": constructed local IKE proposals for westnet-eastnet-ikev2 (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519
Sep 21 07:33:36.339742: | Comparing remote proposals against IKE responder 4 local proposals
Sep 21 07:33:36.339748: | local proposal 1 type ENCR has 1 transforms
Sep 21 07:33:36.339750: | local proposal 1 type PRF has 2 transforms
Sep 21 07:33:36.339751: | local proposal 1 type INTEG has 1 transforms
Sep 21 07:33:36.339753: | local proposal 1 type DH has 8 transforms
Sep 21 07:33:36.339754: | local proposal 1 type ESN has 0 transforms
Sep 21 07:33:36.339756: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG
Sep 21 07:33:36.339758: | local proposal 2 type ENCR has 1 transforms
Sep 21 07:33:36.339759: | local proposal 2 type PRF has 2 transforms
Sep 21 07:33:36.339761: | local proposal 2 type INTEG has 1 transforms
Sep 21 07:33:36.339762: | local proposal 2 type DH has 8 transforms
Sep 21 07:33:36.339764: | local proposal 2 type ESN has 0 transforms
Sep 21 07:33:36.339765: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG
Sep 21 07:33:36.339767: | local proposal 3 type ENCR has 1 transforms
Sep 21 07:33:36.339768: | local proposal 3 type PRF has 2 transforms
Sep 21 07:33:36.339770: | local proposal 3 type INTEG has 2 transforms
Sep 21 07:33:36.339771: | local proposal 3 type DH has 8 transforms
Sep 21 07:33:36.339773: | local proposal 3 type ESN has 0 transforms
Sep 21 07:33:36.339774: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Sep 21 07:33:36.339776: | local proposal 4 type ENCR has 1 transforms
Sep 21 07:33:36.339777: | local proposal 4 type PRF has 2 transforms
Sep 21 07:33:36.339779: | local proposal 4 type INTEG has 2 transforms
Sep 21 07:33:36.339780: | local proposal 4 type DH has 8 transforms
Sep 21 07:33:36.339781: | local proposal 4 type ESN has 0 transforms
Sep 21 07:33:36.339786: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Sep 21 07:33:36.339804: | ****parse IKEv2 Proposal Substructure Payload:
Sep 21 07:33:36.339806: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:33:36.339810: |    length: 100 (0x64)
Sep 21 07:33:36.339811: |    prop #: 1 (0x1)
Sep 21 07:33:36.339813: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Sep 21 07:33:36.339814: |    spi size: 0 (0x0)
Sep 21 07:33:36.339816: |    # transforms: 11 (0xb)
Sep 21 07:33:36.339818: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals
Sep 21 07:33:36.339820: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.339822: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.339823: |    length: 12 (0xc)
Sep 21 07:33:36.339825: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:33:36.339826: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:33:36.339828: | ******parse IKEv2 Attribute Substructure Payload:
Sep 21 07:33:36.339843: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:33:36.339844: |    length/value: 256 (0x100)
Sep 21 07:33:36.339847: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Sep 21 07:33:36.339849: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.339850: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.339851: |    length: 8 (0x8)
Sep 21 07:33:36.339853: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:33:36.339854: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Sep 21 07:33:36.339857: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0
Sep 21 07:33:36.339858: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0
Sep 21 07:33:36.339860: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0
Sep 21 07:33:36.339862: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0
Sep 21 07:33:36.339864: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.339865: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.339867: |    length: 8 (0x8)
Sep 21 07:33:36.339868: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:33:36.339872: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Sep 21 07:33:36.339873: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.339875: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.339876: |    length: 8 (0x8)
Sep 21 07:33:36.339878: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.339879: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:33:36.339881: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0
Sep 21 07:33:36.339883: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0
Sep 21 07:33:36.339885: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0
Sep 21 07:33:36.339887: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0
Sep 21 07:33:36.339888: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.339890: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.339891: |    length: 8 (0x8)
Sep 21 07:33:36.339893: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.339894: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Sep 21 07:33:36.339896: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.339897: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.339899: |    length: 8 (0x8)
Sep 21 07:33:36.339900: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.339902: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Sep 21 07:33:36.339903: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.339905: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.339906: |    length: 8 (0x8)
Sep 21 07:33:36.339907: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.339909: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Sep 21 07:33:36.339911: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.339912: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.339913: |    length: 8 (0x8)
Sep 21 07:33:36.339915: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.339916: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Sep 21 07:33:36.339918: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.339919: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.339921: |    length: 8 (0x8)
Sep 21 07:33:36.339922: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.339924: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Sep 21 07:33:36.339925: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.339927: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.339928: |    length: 8 (0x8)
Sep 21 07:33:36.339930: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.339931: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Sep 21 07:33:36.339933: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.339934: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:33:36.339936: |    length: 8 (0x8)
Sep 21 07:33:36.339937: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.339938: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Sep 21 07:33:36.339941: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none
Sep 21 07:33:36.339944: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH
Sep 21 07:33:36.339945: | remote proposal 1 matches local proposal 1
Sep 21 07:33:36.339947: | ****parse IKEv2 Proposal Substructure Payload:
Sep 21 07:33:36.339949: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:33:36.339950: |    length: 100 (0x64)
Sep 21 07:33:36.339951: |    prop #: 2 (0x2)
Sep 21 07:33:36.339953: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Sep 21 07:33:36.339954: |    spi size: 0 (0x0)
Sep 21 07:33:36.339956: |    # transforms: 11 (0xb)
Sep 21 07:33:36.339958: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals
Sep 21 07:33:36.339960: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.339962: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.339963: |    length: 12 (0xc)
Sep 21 07:33:36.339965: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:33:36.339966: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:33:36.339968: | ******parse IKEv2 Attribute Substructure Payload:
Sep 21 07:33:36.339969: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:33:36.339971: |    length/value: 128 (0x80)
Sep 21 07:33:36.339972: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.339974: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.339975: |    length: 8 (0x8)
Sep 21 07:33:36.339977: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:33:36.339978: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Sep 21 07:33:36.339980: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.339981: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.339983: |    length: 8 (0x8)
Sep 21 07:33:36.339984: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:33:36.339985: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Sep 21 07:33:36.339987: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.339988: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.339990: |    length: 8 (0x8)
Sep 21 07:33:36.339995: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.339996: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:33:36.339998: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.339999: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340001: |    length: 8 (0x8)
Sep 21 07:33:36.340002: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.340004: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Sep 21 07:33:36.340005: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340007: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340008: |    length: 8 (0x8)
Sep 21 07:33:36.340009: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.340011: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Sep 21 07:33:36.340013: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340014: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340015: |    length: 8 (0x8)
Sep 21 07:33:36.340017: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.340018: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Sep 21 07:33:36.340020: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340021: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340023: |    length: 8 (0x8)
Sep 21 07:33:36.340024: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.340026: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Sep 21 07:33:36.340027: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340029: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340030: |    length: 8 (0x8)
Sep 21 07:33:36.340032: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.340033: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Sep 21 07:33:36.340035: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340036: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340038: |    length: 8 (0x8)
Sep 21 07:33:36.340039: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.340040: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Sep 21 07:33:36.340042: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340044: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:33:36.340045: |    length: 8 (0x8)
Sep 21 07:33:36.340046: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.340048: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Sep 21 07:33:36.340050: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH
Sep 21 07:33:36.340053: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH
Sep 21 07:33:36.340054: | ****parse IKEv2 Proposal Substructure Payload:
Sep 21 07:33:36.340056: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:33:36.340057: |    length: 116 (0x74)
Sep 21 07:33:36.340059: |    prop #: 3 (0x3)
Sep 21 07:33:36.340060: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Sep 21 07:33:36.340061: |    spi size: 0 (0x0)
Sep 21 07:33:36.340063: |    # transforms: 13 (0xd)
Sep 21 07:33:36.340065: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals
Sep 21 07:33:36.340066: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340068: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340069: |    length: 12 (0xc)
Sep 21 07:33:36.340071: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:33:36.340072: |    IKEv2 transform ID: AES_CBC (0xc)
Sep 21 07:33:36.340074: | ******parse IKEv2 Attribute Substructure Payload:
Sep 21 07:33:36.340075: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:33:36.340077: |    length/value: 256 (0x100)
Sep 21 07:33:36.340078: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340080: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340081: |    length: 8 (0x8)
Sep 21 07:33:36.340083: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:33:36.340084: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Sep 21 07:33:36.340086: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340087: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340089: |    length: 8 (0x8)
Sep 21 07:33:36.340090: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:33:36.340091: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Sep 21 07:33:36.340093: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340095: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340096: |    length: 8 (0x8)
Sep 21 07:33:36.340097: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:33:36.340099: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Sep 21 07:33:36.340101: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340102: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340103: |    length: 8 (0x8)
Sep 21 07:33:36.340105: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:33:36.340106: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Sep 21 07:33:36.340108: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340109: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340111: |    length: 8 (0x8)
Sep 21 07:33:36.340112: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.340114: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:33:36.340115: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340117: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340118: |    length: 8 (0x8)
Sep 21 07:33:36.340119: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.340121: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Sep 21 07:33:36.340122: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340124: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340125: |    length: 8 (0x8)
Sep 21 07:33:36.340127: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.340128: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Sep 21 07:33:36.340130: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340131: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340133: |    length: 8 (0x8)
Sep 21 07:33:36.340134: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.340136: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Sep 21 07:33:36.340137: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340154: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340156: |    length: 8 (0x8)
Sep 21 07:33:36.340157: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.340159: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Sep 21 07:33:36.340161: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340163: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340165: |    length: 8 (0x8)
Sep 21 07:33:36.340168: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.340169: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Sep 21 07:33:36.340172: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340174: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340176: |    length: 8 (0x8)
Sep 21 07:33:36.340179: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.340182: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Sep 21 07:33:36.340198: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340200: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:33:36.340203: |    length: 8 (0x8)
Sep 21 07:33:36.340206: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.340209: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Sep 21 07:33:36.340213: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH
Sep 21 07:33:36.340216: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH
Sep 21 07:33:36.340219: | ****parse IKEv2 Proposal Substructure Payload:
Sep 21 07:33:36.340221: |    last proposal: v2_PROPOSAL_LAST (0x0)
Sep 21 07:33:36.340224: |    length: 116 (0x74)
Sep 21 07:33:36.340227: |    prop #: 4 (0x4)
Sep 21 07:33:36.340229: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Sep 21 07:33:36.340232: |    spi size: 0 (0x0)
Sep 21 07:33:36.340234: |    # transforms: 13 (0xd)
Sep 21 07:33:36.340237: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals
Sep 21 07:33:36.340240: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340243: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340245: |    length: 12 (0xc)
Sep 21 07:33:36.340248: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:33:36.340251: |    IKEv2 transform ID: AES_CBC (0xc)
Sep 21 07:33:36.340254: | ******parse IKEv2 Attribute Substructure Payload:
Sep 21 07:33:36.340257: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:33:36.340259: |    length/value: 128 (0x80)
Sep 21 07:33:36.340262: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340265: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340268: |    length: 8 (0x8)
Sep 21 07:33:36.340270: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:33:36.340273: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Sep 21 07:33:36.340276: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340279: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340281: |    length: 8 (0x8)
Sep 21 07:33:36.340284: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:33:36.340287: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Sep 21 07:33:36.340290: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340292: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340295: |    length: 8 (0x8)
Sep 21 07:33:36.340298: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:33:36.340300: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Sep 21 07:33:36.340303: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340306: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340309: |    length: 8 (0x8)
Sep 21 07:33:36.340311: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:33:36.340314: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Sep 21 07:33:36.340317: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340320: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340322: |    length: 8 (0x8)
Sep 21 07:33:36.340324: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.340328: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:33:36.340331: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340333: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340335: |    length: 8 (0x8)
Sep 21 07:33:36.340337: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.340340: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Sep 21 07:33:36.340343: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340345: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340347: |    length: 8 (0x8)
Sep 21 07:33:36.340349: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.340351: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Sep 21 07:33:36.340354: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340356: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340358: |    length: 8 (0x8)
Sep 21 07:33:36.340360: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.340363: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Sep 21 07:33:36.340365: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340368: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340370: |    length: 8 (0x8)
Sep 21 07:33:36.340372: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.340375: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Sep 21 07:33:36.340377: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340380: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340382: |    length: 8 (0x8)
Sep 21 07:33:36.340384: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.340386: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Sep 21 07:33:36.340389: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340391: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.340393: |    length: 8 (0x8)
Sep 21 07:33:36.340395: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.340398: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Sep 21 07:33:36.340400: | *****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.340402: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:33:36.340404: |    length: 8 (0x8)
Sep 21 07:33:36.340406: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.340408: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Sep 21 07:33:36.340412: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH
Sep 21 07:33:36.340415: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH
Sep 21 07:33:36.340419: "westnet-eastnet-ikev2" #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519
Sep 21 07:33:36.340423: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048
Sep 21 07:33:36.340425: | converting proposal to internal trans attrs
Sep 21 07:33:36.340429: | natd_hash: rcookie is zero
Sep 21 07:33:36.340438: | natd_hash: hasher=0x556fef24b7a0(20)
Sep 21 07:33:36.340440: | natd_hash: icookie=  44 43 18 88  8e 8c 79 17
Sep 21 07:33:36.340442: | natd_hash: rcookie=  00 00 00 00  00 00 00 00
Sep 21 07:33:36.340444: | natd_hash: ip=  c0 01 02 17
Sep 21 07:33:36.340447: | natd_hash: port=  01 f4
Sep 21 07:33:36.340464: | natd_hash: hash=  b4 53 a4 ab  49 f4 e0 26  4c 3c 81 4f  25 b6 8f 57
Sep 21 07:33:36.340466: | natd_hash: hash=  27 e8 82 c0
Sep 21 07:33:36.340468: | natd_hash: rcookie is zero
Sep 21 07:33:36.340473: | natd_hash: hasher=0x556fef24b7a0(20)
Sep 21 07:33:36.340475: | natd_hash: icookie=  44 43 18 88  8e 8c 79 17
Sep 21 07:33:36.340477: | natd_hash: rcookie=  00 00 00 00  00 00 00 00
Sep 21 07:33:36.340479: | natd_hash: ip=  c0 01 02 2d
Sep 21 07:33:36.340480: | natd_hash: port=  01 f4
Sep 21 07:33:36.340482: | natd_hash: hash=  89 e9 2c 81  f6 ac 6f 7f  5e 17 c8 aa  76 b0 48 4a
Sep 21 07:33:36.340484: | natd_hash: hash=  ed 2e 9a 4e
Sep 21 07:33:36.340487: | NAT_TRAVERSAL encaps using auto-detect
Sep 21 07:33:36.340489: | NAT_TRAVERSAL this end is NOT behind NAT
Sep 21 07:33:36.340491: | NAT_TRAVERSAL that end is NOT behind NAT
Sep 21 07:33:36.340494: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45
Sep 21 07:33:36.340499: | adding ikev2_inI1outR1 KE work-order 1 for state #1
Sep 21 07:33:36.340502: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x556ff0c4bb90
Sep 21 07:33:36.340506: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Sep 21 07:33:36.340508: | libevent_malloc: new ptr-libevent@0x556ff0c500c0 size 128
Sep 21 07:33:36.340519: |   #1 spent 0.811 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet()
Sep 21 07:33:36.340526: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:33:36.340525: | crypto helper 2 resuming
Sep 21 07:33:36.340534: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND
Sep 21 07:33:36.340543: | crypto helper 2 starting work-order 1 for state #1
Sep 21 07:33:36.340548: | suspending state #1 and saving MD
Sep 21 07:33:36.340555: | crypto helper 2 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1
Sep 21 07:33:36.340559: | #1 is busy; has a suspended MD
Sep 21 07:33:36.340570: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266)
Sep 21 07:33:36.340574: | "westnet-eastnet-ikev2" #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448
Sep 21 07:33:36.340578: | stop processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
Sep 21 07:33:36.340583: | #1 spent 1.18 milliseconds in ikev2_process_packet()
Sep 21 07:33:36.340588: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Sep 21 07:33:36.340590: | processing: STOP state #0 (in process_md() at demux.c:382)
Sep 21 07:33:36.340593: | processing: STOP connection NULL (in process_md() at demux.c:383)
Sep 21 07:33:36.340597: | spent 1.19 milliseconds in comm_handle_cb() reading and processing packet
Sep 21 07:33:36.341242: | crypto helper 2 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.000686 seconds
Sep 21 07:33:36.341256: | (#1) spent 0.695 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr)
Sep 21 07:33:36.341259: | crypto helper 2 sending results from work-order 1 for state #1 to event queue
Sep 21 07:33:36.341261: | scheduling resume sending helper answer for #1
Sep 21 07:33:36.341264: | libevent_malloc: new ptr-libevent@0x7f1a28006900 size 128
Sep 21 07:33:36.341270: | crypto helper 2 waiting (nothing to do)
Sep 21 07:33:36.341277: | processing resume sending helper answer for #1
Sep 21 07:33:36.341285: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:797)
Sep 21 07:33:36.341288: | crypto helper 2 replies to request ID 1
Sep 21 07:33:36.341289: | calling continuation function 0x556fef175630
Sep 21 07:33:36.341291: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1
Sep 21 07:33:36.341317: | **emit ISAKMP Message:
Sep 21 07:33:36.341321: |    initiator cookie:
Sep 21 07:33:36.341323: |   44 43 18 88  8e 8c 79 17
Sep 21 07:33:36.341325: |    responder cookie:
Sep 21 07:33:36.341326: |   95 0b c5 f5  39 06 f4 d3
Sep 21 07:33:36.341328: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Sep 21 07:33:36.341329: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:33:36.341331: |    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
Sep 21 07:33:36.341333: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Sep 21 07:33:36.341335: |    Message ID: 0 (0x0)
Sep 21 07:33:36.341337: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Sep 21 07:33:36.341339: | Emitting ikev2_proposal ...
Sep 21 07:33:36.341340: | ***emit IKEv2 Security Association Payload:
Sep 21 07:33:36.341342: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:33:36.341343: |    flags: none (0x0)
Sep 21 07:33:36.341345: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Sep 21 07:33:36.341347: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Sep 21 07:33:36.341350: | ****emit IKEv2 Proposal Substructure Payload:
Sep 21 07:33:36.341351: |    last proposal: v2_PROPOSAL_LAST (0x0)
Sep 21 07:33:36.341353: |    prop #: 1 (0x1)
Sep 21 07:33:36.341354: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Sep 21 07:33:36.341356: |    spi size: 0 (0x0)
Sep 21 07:33:36.341357: |    # transforms: 3 (0x3)
Sep 21 07:33:36.341359: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Sep 21 07:33:36.341361: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.341363: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.341364: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:33:36.341366: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:33:36.341368: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:33:36.341370: | ******emit IKEv2 Attribute Substructure Payload:
Sep 21 07:33:36.341371: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:33:36.341373: |    length/value: 256 (0x100)
Sep 21 07:33:36.341375: | emitting length of IKEv2 Transform Substructure Payload: 12
Sep 21 07:33:36.341376: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.341378: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.341380: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Sep 21 07:33:36.341381: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Sep 21 07:33:36.341383: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.341385: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:33:36.341387: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:33:36.341388: | *****emit IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.341390: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:33:36.341391: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Sep 21 07:33:36.341393: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:33:36.341395: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.341396: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:33:36.341398: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:33:36.341400: | emitting length of IKEv2 Proposal Substructure Payload: 36
Sep 21 07:33:36.341401: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Sep 21 07:33:36.341404: | emitting length of IKEv2 Security Association Payload: 40
Sep 21 07:33:36.341406: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Sep 21 07:33:36.341408: | ***emit IKEv2 Key Exchange Payload:
Sep 21 07:33:36.341410: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:33:36.341411: |    flags: none (0x0)
Sep 21 07:33:36.341413: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Sep 21 07:33:36.341415: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE)
Sep 21 07:33:36.341417: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet'
Sep 21 07:33:36.341419: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
Sep 21 07:33:36.341420: | ikev2 g^x  48 83 62 3f  ae 16 5c 20  7e 37 1b a4  2c e6 d0 05
Sep 21 07:33:36.341422: | ikev2 g^x  0a 4b 62 fd  79 be a9 2b  cb 75 fb f9  d7 d6 3a bd
Sep 21 07:33:36.341423: | ikev2 g^x  39 5c 26 b7  90 05 e9 fc  94 26 db 60  69 cf f8 d7
Sep 21 07:33:36.341425: | ikev2 g^x  02 e4 0a 9d  26 58 29 b0  58 49 1c 60  1d 96 60 28
Sep 21 07:33:36.341426: | ikev2 g^x  b9 27 ef d9  ce 6b 07 1d  c8 81 4b 8c  a2 90 02 88
Sep 21 07:33:36.341427: | ikev2 g^x  7a df 50 9c  87 2e 1c 81  e2 cc b8 6a  14 dd 07 63
Sep 21 07:33:36.341429: | ikev2 g^x  4d 9d b3 8e  b1 60 fc 91  8b 4e b2 31  f5 68 f8 2b
Sep 21 07:33:36.341430: | ikev2 g^x  d6 47 63 bf  2d 8f ef 34  86 35 07 4d  9b d4 38 41
Sep 21 07:33:36.341432: | ikev2 g^x  21 cd 59 bd  a2 57 c9 36  d9 18 47 0e  55 03 b2 51
Sep 21 07:33:36.341433: | ikev2 g^x  41 f5 61 b9  24 b1 04 9b  25 d1 7f 9f  92 cb f2 b1
Sep 21 07:33:36.341435: | ikev2 g^x  18 d3 2d 51  8c 80 e7 14  5b fd 41 79  88 f2 1d 4f
Sep 21 07:33:36.341436: | ikev2 g^x  f8 b5 82 6a  91 7a cf 71  07 37 7c 9b  bb db db 24
Sep 21 07:33:36.341437: | ikev2 g^x  68 53 95 38  48 28 46 29  b4 24 b9 0f  52 c7 72 53
Sep 21 07:33:36.341439: | ikev2 g^x  ba bd 1e d6  b8 61 58 f7  08 6a 0f a1  84 61 38 9d
Sep 21 07:33:36.341440: | ikev2 g^x  c4 df a0 05  d6 7e 1b 74  68 df 6f a8  20 6a f4 94
Sep 21 07:33:36.341442: | ikev2 g^x  dc e4 43 ca  58 1e e7 83  71 de f8 47  f1 13 e3 e4
Sep 21 07:33:36.341443: | emitting length of IKEv2 Key Exchange Payload: 264
Sep 21 07:33:36.341445: | ***emit IKEv2 Nonce Payload:
Sep 21 07:33:36.341447: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Sep 21 07:33:36.341449: |    flags: none (0x0)
Sep 21 07:33:36.341450: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N
Sep 21 07:33:36.341452: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni)
Sep 21 07:33:36.341454: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet'
Sep 21 07:33:36.341456: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
Sep 21 07:33:36.341457: | IKEv2 nonce  d8 8b 49 b9  ca 7f 0b ea  cc 63 8a 3f  5e 05 c1 1b
Sep 21 07:33:36.341459: | IKEv2 nonce  aa b9 04 9a  fc d4 02 b3  00 cd a8 be  a1 ea 93 9a
Sep 21 07:33:36.341460: | emitting length of IKEv2 Nonce Payload: 36
Sep 21 07:33:36.341463: | Adding a v2N Payload
Sep 21 07:33:36.341465: | ***emit IKEv2 Notify Payload:
Sep 21 07:33:36.341466: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:33:36.341468: |    flags: none (0x0)
Sep 21 07:33:36.341469: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:33:36.341471: |    SPI size: 0 (0x0)
Sep 21 07:33:36.341473: |    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
Sep 21 07:33:36.341475: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Sep 21 07:33:36.341476: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Sep 21 07:33:36.341478: | emitting length of IKEv2 Notify Payload: 8
Sep 21 07:33:36.341480: |  NAT-Traversal support  [enabled] add v2N payloads.
Sep 21 07:33:36.341489: | natd_hash: hasher=0x556fef24b7a0(20)
Sep 21 07:33:36.341491: | natd_hash: icookie=  44 43 18 88  8e 8c 79 17
Sep 21 07:33:36.341492: | natd_hash: rcookie=  95 0b c5 f5  39 06 f4 d3
Sep 21 07:33:36.341494: | natd_hash: ip=  c0 01 02 17
Sep 21 07:33:36.341495: | natd_hash: port=  01 f4
Sep 21 07:33:36.341497: | natd_hash: hash=  7e 4f ea 74  8f be 9e eb  ad 71 e5 24  61 43 ac 9f
Sep 21 07:33:36.341498: | natd_hash: hash=  cd 83 89 d5
Sep 21 07:33:36.341500: | Adding a v2N Payload
Sep 21 07:33:36.341501: | ***emit IKEv2 Notify Payload:
Sep 21 07:33:36.341503: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:33:36.341504: |    flags: none (0x0)
Sep 21 07:33:36.341506: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:33:36.341507: |    SPI size: 0 (0x0)
Sep 21 07:33:36.341509: |    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Sep 21 07:33:36.341511: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Sep 21 07:33:36.341512: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Sep 21 07:33:36.341514: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Sep 21 07:33:36.341516: | Notify data  7e 4f ea 74  8f be 9e eb  ad 71 e5 24  61 43 ac 9f
Sep 21 07:33:36.341517: | Notify data  cd 83 89 d5
Sep 21 07:33:36.341519: | emitting length of IKEv2 Notify Payload: 28
Sep 21 07:33:36.341522: | natd_hash: hasher=0x556fef24b7a0(20)
Sep 21 07:33:36.341524: | natd_hash: icookie=  44 43 18 88  8e 8c 79 17
Sep 21 07:33:36.341525: | natd_hash: rcookie=  95 0b c5 f5  39 06 f4 d3
Sep 21 07:33:36.341527: | natd_hash: ip=  c0 01 02 2d
Sep 21 07:33:36.341528: | natd_hash: port=  01 f4
Sep 21 07:33:36.341530: | natd_hash: hash=  42 9e 99 e7  bc d1 86 bb  9d f1 ee c0  8c c5 3f f0
Sep 21 07:33:36.341531: | natd_hash: hash=  54 de 32 f1
Sep 21 07:33:36.341532: | Adding a v2N Payload
Sep 21 07:33:36.341534: | ***emit IKEv2 Notify Payload:
Sep 21 07:33:36.341535: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:33:36.341537: |    flags: none (0x0)
Sep 21 07:33:36.341538: |    Protocol ID: PROTO_v2_RESERVED (0x0)
Sep 21 07:33:36.341539: |    SPI size: 0 (0x0)
Sep 21 07:33:36.341542: |    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Sep 21 07:33:36.341549: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Sep 21 07:33:36.341553: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Sep 21 07:33:36.341556: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Sep 21 07:33:36.341559: | Notify data  42 9e 99 e7  bc d1 86 bb  9d f1 ee c0  8c c5 3f f0
Sep 21 07:33:36.341561: | Notify data  54 de 32 f1
Sep 21 07:33:36.341564: | emitting length of IKEv2 Notify Payload: 28
Sep 21 07:33:36.341566: | emitting length of ISAKMP Message: 432
Sep 21 07:33:36.341574: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:33:36.341579: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK
Sep 21 07:33:36.341582: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1
Sep 21 07:33:36.341586: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA)
Sep 21 07:33:36.341589: | Message ID: updating counters for #1 to 0 after switching state
Sep 21 07:33:36.341595: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1
Sep 21 07:33:36.341601: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1
Sep 21 07:33:36.341606: "westnet-eastnet-ikev2" #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
Sep 21 07:33:36.341614: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500)
Sep 21 07:33:36.341624: | sending 432 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1)
Sep 21 07:33:36.341627: |   44 43 18 88  8e 8c 79 17  95 0b c5 f5  39 06 f4 d3
Sep 21 07:33:36.341630: |   21 20 22 20  00 00 00 00  00 00 01 b0  22 00 00 28
Sep 21 07:33:36.341632: |   00 00 00 24  01 01 00 03  03 00 00 0c  01 00 00 14
Sep 21 07:33:36.341635: |   80 0e 01 00  03 00 00 08  02 00 00 07  00 00 00 08
Sep 21 07:33:36.341637: |   04 00 00 0e  28 00 01 08  00 0e 00 00  48 83 62 3f
Sep 21 07:33:36.341639: |   ae 16 5c 20  7e 37 1b a4  2c e6 d0 05  0a 4b 62 fd
Sep 21 07:33:36.341640: |   79 be a9 2b  cb 75 fb f9  d7 d6 3a bd  39 5c 26 b7
Sep 21 07:33:36.341642: |   90 05 e9 fc  94 26 db 60  69 cf f8 d7  02 e4 0a 9d
Sep 21 07:33:36.341643: |   26 58 29 b0  58 49 1c 60  1d 96 60 28  b9 27 ef d9
Sep 21 07:33:36.341645: |   ce 6b 07 1d  c8 81 4b 8c  a2 90 02 88  7a df 50 9c
Sep 21 07:33:36.341646: |   87 2e 1c 81  e2 cc b8 6a  14 dd 07 63  4d 9d b3 8e
Sep 21 07:33:36.341647: |   b1 60 fc 91  8b 4e b2 31  f5 68 f8 2b  d6 47 63 bf
Sep 21 07:33:36.341649: |   2d 8f ef 34  86 35 07 4d  9b d4 38 41  21 cd 59 bd
Sep 21 07:33:36.341650: |   a2 57 c9 36  d9 18 47 0e  55 03 b2 51  41 f5 61 b9
Sep 21 07:33:36.341652: |   24 b1 04 9b  25 d1 7f 9f  92 cb f2 b1  18 d3 2d 51
Sep 21 07:33:36.341653: |   8c 80 e7 14  5b fd 41 79  88 f2 1d 4f  f8 b5 82 6a
Sep 21 07:33:36.341654: |   91 7a cf 71  07 37 7c 9b  bb db db 24  68 53 95 38
Sep 21 07:33:36.341656: |   48 28 46 29  b4 24 b9 0f  52 c7 72 53  ba bd 1e d6
Sep 21 07:33:36.341657: |   b8 61 58 f7  08 6a 0f a1  84 61 38 9d  c4 df a0 05
Sep 21 07:33:36.341659: |   d6 7e 1b 74  68 df 6f a8  20 6a f4 94  dc e4 43 ca
Sep 21 07:33:36.341660: |   58 1e e7 83  71 de f8 47  f1 13 e3 e4  29 00 00 24
Sep 21 07:33:36.341661: |   d8 8b 49 b9  ca 7f 0b ea  cc 63 8a 3f  5e 05 c1 1b
Sep 21 07:33:36.341663: |   aa b9 04 9a  fc d4 02 b3  00 cd a8 be  a1 ea 93 9a
Sep 21 07:33:36.341664: |   29 00 00 08  00 00 40 2e  29 00 00 1c  00 00 40 04
Sep 21 07:33:36.341666: |   7e 4f ea 74  8f be 9e eb  ad 71 e5 24  61 43 ac 9f
Sep 21 07:33:36.341667: |   cd 83 89 d5  00 00 00 1c  00 00 40 05  42 9e 99 e7
Sep 21 07:33:36.341668: |   bc d1 86 bb  9d f1 ee c0  8c c5 3f f0  54 de 32 f1
Sep 21 07:33:36.341705: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Sep 21 07:33:36.341709: | libevent_free: release ptr-libevent@0x556ff0c500c0
Sep 21 07:33:36.341711: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x556ff0c4bb90
Sep 21 07:33:36.341713: | event_schedule: new EVENT_SO_DISCARD-pe@0x556ff0c4bb90
Sep 21 07:33:36.341716: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1
Sep 21 07:33:36.341718: | libevent_malloc: new ptr-libevent@0x556ff0c500c0 size 128
Sep 21 07:33:36.341722: | resume sending helper answer for #1 suppresed complete_v2_state_transition()
Sep 21 07:33:36.341727: | #1 spent 0.421 milliseconds in resume sending helper answer
Sep 21 07:33:36.341730: | stop processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:833)
Sep 21 07:33:36.341732: | libevent_free: release ptr-libevent@0x7f1a28006900
Sep 21 07:33:36.347464: | spent 0.00305 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Sep 21 07:33:36.347483: | *received 539 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Sep 21 07:33:36.347485: |   44 43 18 88  8e 8c 79 17  95 0b c5 f5  39 06 f4 d3
Sep 21 07:33:36.347487: |   35 20 23 08  00 00 00 01  00 00 02 1b  23 00 01 ff
Sep 21 07:33:36.347488: |   00 01 00 02  0c 5a 24 0d  92 e6 81 ff  aa 69 55 51
Sep 21 07:33:36.347490: |   f7 ed b8 d2  9a 00 1a 7d  7b 1d cd 79  5f 6e 3e 35
Sep 21 07:33:36.347491: |   06 34 4e 2b  c5 8e 5c 1c  d7 f8 85 e0  b2 cd cd 97
Sep 21 07:33:36.347493: |   18 2a 52 24  ac d9 b8 ca  bd ec 46 93  cf 70 43 fd
Sep 21 07:33:36.347494: |   c6 1c a8 1e  44 35 4b d3  f1 18 af af  5a 1b 53 a5
Sep 21 07:33:36.347495: |   04 e2 11 58  7c d8 42 66  b4 70 3d d2  79 74 e5 90
Sep 21 07:33:36.347500: |   02 21 50 79  ab 2c 28 1d  0c 06 5d b3  4a d6 dd 34
Sep 21 07:33:36.347501: |   54 b3 68 82  a3 00 6d 52  f8 e7 ff 79  69 45 db e2
Sep 21 07:33:36.347502: |   84 cb 43 73  58 3c 01 14  e4 9c 62 a3  32 72 61 af
Sep 21 07:33:36.347504: |   f7 30 d8 fc  1a 70 df f0  8b d6 0c 49  5a 60 6d 95
Sep 21 07:33:36.347505: |   1a 85 1f f6  00 2b f2 1f  b3 6c 48 6f  55 19 28 b7
Sep 21 07:33:36.347520: |   27 c7 57 f7  7a 83 fa 7d  f3 f2 a0 1b  23 01 52 2b
Sep 21 07:33:36.347521: |   71 1c 8b f8  00 98 0f df  fd a4 d6 54  f9 cc ff 67
Sep 21 07:33:36.347522: |   fb 47 a1 6f  11 6c cc 1b  45 8f 9a 23  46 48 81 84
Sep 21 07:33:36.347524: |   95 ae 61 48  97 c1 fd dd  b3 5b 7d 44  6b bf fb f4
Sep 21 07:33:36.347525: |   77 12 4d 27  30 69 03 05  6b 4b e9 ba  74 e4 d9 dc
Sep 21 07:33:36.347527: |   cc fd cc a5  25 77 21 09  13 83 d5 dd  be ad e6 f8
Sep 21 07:33:36.347528: |   12 6a 4c 78  f6 95 d1 db  2f a2 07 4b  5e 24 b4 a1
Sep 21 07:33:36.347529: |   dd 8f ab f4  e3 df b2 92  ab 17 96 c7  84 e0 ad 2d
Sep 21 07:33:36.347531: |   d7 1a 87 67  44 c7 3a 81  a3 25 07 ab  5c 89 e8 d6
Sep 21 07:33:36.347532: |   90 fc b7 7c  39 d3 56 bb  f4 1e 6c 27  c1 46 81 4e
Sep 21 07:33:36.347533: |   f0 d6 63 97  84 41 0a 23  8d ce 54 6e  94 c9 52 06
Sep 21 07:33:36.347535: |   a7 93 0d 98  7e b1 cf 7a  53 34 04 8e  88 8e ef de
Sep 21 07:33:36.347536: |   58 d2 41 cd  c6 62 58 26  be 1f b5 b6  ca dd a8 48
Sep 21 07:33:36.347537: |   ec 9c 10 d6  65 d2 01 01  c6 ca 3f 99  1c 54 db 24
Sep 21 07:33:36.347539: |   8e e6 8e 0b  a2 49 0d 74  69 cd 8b 86  c3 25 57 e7
Sep 21 07:33:36.347540: |   ac b0 13 0f  3d 45 1e b0  29 ac 29 c2  f9 7a 39 5a
Sep 21 07:33:36.347542: |   65 50 4c 7e  58 4a 6d 20  ee 5e 7b 17  2f c1 04 3f
Sep 21 07:33:36.347543: |   04 9e 94 31  4a e1 7d 25  7c 99 11 f5  ae b2 56 47
Sep 21 07:33:36.347544: |   09 27 76 51  93 2c 58 14  8d df 8b 17  f5 4c fc 09
Sep 21 07:33:36.347546: |   7d 4a 2d e7  bb bf eb 7b  3d c8 53 a8  e1 7b d7 4c
Sep 21 07:33:36.347547: |   ab 6f e6 cf  fb 02 15 77  fa dc b1
Sep 21 07:33:36.347550: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Sep 21 07:33:36.347552: | **parse ISAKMP Message:
Sep 21 07:33:36.347554: |    initiator cookie:
Sep 21 07:33:36.347556: |   44 43 18 88  8e 8c 79 17
Sep 21 07:33:36.347557: |    responder cookie:
Sep 21 07:33:36.347559: |   95 0b c5 f5  39 06 f4 d3
Sep 21 07:33:36.347560: |    next payload type: ISAKMP_NEXT_v2SKF (0x35)
Sep 21 07:33:36.347562: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:33:36.347564: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Sep 21 07:33:36.347565: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Sep 21 07:33:36.347567: |    Message ID: 1 (0x1)
Sep 21 07:33:36.347568: |    length: 539 (0x21b)
Sep 21 07:33:36.347570: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35)
Sep 21 07:33:36.347572: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request 
Sep 21 07:33:36.347575: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa)
Sep 21 07:33:36.347579: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016)
Sep 21 07:33:36.347581: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Sep 21 07:33:36.347584: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064)
Sep 21 07:33:36.347586: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001
Sep 21 07:33:36.347588: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0
Sep 21 07:33:36.347590: | unpacking clear payload
Sep 21 07:33:36.347591: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF)
Sep 21 07:33:36.347593: | ***parse IKEv2 Encrypted Fragment:
Sep 21 07:33:36.347595: |    next payload type: ISAKMP_NEXT_v2IDi (0x23)
Sep 21 07:33:36.347597: |    flags: none (0x0)
Sep 21 07:33:36.347598: |    length: 511 (0x1ff)
Sep 21 07:33:36.347600: |    fragment number: 1 (0x1)
Sep 21 07:33:36.347602: |    total fragments: 2 (0x2)
Sep 21 07:33:36.347604: | processing payload: ISAKMP_NEXT_v2SKF (len=503)
Sep 21 07:33:36.347607: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1
Sep 21 07:33:36.347610: | #1 in state PARENT_R1: received v2I1, sent v2R1
Sep 21 07:33:36.347613: | received IKE encrypted fragment number '1', total number '2', next payload '35'
Sep 21 07:33:36.347615: |  updated IKE fragment state to respond using fragments without waiting for re-transmits
Sep 21 07:33:36.347621: | stop processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
Sep 21 07:33:36.347625: | #1 spent 0.149 milliseconds in ikev2_process_packet()
Sep 21 07:33:36.347630: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Sep 21 07:33:36.347633: | processing: STOP state #0 (in process_md() at demux.c:382)
Sep 21 07:33:36.347636: | processing: STOP connection NULL (in process_md() at demux.c:383)
Sep 21 07:33:36.347639: | spent 0.164 milliseconds in comm_handle_cb() reading and processing packet
Sep 21 07:33:36.347647: | spent 0.00145 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Sep 21 07:33:36.347654: | *received 101 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Sep 21 07:33:36.347655: |   44 43 18 88  8e 8c 79 17  95 0b c5 f5  39 06 f4 d3
Sep 21 07:33:36.347657: |   35 20 23 08  00 00 00 01  00 00 00 65  00 00 00 49
Sep 21 07:33:36.347658: |   00 02 00 02  1e 3e 0f ba  42 ea 59 81  f4 b7 80 81
Sep 21 07:33:36.347660: |   ea ac 1f db  61 21 c1 aa  97 bd 2e 56  52 8a ac b8
Sep 21 07:33:36.347661: |   76 b4 2b fb  6a 4f e7 d6  01 3f 9d 70  ee c2 90 69
Sep 21 07:33:36.347662: |   e5 02 23 49  a5 e8 09 39  b6 e1 5e a0  bc 41 79 69
Sep 21 07:33:36.347664: |   61 fa 01 cf  56
Sep 21 07:33:36.347666: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Sep 21 07:33:36.347668: | **parse ISAKMP Message:
Sep 21 07:33:36.347669: |    initiator cookie:
Sep 21 07:33:36.347671: |   44 43 18 88  8e 8c 79 17
Sep 21 07:33:36.347672: |    responder cookie:
Sep 21 07:33:36.347674: |   95 0b c5 f5  39 06 f4 d3
Sep 21 07:33:36.347675: |    next payload type: ISAKMP_NEXT_v2SKF (0x35)
Sep 21 07:33:36.347677: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:33:36.347678: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Sep 21 07:33:36.347680: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Sep 21 07:33:36.347682: |    Message ID: 1 (0x1)
Sep 21 07:33:36.347683: |    length: 101 (0x65)
Sep 21 07:33:36.347685: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35)
Sep 21 07:33:36.347687: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request 
Sep 21 07:33:36.347688: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa)
Sep 21 07:33:36.347692: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016)
Sep 21 07:33:36.347694: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2062)
Sep 21 07:33:36.347696: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001
Sep 21 07:33:36.347698: | #1 is idle
Sep 21 07:33:36.347699: | #1 idle
Sep 21 07:33:36.347702: | Message ID: #1 not a duplicate - responder is accumulating fragments; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1
Sep 21 07:33:36.347703: | unpacking clear payload
Sep 21 07:33:36.347705: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF)
Sep 21 07:33:36.347706: | ***parse IKEv2 Encrypted Fragment:
Sep 21 07:33:36.347708: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:33:36.347710: |    flags: none (0x0)
Sep 21 07:33:36.347711: |    length: 73 (0x49)
Sep 21 07:33:36.347713: |    fragment number: 2 (0x2)
Sep 21 07:33:36.347714: |    total fragments: 2 (0x2)
Sep 21 07:33:36.347717: | processing payload: ISAKMP_NEXT_v2SKF (len=65)
Sep 21 07:33:36.347719: | #1 in state PARENT_R1: received v2I1, sent v2R1
Sep 21 07:33:36.347721: | received IKE encrypted fragment number '2', total number '2', next payload '0'
Sep 21 07:33:36.347722: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED)
Sep 21 07:33:36.347724: | Now let's proceed with state specific processing
Sep 21 07:33:36.347725: | calling processor Responder: process IKE_AUTH request (no SKEYSEED)
Sep 21 07:33:36.347728: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2
Sep 21 07:33:36.347733: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16
Sep 21 07:33:36.347736: | adding ikev2_inI2outR2 KE work-order 2 for state #1
Sep 21 07:33:36.347737: | state #1 requesting EVENT_SO_DISCARD to be deleted
Sep 21 07:33:36.347740: | libevent_free: release ptr-libevent@0x556ff0c500c0
Sep 21 07:33:36.347742: | free_event_entry: release EVENT_SO_DISCARD-pe@0x556ff0c4bb90
Sep 21 07:33:36.347743: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x556ff0c4bb90
Sep 21 07:33:36.347746: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Sep 21 07:33:36.347748: | libevent_malloc: new ptr-libevent@0x556ff0c500c0 size 128
Sep 21 07:33:36.347755: |   #1 spent 0.0262 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet()
Sep 21 07:33:36.347771: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:33:36.347773: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND
Sep 21 07:33:36.347775: | suspending state #1 and saving MD
Sep 21 07:33:36.347777: | #1 is busy; has a suspended MD
Sep 21 07:33:36.347779: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in log_stf_suspend() at ikev2.c:3266)
Sep 21 07:33:36.347778: | crypto helper 1 resuming
Sep 21 07:33:36.347798: | crypto helper 1 starting work-order 2 for state #1
Sep 21 07:33:36.347802: | crypto helper 1 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2
Sep 21 07:33:36.347787: | "westnet-eastnet-ikev2" #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448
Sep 21 07:33:36.347857: | stop processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
Sep 21 07:33:36.347863: | #1 spent 0.203 milliseconds in ikev2_process_packet()
Sep 21 07:33:36.347866: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Sep 21 07:33:36.347868: | processing: STOP state #0 (in process_md() at demux.c:382)
Sep 21 07:33:36.347870: | processing: STOP connection NULL (in process_md() at demux.c:383)
Sep 21 07:33:36.347872: | spent 0.213 milliseconds in comm_handle_cb() reading and processing packet
Sep 21 07:33:36.348367: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4
Sep 21 07:33:36.348629: | crypto helper 1 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.000827 seconds
Sep 21 07:33:36.348635: | (#1) spent 0.832 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr)
Sep 21 07:33:36.348637: | crypto helper 1 sending results from work-order 2 for state #1 to event queue
Sep 21 07:33:36.348639: | scheduling resume sending helper answer for #1
Sep 21 07:33:36.348641: | libevent_malloc: new ptr-libevent@0x7f1a20006b90 size 128
Sep 21 07:33:36.348646: | crypto helper 1 waiting (nothing to do)
Sep 21 07:33:36.348676: | processing resume sending helper answer for #1
Sep 21 07:33:36.348684: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:797)
Sep 21 07:33:36.348688: | crypto helper 1 replies to request ID 2
Sep 21 07:33:36.348690: | calling continuation function 0x556fef175630
Sep 21 07:33:36.348692: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2
Sep 21 07:33:36.348696: | #1 in state PARENT_R1: received v2I1, sent v2R1
Sep 21 07:33:36.348698: | already have all fragments, skipping fragment collection
Sep 21 07:33:36.348700: | already have all fragments, skipping fragment collection
Sep 21 07:33:36.348712: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success
Sep 21 07:33:36.348714: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi)
Sep 21 07:33:36.348717: | **parse IKEv2 Identification - Initiator - Payload:
Sep 21 07:33:36.348718: |    next payload type: ISAKMP_NEXT_v2IDr (0x24)
Sep 21 07:33:36.348720: |    flags: none (0x0)
Sep 21 07:33:36.348722: |    length: 12 (0xc)
Sep 21 07:33:36.348723: |    ID type: ID_FQDN (0x2)
Sep 21 07:33:36.348725: | processing payload: ISAKMP_NEXT_v2IDi (len=4)
Sep 21 07:33:36.348726: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr)
Sep 21 07:33:36.348728: | **parse IKEv2 Identification - Responder - Payload:
Sep 21 07:33:36.348730: |    next payload type: ISAKMP_NEXT_v2AUTH (0x27)
Sep 21 07:33:36.348731: |    flags: none (0x0)
Sep 21 07:33:36.348732: |    length: 12 (0xc)
Sep 21 07:33:36.348734: |    ID type: ID_FQDN (0x2)
Sep 21 07:33:36.348735: | processing payload: ISAKMP_NEXT_v2IDr (len=4)
Sep 21 07:33:36.348737: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH)
Sep 21 07:33:36.348739: | **parse IKEv2 Authentication Payload:
Sep 21 07:33:36.348740: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Sep 21 07:33:36.348742: |    flags: none (0x0)
Sep 21 07:33:36.348743: |    length: 282 (0x11a)
Sep 21 07:33:36.348745: |    auth method: IKEv2_AUTH_RSA (0x1)
Sep 21 07:33:36.348746: | processing payload: ISAKMP_NEXT_v2AUTH (len=274)
Sep 21 07:33:36.348748: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Sep 21 07:33:36.348749: | **parse IKEv2 Security Association Payload:
Sep 21 07:33:36.348751: |    next payload type: ISAKMP_NEXT_v2TSi (0x2c)
Sep 21 07:33:36.348752: |    flags: none (0x0)
Sep 21 07:33:36.348754: |    length: 164 (0xa4)
Sep 21 07:33:36.348755: | processing payload: ISAKMP_NEXT_v2SA (len=160)
Sep 21 07:33:36.348757: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi)
Sep 21 07:33:36.348758: | **parse IKEv2 Traffic Selector - Initiator - Payload:
Sep 21 07:33:36.348760: |    next payload type: ISAKMP_NEXT_v2TSr (0x2d)
Sep 21 07:33:36.348761: |    flags: none (0x0)
Sep 21 07:33:36.348763: |    length: 24 (0x18)
Sep 21 07:33:36.348764: |    number of TS: 1 (0x1)
Sep 21 07:33:36.348766: | processing payload: ISAKMP_NEXT_v2TSi (len=16)
Sep 21 07:33:36.348767: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr)
Sep 21 07:33:36.348769: | **parse IKEv2 Traffic Selector - Responder - Payload:
Sep 21 07:33:36.348770: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:33:36.348772: |    flags: none (0x0)
Sep 21 07:33:36.348773: |    length: 24 (0x18)
Sep 21 07:33:36.348774: |    number of TS: 1 (0x1)
Sep 21 07:33:36.348776: | processing payload: ISAKMP_NEXT_v2TSr (len=16)
Sep 21 07:33:36.348777: | selected state microcode Responder: process IKE_AUTH request
Sep 21 07:33:36.348779: | Now let's proceed with state specific processing
Sep 21 07:33:36.348780: | calling processor Responder: process IKE_AUTH request
Sep 21 07:33:36.348789: "westnet-eastnet-ikev2" #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr}
Sep 21 07:33:36.348797: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668)
Sep 21 07:33:36.348800: | received IDr payload - extracting our alleged ID
Sep 21 07:33:36.348802: | refine_host_connection for IKEv2: starting with "westnet-eastnet-ikev2"
Sep 21 07:33:36.348818: |    match_id a=@west
Sep 21 07:33:36.348819: |             b=@west
Sep 21 07:33:36.348821: |    results  matched
Sep 21 07:33:36.348824: | refine_host_connection: checking "westnet-eastnet-ikev2" against "westnet-eastnet-ikev2", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0))
Sep 21 07:33:36.348825: | Warning: not switching back to template of current instance
Sep 21 07:33:36.348827: | Peer expects us to be @east (ID_FQDN) according to its IDr payload
Sep 21 07:33:36.348830: | This connection's local id is @east (ID_FQDN)
Sep 21 07:33:36.348832: | refine_host_connection: checked westnet-eastnet-ikev2 against westnet-eastnet-ikev2, now for see if best
Sep 21 07:33:36.348834: | started looking for secret for @east->@west of kind PKK_RSA
Sep 21 07:33:36.348836: | actually looking for secret for @east->@west of kind PKK_RSA
Sep 21 07:33:36.348838: | line 1: key type PKK_RSA(@east) to type PKK_RSA
Sep 21 07:33:36.348841: | 1: compared key (none) to @east / @west -> 002
Sep 21 07:33:36.348842: | 2: compared key (none) to @east / @west -> 002
Sep 21 07:33:36.348844: | line 1: match=002
Sep 21 07:33:36.348846: | match 002 beats previous best_match 000 match=0x556ff0c3f070 (line=1)
Sep 21 07:33:36.348847: | concluding with best_match=002 best=0x556ff0c3f070 (lineno=1)
Sep 21 07:33:36.348849: | returning because exact peer id match
Sep 21 07:33:36.348851: | offered CA: '%none'
Sep 21 07:33:36.348852: "westnet-eastnet-ikev2" #1: IKEv2 mode peer ID is ID_FQDN: '@west'
Sep 21 07:33:36.348867: | verifying AUTH payload
Sep 21 07:33:36.348877: | required RSA CA is '%any'
Sep 21 07:33:36.348879: | checking RSA keyid '@east' for match with '@west'
Sep 21 07:33:36.348881: | checking RSA keyid '@west' for match with '@west'
Sep 21 07:33:36.348882: | RSA key issuer CA is '%any'
Sep 21 07:33:36.348923: | an RSA Sig check passed with *AQOm9dY/4 [preloaded keys]
Sep 21 07:33:36.348927: |       #1 spent 0.0413 milliseconds in try_all_keys() trying a pubkey
Sep 21 07:33:36.348929: "westnet-eastnet-ikev2" #1: Authenticated using RSA
Sep 21 07:33:36.348932: |     #1 spent 0.0615 milliseconds in ikev2_verify_rsa_hash()
Sep 21 07:33:36.348935: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA)
Sep 21 07:33:36.348938: | #1 will expire in 3600 seconds (policy doesn't allow re-key)
Sep 21 07:33:36.348939: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
Sep 21 07:33:36.348942: | libevent_free: release ptr-libevent@0x556ff0c500c0
Sep 21 07:33:36.348943: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x556ff0c4bb90
Sep 21 07:33:36.348945: | event_schedule: new EVENT_SA_EXPIRE-pe@0x556ff0c4bb90
Sep 21 07:33:36.348947: | inserting event EVENT_SA_EXPIRE, timeout in 3600 seconds for #1
Sep 21 07:33:36.348949: | libevent_malloc: new ptr-libevent@0x556ff0c500c0 size 128
Sep 21 07:33:36.349054: | pstats #1 ikev2.ike established
Sep 21 07:33:36.349060: | **emit ISAKMP Message:
Sep 21 07:33:36.349062: |    initiator cookie:
Sep 21 07:33:36.349067: |   44 43 18 88  8e 8c 79 17
Sep 21 07:33:36.349070: |    responder cookie:
Sep 21 07:33:36.349073: |   95 0b c5 f5  39 06 f4 d3
Sep 21 07:33:36.349075: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Sep 21 07:33:36.349078: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:33:36.349081: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Sep 21 07:33:36.349084: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Sep 21 07:33:36.349087: |    Message ID: 1 (0x1)
Sep 21 07:33:36.349090: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Sep 21 07:33:36.349093: | IKEv2 CERT: send a certificate?
Sep 21 07:33:36.349096: | IKEv2 CERT: no certificate to send
Sep 21 07:33:36.349098: | ***emit IKEv2 Encryption Payload:
Sep 21 07:33:36.349101: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:33:36.349104: |    flags: none (0x0)
Sep 21 07:33:36.349108: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Sep 21 07:33:36.349111: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet'
Sep 21 07:33:36.349115: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Sep 21 07:33:36.349122: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED
Sep 21 07:33:36.349136: | ****emit IKEv2 Identification - Responder - Payload:
Sep 21 07:33:36.349139: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:33:36.349157: |    flags: none (0x0)
Sep 21 07:33:36.349160: |    ID type: ID_FQDN (0x2)
Sep 21 07:33:36.349164: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr)
Sep 21 07:33:36.349167: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet'
Sep 21 07:33:36.349171: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload
Sep 21 07:33:36.349173: | my identity  65 61 73 74
Sep 21 07:33:36.349176: | emitting length of IKEv2 Identification - Responder - Payload: 12
Sep 21 07:33:36.349184: | assembled IDr payload
Sep 21 07:33:36.349187: | CHILD SA proposals received
Sep 21 07:33:36.349189: | going to assemble AUTH payload
Sep 21 07:33:36.349192: | ****emit IKEv2 Authentication Payload:
Sep 21 07:33:36.349195: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Sep 21 07:33:36.349197: |    flags: none (0x0)
Sep 21 07:33:36.349200: |    auth method: IKEv2_AUTH_RSA (0x1)
Sep 21 07:33:36.349203: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA
Sep 21 07:33:36.349205: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH)
Sep 21 07:33:36.349207: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet'
Sep 21 07:33:36.349210: | started looking for secret for @east->@west of kind PKK_RSA
Sep 21 07:33:36.349212: | actually looking for secret for @east->@west of kind PKK_RSA
Sep 21 07:33:36.349214: | line 1: key type PKK_RSA(@east) to type PKK_RSA
Sep 21 07:33:36.349216: | 1: compared key (none) to @east / @west -> 002
Sep 21 07:33:36.349218: | 2: compared key (none) to @east / @west -> 002
Sep 21 07:33:36.349219: | line 1: match=002
Sep 21 07:33:36.349221: | match 002 beats previous best_match 000 match=0x556ff0c3f070 (line=1)
Sep 21 07:33:36.349223: | concluding with best_match=002 best=0x556ff0c3f070 (lineno=1)
Sep 21 07:33:36.352212: |       #1 spent 2.93 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA()
Sep 21 07:33:36.352219: | emitting 274 raw bytes of rsa signature into IKEv2 Authentication Payload
Sep 21 07:33:36.352222: | rsa signature  3c 55 b1 b6  af e0 63 c2  9f 41 4f eb  37 29 df b9
Sep 21 07:33:36.352223: | rsa signature  70 79 08 e8  06 49 6e 47  24 e7 42 f4  0d bb 62 e4
Sep 21 07:33:36.352225: | rsa signature  94 1a 14 e6  4f 07 b5 7e  b8 78 d8 b7  bb 06 a5 3b
Sep 21 07:33:36.352226: | rsa signature  91 cd 96 ad  bb 9f 84 30  d8 21 68 1f  9e e6 17 9c
Sep 21 07:33:36.352227: | rsa signature  23 4f a3 73  01 20 e9 bf  c3 62 c2 27  e8 ca d6 5c
Sep 21 07:33:36.352229: | rsa signature  00 9d ca 01  71 2e 73 43  09 da 23 5c  e6 ba 01 76
Sep 21 07:33:36.352230: | rsa signature  c5 74 dd 84  cb b0 93 24  fe c4 42 b1  99 f4 f7 e0
Sep 21 07:33:36.352232: | rsa signature  d4 21 9a 13  ae ba b4 b1  97 cb 9f b6  17 cd 0b 6f
Sep 21 07:33:36.352233: | rsa signature  5a 47 9c a8  7f d8 fc eb  d7 d3 7c af  83 16 3e bd
Sep 21 07:33:36.352234: | rsa signature  ed fe 4d 8f  7e f4 cc 1c  4f 85 64 c8  35 89 2f 10
Sep 21 07:33:36.352236: | rsa signature  95 b2 ab a2  c6 42 4d 08  55 55 d6 c6  d9 44 ab 61
Sep 21 07:33:36.352237: | rsa signature  e8 8f 7d d6  29 96 bc 30  63 e1 62 c8  9b b8 2b 91
Sep 21 07:33:36.352239: | rsa signature  7a c6 27 47  68 ce ac e9  74 70 ef ae  06 59 d1 5c
Sep 21 07:33:36.352240: | rsa signature  b4 03 1c b1  12 7b b9 cb  f3 16 b9 fe  b2 2d e2 c0
Sep 21 07:33:36.352242: | rsa signature  c8 2a 14 76  1d 28 b3 11  7d 45 59 66  5d 3a cb 5d
Sep 21 07:33:36.352243: | rsa signature  1b 58 e1 96  a6 6e 3c 09  8b 10 77 52  28 01 93 68
Sep 21 07:33:36.352244: | rsa signature  3e 47 1c a2  a7 67 fe 23  e9 67 aa f5  8d 06 5a 19
Sep 21 07:33:36.352246: | rsa signature  8c 3d
Sep 21 07:33:36.352248: |     #1 spent 2.99 milliseconds in ikev2_calculate_rsa_hash()
Sep 21 07:33:36.352252: | emitting length of IKEv2 Authentication Payload: 282
Sep 21 07:33:36.352256: | creating state object #2 at 0x556ff0c57d80
Sep 21 07:33:36.352258: | State DB: adding IKEv2 state #2 in UNDEFINED
Sep 21 07:33:36.352261: | pstats #2 ikev2.child started
Sep 21 07:33:36.352263: | duplicating state object #1 "westnet-eastnet-ikev2" as #2 for IPSEC SA
Sep 21 07:33:36.352266: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1481)
Sep 21 07:33:36.352270: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1
Sep 21 07:33:36.352274: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1
Sep 21 07:33:36.352276: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1
Sep 21 07:33:36.352278: | Child SA TS Request has ike->sa == md->st; so using parent connection
Sep 21 07:33:36.352280: | TSi: parsing 1 traffic selectors
Sep 21 07:33:36.352282: | ***parse IKEv2 Traffic Selector:
Sep 21 07:33:36.352284: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Sep 21 07:33:36.352285: |    IP Protocol ID: 0 (0x0)
Sep 21 07:33:36.352287: |    length: 16 (0x10)
Sep 21 07:33:36.352288: |    start port: 0 (0x0)
Sep 21 07:33:36.352290: |    end port: 65535 (0xffff)
Sep 21 07:33:36.352292: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Sep 21 07:33:36.352293: | TS low  c0 00 01 00
Sep 21 07:33:36.352295: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Sep 21 07:33:36.352296: | TS high  c0 00 01 ff
Sep 21 07:33:36.352298: | TSi: parsed 1 traffic selectors
Sep 21 07:33:36.352299: | TSr: parsing 1 traffic selectors
Sep 21 07:33:36.352301: | ***parse IKEv2 Traffic Selector:
Sep 21 07:33:36.352302: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Sep 21 07:33:36.352304: |    IP Protocol ID: 0 (0x0)
Sep 21 07:33:36.352305: |    length: 16 (0x10)
Sep 21 07:33:36.352306: |    start port: 0 (0x0)
Sep 21 07:33:36.352308: |    end port: 65535 (0xffff)
Sep 21 07:33:36.352309: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Sep 21 07:33:36.352311: | TS low  c0 00 02 00
Sep 21 07:33:36.352312: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Sep 21 07:33:36.352314: | TS high  c0 00 02 ff
Sep 21 07:33:36.352315: | TSr: parsed 1 traffic selectors
Sep 21 07:33:36.352317: | looking for best SPD in current connection
Sep 21 07:33:36.352320: | evaluating our conn="westnet-eastnet-ikev2" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their:
Sep 21 07:33:36.352323: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Sep 21 07:33:36.352327: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Sep 21 07:33:36.352329: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Sep 21 07:33:36.352331: |           TSi[0] port match: YES fitness 65536
Sep 21 07:33:36.352333: |         narrow protocol end=*0 == TSi[0]=*0: 0
Sep 21 07:33:36.352334: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Sep 21 07:33:36.352337: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Sep 21 07:33:36.352340: |         match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32
Sep 21 07:33:36.352342: |         narrow port end=0..65535 == TSr[0]=0..65535: 0
Sep 21 07:33:36.352344: |           TSr[0] port match: YES fitness 65536
Sep 21 07:33:36.352345: |         narrow protocol end=*0 == TSr[0]=*0: 0
Sep 21 07:33:36.352347: |         match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255
Sep 21 07:33:36.352348: | best fit so far: TSi[0] TSr[0]
Sep 21 07:33:36.352350: |     found better spd route for TSi[0],TSr[0]
Sep 21 07:33:36.352351: | looking for better host pair
Sep 21 07:33:36.352354: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Sep 21 07:33:36.352359: |   checking hostpair 192.0.2.0/24:0 -> 192.0.1.0/24:0 is found
Sep 21 07:33:36.352360: |   investigating connection "westnet-eastnet-ikev2" as a better match
Sep 21 07:33:36.352362: |    match_id a=@west
Sep 21 07:33:36.352364: |             b=@west
Sep 21 07:33:36.352365: |    results  matched
Sep 21 07:33:36.352368: | evaluating our conn="westnet-eastnet-ikev2" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their:
Sep 21 07:33:36.352371: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Sep 21 07:33:36.352374: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Sep 21 07:33:36.352376: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Sep 21 07:33:36.352377: |           TSi[0] port match: YES fitness 65536
Sep 21 07:33:36.352379: |         narrow protocol end=*0 == TSi[0]=*0: 0
Sep 21 07:33:36.352381: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Sep 21 07:33:36.352383: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Sep 21 07:33:36.352386: |         match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32
Sep 21 07:33:36.352388: |         narrow port end=0..65535 == TSr[0]=0..65535: 0
Sep 21 07:33:36.352389: |           TSr[0] port match: YES fitness 65536
Sep 21 07:33:36.352391: |         narrow protocol end=*0 == TSr[0]=*0: 0
Sep 21 07:33:36.352392: |         match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255
Sep 21 07:33:36.352394: | best fit so far: TSi[0] TSr[0]
Sep 21 07:33:36.352395: |   did not find a better connection using host pair
Sep 21 07:33:36.352397: | printing contents struct traffic_selector
Sep 21 07:33:36.352398: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Sep 21 07:33:36.352400: |   ipprotoid: 0
Sep 21 07:33:36.352401: |   port range: 0-65535
Sep 21 07:33:36.352403: |   ip range: 192.0.2.0-192.0.2.255
Sep 21 07:33:36.352405: | printing contents struct traffic_selector
Sep 21 07:33:36.352406: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Sep 21 07:33:36.352407: |   ipprotoid: 0
Sep 21 07:33:36.352409: |   port range: 0-65535
Sep 21 07:33:36.352411: |   ip range: 192.0.1.0-192.0.1.255
Sep 21 07:33:36.352413: | constructing ESP/AH proposals with all DH removed  for westnet-eastnet-ikev2 (IKE_AUTH responder matching remote ESP/AH proposals)
Sep 21 07:33:36.352416: | converting proposal AES_GCM_16_256-NONE to ikev2 ...
Sep 21 07:33:36.352421: | ...  ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED
Sep 21 07:33:36.352422: | converting proposal AES_GCM_16_128-NONE to ikev2 ...
Sep 21 07:33:36.352425: | ...  ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED
Sep 21 07:33:36.352427: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Sep 21 07:33:36.352429: | ...  ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Sep 21 07:33:36.352431: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Sep 21 07:33:36.352433: | ...  ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Sep 21 07:33:36.352438: "westnet-eastnet-ikev2": constructed local ESP/AH proposals for westnet-eastnet-ikev2 (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED
Sep 21 07:33:36.352440: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals
Sep 21 07:33:36.352442: | local proposal 1 type ENCR has 1 transforms
Sep 21 07:33:36.352443: | local proposal 1 type PRF has 0 transforms
Sep 21 07:33:36.352445: | local proposal 1 type INTEG has 1 transforms
Sep 21 07:33:36.352446: | local proposal 1 type DH has 1 transforms
Sep 21 07:33:36.352449: | local proposal 1 type ESN has 1 transforms
Sep 21 07:33:36.352451: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH
Sep 21 07:33:36.352453: | local proposal 2 type ENCR has 1 transforms
Sep 21 07:33:36.352454: | local proposal 2 type PRF has 0 transforms
Sep 21 07:33:36.352455: | local proposal 2 type INTEG has 1 transforms
Sep 21 07:33:36.352457: | local proposal 2 type DH has 1 transforms
Sep 21 07:33:36.352458: | local proposal 2 type ESN has 1 transforms
Sep 21 07:33:36.352460: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH
Sep 21 07:33:36.352462: | local proposal 3 type ENCR has 1 transforms
Sep 21 07:33:36.352463: | local proposal 3 type PRF has 0 transforms
Sep 21 07:33:36.352464: | local proposal 3 type INTEG has 2 transforms
Sep 21 07:33:36.352466: | local proposal 3 type DH has 1 transforms
Sep 21 07:33:36.352467: | local proposal 3 type ESN has 1 transforms
Sep 21 07:33:36.352469: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH
Sep 21 07:33:36.352470: | local proposal 4 type ENCR has 1 transforms
Sep 21 07:33:36.352472: | local proposal 4 type PRF has 0 transforms
Sep 21 07:33:36.352473: | local proposal 4 type INTEG has 2 transforms
Sep 21 07:33:36.352475: | local proposal 4 type DH has 1 transforms
Sep 21 07:33:36.352476: | local proposal 4 type ESN has 1 transforms
Sep 21 07:33:36.352478: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH
Sep 21 07:33:36.352480: | ***parse IKEv2 Proposal Substructure Payload:
Sep 21 07:33:36.352482: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:33:36.352483: |    length: 32 (0x20)
Sep 21 07:33:36.352485: |    prop #: 1 (0x1)
Sep 21 07:33:36.352486: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:33:36.352487: |    spi size: 4 (0x4)
Sep 21 07:33:36.352489: |    # transforms: 2 (0x2)
Sep 21 07:33:36.352491: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Sep 21 07:33:36.352492: | remote SPI  bf 2d 83 87
Sep 21 07:33:36.352494: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals
Sep 21 07:33:36.352496: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.352498: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.352499: |    length: 12 (0xc)
Sep 21 07:33:36.352501: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:33:36.352502: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:33:36.352504: | *****parse IKEv2 Attribute Substructure Payload:
Sep 21 07:33:36.352505: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:33:36.352507: |    length/value: 256 (0x100)
Sep 21 07:33:36.352510: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Sep 21 07:33:36.352511: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.352513: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:33:36.352514: |    length: 8 (0x8)
Sep 21 07:33:36.352516: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:33:36.352517: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:33:36.352519: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0
Sep 21 07:33:36.352521: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0
Sep 21 07:33:36.352523: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0
Sep 21 07:33:36.352525: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0
Sep 21 07:33:36.352527: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none
Sep 21 07:33:36.352530: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN
Sep 21 07:33:36.352531: | remote proposal 1 matches local proposal 1
Sep 21 07:33:36.352533: | ***parse IKEv2 Proposal Substructure Payload:
Sep 21 07:33:36.352536: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:33:36.352538: |    length: 32 (0x20)
Sep 21 07:33:36.352539: |    prop #: 2 (0x2)
Sep 21 07:33:36.352541: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:33:36.352542: |    spi size: 4 (0x4)
Sep 21 07:33:36.352544: |    # transforms: 2 (0x2)
Sep 21 07:33:36.352545: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Sep 21 07:33:36.352547: | remote SPI  bf 2d 83 87
Sep 21 07:33:36.352548: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals
Sep 21 07:33:36.352550: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.352552: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.352553: |    length: 12 (0xc)
Sep 21 07:33:36.352554: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:33:36.352556: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:33:36.352557: | *****parse IKEv2 Attribute Substructure Payload:
Sep 21 07:33:36.352559: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:33:36.352560: |    length/value: 128 (0x80)
Sep 21 07:33:36.352562: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.352564: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:33:36.352565: |    length: 8 (0x8)
Sep 21 07:33:36.352566: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:33:36.352568: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:33:36.352570: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN
Sep 21 07:33:36.352572: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN
Sep 21 07:33:36.352573: | ***parse IKEv2 Proposal Substructure Payload:
Sep 21 07:33:36.352575: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Sep 21 07:33:36.352576: |    length: 48 (0x30)
Sep 21 07:33:36.352577: |    prop #: 3 (0x3)
Sep 21 07:33:36.352579: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:33:36.352580: |    spi size: 4 (0x4)
Sep 21 07:33:36.352582: |    # transforms: 4 (0x4)
Sep 21 07:33:36.352583: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Sep 21 07:33:36.352585: | remote SPI  bf 2d 83 87
Sep 21 07:33:36.352586: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals
Sep 21 07:33:36.352588: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.352589: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.352591: |    length: 12 (0xc)
Sep 21 07:33:36.352592: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:33:36.352594: |    IKEv2 transform ID: AES_CBC (0xc)
Sep 21 07:33:36.352595: | *****parse IKEv2 Attribute Substructure Payload:
Sep 21 07:33:36.352596: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:33:36.352598: |    length/value: 256 (0x100)
Sep 21 07:33:36.352600: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.352601: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.352602: |    length: 8 (0x8)
Sep 21 07:33:36.352604: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:33:36.352605: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Sep 21 07:33:36.352607: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.352609: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.352610: |    length: 8 (0x8)
Sep 21 07:33:36.352611: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:33:36.352613: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Sep 21 07:33:36.352614: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.352616: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:33:36.352617: |    length: 8 (0x8)
Sep 21 07:33:36.352619: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:33:36.352620: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:33:36.352622: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN
Sep 21 07:33:36.352624: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN
Sep 21 07:33:36.352626: | ***parse IKEv2 Proposal Substructure Payload:
Sep 21 07:33:36.352628: |    last proposal: v2_PROPOSAL_LAST (0x0)
Sep 21 07:33:36.352629: |    length: 48 (0x30)
Sep 21 07:33:36.352630: |    prop #: 4 (0x4)
Sep 21 07:33:36.352632: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:33:36.352633: |    spi size: 4 (0x4)
Sep 21 07:33:36.352635: |    # transforms: 4 (0x4)
Sep 21 07:33:36.352636: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Sep 21 07:33:36.352638: | remote SPI  bf 2d 83 87
Sep 21 07:33:36.352639: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals
Sep 21 07:33:36.352641: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.352642: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.352644: |    length: 12 (0xc)
Sep 21 07:33:36.352645: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:33:36.352647: |    IKEv2 transform ID: AES_CBC (0xc)
Sep 21 07:33:36.352648: | *****parse IKEv2 Attribute Substructure Payload:
Sep 21 07:33:36.352649: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:33:36.352651: |    length/value: 128 (0x80)
Sep 21 07:33:36.352653: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.352654: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.352655: |    length: 8 (0x8)
Sep 21 07:33:36.352657: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:33:36.352658: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Sep 21 07:33:36.352660: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.352661: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.352663: |    length: 8 (0x8)
Sep 21 07:33:36.352664: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Sep 21 07:33:36.352666: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Sep 21 07:33:36.352667: | ****parse IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.352669: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:33:36.352670: |    length: 8 (0x8)
Sep 21 07:33:36.352671: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:33:36.352673: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:33:36.352675: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN
Sep 21 07:33:36.352676: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN
Sep 21 07:33:36.352679: "westnet-eastnet-ikev2" #1: proposal 1:ESP:SPI=bf2d8387;ENCR=AES_GCM_C_256;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED
Sep 21 07:33:36.352682: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=bf2d8387;ENCR=AES_GCM_C_256;ESN=DISABLED
Sep 21 07:33:36.352684: | converting proposal to internal trans attrs
Sep 21 07:33:36.352698: | netlink_get_spi: allocated 0x158532c1 for esp.0@192.1.2.23
Sep 21 07:33:36.352700: | Emitting ikev2_proposal ...
Sep 21 07:33:36.352701: | ****emit IKEv2 Security Association Payload:
Sep 21 07:33:36.352703: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:33:36.352705: |    flags: none (0x0)
Sep 21 07:33:36.352707: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Sep 21 07:33:36.352709: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Sep 21 07:33:36.352710: | *****emit IKEv2 Proposal Substructure Payload:
Sep 21 07:33:36.352712: |    last proposal: v2_PROPOSAL_LAST (0x0)
Sep 21 07:33:36.352713: |    prop #: 1 (0x1)
Sep 21 07:33:36.352715: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Sep 21 07:33:36.352716: |    spi size: 4 (0x4)
Sep 21 07:33:36.352717: |    # transforms: 2 (0x2)
Sep 21 07:33:36.352719: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Sep 21 07:33:36.352722: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Sep 21 07:33:36.352724: | our spi  15 85 32 c1
Sep 21 07:33:36.352725: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.352727: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.352728: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Sep 21 07:33:36.352730: |    IKEv2 transform ID: AES_GCM_C (0x14)
Sep 21 07:33:36.352731: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:33:36.352733: | *******emit IKEv2 Attribute Substructure Payload:
Sep 21 07:33:36.352735: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Sep 21 07:33:36.352736: |    length/value: 256 (0x100)
Sep 21 07:33:36.352738: | emitting length of IKEv2 Transform Substructure Payload: 12
Sep 21 07:33:36.352739: | ******emit IKEv2 Transform Substructure Payload:
Sep 21 07:33:36.352741: |    last transform: v2_TRANSFORM_LAST (0x0)
Sep 21 07:33:36.352742: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Sep 21 07:33:36.352744: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Sep 21 07:33:36.352746: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3)
Sep 21 07:33:36.352747: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Sep 21 07:33:36.352749: | emitting length of IKEv2 Transform Substructure Payload: 8
Sep 21 07:33:36.352751: | emitting length of IKEv2 Proposal Substructure Payload: 32
Sep 21 07:33:36.352752: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Sep 21 07:33:36.352754: | emitting length of IKEv2 Security Association Payload: 36
Sep 21 07:33:36.352756: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Sep 21 07:33:36.352757: | ****emit IKEv2 Traffic Selector - Initiator - Payload:
Sep 21 07:33:36.352759: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:33:36.352760: |    flags: none (0x0)
Sep 21 07:33:36.352762: |    number of TS: 1 (0x1)
Sep 21 07:33:36.352764: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi)
Sep 21 07:33:36.352765: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet'
Sep 21 07:33:36.352767: | *****emit IKEv2 Traffic Selector:
Sep 21 07:33:36.352769: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Sep 21 07:33:36.352770: |    IP Protocol ID: 0 (0x0)
Sep 21 07:33:36.352772: |    start port: 0 (0x0)
Sep 21 07:33:36.352773: |    end port: 65535 (0xffff)
Sep 21 07:33:36.352775: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector
Sep 21 07:33:36.352776: | IP start  c0 00 01 00
Sep 21 07:33:36.352778: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector
Sep 21 07:33:36.352779: | IP end  c0 00 01 ff
Sep 21 07:33:36.352781: | emitting length of IKEv2 Traffic Selector: 16
Sep 21 07:33:36.352782: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24
Sep 21 07:33:36.352861: | ****emit IKEv2 Traffic Selector - Responder - Payload:
Sep 21 07:33:36.352863: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:33:36.352877: |    flags: none (0x0)
Sep 21 07:33:36.352879: |    number of TS: 1 (0x1)
Sep 21 07:33:36.352881: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr)
Sep 21 07:33:36.352882: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet'
Sep 21 07:33:36.352885: | *****emit IKEv2 Traffic Selector:
Sep 21 07:33:36.352887: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Sep 21 07:33:36.352888: |    IP Protocol ID: 0 (0x0)
Sep 21 07:33:36.352890: |    start port: 0 (0x0)
Sep 21 07:33:36.352891: |    end port: 65535 (0xffff)
Sep 21 07:33:36.352893: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector
Sep 21 07:33:36.352894: | IP start  c0 00 02 00
Sep 21 07:33:36.352896: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector
Sep 21 07:33:36.352897: | IP end  c0 00 02 ff
Sep 21 07:33:36.352899: | emitting length of IKEv2 Traffic Selector: 16
Sep 21 07:33:36.352900: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24
Sep 21 07:33:36.352902: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED
Sep 21 07:33:36.352904: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36
Sep 21 07:33:36.353006: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established
Sep 21 07:33:36.353010: | install_ipsec_sa() for #2: inbound and outbound
Sep 21 07:33:36.353012: | could_route called for westnet-eastnet-ikev2 (kind=CK_PERMANENT)
Sep 21 07:33:36.353014: | FOR_EACH_CONNECTION_... in route_owner
Sep 21 07:33:36.353016: |  conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 vs
Sep 21 07:33:36.353017: |  conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000
Sep 21 07:33:36.353021: | route owner of "westnet-eastnet-ikev2" unrouted: NULL; eroute owner: NULL
Sep 21 07:33:36.353023: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Sep 21 07:33:36.353026: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Sep 21 07:33:36.353027: | AES_GCM_16 requires 4 salt bytes
Sep 21 07:33:36.353029: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Sep 21 07:33:36.353031: | setting IPsec SA replay-window to 32
Sep 21 07:33:36.353033: | NIC esp-hw-offload not for connection 'westnet-eastnet-ikev2' not available on interface eth1
Sep 21 07:33:36.353035: | netlink: enabling tunnel mode
Sep 21 07:33:36.353037: | netlink: setting IPsec SA replay-window to 32 using old-style req
Sep 21 07:33:36.353039: | netlink: esp-hw-offload not set for IPsec SA
Sep 21 07:33:36.353123: | netlink response for Add SA esp.bf2d8387@192.1.2.45 included non-error error
Sep 21 07:33:36.353126: | set up outgoing SA, ref=0/0
Sep 21 07:33:36.353128: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Sep 21 07:33:36.353132: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Sep 21 07:33:36.353136: | AES_GCM_16 requires 4 salt bytes
Sep 21 07:33:36.353140: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Sep 21 07:33:36.353144: | setting IPsec SA replay-window to 32
Sep 21 07:33:36.353147: | NIC esp-hw-offload not for connection 'westnet-eastnet-ikev2' not available on interface eth1
Sep 21 07:33:36.353150: | netlink: enabling tunnel mode
Sep 21 07:33:36.353153: | netlink: setting IPsec SA replay-window to 32 using old-style req
Sep 21 07:33:36.353156: | netlink: esp-hw-offload not set for IPsec SA
Sep 21 07:33:36.353235: | netlink response for Add SA esp.158532c1@192.1.2.23 included non-error error
Sep 21 07:33:36.353240: | priority calculation of connection "westnet-eastnet-ikev2" is 0xfe7e7
Sep 21 07:33:36.353249: | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute)
Sep 21 07:33:36.353253: | IPsec Sa SPD priority set to 1042407
Sep 21 07:33:36.353300: | raw_eroute result=success
Sep 21 07:33:36.353305: | set up incoming SA, ref=0/0
Sep 21 07:33:36.353308: | sr for #2: unrouted
Sep 21 07:33:36.353312: | route_and_eroute() for proto 0, and source port 0 dest port 0
Sep 21 07:33:36.353315: | FOR_EACH_CONNECTION_... in route_owner
Sep 21 07:33:36.353318: |  conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 vs
Sep 21 07:33:36.353321: |  conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000
Sep 21 07:33:36.353325: | route owner of "westnet-eastnet-ikev2" unrouted: NULL; eroute owner: NULL
Sep 21 07:33:36.353346: | route_and_eroute with c: westnet-eastnet-ikev2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2
Sep 21 07:33:36.353350: | priority calculation of connection "westnet-eastnet-ikev2" is 0xfe7e7
Sep 21 07:33:36.353357: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45 (raw_eroute)
Sep 21 07:33:36.353361: | IPsec Sa SPD priority set to 1042407
Sep 21 07:33:36.353416: | raw_eroute result=success
Sep 21 07:33:36.353421: | running updown command "ipsec _updown" for verb up 
Sep 21 07:33:36.353424: | command executing up-client
Sep 21 07:33:36.353456: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' 
Sep 21 07:33:36.353473: | popen cmd is 1051 chars long
Sep 21 07:33:36.353475: | cmd(   0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ike:
Sep 21 07:33:36.353476: | cmd(  80):v2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLU:
Sep 21 07:33:36.353478: | cmd( 160):TO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' :
Sep 21 07:33:36.353480: | cmd( 240):PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLU:
Sep 21 07:33:36.353481: | cmd( 320):TO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@:
Sep 21 07:33:36.353483: | cmd( 400):west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_P:
Sep 21 07:33:36.353484: | cmd( 480):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT:
Sep 21 07:33:36.353486: | cmd( 560):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+EN:
Sep 21 07:33:36.353487: | cmd( 640):CRYPT+TUNNEL+PFS+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO:
Sep 21 07:33:36.353489: | cmd( 720):_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_P:
Sep 21 07:33:36.353490: | cmd( 800):EER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER:
Sep 21 07:33:36.353492: | cmd( 880):='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=:
Sep 21 07:33:36.353493: | cmd( 960):'' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xbf2d8387 SPI_OUT=0x158532c1 ipsec _:
Sep 21 07:33:36.353495: | cmd(1040):updown 2>&1:
Sep 21 07:33:36.360417: | route_and_eroute: firewall_notified: true
Sep 21 07:33:36.360434: | running updown command "ipsec _updown" for verb prepare 
Sep 21 07:33:36.360437: | command executing prepare-client
Sep 21 07:33:36.360457: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH
Sep 21 07:33:36.360465: | popen cmd is 1056 chars long
Sep 21 07:33:36.360467: | cmd(   0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne:
Sep 21 07:33:36.360469: | cmd(  80):t-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23:
Sep 21 07:33:36.360470: | cmd( 160):' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.:
Sep 21 07:33:36.360472: | cmd( 240):2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0:
Sep 21 07:33:36.360474: | cmd( 320):' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_:
Sep 21 07:33:36.360475: | cmd( 400):ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PL:
Sep 21 07:33:36.360477: | cmd( 480):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0':
Sep 21 07:33:36.360479: | cmd( 560): PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSAS:
Sep 21 07:33:36.360481: | cmd( 640):IG+ENCRYPT+TUNNEL+PFS+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' :
Sep 21 07:33:36.360486: | cmd( 720):PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO:
Sep 21 07:33:36.360490: | cmd( 800):_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_B:
Sep 21 07:33:36.360492: | cmd( 880):ANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_I:
Sep 21 07:33:36.360495: | cmd( 960):FACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xbf2d8387 SPI_OUT=0x158532c1 ip:
Sep 21 07:33:36.360497: | cmd(1040):sec _updown 2>&1:
Sep 21 07:33:36.367015: | running updown command "ipsec _updown" for verb route 
Sep 21 07:33:36.367030: | command executing route-client
Sep 21 07:33:36.367059: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED
Sep 21 07:33:36.367062: | popen cmd is 1054 chars long
Sep 21 07:33:36.367065: | cmd(   0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-:
Sep 21 07:33:36.367068: | cmd(  80):ikev2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' :
Sep 21 07:33:36.367070: | cmd( 160):PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.:
Sep 21 07:33:36.367073: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' :
Sep 21 07:33:36.367075: | cmd( 320):PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID:
Sep 21 07:33:36.367078: | cmd( 400):='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUT:
Sep 21 07:33:36.367080: | cmd( 480):O_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' P:
Sep 21 07:33:36.367086: | cmd( 560):LUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG:
Sep 21 07:33:36.367088: | cmd( 640):+ENCRYPT+TUNNEL+PFS+DONT_REKEY+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PL:
Sep 21 07:33:36.367091: | cmd( 720):UTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_I:
Sep 21 07:33:36.367093: | cmd( 800):S_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BAN:
Sep 21 07:33:36.367095: | cmd( 880):NER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFA:
Sep 21 07:33:36.367098: | cmd( 960):CE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xbf2d8387 SPI_OUT=0x158532c1 ipse:
Sep 21 07:33:36.367100: | cmd(1040):c _updown 2>&1:
Sep 21 07:33:36.375883: | route_and_eroute: instance "westnet-eastnet-ikev2", setting eroute_owner {spd=0x556ff0c4aa00,sr=0x556ff0c4aa00} to #2 (was #0) (newest_ipsec_sa=#0)
Sep 21 07:33:36.375963: |     #1 spent 0.914 milliseconds in install_ipsec_sa()
Sep 21 07:33:36.375969: | ISAKMP_v2_IKE_AUTH: instance westnet-eastnet-ikev2[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1
Sep 21 07:33:36.375973: | adding 1 bytes of padding (including 1 byte padding-length)
Sep 21 07:33:36.375977: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Sep 21 07:33:36.375981: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Sep 21 07:33:36.375984: | emitting length of IKEv2 Encryption Payload: 407
Sep 21 07:33:36.375987: | emitting length of ISAKMP Message: 435
Sep 21 07:33:36.376024: | ikev2_parent_inI2outR2_continue_tail returned STF_OK
Sep 21 07:33:36.376030: |   #1 spent 5.09 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet()
Sep 21 07:33:36.376038: | suspend processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:33:36.376043: | start processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:33:36.376047: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK
Sep 21 07:33:36.376050: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R
Sep 21 07:33:36.376054: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA)
Sep 21 07:33:36.376057: | Message ID: updating counters for #2 to 1 after switching state
Sep 21 07:33:36.376063: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1
Sep 21 07:33:36.376068: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1
Sep 21 07:33:36.376071: | pstats #2 ikev2.child established
Sep 21 07:33:36.376091: "westnet-eastnet-ikev2" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0]
Sep 21 07:33:36.376095: | NAT-T: encaps is 'auto'
Sep 21 07:33:36.376100: "westnet-eastnet-ikev2" #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP=>0xbf2d8387 <0x158532c1 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive}
Sep 21 07:33:36.376106: | sending V2 new request packet to 192.1.2.45:500 (from 192.1.2.23:500)
Sep 21 07:33:36.376112: | sending 435 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1)
Sep 21 07:33:36.376114: |   44 43 18 88  8e 8c 79 17  95 0b c5 f5  39 06 f4 d3
Sep 21 07:33:36.376117: |   2e 20 23 20  00 00 00 01  00 00 01 b3  24 00 01 97
Sep 21 07:33:36.376119: |   8f be 7d 2f  ab ac 6e 08  6a 70 8d c0  be 2d 9c a7
Sep 21 07:33:36.376121: |   93 d8 a6 f4  29 fb e5 db  5f 21 a0 f4  75 89 0b 15
Sep 21 07:33:36.376123: |   1b 69 cb f7  e0 d7 28 79  30 1a 21 5a  8b 42 72 63
Sep 21 07:33:36.376126: |   ab d2 76 66  b2 4e bf ce  3e 9f 54 ee  b7 6b 6f 73
Sep 21 07:33:36.376131: |   e4 5e 97 ad  80 1b ad 30  50 c0 fb ae  59 02 9c b8
Sep 21 07:33:36.376133: |   29 46 82 5b  9c 03 bf 95  4e b5 04 59  59 11 c7 87
Sep 21 07:33:36.376135: |   76 37 a2 85  b3 61 61 2d  11 12 b9 92  0d ab d2 17
Sep 21 07:33:36.376138: |   e5 bb b6 7f  7a 0d 1d ce  e2 fe 8b 65  fc f4 ce c6
Sep 21 07:33:36.376140: |   3c 49 a8 69  b2 d8 b3 e8  41 d2 b0 98  86 dd 0c 53
Sep 21 07:33:36.376142: |   4d e1 d4 cd  62 b8 30 d8  13 ba 3b 7f  92 c7 99 d3
Sep 21 07:33:36.376145: |   12 6d 73 b8  8e 09 45 df  d0 be c1 ce  47 c4 90 34
Sep 21 07:33:36.376147: |   11 2b 06 37  3a f3 6f 59  52 96 e1 e2  f2 6b e1 27
Sep 21 07:33:36.376149: |   bd 5b 06 cf  62 3f 64 60  ce 8e a3 64  7a 07 82 e8
Sep 21 07:33:36.376151: |   26 b0 fe 91  84 ce 9e 8a  8d f3 17 45  c5 0e c0 d4
Sep 21 07:33:36.376153: |   db 2e e4 ba  e8 45 63 8d  7d b3 e8 a2  f8 24 57 6f
Sep 21 07:33:36.376156: |   e2 5a 98 d2  9b e6 04 c4  90 51 16 49  7f df 7a 7a
Sep 21 07:33:36.376158: |   c1 59 7f cf  3f 7f 74 ed  79 f0 dc 52  42 17 9f 0f
Sep 21 07:33:36.376160: |   56 70 73 b0  60 ca e3 47  0e 3b f2 9c  82 09 cc 57
Sep 21 07:33:36.376162: |   92 ea 30 7f  d2 ce 37 73  79 78 2e d5  70 98 ed f6
Sep 21 07:33:36.376165: |   93 f2 ee 4f  3c 89 6d cf  eb e4 07 ef  00 00 2a 45
Sep 21 07:33:36.376167: |   9f 2d 1d 68  83 6d 63 a3  84 7c f3 e9  04 cf e8 b1
Sep 21 07:33:36.376169: |   2b 78 83 93  1e 49 6a ca  8a 58 a6 f1  d9 69 39 bf
Sep 21 07:33:36.376171: |   97 fb 38 d1  50 18 f8 df  98 b2 72 bf  e6 dc 75 3d
Sep 21 07:33:36.376173: |   77 af 60 e1  de de d2 49  ad 20 0c 59  d7 47 c0 46
Sep 21 07:33:36.376175: |   c3 07 8d 1e  c4 e5 42 9b  d2 6f 23 5d  a5 60 2c be
Sep 21 07:33:36.376177: |   f4 f6 c2
Sep 21 07:33:36.376220: | releasing whack for #2 (sock=fd@-1)
Sep 21 07:33:36.376224: | releasing whack and unpending for parent #1
Sep 21 07:33:36.376227: | unpending state #1 connection "westnet-eastnet-ikev2"
Sep 21 07:33:36.376231: | #2 will expire in 28800 seconds (policy doesn't allow re-key)
Sep 21 07:33:36.376234: | event_schedule: new EVENT_SA_EXPIRE-pe@0x556ff0c54dc0
Sep 21 07:33:36.376238: | inserting event EVENT_SA_EXPIRE, timeout in 28800 seconds for #2
Sep 21 07:33:36.376241: | libevent_malloc: new ptr-libevent@0x556ff0c54d00 size 128
Sep 21 07:33:36.376248: | resume sending helper answer for #1 suppresed complete_v2_state_transition()
Sep 21 07:33:36.376254: | #1 spent 5.39 milliseconds in resume sending helper answer
Sep 21 07:33:36.376259: | stop processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:833)
Sep 21 07:33:36.376263: | libevent_free: release ptr-libevent@0x7f1a20006b90
Sep 21 07:33:36.376273: | processing signal PLUTO_SIGCHLD
Sep 21 07:33:36.376279: | waitpid returned ECHILD (no child processes left)
Sep 21 07:33:36.376284: | spent 0.00571 milliseconds in signal handler PLUTO_SIGCHLD
Sep 21 07:33:36.376286: | processing signal PLUTO_SIGCHLD
Sep 21 07:33:36.376290: | waitpid returned ECHILD (no child processes left)
Sep 21 07:33:36.376293: | spent 0.00362 milliseconds in signal handler PLUTO_SIGCHLD
Sep 21 07:33:36.376296: | processing signal PLUTO_SIGCHLD
Sep 21 07:33:36.376299: | waitpid returned ECHILD (no child processes left)
Sep 21 07:33:36.376302: | spent 0.00339 milliseconds in signal handler PLUTO_SIGCHLD
Sep 21 07:33:51.392490: | spent 0.0108 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Sep 21 07:33:51.392562: | *received 57 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Sep 21 07:33:51.392575: |   44 43 18 88  8e 8c 79 17  95 0b c5 f5  39 06 f4 d3
Sep 21 07:33:51.392584: |   2e 20 25 08  00 00 00 02  00 00 00 39  00 00 00 1d
Sep 21 07:33:51.392592: |   c7 35 6e 91  0e 9c 7e a7  ed ab aa e4  30 46 20 13
Sep 21 07:33:51.392599: |   8e 8f 3a 16  64 01 5e 55  cb
Sep 21 07:33:51.392614: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Sep 21 07:33:51.392625: | **parse ISAKMP Message:
Sep 21 07:33:51.392634: |    initiator cookie:
Sep 21 07:33:51.392641: |   44 43 18 88  8e 8c 79 17
Sep 21 07:33:51.392666: |    responder cookie:
Sep 21 07:33:51.392673: |   95 0b c5 f5  39 06 f4 d3
Sep 21 07:33:51.392683: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Sep 21 07:33:51.392692: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:33:51.392700: |    exchange type: ISAKMP_v2_INFORMATIONAL (0x25)
Sep 21 07:33:51.392709: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Sep 21 07:33:51.392717: |    Message ID: 2 (0x2)
Sep 21 07:33:51.392725: |    length: 57 (0x39)
Sep 21 07:33:51.392735: |  processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37)
Sep 21 07:33:51.392745: | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request 
Sep 21 07:33:51.392758: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa)
Sep 21 07:33:51.392778: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016)
Sep 21 07:33:51.392829: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Sep 21 07:33:51.392864: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064)
Sep 21 07:33:51.392879: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002
Sep 21 07:33:51.392899: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1
Sep 21 07:33:51.392911: | unpacking clear payload
Sep 21 07:33:51.392924: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
Sep 21 07:33:51.392937: | ***parse IKEv2 Encryption Payload:
Sep 21 07:33:51.392950: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:33:51.392963: |    flags: none (0x0)
Sep 21 07:33:51.392971: |    length: 29 (0x1d)
Sep 21 07:33:51.392980: | processing payload: ISAKMP_NEXT_v2SK (len=25)
Sep 21 07:33:51.392994: | Message ID: start-responder #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2
Sep 21 07:33:51.393003: | #1 in state PARENT_R2: received v2I2, PARENT SA established
Sep 21 07:33:51.393042: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success
Sep 21 07:33:51.393051: | selected state microcode R2: process Informational Request
Sep 21 07:33:51.393059: | Now let's proceed with state specific processing
Sep 21 07:33:51.393066: | calling processor R2: process Informational Request
Sep 21 07:33:51.393078: | an informational request should send a response 
Sep 21 07:33:51.393085: | MOBIKE request: not updating IPsec SA
Sep 21 07:33:51.393101: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness
Sep 21 07:33:51.393112: | **emit ISAKMP Message:
Sep 21 07:33:51.393120: |    initiator cookie:
Sep 21 07:33:51.393127: |   44 43 18 88  8e 8c 79 17
Sep 21 07:33:51.393134: |    responder cookie:
Sep 21 07:33:51.393141: |   95 0b c5 f5  39 06 f4 d3
Sep 21 07:33:51.393148: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Sep 21 07:33:51.393157: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:33:51.393164: |    exchange type: ISAKMP_v2_INFORMATIONAL (0x25)
Sep 21 07:33:51.393172: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Sep 21 07:33:51.393180: |    Message ID: 2 (0x2)
Sep 21 07:33:51.393188: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Sep 21 07:33:51.393197: | ***emit IKEv2 Encryption Payload:
Sep 21 07:33:51.393205: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:33:51.393212: |    flags: none (0x0)
Sep 21 07:33:51.393222: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Sep 21 07:33:51.393231: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet'
Sep 21 07:33:51.393241: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Sep 21 07:33:51.393257: | adding 1 bytes of padding (including 1 byte padding-length)
Sep 21 07:33:51.393266: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Sep 21 07:33:51.393283: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Sep 21 07:33:51.393292: | emitting length of IKEv2 Encryption Payload: 29
Sep 21 07:33:51.393299: | emitting length of ISAKMP Message: 57
Sep 21 07:33:51.393332: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1)
Sep 21 07:33:51.393341: |   44 43 18 88  8e 8c 79 17  95 0b c5 f5  39 06 f4 d3
Sep 21 07:33:51.393349: |   2e 20 25 20  00 00 00 02  00 00 00 39  00 00 00 1d
Sep 21 07:33:51.393355: |   36 c6 e9 ca  44 d4 0f 5b  79 c6 72 97  60 a0 99 88
Sep 21 07:33:51.393362: |   80 03 67 a6  21 90 a6 9f  a8
Sep 21 07:33:51.393444: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2
Sep 21 07:33:51.393462: | Message ID: sent #1 response 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2
Sep 21 07:33:51.393481: |   #1 spent 0.364 milliseconds in processing: R2: process Informational Request in ikev2_process_state_packet()
Sep 21 07:33:51.393497: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:33:51.393508: | #1 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK
Sep 21 07:33:51.393517: | Message ID: updating counters for #1 to 2 after switching state
Sep 21 07:33:51.393530: | Message ID: recv #1 request 2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=1->2 wip.initiator=-1 wip.responder=2->-1
Sep 21 07:33:51.393542: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1
Sep 21 07:33:51.393551: | STATE_PARENT_R2: received v2I2, PARENT SA established
Sep 21 07:33:51.393564: | stop processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
Sep 21 07:33:51.393578: | #1 spent 0.977 milliseconds in ikev2_process_packet()
Sep 21 07:33:51.393589: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Sep 21 07:33:51.393599: | processing: STOP state #0 (in process_md() at demux.c:382)
Sep 21 07:33:51.393608: | processing: STOP connection NULL (in process_md() at demux.c:383)
Sep 21 07:33:51.393620: | spent 1.02 milliseconds in comm_handle_cb() reading and processing packet
Sep 21 07:33:54.395159: | spent 0.00465 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
Sep 21 07:33:54.395190: | *received 57 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500)
Sep 21 07:33:54.395195: |   44 43 18 88  8e 8c 79 17  95 0b c5 f5  39 06 f4 d3
Sep 21 07:33:54.395199: |   2e 20 25 08  00 00 00 03  00 00 00 39  00 00 00 1d
Sep 21 07:33:54.395202: |   62 d3 c1 47  71 f1 bb 1d  38 02 dc bb  f1 d5 2c cf
Sep 21 07:33:54.395205: |   c2 a2 6c e3  20 39 97 6e  0c
Sep 21 07:33:54.395211: | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378)
Sep 21 07:33:54.395216: | **parse ISAKMP Message:
Sep 21 07:33:54.395219: |    initiator cookie:
Sep 21 07:33:54.395222: |   44 43 18 88  8e 8c 79 17
Sep 21 07:33:54.395225: |    responder cookie:
Sep 21 07:33:54.395228: |   95 0b c5 f5  39 06 f4 d3
Sep 21 07:33:54.395232: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Sep 21 07:33:54.395236: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:33:54.395239: |    exchange type: ISAKMP_v2_INFORMATIONAL (0x25)
Sep 21 07:33:54.395242: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Sep 21 07:33:54.395246: |    Message ID: 3 (0x3)
Sep 21 07:33:54.395249: |    length: 57 (0x39)
Sep 21 07:33:54.395253: |  processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37)
Sep 21 07:33:54.395261: | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request 
Sep 21 07:33:54.395267: | State DB: found IKEv2 state #1 in PARENT_R2 (find_v2_ike_sa)
Sep 21 07:33:54.395275: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2016)
Sep 21 07:33:54.395279: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Sep 21 07:33:54.395285: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:2064)
Sep 21 07:33:54.395289: | #1 st.st_msgid_lastrecv 2 md.hdr.isa_msgid 00000003
Sep 21 07:33:54.395295: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2
Sep 21 07:33:54.395298: | unpacking clear payload
Sep 21 07:33:54.395301: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
Sep 21 07:33:54.395305: | ***parse IKEv2 Encryption Payload:
Sep 21 07:33:54.395309: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:33:54.395312: |    flags: none (0x0)
Sep 21 07:33:54.395315: |    length: 29 (0x1d)
Sep 21 07:33:54.395318: | processing payload: ISAKMP_NEXT_v2SK (len=25)
Sep 21 07:33:54.395324: | Message ID: start-responder #1 request 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=-1->3
Sep 21 07:33:54.395328: | #1 in state PARENT_R2: received v2I2, PARENT SA established
Sep 21 07:33:54.395346: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success
Sep 21 07:33:54.395350: | selected state microcode R2: process Informational Request
Sep 21 07:33:54.395354: | Now let's proceed with state specific processing
Sep 21 07:33:54.395357: | calling processor R2: process Informational Request
Sep 21 07:33:54.395361: | an informational request should send a response 
Sep 21 07:33:54.395365: | MOBIKE request: not updating IPsec SA
Sep 21 07:33:54.395372: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness
Sep 21 07:33:54.395376: | **emit ISAKMP Message:
Sep 21 07:33:54.395380: |    initiator cookie:
Sep 21 07:33:54.395382: |   44 43 18 88  8e 8c 79 17
Sep 21 07:33:54.395386: |    responder cookie:
Sep 21 07:33:54.395388: |   95 0b c5 f5  39 06 f4 d3
Sep 21 07:33:54.395392: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Sep 21 07:33:54.395395: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Sep 21 07:33:54.395399: |    exchange type: ISAKMP_v2_INFORMATIONAL (0x25)
Sep 21 07:33:54.395402: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Sep 21 07:33:54.395405: |    Message ID: 3 (0x3)
Sep 21 07:33:54.395409: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Sep 21 07:33:54.395412: | ***emit IKEv2 Encryption Payload:
Sep 21 07:33:54.395416: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Sep 21 07:33:54.395419: |    flags: none (0x0)
Sep 21 07:33:54.395423: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Sep 21 07:33:54.395427: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet'
Sep 21 07:33:54.395431: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Sep 21 07:33:54.395442: | adding 1 bytes of padding (including 1 byte padding-length)
Sep 21 07:33:54.395446: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Sep 21 07:33:54.395450: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Sep 21 07:33:54.395453: | emitting length of IKEv2 Encryption Payload: 29
Sep 21 07:33:54.395456: | emitting length of ISAKMP Message: 57
Sep 21 07:33:54.395470: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1)
Sep 21 07:33:54.395474: |   44 43 18 88  8e 8c 79 17  95 0b c5 f5  39 06 f4 d3
Sep 21 07:33:54.395477: |   2e 20 25 20  00 00 00 03  00 00 00 39  00 00 00 1d
Sep 21 07:33:54.395483: |   7d 77 86 d4  48 2e 3f 9d  9a 66 d7 ea  29 65 6e 5e
Sep 21 07:33:54.395486: |   06 18 c8 77  43 f4 07 f1  08
Sep 21 07:33:54.395523: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=-1 initiator.recv=-1 responder.sent=2 responder.recv=2 wip.initiator=-1 wip.responder=3
Sep 21 07:33:54.395531: | Message ID: sent #1 response 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=2->3 responder.recv=2 wip.initiator=-1 wip.responder=3
Sep 21 07:33:54.395539: |   #1 spent 0.161 milliseconds in processing: R2: process Informational Request in ikev2_process_state_packet()
Sep 21 07:33:54.395546: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3376)
Sep 21 07:33:54.395551: | #1 complete_v2_state_transition() PARENT_R2->PARENT_R2 with status STF_OK
Sep 21 07:33:54.395555: | Message ID: updating counters for #1 to 3 after switching state
Sep 21 07:33:54.395560: | Message ID: recv #1 request 3; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=3 responder.recv=2->3 wip.initiator=-1 wip.responder=3->-1
Sep 21 07:33:54.395566: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=-1 initiator.recv=-1 responder.sent=3 responder.recv=3 wip.initiator=-1 wip.responder=-1
Sep 21 07:33:54.395569: | STATE_PARENT_R2: received v2I2, PARENT SA established
Sep 21 07:33:54.395575: | stop processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:2018)
Sep 21 07:33:54.395581: | #1 spent 0.388 milliseconds in ikev2_process_packet()
Sep 21 07:33:54.395586: | stop processing: from 192.1.2.45:500 (in process_md() at demux.c:380)
Sep 21 07:33:54.395591: | processing: STOP state #0 (in process_md() at demux.c:382)
Sep 21 07:33:54.395594: | processing: STOP connection NULL (in process_md() at demux.c:383)
Sep 21 07:33:54.395599: | spent 0.406 milliseconds in comm_handle_cb() reading and processing packet
Sep 21 07:33:55.427835: | processing global timer EVENT_SHUNT_SCAN
Sep 21 07:33:55.427883: | expiring aged bare shunts from shunt table
Sep 21 07:33:55.427902: | spent 0.0157 milliseconds in global timer EVENT_SHUNT_SCAN
Sep 21 07:34:15.445832: | processing global timer EVENT_SHUNT_SCAN
Sep 21 07:34:15.445854: | expiring aged bare shunts from shunt table
Sep 21 07:34:15.445861: | spent 0.00557 milliseconds in global timer EVENT_SHUNT_SCAN
Sep 21 07:34:35.443804: | processing global timer EVENT_PENDING_DDNS
Sep 21 07:34:35.443820: | FOR_EACH_CONNECTION_... in connection_check_ddns
Sep 21 07:34:35.443823: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
Sep 21 07:34:35.443826: | elapsed time in connection_check_ddns for hostname lookup 0.000005
Sep 21 07:34:35.443831: | spent 0.00915 milliseconds in global timer EVENT_PENDING_DDNS
Sep 21 07:34:35.443833: | processing global timer EVENT_SHUNT_SCAN
Sep 21 07:34:35.443836: | expiring aged bare shunts from shunt table
Sep 21 07:34:35.443851: | spent 0.0152 milliseconds in global timer EVENT_SHUNT_SCAN