Sep 21 07:38:49.087282: FIPS Product: YES Sep 21 07:38:49.087322: FIPS Kernel: NO Sep 21 07:38:49.087325: FIPS Mode: NO Sep 21 07:38:49.087328: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:38:49.087509: Initializing NSS Sep 21 07:38:49.087513: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:38:49.150337: NSS initialized Sep 21 07:38:49.150352: NSS crypto library initialized Sep 21 07:38:49.150355: FIPS HMAC integrity support [enabled] Sep 21 07:38:49.150358: FIPS mode disabled for pluto daemon Sep 21 07:38:49.255078: FIPS HMAC integrity verification self-test FAILED Sep 21 07:38:49.255178: libcap-ng support [enabled] Sep 21 07:38:49.255187: Linux audit support [enabled] Sep 21 07:38:49.255211: Linux audit activated Sep 21 07:38:49.255219: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:30416 Sep 21 07:38:49.255223: core dump dir: /tmp Sep 21 07:38:49.255225: secrets file: /etc/ipsec.secrets Sep 21 07:38:49.255227: leak-detective disabled Sep 21 07:38:49.255229: NSS crypto [enabled] Sep 21 07:38:49.255231: XAUTH PAM support [enabled] Sep 21 07:38:49.255303: | libevent is using pluto's memory allocator Sep 21 07:38:49.255312: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:38:49.255325: | libevent_malloc: new ptr-libevent@0x55de3c06a4f0 size 40 Sep 21 07:38:49.255328: | libevent_malloc: new ptr-libevent@0x55de3c06b7a0 size 40 Sep 21 07:38:49.255331: | libevent_malloc: new ptr-libevent@0x55de3c06b7d0 size 40 Sep 21 07:38:49.255333: | creating event base Sep 21 07:38:49.255336: | libevent_malloc: new ptr-libevent@0x55de3c06b760 size 56 Sep 21 07:38:49.255340: | libevent_malloc: new ptr-libevent@0x55de3c06b800 size 664 Sep 21 07:38:49.255350: | libevent_malloc: new ptr-libevent@0x55de3c06baa0 size 24 Sep 21 07:38:49.255354: | libevent_malloc: new ptr-libevent@0x55de3c05d260 size 384 Sep 21 07:38:49.255364: | libevent_malloc: new ptr-libevent@0x55de3c06bac0 size 16 Sep 21 07:38:49.255366: | libevent_malloc: new ptr-libevent@0x55de3c06bae0 size 40 Sep 21 07:38:49.255369: | libevent_malloc: new ptr-libevent@0x55de3c06bb10 size 48 Sep 21 07:38:49.255376: | libevent_realloc: new ptr-libevent@0x55de3bfef370 size 256 Sep 21 07:38:49.255379: | libevent_malloc: new ptr-libevent@0x55de3c06bb50 size 16 Sep 21 07:38:49.255384: | libevent_free: release ptr-libevent@0x55de3c06b760 Sep 21 07:38:49.255388: | libevent initialized Sep 21 07:38:49.255391: | libevent_realloc: new ptr-libevent@0x55de3c06bb70 size 64 Sep 21 07:38:49.255398: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:38:49.255412: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:38:49.255415: NAT-Traversal support [enabled] Sep 21 07:38:49.255417: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:38:49.255423: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:38:49.255426: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:38:49.255463: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:38:49.255467: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:38:49.255470: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:38:49.255524: Encryption algorithms: Sep 21 07:38:49.255530: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:38:49.255534: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:38:49.255537: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:38:49.255541: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:38:49.255544: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:38:49.255554: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:38:49.255558: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:38:49.255561: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:38:49.255565: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:38:49.255568: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:38:49.255572: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:38:49.255576: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:38:49.255579: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:38:49.255583: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:38:49.255586: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:38:49.255589: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:38:49.255592: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:38:49.255602: Hash algorithms: Sep 21 07:38:49.255605: MD5 IKEv1: IKE IKEv2: Sep 21 07:38:49.255608: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:38:49.255610: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:38:49.255613: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:38:49.255615: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:38:49.255627: PRF algorithms: Sep 21 07:38:49.255630: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:38:49.255633: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:38:49.255637: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:38:49.255640: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:38:49.255643: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:38:49.255646: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:38:49.255669: Integrity algorithms: Sep 21 07:38:49.255673: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:38:49.255676: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:38:49.255680: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:38:49.255684: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:38:49.255688: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:38:49.255691: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:38:49.255694: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:38:49.255697: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:38:49.255700: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:38:49.255713: DH algorithms: Sep 21 07:38:49.255716: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:38:49.255719: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:38:49.255722: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:38:49.255727: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:38:49.255730: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:38:49.255733: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:38:49.255735: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:38:49.255738: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:38:49.255741: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:38:49.255745: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:38:49.255747: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:38:49.255750: testing CAMELLIA_CBC: Sep 21 07:38:49.255752: Camellia: 16 bytes with 128-bit key Sep 21 07:38:49.255882: Camellia: 16 bytes with 128-bit key Sep 21 07:38:49.255915: Camellia: 16 bytes with 256-bit key Sep 21 07:38:49.255946: Camellia: 16 bytes with 256-bit key Sep 21 07:38:49.255973: testing AES_GCM_16: Sep 21 07:38:49.255976: empty string Sep 21 07:38:49.256004: one block Sep 21 07:38:49.256029: two blocks Sep 21 07:38:49.256053: two blocks with associated data Sep 21 07:38:49.256079: testing AES_CTR: Sep 21 07:38:49.256082: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:38:49.256107: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:38:49.256134: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:38:49.256161: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:38:49.256186: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:38:49.256214: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:38:49.256241: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:38:49.256266: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:38:49.256294: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:38:49.256322: testing AES_CBC: Sep 21 07:38:49.256324: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:38:49.256351: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:38:49.256380: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:38:49.256407: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:38:49.256441: testing AES_XCBC: Sep 21 07:38:49.256444: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:38:49.256567: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:38:49.256695: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:38:49.256825: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:38:49.256956: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:38:49.257087: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:38:49.257221: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:38:49.257518: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:38:49.257648: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:38:49.257802: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:38:49.258045: testing HMAC_MD5: Sep 21 07:38:49.258048: RFC 2104: MD5_HMAC test 1 Sep 21 07:38:49.258227: RFC 2104: MD5_HMAC test 2 Sep 21 07:38:49.258380: RFC 2104: MD5_HMAC test 3 Sep 21 07:38:49.258559: 8 CPU cores online Sep 21 07:38:49.258563: starting up 7 crypto helpers Sep 21 07:38:49.258595: started thread for crypto helper 0 Sep 21 07:38:49.258619: started thread for crypto helper 1 Sep 21 07:38:49.258640: started thread for crypto helper 2 Sep 21 07:38:49.258658: started thread for crypto helper 3 Sep 21 07:38:49.258677: started thread for crypto helper 4 Sep 21 07:38:49.258694: started thread for crypto helper 5 Sep 21 07:38:49.258715: started thread for crypto helper 6 Sep 21 07:38:49.258723: | checking IKEv1 state table Sep 21 07:38:49.258730: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:38:49.258732: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:38:49.258735: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:38:49.258737: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:38:49.258740: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:38:49.258742: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:38:49.258744: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:38:49.258746: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:38:49.258749: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:38:49.258751: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:38:49.258753: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:38:49.258756: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:38:49.258758: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:38:49.258760: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:38:49.258763: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:38:49.258765: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:38:49.258767: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:38:49.258770: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:38:49.258772: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:38:49.258774: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:38:49.258777: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:38:49.258779: | -> UNDEFINED EVENT_NULL Sep 21 07:38:49.258781: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:38:49.258789: | -> UNDEFINED EVENT_NULL Sep 21 07:38:49.258792: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:38:49.258794: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:38:49.258795: | starting up helper thread 3 Sep 21 07:38:49.258797: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:38:49.258813: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:38:49.258816: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:38:49.258819: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:38:49.258822: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:38:49.258824: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:38:49.258826: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:38:49.258828: | -> UNDEFINED EVENT_NULL Sep 21 07:38:49.258831: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:38:49.258833: | -> UNDEFINED EVENT_NULL Sep 21 07:38:49.258836: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:38:49.258838: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:38:49.258841: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:38:49.258843: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:38:49.258851: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:38:49.258855: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:38:49.258858: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:38:49.258860: | -> UNDEFINED EVENT_NULL Sep 21 07:38:49.258862: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:38:49.258865: | -> UNDEFINED EVENT_NULL Sep 21 07:38:49.258867: | INFO: category: informational flags: 0: Sep 21 07:38:49.258869: | -> UNDEFINED EVENT_NULL Sep 21 07:38:49.258872: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:38:49.258875: | -> UNDEFINED EVENT_NULL Sep 21 07:38:49.258879: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:38:49.258885: | -> XAUTH_R1 EVENT_NULL Sep 21 07:38:49.258888: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:38:49.258890: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:38:49.258893: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:38:49.258899: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:38:49.258902: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:38:49.258905: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:38:49.258907: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:38:49.258910: | -> UNDEFINED EVENT_NULL Sep 21 07:38:49.258915: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:38:49.258917: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:38:49.258919: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:38:49.258921: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:38:49.258924: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:38:49.258926: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:38:49.258932: | checking IKEv2 state table Sep 21 07:38:49.258938: | PARENT_I0: category: ignore flags: 0: Sep 21 07:38:49.258941: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:38:49.258943: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:38:49.258946: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:38:49.258948: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:38:49.258950: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:38:49.258953: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:38:49.258955: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:38:49.258957: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:38:49.258959: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:38:49.258962: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:38:49.258964: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:38:49.258966: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:38:49.258968: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:38:49.258970: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:38:49.258973: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:38:49.258975: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:38:49.258978: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:38:49.258980: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:38:49.258982: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:38:49.258985: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:38:49.258987: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:38:49.258990: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:38:49.258992: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:38:49.258994: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:38:49.258996: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:38:49.258999: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:38:49.259001: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:38:49.259003: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:38:49.259005: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:38:49.259008: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:38:49.259010: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:38:49.259012: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:38:49.259015: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:38:49.259017: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:38:49.259020: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:38:49.259022: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:38:49.259025: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:38:49.259027: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:38:49.259032: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:38:49.259035: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:38:49.259038: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:38:49.259040: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:38:49.259042: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:38:49.259045: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:38:49.259047: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:38:49.259050: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:38:49.259109: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:38:49.259168: | Hard-wiring algorithms Sep 21 07:38:49.259173: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:38:49.259177: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:38:49.259179: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:38:49.259181: | adding 3DES_CBC to kernel algorithm db Sep 21 07:38:49.259184: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:38:49.259186: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:38:49.259188: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:38:49.259191: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:38:49.259193: | adding AES_CTR to kernel algorithm db Sep 21 07:38:49.259195: | adding AES_CBC to kernel algorithm db Sep 21 07:38:49.259197: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:38:49.259200: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:38:49.259202: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:38:49.259204: | adding NULL to kernel algorithm db Sep 21 07:38:49.259207: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:38:49.259209: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:38:49.259212: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:38:49.259214: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:38:49.259216: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:38:49.259219: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:38:49.259221: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:38:49.259223: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:38:49.259226: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:38:49.259228: | adding NONE to kernel algorithm db Sep 21 07:38:49.259250: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:38:49.259257: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:38:49.259260: | setup kernel fd callback Sep 21 07:38:49.259262: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55de3c075f20 Sep 21 07:38:49.259266: | libevent_malloc: new ptr-libevent@0x55de3c07d3f0 size 128 Sep 21 07:38:49.259269: | libevent_malloc: new ptr-libevent@0x55de3c06bcb0 size 16 Sep 21 07:38:49.259275: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55de3c0707c0 Sep 21 07:38:49.259278: | libevent_malloc: new ptr-libevent@0x55de3c07d480 size 128 Sep 21 07:38:49.259280: | libevent_malloc: new ptr-libevent@0x55de3c070710 size 16 Sep 21 07:38:49.259502: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:38:49.259511: selinux support is enabled. Sep 21 07:38:49.259585: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:38:49.259758: | unbound context created - setting debug level to 5 Sep 21 07:38:49.260139: | /etc/hosts lookups activated Sep 21 07:38:49.260166: | /etc/resolv.conf usage activated Sep 21 07:38:49.260225: | outgoing-port-avoid set 0-65535 Sep 21 07:38:49.260250: | outgoing-port-permit set 32768-60999 Sep 21 07:38:49.260254: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:38:49.260257: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:38:49.260260: | Setting up events, loop start Sep 21 07:38:49.260268: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55de3c070510 Sep 21 07:38:49.260273: | libevent_malloc: new ptr-libevent@0x55de3c0879f0 size 128 Sep 21 07:38:49.260277: | libevent_malloc: new ptr-libevent@0x55de3c087a80 size 16 Sep 21 07:38:49.260284: | libevent_realloc: new ptr-libevent@0x55de3bfed5b0 size 256 Sep 21 07:38:49.260287: | libevent_malloc: new ptr-libevent@0x55de3c087aa0 size 8 Sep 21 07:38:49.260290: | libevent_realloc: new ptr-libevent@0x55de3c07c6f0 size 144 Sep 21 07:38:49.260293: | libevent_malloc: new ptr-libevent@0x55de3c087ac0 size 152 Sep 21 07:38:49.260296: | libevent_malloc: new ptr-libevent@0x55de3c087b60 size 16 Sep 21 07:38:49.260300: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:38:49.260303: | libevent_malloc: new ptr-libevent@0x55de3c087b80 size 8 Sep 21 07:38:49.260305: | libevent_malloc: new ptr-libevent@0x55de3c087ba0 size 152 Sep 21 07:38:49.260308: | signal event handler PLUTO_SIGTERM installed Sep 21 07:38:49.260311: | libevent_malloc: new ptr-libevent@0x55de3c087c40 size 8 Sep 21 07:38:49.260313: | libevent_malloc: new ptr-libevent@0x55de3c087c60 size 152 Sep 21 07:38:49.260316: | signal event handler PLUTO_SIGHUP installed Sep 21 07:38:49.260318: | libevent_malloc: new ptr-libevent@0x55de3c087d00 size 8 Sep 21 07:38:49.260321: | libevent_realloc: release ptr-libevent@0x55de3c07c6f0 Sep 21 07:38:49.260323: | libevent_realloc: new ptr-libevent@0x55de3c087d20 size 256 Sep 21 07:38:49.260325: | libevent_malloc: new ptr-libevent@0x55de3c07c6f0 size 152 Sep 21 07:38:49.260327: | signal event handler PLUTO_SIGSYS installed Sep 21 07:38:49.260704: | created addconn helper (pid:30618) using fork+execve Sep 21 07:38:49.260720: | forked child 30618 Sep 21 07:38:49.260765: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:38:49.260782: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:38:49.260799: listening for IKE messages Sep 21 07:38:49.261275: | Inspecting interface lo Sep 21 07:38:49.261285: | found lo with address 127.0.0.1 Sep 21 07:38:49.261288: | Inspecting interface eth0 Sep 21 07:38:49.261292: | found eth0 with address 192.0.3.254 Sep 21 07:38:49.261295: | Inspecting interface eth1 Sep 21 07:38:49.261299: | found eth1 with address 192.1.3.33 Sep 21 07:38:49.261301: | Inspecting interface eth1 Sep 21 07:38:49.261305: | found eth1 with address 192.1.8.22 Sep 21 07:38:49.261355: Kernel supports NIC esp-hw-offload Sep 21 07:38:49.261366: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.8.22:500 Sep 21 07:38:49.261387: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:38:49.261392: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:38:49.261396: adding interface eth1/eth1 192.1.8.22:4500 Sep 21 07:38:49.261423: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Sep 21 07:38:49.261445: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:38:49.261450: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:38:49.261453: adding interface eth1/eth1 192.1.3.33:4500 Sep 21 07:38:49.261477: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Sep 21 07:38:49.261497: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:38:49.261501: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:38:49.261505: adding interface eth0/eth0 192.0.3.254:4500 Sep 21 07:38:49.261529: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:38:49.261550: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:38:49.261555: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:38:49.261558: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:38:49.261631: | no interfaces to sort Sep 21 07:38:49.261636: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:38:49.261647: | add_fd_read_event_handler: new ethX-pe@0x55de3c0881b0 Sep 21 07:38:49.261654: | libevent_malloc: new ptr-libevent@0x55de3c0881f0 size 128 Sep 21 07:38:49.261658: | libevent_malloc: new ptr-libevent@0x55de3c088280 size 16 Sep 21 07:38:49.261667: | setup callback for interface lo 127.0.0.1:4500 fd 24 Sep 21 07:38:49.261670: | add_fd_read_event_handler: new ethX-pe@0x55de3c0882a0 Sep 21 07:38:49.261673: | libevent_malloc: new ptr-libevent@0x55de3c0882e0 size 128 Sep 21 07:38:49.261676: | libevent_malloc: new ptr-libevent@0x55de3c088370 size 16 Sep 21 07:38:49.261681: | setup callback for interface lo 127.0.0.1:500 fd 23 Sep 21 07:38:49.261684: | add_fd_read_event_handler: new ethX-pe@0x55de3c088390 Sep 21 07:38:49.261687: | libevent_malloc: new ptr-libevent@0x55de3c0883d0 size 128 Sep 21 07:38:49.261689: | libevent_malloc: new ptr-libevent@0x55de3c088460 size 16 Sep 21 07:38:49.261695: | setup callback for interface eth0 192.0.3.254:4500 fd 22 Sep 21 07:38:49.261697: | add_fd_read_event_handler: new ethX-pe@0x55de3c088480 Sep 21 07:38:49.261700: | libevent_malloc: new ptr-libevent@0x55de3c0884c0 size 128 Sep 21 07:38:49.261703: | libevent_malloc: new ptr-libevent@0x55de3c088550 size 16 Sep 21 07:38:49.261708: | setup callback for interface eth0 192.0.3.254:500 fd 21 Sep 21 07:38:49.261711: | add_fd_read_event_handler: new ethX-pe@0x55de3c088570 Sep 21 07:38:49.261714: | libevent_malloc: new ptr-libevent@0x55de3c0885b0 size 128 Sep 21 07:38:49.261716: | libevent_malloc: new ptr-libevent@0x55de3c088640 size 16 Sep 21 07:38:49.261721: | setup callback for interface eth1 192.1.3.33:4500 fd 20 Sep 21 07:38:49.261724: | add_fd_read_event_handler: new ethX-pe@0x55de3c088660 Sep 21 07:38:49.261726: | libevent_malloc: new ptr-libevent@0x55de3c0886a0 size 128 Sep 21 07:38:49.261729: | libevent_malloc: new ptr-libevent@0x55de3c088730 size 16 Sep 21 07:38:49.261734: | setup callback for interface eth1 192.1.3.33:500 fd 19 Sep 21 07:38:49.261736: | add_fd_read_event_handler: new ethX-pe@0x55de3c088750 Sep 21 07:38:49.261739: | libevent_malloc: new ptr-libevent@0x55de3c088790 size 128 Sep 21 07:38:49.261742: | libevent_malloc: new ptr-libevent@0x55de3c088820 size 16 Sep 21 07:38:49.261747: | setup callback for interface eth1 192.1.8.22:4500 fd 18 Sep 21 07:38:49.261749: | add_fd_read_event_handler: new ethX-pe@0x55de3c088e10 Sep 21 07:38:49.261752: | libevent_malloc: new ptr-libevent@0x55de3c088e50 size 128 Sep 21 07:38:49.261755: | libevent_malloc: new ptr-libevent@0x55de3c088ee0 size 16 Sep 21 07:38:49.261759: | setup callback for interface eth1 192.1.8.22:500 fd 17 Sep 21 07:38:49.261764: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:38:49.261767: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:38:49.261793: loading secrets from "/etc/ipsec.secrets" Sep 21 07:38:49.261806: | Processing PSK at line 1: passed Sep 21 07:38:49.261810: | certs and keys locked by 'process_secret' Sep 21 07:38:49.261816: | certs and keys unlocked by 'process_secret' Sep 21 07:38:49.261821: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:38:49.261829: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:38:49.261836: | spent 1.07 milliseconds in whack Sep 21 07:38:49.261954: | starting up helper thread 4 Sep 21 07:38:49.261964: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:38:49.261969: | crypto helper 4 waiting (nothing to do) Sep 21 07:38:49.261982: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:38:49.261988: | crypto helper 3 waiting (nothing to do) Sep 21 07:38:49.261998: | starting up helper thread 5 Sep 21 07:38:49.262002: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:38:49.262005: | crypto helper 5 waiting (nothing to do) Sep 21 07:38:49.262106: | starting up helper thread 6 Sep 21 07:38:49.262116: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:38:49.262119: | crypto helper 6 waiting (nothing to do) Sep 21 07:38:49.262133: | starting up helper thread 1 Sep 21 07:38:49.262141: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:38:49.262144: | crypto helper 1 waiting (nothing to do) Sep 21 07:38:49.262874: | starting up helper thread 0 Sep 21 07:38:49.262886: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:38:49.262889: | crypto helper 0 waiting (nothing to do) Sep 21 07:38:49.262903: | starting up helper thread 2 Sep 21 07:38:49.262910: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:38:49.262913: | crypto helper 2 waiting (nothing to do) Sep 21 07:38:49.330061: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:38:49.330164: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:38:49.330171: listening for IKE messages Sep 21 07:38:49.330206: | Inspecting interface lo Sep 21 07:38:49.330212: | found lo with address 127.0.0.1 Sep 21 07:38:49.330215: | Inspecting interface eth0 Sep 21 07:38:49.330219: | found eth0 with address 192.0.3.254 Sep 21 07:38:49.330221: | Inspecting interface eth1 Sep 21 07:38:49.330225: | found eth1 with address 192.1.3.33 Sep 21 07:38:49.330227: | Inspecting interface eth1 Sep 21 07:38:49.330231: | found eth1 with address 192.1.8.22 Sep 21 07:38:49.330297: | no interfaces to sort Sep 21 07:38:49.330306: | libevent_free: release ptr-libevent@0x55de3c0881f0 Sep 21 07:38:49.330309: | free_event_entry: release EVENT_NULL-pe@0x55de3c0881b0 Sep 21 07:38:49.330312: | add_fd_read_event_handler: new ethX-pe@0x55de3c0881b0 Sep 21 07:38:49.330316: | libevent_malloc: new ptr-libevent@0x55de3c0881f0 size 128 Sep 21 07:38:49.330323: | setup callback for interface lo 127.0.0.1:4500 fd 24 Sep 21 07:38:49.330326: | libevent_free: release ptr-libevent@0x55de3c0882e0 Sep 21 07:38:49.330329: | free_event_entry: release EVENT_NULL-pe@0x55de3c0882a0 Sep 21 07:38:49.330331: | add_fd_read_event_handler: new ethX-pe@0x55de3c0882a0 Sep 21 07:38:49.330334: | libevent_malloc: new ptr-libevent@0x55de3c0882e0 size 128 Sep 21 07:38:49.330338: | setup callback for interface lo 127.0.0.1:500 fd 23 Sep 21 07:38:49.330342: | libevent_free: release ptr-libevent@0x55de3c0883d0 Sep 21 07:38:49.330344: | free_event_entry: release EVENT_NULL-pe@0x55de3c088390 Sep 21 07:38:49.330347: | add_fd_read_event_handler: new ethX-pe@0x55de3c088390 Sep 21 07:38:49.330349: | libevent_malloc: new ptr-libevent@0x55de3c0883d0 size 128 Sep 21 07:38:49.330354: | setup callback for interface eth0 192.0.3.254:4500 fd 22 Sep 21 07:38:49.330357: | libevent_free: release ptr-libevent@0x55de3c0884c0 Sep 21 07:38:49.330360: | free_event_entry: release EVENT_NULL-pe@0x55de3c088480 Sep 21 07:38:49.330362: | add_fd_read_event_handler: new ethX-pe@0x55de3c088480 Sep 21 07:38:49.330365: | libevent_malloc: new ptr-libevent@0x55de3c0884c0 size 128 Sep 21 07:38:49.330369: | setup callback for interface eth0 192.0.3.254:500 fd 21 Sep 21 07:38:49.330373: | libevent_free: release ptr-libevent@0x55de3c0885b0 Sep 21 07:38:49.330375: | free_event_entry: release EVENT_NULL-pe@0x55de3c088570 Sep 21 07:38:49.330378: | add_fd_read_event_handler: new ethX-pe@0x55de3c088570 Sep 21 07:38:49.330380: | libevent_malloc: new ptr-libevent@0x55de3c0885b0 size 128 Sep 21 07:38:49.330385: | setup callback for interface eth1 192.1.3.33:4500 fd 20 Sep 21 07:38:49.330388: | libevent_free: release ptr-libevent@0x55de3c0886a0 Sep 21 07:38:49.330391: | free_event_entry: release EVENT_NULL-pe@0x55de3c088660 Sep 21 07:38:49.330393: | add_fd_read_event_handler: new ethX-pe@0x55de3c088660 Sep 21 07:38:49.330396: | libevent_malloc: new ptr-libevent@0x55de3c0886a0 size 128 Sep 21 07:38:49.330400: | setup callback for interface eth1 192.1.3.33:500 fd 19 Sep 21 07:38:49.330404: | libevent_free: release ptr-libevent@0x55de3c088790 Sep 21 07:38:49.330406: | free_event_entry: release EVENT_NULL-pe@0x55de3c088750 Sep 21 07:38:49.330408: | add_fd_read_event_handler: new ethX-pe@0x55de3c088750 Sep 21 07:38:49.330411: | libevent_malloc: new ptr-libevent@0x55de3c088790 size 128 Sep 21 07:38:49.330422: | setup callback for interface eth1 192.1.8.22:4500 fd 18 Sep 21 07:38:49.330425: | libevent_free: release ptr-libevent@0x55de3c088e50 Sep 21 07:38:49.330428: | free_event_entry: release EVENT_NULL-pe@0x55de3c088e10 Sep 21 07:38:49.330430: | add_fd_read_event_handler: new ethX-pe@0x55de3c088e10 Sep 21 07:38:49.330433: | libevent_malloc: new ptr-libevent@0x55de3c088e50 size 128 Sep 21 07:38:49.330438: | setup callback for interface eth1 192.1.8.22:500 fd 17 Sep 21 07:38:49.330441: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:38:49.330443: forgetting secrets Sep 21 07:38:49.330448: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:38:49.330461: loading secrets from "/etc/ipsec.secrets" Sep 21 07:38:49.330467: | Processing PSK at line 1: passed Sep 21 07:38:49.330470: | certs and keys locked by 'process_secret' Sep 21 07:38:49.330472: | certs and keys unlocked by 'process_secret' Sep 21 07:38:49.330477: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:38:49.330482: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:38:49.330490: | spent 0.359 milliseconds in whack Sep 21 07:38:49.331309: | processing signal PLUTO_SIGCHLD Sep 21 07:38:49.331325: | waitpid returned pid 30618 (exited with status 0) Sep 21 07:38:49.331329: | reaped addconn helper child (status 0) Sep 21 07:38:49.331334: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:49.331338: | spent 0.0168 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:38:49.416381: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:38:49.416409: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:38:49.416412: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:38:49.416415: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:38:49.416417: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:38:49.416421: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:38:49.416461: | Added new connection northnet-eastnet with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO Sep 21 07:38:49.416516: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:38:49.416522: | from whack: got --esp=aes256-sha2 Sep 21 07:38:49.416536: | ESP/AH string values: AES_CBC_256-HMAC_SHA2_256_128 Sep 21 07:38:49.416542: | counting wild cards for 192.1.3.33 is 0 Sep 21 07:38:49.416547: | counting wild cards for 192.1.2.23 is 0 Sep 21 07:38:49.416556: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:38:49.416560: | new hp@0x55de3c054a20 Sep 21 07:38:49.416564: added connection description "northnet-eastnet" Sep 21 07:38:49.416573: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO Sep 21 07:38:49.416583: | 192.0.3.0/24===192.1.3.33<192.1.3.33>...192.1.2.23<192.1.2.23>===192.0.2.0/24 Sep 21 07:38:49.416589: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:38:49.416596: | spent 0.223 milliseconds in whack Sep 21 07:38:49.531045: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:38:49.531067: | old debugging base+cpu-usage + none Sep 21 07:38:49.531071: | base debugging = base+cpu-usage Sep 21 07:38:49.531075: | old impairing none + suppress-retransmits Sep 21 07:38:49.531078: | base impairing = suppress-retransmits Sep 21 07:38:49.531085: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:38:49.531098: | spent 0.0608 milliseconds in whack Sep 21 07:38:49.715229: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:38:49.715257: | dup_any(fd@16) -> fd@25 (in whack_process() at rcv_whack.c:590) Sep 21 07:38:49.715262: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:38:49.715267: | start processing: connection "northnet-eastnet" (in initiate_a_connection() at initiate.c:186) Sep 21 07:38:49.715271: | connection 'northnet-eastnet' +POLICY_UP Sep 21 07:38:49.715274: | dup_any(fd@25) -> fd@26 (in initiate_a_connection() at initiate.c:342) Sep 21 07:38:49.715277: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:38:49.715299: | creating state object #1 at 0x55de3c089ff0 Sep 21 07:38:49.715303: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:38:49.715311: | pstats #1 ikev2.ike started Sep 21 07:38:49.715314: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:38:49.715318: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:38:49.715324: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:38:49.715332: | suspend processing: connection "northnet-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:38:49.715338: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:38:49.715342: | dup_any(fd@26) -> fd@27 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:38:49.715346: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnet" IKE SA #1 "northnet-eastnet" Sep 21 07:38:49.715351: "northnet-eastnet" #1: initiating v2 parent SA Sep 21 07:38:49.715359: | constructing local IKE proposals for northnet-eastnet (IKE SA initiator selecting KE) Sep 21 07:38:49.715367: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:38:49.715376: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:38:49.715380: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:38:49.715386: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:38:49.715390: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:38:49.715395: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:38:49.715399: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:38:49.715405: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:38:49.715416: "northnet-eastnet": constructed local IKE proposals for northnet-eastnet (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:38:49.715429: | adding ikev2_outI1 KE work-order 1 for state #1 Sep 21 07:38:49.715433: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55de3c089e80 Sep 21 07:38:49.715437: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:38:49.715440: | libevent_malloc: new ptr-libevent@0x55de3c089ec0 size 128 Sep 21 07:38:49.715454: | #1 spent 0.185 milliseconds in ikev2_parent_outI1() Sep 21 07:38:49.715457: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:38:49.715462: | RESET processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:38:49.715465: | RESET processing: connection "northnet-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:38:49.715468: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:38:49.715472: | close_any(fd@25) (in initiate_connection() at initiate.c:372) Sep 21 07:38:49.715475: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:38:49.715479: | spent 0.254 milliseconds in whack Sep 21 07:38:49.715489: | crypto helper 4 resuming Sep 21 07:38:49.715493: | crypto helper 4 starting work-order 1 for state #1 Sep 21 07:38:49.715497: | crypto helper 4 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Sep 21 07:38:49.716323: | crypto helper 4 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000825 seconds Sep 21 07:38:49.716338: | (#1) spent 0.836 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Sep 21 07:38:49.716341: | crypto helper 4 sending results from work-order 1 for state #1 to event queue Sep 21 07:38:49.716344: | scheduling resume sending helper answer for #1 Sep 21 07:38:49.716347: | libevent_malloc: new ptr-libevent@0x7f947c006900 size 128 Sep 21 07:38:49.716356: | crypto helper 4 waiting (nothing to do) Sep 21 07:38:49.716367: | processing resume sending helper answer for #1 Sep 21 07:38:49.716374: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:38:49.716377: | crypto helper 4 replies to request ID 1 Sep 21 07:38:49.716380: | calling continuation function 0x55de3a420630 Sep 21 07:38:49.716382: | ikev2_parent_outI1_continue for #1 Sep 21 07:38:49.716412: | **emit ISAKMP Message: Sep 21 07:38:49.716415: | initiator cookie: Sep 21 07:38:49.716418: | 1b 4a a3 ae a4 7b 22 0d Sep 21 07:38:49.716420: | responder cookie: Sep 21 07:38:49.716422: | 00 00 00 00 00 00 00 00 Sep 21 07:38:49.716425: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:38:49.716428: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:38:49.716430: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:38:49.716433: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:38:49.716436: | Message ID: 0 (0x0) Sep 21 07:38:49.716438: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:38:49.716455: | using existing local IKE proposals for connection northnet-eastnet (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:38:49.716458: | Emitting ikev2_proposals ... Sep 21 07:38:49.716461: | ***emit IKEv2 Security Association Payload: Sep 21 07:38:49.716463: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:49.716469: | flags: none (0x0) Sep 21 07:38:49.716473: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:38:49.716476: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:38:49.716479: | discarding INTEG=NONE Sep 21 07:38:49.716481: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:38:49.716484: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:38:49.716486: | prop #: 1 (0x1) Sep 21 07:38:49.716489: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:38:49.716491: | spi size: 0 (0x0) Sep 21 07:38:49.716493: | # transforms: 11 (0xb) Sep 21 07:38:49.716496: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:38:49.716499: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.716501: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716504: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:38:49.716506: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:38:49.716509: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.716511: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:38:49.716514: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:38:49.716517: | length/value: 256 (0x100) Sep 21 07:38:49.716519: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:38:49.716522: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.716524: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716526: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:49.716529: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:38:49.716532: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716535: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.716537: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.716539: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.716542: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716544: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:49.716547: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:38:49.716550: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716552: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.716555: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.716557: | discarding INTEG=NONE Sep 21 07:38:49.716559: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.716562: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716564: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.716566: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:38:49.716569: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716572: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.716574: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.716577: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.716579: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716581: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.716584: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:38:49.716588: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716591: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.716593: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.716596: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.716598: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716600: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.716603: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:38:49.716605: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716608: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.716611: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.716613: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.716615: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716618: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.716620: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:38:49.716623: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716625: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.716628: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.716630: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.716632: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716635: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.716637: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:38:49.716640: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716643: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.716645: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.716647: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.716650: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716652: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.716654: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:38:49.716657: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716660: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.716662: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.716665: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.716667: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716669: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.716672: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:38:49.716674: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716677: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.716680: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.716682: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.716684: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:38:49.716688: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.716691: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:38:49.716693: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716696: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.716699: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.716701: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:38:49.716704: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:38:49.716706: | discarding INTEG=NONE Sep 21 07:38:49.716708: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:38:49.716711: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:38:49.716713: | prop #: 2 (0x2) Sep 21 07:38:49.716715: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:38:49.716718: | spi size: 0 (0x0) Sep 21 07:38:49.716720: | # transforms: 11 (0xb) Sep 21 07:38:49.716723: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:38:49.716726: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:38:49.716728: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.716730: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716733: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:38:49.716735: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:38:49.716738: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.716740: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:38:49.716743: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:38:49.716746: | length/value: 128 (0x80) Sep 21 07:38:49.716748: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:38:49.716750: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.716753: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716755: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:49.716757: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:38:49.716760: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716763: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.716765: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.716768: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.716770: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716772: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:49.716775: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:38:49.716777: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716780: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.716787: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.716791: | discarding INTEG=NONE Sep 21 07:38:49.716793: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.716795: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716798: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.716800: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:38:49.716803: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716808: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.716810: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.716812: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.716815: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716817: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.716819: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:38:49.716822: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716825: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.716828: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.716830: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.716832: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716835: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.716837: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:38:49.716840: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716843: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.716845: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.716847: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.716850: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716852: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.716854: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:38:49.716857: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716860: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.716862: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.716865: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.716867: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716870: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.716872: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:38:49.716875: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716877: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.716880: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.716882: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.716884: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716887: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.716889: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:38:49.716892: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716895: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.716897: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.716900: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.716902: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716908: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.716910: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:38:49.716913: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716916: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.716919: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.716921: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.716923: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:38:49.716926: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.716928: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:38:49.716931: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716934: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.716936: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.716938: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:38:49.716941: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:38:49.716944: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:38:49.716946: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:38:49.716948: | prop #: 3 (0x3) Sep 21 07:38:49.716951: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:38:49.716953: | spi size: 0 (0x0) Sep 21 07:38:49.716956: | # transforms: 13 (0xd) Sep 21 07:38:49.716958: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:38:49.716961: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:38:49.716964: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.716966: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716968: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:38:49.716971: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:38:49.716973: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.716976: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:38:49.716978: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:38:49.716981: | length/value: 256 (0x100) Sep 21 07:38:49.716983: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:38:49.716986: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.716988: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716990: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:49.716993: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:38:49.716996: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.716998: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.717001: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.717003: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.717005: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717008: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:49.717010: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:38:49.717013: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717017: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.717020: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.717022: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.717025: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717027: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:38:49.717030: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:38:49.717032: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717035: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.717038: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.717040: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.717042: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717045: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:38:49.717047: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:38:49.717050: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717053: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.717055: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.717057: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.717060: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717062: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.717065: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:38:49.717067: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717070: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.717073: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.717075: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.717077: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717080: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.717082: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:38:49.717085: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717088: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.717090: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.717092: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.717095: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717097: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.717100: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:38:49.717102: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717105: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.717108: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.717110: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.717112: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717115: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.717117: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:38:49.717123: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717125: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.717128: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.717130: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.717133: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717135: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.717137: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:38:49.717140: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717143: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.717145: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.717148: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.717150: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717153: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.717155: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:38:49.717158: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717161: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.717163: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.717165: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.717168: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717170: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.717173: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:38:49.717175: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717178: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.717181: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.717183: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.717185: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:38:49.717188: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.717190: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:38:49.717193: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717196: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.717198: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.717201: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:38:49.717203: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:38:49.717206: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:38:49.717208: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:38:49.717210: | prop #: 4 (0x4) Sep 21 07:38:49.717213: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:38:49.717215: | spi size: 0 (0x0) Sep 21 07:38:49.717217: | # transforms: 13 (0xd) Sep 21 07:38:49.717220: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:38:49.717224: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:38:49.717227: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.717229: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717231: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:38:49.717234: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:38:49.717236: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.717239: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:38:49.717241: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:38:49.717244: | length/value: 128 (0x80) Sep 21 07:38:49.717246: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:38:49.717248: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.717251: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717253: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:49.717256: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:38:49.717258: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717261: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.717264: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.717266: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.717268: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717271: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:49.717273: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:38:49.717276: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717279: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.717281: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.717284: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.717286: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717289: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:38:49.717291: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:38:49.717294: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717296: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.717299: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.717301: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.717304: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717306: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:38:49.717308: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:38:49.717311: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717314: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.717316: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.717319: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.717321: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717323: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.717326: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:38:49.717329: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717332: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.717335: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.717337: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.717340: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717342: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.717345: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:38:49.717347: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717350: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.717353: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.717355: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.717357: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717360: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.717362: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:38:49.717365: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717368: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.717370: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.717372: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.717375: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717377: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.717379: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:38:49.717382: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717385: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.717387: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.717390: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.717392: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717394: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.717397: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:38:49.717400: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717402: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.717405: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.717407: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.717410: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717412: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.717415: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:38:49.717418: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717420: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.717423: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.717425: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.717427: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717430: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.717433: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:38:49.717436: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717439: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.717441: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.717444: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.717446: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:38:49.717448: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.717451: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:38:49.717454: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.717456: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.717459: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.717461: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:38:49.717464: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:38:49.717467: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:38:49.717469: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:38:49.717472: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:38:49.717474: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:49.717477: | flags: none (0x0) Sep 21 07:38:49.717479: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:38:49.717482: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:38:49.717485: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:38:49.717488: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:38:49.717491: | ikev2 g^x ec 66 80 bd fb 52 46 b9 b1 82 87 cd 4b a5 24 e3 Sep 21 07:38:49.717493: | ikev2 g^x e7 17 00 11 bc 5b 44 58 0c 8e 41 68 fe 85 f1 c3 Sep 21 07:38:49.717495: | ikev2 g^x a3 af 80 68 3e 93 2e e9 de 56 2f 74 18 7a b5 11 Sep 21 07:38:49.717497: | ikev2 g^x 89 7a 09 1c 00 3a 73 54 17 13 bc 96 3f 57 dd 80 Sep 21 07:38:49.717500: | ikev2 g^x 78 cb 0b 86 e5 4e 06 d7 e6 3d 5d d6 54 d7 af 24 Sep 21 07:38:49.717502: | ikev2 g^x 30 3b 6d c6 9f ae 1a b0 a4 01 20 5d 2f 7e b0 c9 Sep 21 07:38:49.717504: | ikev2 g^x 2d 85 b4 c2 e8 56 a9 90 b1 da e8 68 19 f3 3f da Sep 21 07:38:49.717506: | ikev2 g^x ef 4f 70 3c a9 8c 5e 08 26 3a 81 e1 42 bb 88 6b Sep 21 07:38:49.717509: | ikev2 g^x 3e 33 da 88 81 29 71 42 25 cb 9a ea db 2b 4c 35 Sep 21 07:38:49.717511: | ikev2 g^x 29 92 68 73 9b 2a 3f d6 4b e7 5b 0e 6c fb a8 08 Sep 21 07:38:49.717513: | ikev2 g^x 56 89 cc 1f 0f 93 4a 13 b0 1a a7 f7 9e 85 4e 49 Sep 21 07:38:49.717515: | ikev2 g^x 6f d7 f6 fb 48 c1 2f 8c 85 d9 c2 8c fe b8 4c 21 Sep 21 07:38:49.717518: | ikev2 g^x d1 8a 88 c3 8a ec 7c b4 f2 fc 01 bf b4 ef 2b 55 Sep 21 07:38:49.717520: | ikev2 g^x 47 81 f6 ea 9a e4 83 e1 3f f4 48 72 53 06 90 b9 Sep 21 07:38:49.717522: | ikev2 g^x 12 61 24 1c a4 e7 64 dd 0e c4 d6 c3 02 5b e5 68 Sep 21 07:38:49.717524: | ikev2 g^x fb 93 35 de bc 9e 6d b3 02 24 43 f3 ce 11 8a 3b Sep 21 07:38:49.717527: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:38:49.717529: | ***emit IKEv2 Nonce Payload: Sep 21 07:38:49.717532: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:38:49.717534: | flags: none (0x0) Sep 21 07:38:49.717537: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:38:49.717541: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:38:49.717544: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:38:49.717547: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:38:49.717549: | IKEv2 nonce 3d d4 8d 79 b7 f1 57 d1 e3 de 86 49 5c b7 97 31 Sep 21 07:38:49.717552: | IKEv2 nonce 24 53 32 a0 7f ba 50 ba 0a 56 d2 23 6c 46 66 07 Sep 21 07:38:49.717554: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:38:49.717556: | Adding a v2N Payload Sep 21 07:38:49.717559: | ***emit IKEv2 Notify Payload: Sep 21 07:38:49.717561: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:49.717563: | flags: none (0x0) Sep 21 07:38:49.717566: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:49.717568: | SPI size: 0 (0x0) Sep 21 07:38:49.717571: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:38:49.717574: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:38:49.717576: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:38:49.717579: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:38:49.717582: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:38:49.717584: | natd_hash: rcookie is zero Sep 21 07:38:49.717594: | natd_hash: hasher=0x55de3a4f67a0(20) Sep 21 07:38:49.717597: | natd_hash: icookie= 1b 4a a3 ae a4 7b 22 0d Sep 21 07:38:49.717599: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:38:49.717602: | natd_hash: ip= c0 01 03 21 Sep 21 07:38:49.717604: | natd_hash: port= 01 f4 Sep 21 07:38:49.717607: | natd_hash: hash= 43 45 b1 46 b7 18 26 19 a8 29 5d c9 76 ae da 46 Sep 21 07:38:49.717609: | natd_hash: hash= 82 c9 2b 4c Sep 21 07:38:49.717611: | Adding a v2N Payload Sep 21 07:38:49.717613: | ***emit IKEv2 Notify Payload: Sep 21 07:38:49.717616: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:49.717618: | flags: none (0x0) Sep 21 07:38:49.717620: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:49.717623: | SPI size: 0 (0x0) Sep 21 07:38:49.717625: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:38:49.717628: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:38:49.717631: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:38:49.717633: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:38:49.717636: | Notify data 43 45 b1 46 b7 18 26 19 a8 29 5d c9 76 ae da 46 Sep 21 07:38:49.717638: | Notify data 82 c9 2b 4c Sep 21 07:38:49.717640: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:38:49.717643: | natd_hash: rcookie is zero Sep 21 07:38:49.717650: | natd_hash: hasher=0x55de3a4f67a0(20) Sep 21 07:38:49.717652: | natd_hash: icookie= 1b 4a a3 ae a4 7b 22 0d Sep 21 07:38:49.717654: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:38:49.717656: | natd_hash: ip= c0 01 02 17 Sep 21 07:38:49.717659: | natd_hash: port= 01 f4 Sep 21 07:38:49.717661: | natd_hash: hash= df af 3c f6 79 4f 24 c0 d8 96 8e fe 11 27 e6 61 Sep 21 07:38:49.717663: | natd_hash: hash= 41 a3 35 ff Sep 21 07:38:49.717665: | Adding a v2N Payload Sep 21 07:38:49.717667: | ***emit IKEv2 Notify Payload: Sep 21 07:38:49.717670: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:49.717672: | flags: none (0x0) Sep 21 07:38:49.717674: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:49.717677: | SPI size: 0 (0x0) Sep 21 07:38:49.717679: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:38:49.717682: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:38:49.717686: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:38:49.717689: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:38:49.717691: | Notify data df af 3c f6 79 4f 24 c0 d8 96 8e fe 11 27 e6 61 Sep 21 07:38:49.717693: | Notify data 41 a3 35 ff Sep 21 07:38:49.717695: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:38:49.717698: | emitting length of ISAKMP Message: 828 Sep 21 07:38:49.717704: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:38:49.717715: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:38:49.717719: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:38:49.717722: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:38:49.717725: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:38:49.717728: | Message ID: updating counters for #1 to 4294967295 after switching state Sep 21 07:38:49.717731: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:38:49.717736: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:38:49.717739: "northnet-eastnet" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:38:49.717749: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:38:49.717758: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:38:49.717761: | 1b 4a a3 ae a4 7b 22 0d 00 00 00 00 00 00 00 00 Sep 21 07:38:49.717763: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:38:49.717766: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:38:49.717768: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:38:49.717770: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:38:49.717772: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:38:49.717774: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:38:49.717777: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:38:49.717779: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:38:49.717781: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:38:49.717788: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:38:49.717792: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:38:49.717795: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:38:49.717797: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:38:49.717799: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:38:49.717801: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:38:49.717803: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:38:49.717806: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:38:49.717808: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:38:49.717810: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:38:49.717812: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:38:49.717815: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:38:49.717817: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:38:49.717819: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:38:49.717821: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:38:49.717824: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:38:49.717826: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:38:49.717828: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:38:49.717830: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:38:49.717834: | 28 00 01 08 00 0e 00 00 ec 66 80 bd fb 52 46 b9 Sep 21 07:38:49.717836: | b1 82 87 cd 4b a5 24 e3 e7 17 00 11 bc 5b 44 58 Sep 21 07:38:49.717838: | 0c 8e 41 68 fe 85 f1 c3 a3 af 80 68 3e 93 2e e9 Sep 21 07:38:49.717841: | de 56 2f 74 18 7a b5 11 89 7a 09 1c 00 3a 73 54 Sep 21 07:38:49.717843: | 17 13 bc 96 3f 57 dd 80 78 cb 0b 86 e5 4e 06 d7 Sep 21 07:38:49.717845: | e6 3d 5d d6 54 d7 af 24 30 3b 6d c6 9f ae 1a b0 Sep 21 07:38:49.717847: | a4 01 20 5d 2f 7e b0 c9 2d 85 b4 c2 e8 56 a9 90 Sep 21 07:38:49.717850: | b1 da e8 68 19 f3 3f da ef 4f 70 3c a9 8c 5e 08 Sep 21 07:38:49.717852: | 26 3a 81 e1 42 bb 88 6b 3e 33 da 88 81 29 71 42 Sep 21 07:38:49.717854: | 25 cb 9a ea db 2b 4c 35 29 92 68 73 9b 2a 3f d6 Sep 21 07:38:49.717856: | 4b e7 5b 0e 6c fb a8 08 56 89 cc 1f 0f 93 4a 13 Sep 21 07:38:49.717858: | b0 1a a7 f7 9e 85 4e 49 6f d7 f6 fb 48 c1 2f 8c Sep 21 07:38:49.717861: | 85 d9 c2 8c fe b8 4c 21 d1 8a 88 c3 8a ec 7c b4 Sep 21 07:38:49.717863: | f2 fc 01 bf b4 ef 2b 55 47 81 f6 ea 9a e4 83 e1 Sep 21 07:38:49.717865: | 3f f4 48 72 53 06 90 b9 12 61 24 1c a4 e7 64 dd Sep 21 07:38:49.717867: | 0e c4 d6 c3 02 5b e5 68 fb 93 35 de bc 9e 6d b3 Sep 21 07:38:49.717870: | 02 24 43 f3 ce 11 8a 3b 29 00 00 24 3d d4 8d 79 Sep 21 07:38:49.717872: | b7 f1 57 d1 e3 de 86 49 5c b7 97 31 24 53 32 a0 Sep 21 07:38:49.717874: | 7f ba 50 ba 0a 56 d2 23 6c 46 66 07 29 00 00 08 Sep 21 07:38:49.717876: | 00 00 40 2e 29 00 00 1c 00 00 40 04 43 45 b1 46 Sep 21 07:38:49.717878: | b7 18 26 19 a8 29 5d c9 76 ae da 46 82 c9 2b 4c Sep 21 07:38:49.717881: | 00 00 00 1c 00 00 40 05 df af 3c f6 79 4f 24 c0 Sep 21 07:38:49.717883: | d8 96 8e fe 11 27 e6 61 41 a3 35 ff Sep 21 07:38:49.717978: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:38:49.717984: | libevent_free: release ptr-libevent@0x55de3c089ec0 Sep 21 07:38:49.717986: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55de3c089e80 Sep 21 07:38:49.717989: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:38:49.717992: "northnet-eastnet" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:38:49.717998: | event_schedule: new EVENT_RETRANSMIT-pe@0x55de3c089e80 Sep 21 07:38:49.718001: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Sep 21 07:38:49.718003: | libevent_malloc: new ptr-libevent@0x55de3c089ec0 size 128 Sep 21 07:38:49.718008: | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 50176.086262 Sep 21 07:38:49.718011: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Sep 21 07:38:49.718016: | #1 spent 1.57 milliseconds in resume sending helper answer Sep 21 07:38:49.718021: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:38:49.718024: | libevent_free: release ptr-libevent@0x7f947c006900 Sep 21 07:38:49.721377: | spent 0.0023 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:38:49.721400: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:38:49.721403: | 1b 4a a3 ae a4 7b 22 0d af 24 43 63 c6 85 f5 b2 Sep 21 07:38:49.721405: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Sep 21 07:38:49.721408: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:38:49.721410: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:38:49.721412: | 04 00 00 0e 28 00 01 08 00 0e 00 00 c6 04 30 e1 Sep 21 07:38:49.721414: | 26 19 b5 09 1d d9 97 95 b0 80 e3 72 f8 09 2c 5b Sep 21 07:38:49.721416: | f4 e9 07 31 eb af 20 15 f0 5e 1e 9a 3f f4 62 a0 Sep 21 07:38:49.721419: | f8 df 26 ac 12 23 17 39 e1 cc 5d d4 f8 dc cb 41 Sep 21 07:38:49.721421: | 48 53 8e eb 74 ca 5a 2c a8 56 4d f4 19 a4 1b f8 Sep 21 07:38:49.721423: | b5 9c 04 85 e4 d7 59 4e 8c 12 34 c2 ea c7 e4 c6 Sep 21 07:38:49.721427: | 5d 0f e2 aa a1 17 2f 45 1d 52 45 c5 27 54 07 44 Sep 21 07:38:49.721429: | 9f a8 da 1c be aa 38 6d dc 3e 44 df f3 ea db a7 Sep 21 07:38:49.721431: | 60 5c 25 57 c4 d8 31 ff 5e 14 d9 ec 23 83 a0 92 Sep 21 07:38:49.721434: | 5e 7f a4 16 f2 0f da 62 68 9b f9 1b 23 91 c7 06 Sep 21 07:38:49.721436: | cc 61 62 80 50 a5 e4 6c c4 6b cb 32 f5 d3 92 c5 Sep 21 07:38:49.721438: | b9 c0 17 1d fa 2d cf e5 3e 21 16 7b f4 f4 90 d0 Sep 21 07:38:49.721440: | 5d 33 6e d4 e7 f2 05 da 97 f9 68 95 e2 e7 df 00 Sep 21 07:38:49.721443: | e5 c4 8d 53 b3 d0 a1 f1 0a 5e 80 72 36 31 ff 6a Sep 21 07:38:49.721445: | e7 c4 c2 a9 2f b7 ae 02 31 55 b1 cf 4d e7 a4 15 Sep 21 07:38:49.721447: | 51 a9 62 19 c9 0f b4 52 3c aa 32 e7 0c ae d0 f2 Sep 21 07:38:49.721450: | 6e 26 ff 2d 30 62 89 40 f8 79 6d 95 29 00 00 24 Sep 21 07:38:49.721452: | fd cb 7c 9b 62 ac 35 72 9c a9 de 77 90 c2 7c f6 Sep 21 07:38:49.721454: | db d0 79 12 67 14 ba bb 31 0d cd 50 c0 21 18 e2 Sep 21 07:38:49.721456: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:38:49.721458: | 70 81 e8 e9 dd a0 f1 cc 97 c9 e9 b3 0d 80 3b 53 Sep 21 07:38:49.721461: | 9e c2 93 f0 00 00 00 1c 00 00 40 05 64 e4 31 4e Sep 21 07:38:49.721463: | 48 d1 96 6e 54 42 9a 58 e9 b3 82 af 96 ed 60 77 Sep 21 07:38:49.721467: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:38:49.721471: | **parse ISAKMP Message: Sep 21 07:38:49.721473: | initiator cookie: Sep 21 07:38:49.721475: | 1b 4a a3 ae a4 7b 22 0d Sep 21 07:38:49.721478: | responder cookie: Sep 21 07:38:49.721480: | af 24 43 63 c6 85 f5 b2 Sep 21 07:38:49.721482: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:38:49.721485: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:38:49.721488: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:38:49.721490: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:38:49.721493: | Message ID: 0 (0x0) Sep 21 07:38:49.721495: | length: 432 (0x1b0) Sep 21 07:38:49.721498: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:38:49.721501: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Sep 21 07:38:49.721504: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Sep 21 07:38:49.721511: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:38:49.721515: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:38:49.721518: | #1 is idle Sep 21 07:38:49.721520: | #1 idle Sep 21 07:38:49.721522: | unpacking clear payload Sep 21 07:38:49.721525: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:38:49.721528: | ***parse IKEv2 Security Association Payload: Sep 21 07:38:49.721530: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:38:49.721533: | flags: none (0x0) Sep 21 07:38:49.721535: | length: 40 (0x28) Sep 21 07:38:49.721537: | processing payload: ISAKMP_NEXT_v2SA (len=36) Sep 21 07:38:49.721540: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:38:49.721543: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:38:49.721545: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:38:49.721547: | flags: none (0x0) Sep 21 07:38:49.721549: | length: 264 (0x108) Sep 21 07:38:49.721552: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:38:49.721554: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:38:49.721556: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:38:49.721559: | ***parse IKEv2 Nonce Payload: Sep 21 07:38:49.721561: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:38:49.721563: | flags: none (0x0) Sep 21 07:38:49.721566: | length: 36 (0x24) Sep 21 07:38:49.721568: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:38:49.721570: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:38:49.721574: | ***parse IKEv2 Notify Payload: Sep 21 07:38:49.721577: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:38:49.721579: | flags: none (0x0) Sep 21 07:38:49.721581: | length: 8 (0x8) Sep 21 07:38:49.721584: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:49.721586: | SPI size: 0 (0x0) Sep 21 07:38:49.721589: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:38:49.721591: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:38:49.721593: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:38:49.721596: | ***parse IKEv2 Notify Payload: Sep 21 07:38:49.721598: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:38:49.721600: | flags: none (0x0) Sep 21 07:38:49.721602: | length: 28 (0x1c) Sep 21 07:38:49.721605: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:49.721607: | SPI size: 0 (0x0) Sep 21 07:38:49.721609: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:38:49.721612: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:38:49.721614: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:38:49.721616: | ***parse IKEv2 Notify Payload: Sep 21 07:38:49.721619: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:49.721621: | flags: none (0x0) Sep 21 07:38:49.721623: | length: 28 (0x1c) Sep 21 07:38:49.721625: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:49.721628: | SPI size: 0 (0x0) Sep 21 07:38:49.721630: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:38:49.721632: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:38:49.721635: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Sep 21 07:38:49.721641: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:38:49.721644: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:38:49.721646: | Now let's proceed with state specific processing Sep 21 07:38:49.721649: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:38:49.721653: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Sep 21 07:38:49.721669: | using existing local IKE proposals for connection northnet-eastnet (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:38:49.721672: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Sep 21 07:38:49.721676: | local proposal 1 type ENCR has 1 transforms Sep 21 07:38:49.721678: | local proposal 1 type PRF has 2 transforms Sep 21 07:38:49.721681: | local proposal 1 type INTEG has 1 transforms Sep 21 07:38:49.721683: | local proposal 1 type DH has 8 transforms Sep 21 07:38:49.721685: | local proposal 1 type ESN has 0 transforms Sep 21 07:38:49.721689: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:38:49.721691: | local proposal 2 type ENCR has 1 transforms Sep 21 07:38:49.721694: | local proposal 2 type PRF has 2 transforms Sep 21 07:38:49.721696: | local proposal 2 type INTEG has 1 transforms Sep 21 07:38:49.721698: | local proposal 2 type DH has 8 transforms Sep 21 07:38:49.721701: | local proposal 2 type ESN has 0 transforms Sep 21 07:38:49.721704: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:38:49.721706: | local proposal 3 type ENCR has 1 transforms Sep 21 07:38:49.721709: | local proposal 3 type PRF has 2 transforms Sep 21 07:38:49.721711: | local proposal 3 type INTEG has 2 transforms Sep 21 07:38:49.721715: | local proposal 3 type DH has 8 transforms Sep 21 07:38:49.721717: | local proposal 3 type ESN has 0 transforms Sep 21 07:38:49.721720: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:38:49.721723: | local proposal 4 type ENCR has 1 transforms Sep 21 07:38:49.721725: | local proposal 4 type PRF has 2 transforms Sep 21 07:38:49.721727: | local proposal 4 type INTEG has 2 transforms Sep 21 07:38:49.721730: | local proposal 4 type DH has 8 transforms Sep 21 07:38:49.721732: | local proposal 4 type ESN has 0 transforms Sep 21 07:38:49.721735: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:38:49.721738: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:38:49.721740: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:38:49.721742: | length: 36 (0x24) Sep 21 07:38:49.721745: | prop #: 1 (0x1) Sep 21 07:38:49.721747: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:38:49.721749: | spi size: 0 (0x0) Sep 21 07:38:49.721752: | # transforms: 3 (0x3) Sep 21 07:38:49.721755: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:38:49.721758: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:49.721760: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.721762: | length: 12 (0xc) Sep 21 07:38:49.721765: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:38:49.721767: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:38:49.721770: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:38:49.721772: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:38:49.721775: | length/value: 256 (0x100) Sep 21 07:38:49.721779: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:38:49.721781: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:49.721789: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.721791: | length: 8 (0x8) Sep 21 07:38:49.721794: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:49.721796: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:38:49.721800: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:38:49.721802: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:49.721804: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:38:49.721807: | length: 8 (0x8) Sep 21 07:38:49.721809: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.721811: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:38:49.721815: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:38:49.721818: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:38:49.721823: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:38:49.721825: | remote proposal 1 matches local proposal 1 Sep 21 07:38:49.721828: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Sep 21 07:38:49.721830: | converting proposal to internal trans attrs Sep 21 07:38:49.721846: | natd_hash: hasher=0x55de3a4f67a0(20) Sep 21 07:38:49.721848: | natd_hash: icookie= 1b 4a a3 ae a4 7b 22 0d Sep 21 07:38:49.721851: | natd_hash: rcookie= af 24 43 63 c6 85 f5 b2 Sep 21 07:38:49.721853: | natd_hash: ip= c0 01 03 21 Sep 21 07:38:49.721855: | natd_hash: port= 01 f4 Sep 21 07:38:49.721858: | natd_hash: hash= 64 e4 31 4e 48 d1 96 6e 54 42 9a 58 e9 b3 82 af Sep 21 07:38:49.721860: | natd_hash: hash= 96 ed 60 77 Sep 21 07:38:49.721865: | natd_hash: hasher=0x55de3a4f67a0(20) Sep 21 07:38:49.721868: | natd_hash: icookie= 1b 4a a3 ae a4 7b 22 0d Sep 21 07:38:49.721870: | natd_hash: rcookie= af 24 43 63 c6 85 f5 b2 Sep 21 07:38:49.721872: | natd_hash: ip= c0 01 02 17 Sep 21 07:38:49.721876: | natd_hash: port= 01 f4 Sep 21 07:38:49.721879: | natd_hash: hash= 70 81 e8 e9 dd a0 f1 cc 97 c9 e9 b3 0d 80 3b 53 Sep 21 07:38:49.721881: | natd_hash: hash= 9e c2 93 f0 Sep 21 07:38:49.721883: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:38:49.721885: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:38:49.721888: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:38:49.721891: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:38:49.721894: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:38:49.721898: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Sep 21 07:38:49.721901: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:38:49.721903: | #1 STATE_PARENT_I1: retransmits: cleared Sep 21 07:38:49.721907: | libevent_free: release ptr-libevent@0x55de3c089ec0 Sep 21 07:38:49.721910: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55de3c089e80 Sep 21 07:38:49.721912: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55de3c089e80 Sep 21 07:38:49.721916: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:38:49.721919: | libevent_malloc: new ptr-libevent@0x55de3c089ec0 size 128 Sep 21 07:38:49.721929: | #1 spent 0.273 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Sep 21 07:38:49.721932: | crypto helper 3 resuming Sep 21 07:38:49.721935: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:38:49.721945: | crypto helper 3 starting work-order 2 for state #1 Sep 21 07:38:49.721952: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Sep 21 07:38:49.721959: | crypto helper 3 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Sep 21 07:38:49.721961: | suspending state #1 and saving MD Sep 21 07:38:49.721969: | #1 is busy; has a suspended MD Sep 21 07:38:49.721973: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:38:49.721976: | "northnet-eastnet" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:38:49.721981: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:38:49.721985: | #1 spent 0.587 milliseconds in ikev2_process_packet() Sep 21 07:38:49.721989: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:38:49.721992: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:38:49.721995: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:38:49.721998: | spent 0.6 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:38:49.722963: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:38:49.723420: | crypto helper 3 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.00146 seconds Sep 21 07:38:49.723428: | (#1) spent 1.46 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Sep 21 07:38:49.723431: | crypto helper 3 sending results from work-order 2 for state #1 to event queue Sep 21 07:38:49.723434: | scheduling resume sending helper answer for #1 Sep 21 07:38:49.723438: | libevent_malloc: new ptr-libevent@0x7f9474006b90 size 128 Sep 21 07:38:49.723446: | crypto helper 3 waiting (nothing to do) Sep 21 07:38:49.723456: | processing resume sending helper answer for #1 Sep 21 07:38:49.723463: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:38:49.723467: | crypto helper 3 replies to request ID 2 Sep 21 07:38:49.723469: | calling continuation function 0x55de3a420630 Sep 21 07:38:49.723472: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Sep 21 07:38:49.723480: | creating state object #2 at 0x55de3c08eeb0 Sep 21 07:38:49.723487: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:38:49.723491: | pstats #2 ikev2.child started Sep 21 07:38:49.723494: | duplicating state object #1 "northnet-eastnet" as #2 for IPSEC SA Sep 21 07:38:49.723499: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:38:49.723506: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:38:49.723511: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Sep 21 07:38:49.723516: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Sep 21 07:38:49.723519: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:38:49.723523: | libevent_free: release ptr-libevent@0x55de3c089ec0 Sep 21 07:38:49.723526: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55de3c089e80 Sep 21 07:38:49.723529: | event_schedule: new EVENT_SA_REPLACE-pe@0x55de3c089e80 Sep 21 07:38:49.723532: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Sep 21 07:38:49.723535: | libevent_malloc: new ptr-libevent@0x55de3c089ec0 size 128 Sep 21 07:38:49.723539: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Sep 21 07:38:49.723545: | **emit ISAKMP Message: Sep 21 07:38:49.723548: | initiator cookie: Sep 21 07:38:49.723550: | 1b 4a a3 ae a4 7b 22 0d Sep 21 07:38:49.723553: | responder cookie: Sep 21 07:38:49.723555: | af 24 43 63 c6 85 f5 b2 Sep 21 07:38:49.723558: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:38:49.723561: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:38:49.723564: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:38:49.723567: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:38:49.723569: | Message ID: 1 (0x1) Sep 21 07:38:49.723572: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:38:49.723576: | ***emit IKEv2 Encryption Payload: Sep 21 07:38:49.723579: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:49.723581: | flags: none (0x0) Sep 21 07:38:49.723585: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:38:49.723588: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:38:49.723591: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:38:49.723599: | IKEv2 CERT: send a certificate? Sep 21 07:38:49.723602: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Sep 21 07:38:49.723605: | IDr payload will NOT be sent Sep 21 07:38:49.723619: | ****emit IKEv2 Identification - Initiator - Payload: Sep 21 07:38:49.723623: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:49.723625: | flags: none (0x0) Sep 21 07:38:49.723628: | ID type: ID_IPV4_ADDR (0x1) Sep 21 07:38:49.723632: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Sep 21 07:38:49.723635: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:38:49.723638: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Sep 21 07:38:49.723641: | my identity c0 01 03 21 Sep 21 07:38:49.723644: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Sep 21 07:38:49.723652: | not sending INITIAL_CONTACT Sep 21 07:38:49.723655: | ****emit IKEv2 Authentication Payload: Sep 21 07:38:49.723658: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:49.723661: | flags: none (0x0) Sep 21 07:38:49.723664: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:38:49.723667: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:38:49.723672: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:38:49.723675: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Sep 21 07:38:49.723682: | started looking for secret for 192.1.3.33->192.1.2.23 of kind PKK_PSK Sep 21 07:38:49.723686: | actually looking for secret for 192.1.3.33->192.1.2.23 of kind PKK_PSK Sep 21 07:38:49.723690: | line 1: key type PKK_PSK(192.1.3.33) to type PKK_PSK Sep 21 07:38:49.723695: | 1: compared key (none) to 192.1.3.33 / 192.1.2.23 -> 002 Sep 21 07:38:49.723700: | 2: compared key (none) to 192.1.3.33 / 192.1.2.23 -> 002 Sep 21 07:38:49.723703: | line 1: match=002 Sep 21 07:38:49.723706: | match 002 beats previous best_match 000 match=0x55de3c07d5d0 (line=1) Sep 21 07:38:49.723709: | concluding with best_match=002 best=0x55de3c07d5d0 (lineno=1) Sep 21 07:38:49.723772: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Sep 21 07:38:49.723775: | PSK auth 30 6e b0 bf 21 53 78 e3 70 2f 0d 44 12 3f 2d 1a Sep 21 07:38:49.723778: | PSK auth 34 e3 e0 99 b6 55 a4 59 f7 2d 2c 3d 96 f4 ad ec Sep 21 07:38:49.723780: | PSK auth 9c b5 85 f2 72 fc f4 2d 20 4b 3e d4 4f 6e c8 44 Sep 21 07:38:49.723786: | PSK auth 39 dd 5f bf 91 47 55 71 42 56 55 2e 69 88 6d 86 Sep 21 07:38:49.723792: | emitting length of IKEv2 Authentication Payload: 72 Sep 21 07:38:49.723794: | getting first pending from state #1 Sep 21 07:38:49.724219: | netlink_get_spi: allocated 0x657ee0be for esp.0@192.1.3.33 Sep 21 07:38:49.724224: | constructing ESP/AH proposals with all DH removed for northnet-eastnet (IKE SA initiator emitting ESP/AH proposals) Sep 21 07:38:49.724229: | converting proposal AES_CBC_256-HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:38:49.724235: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:38:49.724240: "northnet-eastnet": constructed local ESP/AH proposals for northnet-eastnet (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:38:49.724251: | Emitting ikev2_proposals ... Sep 21 07:38:49.724255: | ****emit IKEv2 Security Association Payload: Sep 21 07:38:49.724257: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:49.724260: | flags: none (0x0) Sep 21 07:38:49.724264: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:38:49.724267: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:38:49.724270: | discarding DH=NONE Sep 21 07:38:49.724272: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:38:49.724275: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:38:49.724278: | prop #: 1 (0x1) Sep 21 07:38:49.724280: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:38:49.724283: | spi size: 4 (0x4) Sep 21 07:38:49.724285: | # transforms: 3 (0x3) Sep 21 07:38:49.724288: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:38:49.724292: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:38:49.724294: | our spi 65 7e e0 be Sep 21 07:38:49.724297: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.724299: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.724302: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:38:49.724305: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:38:49.724308: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.724311: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:38:49.724316: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:38:49.724319: | length/value: 256 (0x100) Sep 21 07:38:49.724322: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:38:49.724325: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.724327: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.724330: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:38:49.724333: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:38:49.724336: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.724339: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.724342: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.724344: | discarding DH=NONE Sep 21 07:38:49.724347: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.724349: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:38:49.724352: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:38:49.724355: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:38:49.724358: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.724361: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.724364: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.724366: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:38:49.724369: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:38:49.724372: | emitting length of IKEv2 Security Association Payload: 44 Sep 21 07:38:49.724375: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:38:49.724379: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:38:49.724382: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:49.724384: | flags: none (0x0) Sep 21 07:38:49.724387: | number of TS: 1 (0x1) Sep 21 07:38:49.724390: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:38:49.724393: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:38:49.724396: | *****emit IKEv2 Traffic Selector: Sep 21 07:38:49.724399: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:38:49.724401: | IP Protocol ID: 0 (0x0) Sep 21 07:38:49.724404: | start port: 0 (0x0) Sep 21 07:38:49.724406: | end port: 65535 (0xffff) Sep 21 07:38:49.724410: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:38:49.724412: | IP start c0 00 03 00 Sep 21 07:38:49.724415: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:38:49.724417: | IP end c0 00 03 ff Sep 21 07:38:49.724420: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:38:49.724423: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:38:49.724425: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:38:49.724428: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:49.724430: | flags: none (0x0) Sep 21 07:38:49.724433: | number of TS: 1 (0x1) Sep 21 07:38:49.724436: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:38:49.724440: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:38:49.724442: | *****emit IKEv2 Traffic Selector: Sep 21 07:38:49.724447: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:38:49.724450: | IP Protocol ID: 0 (0x0) Sep 21 07:38:49.724452: | start port: 0 (0x0) Sep 21 07:38:49.724455: | end port: 65535 (0xffff) Sep 21 07:38:49.724458: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:38:49.724460: | IP start c0 00 02 00 Sep 21 07:38:49.724463: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:38:49.724465: | IP end c0 00 02 ff Sep 21 07:38:49.724468: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:38:49.724470: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:38:49.724473: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:38:49.724476: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:38:49.724478: | Adding a v2N Payload Sep 21 07:38:49.724481: | ****emit IKEv2 Notify Payload: Sep 21 07:38:49.724484: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:49.724486: | flags: none (0x0) Sep 21 07:38:49.724489: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:49.724491: | SPI size: 0 (0x0) Sep 21 07:38:49.724494: | Notify Message Type: v2N_MOBIKE_SUPPORTED (0x400c) Sep 21 07:38:49.724498: | next payload chain: setting previous 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:38:49.724500: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:38:49.724503: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:38:49.724507: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:38:49.724510: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:38:49.724513: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:38:49.724516: | emitting length of IKEv2 Encryption Payload: 213 Sep 21 07:38:49.724519: | emitting length of ISAKMP Message: 241 Sep 21 07:38:49.724537: | suspend processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:38:49.724542: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:38:49.724547: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Sep 21 07:38:49.724550: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Sep 21 07:38:49.724553: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Sep 21 07:38:49.724556: | Message ID: updating counters for #2 to 0 after switching state Sep 21 07:38:49.724562: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Sep 21 07:38:49.724567: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Sep 21 07:38:49.724572: "northnet-eastnet" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:38:49.724580: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:38:49.724586: | sending 241 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:38:49.724589: | 1b 4a a3 ae a4 7b 22 0d af 24 43 63 c6 85 f5 b2 Sep 21 07:38:49.724591: | 2e 20 23 08 00 00 00 01 00 00 00 f1 23 00 00 d5 Sep 21 07:38:49.724594: | 78 a2 28 20 4e a1 7e 8d 13 2f 79 f2 ab e2 72 97 Sep 21 07:38:49.724596: | b0 7e e4 cb 36 f0 86 7d db f7 44 e8 a6 bd 68 c0 Sep 21 07:38:49.724599: | ac ea 8e 90 f5 01 ff 45 2b cf ba d9 9d 7b 50 9b Sep 21 07:38:49.724601: | 89 d0 f4 77 1a 3e 58 12 f1 7c 82 c8 f8 7b 65 0b Sep 21 07:38:49.724605: | 98 61 ef 04 e4 c4 d8 d2 3e e0 ab 35 6a b8 01 92 Sep 21 07:38:49.724608: | 03 b8 58 3e 48 89 98 12 93 26 63 96 4d 26 4c bc Sep 21 07:38:49.724610: | 0b eb 54 10 67 aa 07 9e a6 f5 1f 5a e1 25 0a 88 Sep 21 07:38:49.724613: | 07 bb 69 ff 1a ac 4a 59 61 3f 48 33 aa 37 b9 d6 Sep 21 07:38:49.724615: | 71 9d a4 c8 00 13 a5 fc ab 7b 0d d3 67 b7 e4 08 Sep 21 07:38:49.724618: | b0 ae 60 da ef 9d 4f 4c e5 e0 41 94 50 ac 6c b5 Sep 21 07:38:49.724620: | 13 a9 f4 33 fa 15 3e b1 a5 0b 27 9c d8 73 dc ed Sep 21 07:38:49.724623: | af 87 4b 5e 4b 5e de 38 2c c6 4d 39 45 29 89 a6 Sep 21 07:38:49.724625: | 15 58 d7 3a 15 f8 3b 93 83 a5 7b 5a be f6 64 08 Sep 21 07:38:49.724628: | 89 Sep 21 07:38:49.724679: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:38:49.724683: "northnet-eastnet" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:38:49.724689: | event_schedule: new EVENT_RETRANSMIT-pe@0x55de3c08c400 Sep 21 07:38:49.724692: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 Sep 21 07:38:49.724696: | libevent_malloc: new ptr-libevent@0x55de3c08c4e0 size 128 Sep 21 07:38:49.724701: | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 50176.092953 Sep 21 07:38:49.724705: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:38:49.724711: | #1 spent 1.21 milliseconds in resume sending helper answer Sep 21 07:38:49.724716: | stop processing: state #2 connection "northnet-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:38:49.724720: | libevent_free: release ptr-libevent@0x7f9474006b90 Sep 21 07:38:49.860157: | spent 0.00252 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:38:49.860178: | *received 241 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:38:49.860182: | 1b 4a a3 ae a4 7b 22 0d af 24 43 63 c6 85 f5 b2 Sep 21 07:38:49.860184: | 2e 20 23 20 00 00 00 01 00 00 00 f1 29 00 00 d5 Sep 21 07:38:49.860187: | 06 15 45 6e 5e bb 66 0c 7c 0b 4c 8b db ad 3e 84 Sep 21 07:38:49.860189: | d4 30 43 8a e5 3e ae ee 2e ae 15 77 fe 50 8e 9c Sep 21 07:38:49.860191: | 00 e2 91 e1 07 f1 59 38 22 bb c4 c8 13 11 0f 9d Sep 21 07:38:49.860194: | 31 c6 4f a9 f4 4b c5 c0 ff 33 72 12 db 28 98 8a Sep 21 07:38:49.860196: | 8d 2a 27 c8 a7 09 eb 3c bf 7b 43 cf fc 0f 07 67 Sep 21 07:38:49.860198: | f2 e5 7b 5a 2e 20 02 ca 34 c8 6f 89 0e 0f 13 cd Sep 21 07:38:49.860200: | ff 13 25 4a fe ae 99 4b 7f 9e 8c e6 d1 86 91 96 Sep 21 07:38:49.860202: | 93 8f fe ab 1e ed f3 a6 89 47 3d f3 d3 f3 10 ad Sep 21 07:38:49.860204: | 10 46 2d 65 25 c8 16 0e a4 91 41 b6 5f f1 a1 07 Sep 21 07:38:49.860206: | 23 12 60 be b0 30 71 ba 10 63 56 27 55 14 49 e7 Sep 21 07:38:49.860208: | 50 60 c8 7b 76 b9 15 dd 51 8e 4b b9 a8 40 21 d0 Sep 21 07:38:49.860211: | 7c dc 53 53 20 f1 38 0f 2f 89 7d 7d c5 48 59 09 Sep 21 07:38:49.860213: | d7 e1 38 d3 0d 84 21 cb 8b 6e 43 d5 04 7d 29 b7 Sep 21 07:38:49.860215: | 53 Sep 21 07:38:49.860219: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:38:49.860224: | **parse ISAKMP Message: Sep 21 07:38:49.860226: | initiator cookie: Sep 21 07:38:49.860228: | 1b 4a a3 ae a4 7b 22 0d Sep 21 07:38:49.860231: | responder cookie: Sep 21 07:38:49.860233: | af 24 43 63 c6 85 f5 b2 Sep 21 07:38:49.860235: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:38:49.860238: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:38:49.860241: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:38:49.860243: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:38:49.860245: | Message ID: 1 (0x1) Sep 21 07:38:49.860248: | length: 241 (0xf1) Sep 21 07:38:49.860250: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:38:49.860254: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:38:49.860261: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:38:49.860268: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:38:49.860272: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:38:49.860277: | suspend processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:38:49.860281: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:38:49.860284: | #2 is idle Sep 21 07:38:49.860286: | #2 idle Sep 21 07:38:49.860289: | unpacking clear payload Sep 21 07:38:49.860292: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:38:49.860295: | ***parse IKEv2 Encryption Payload: Sep 21 07:38:49.860297: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:38:49.860300: | flags: none (0x0) Sep 21 07:38:49.860302: | length: 213 (0xd5) Sep 21 07:38:49.860304: | processing payload: ISAKMP_NEXT_v2SK (len=209) Sep 21 07:38:49.860307: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:38:49.860323: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:38:49.860326: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:38:49.860329: | **parse IKEv2 Notify Payload: Sep 21 07:38:49.860331: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:38:49.860334: | flags: none (0x0) Sep 21 07:38:49.860336: | length: 8 (0x8) Sep 21 07:38:49.860338: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:49.860341: | SPI size: 0 (0x0) Sep 21 07:38:49.860343: | Notify Message Type: v2N_MOBIKE_SUPPORTED (0x400c) Sep 21 07:38:49.860346: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:38:49.860348: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:38:49.860351: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:38:49.860354: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:38:49.860356: | flags: none (0x0) Sep 21 07:38:49.860358: | length: 12 (0xc) Sep 21 07:38:49.860361: | ID type: ID_IPV4_ADDR (0x1) Sep 21 07:38:49.860364: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Sep 21 07:38:49.860366: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:38:49.860369: | **parse IKEv2 Authentication Payload: Sep 21 07:38:49.860371: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:38:49.860373: | flags: none (0x0) Sep 21 07:38:49.860376: | length: 72 (0x48) Sep 21 07:38:49.860378: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:38:49.860381: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Sep 21 07:38:49.860383: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:38:49.860386: | **parse IKEv2 Security Association Payload: Sep 21 07:38:49.860388: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:38:49.860390: | flags: none (0x0) Sep 21 07:38:49.860393: | length: 44 (0x2c) Sep 21 07:38:49.860395: | processing payload: ISAKMP_NEXT_v2SA (len=40) Sep 21 07:38:49.860397: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:38:49.860400: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:38:49.860402: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:38:49.860405: | flags: none (0x0) Sep 21 07:38:49.860407: | length: 24 (0x18) Sep 21 07:38:49.860409: | number of TS: 1 (0x1) Sep 21 07:38:49.860412: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:38:49.860414: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:38:49.860417: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:38:49.860419: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:49.860421: | flags: none (0x0) Sep 21 07:38:49.860424: | length: 24 (0x18) Sep 21 07:38:49.860426: | number of TS: 1 (0x1) Sep 21 07:38:49.860428: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:38:49.860430: | selected state microcode Initiator: process IKE_AUTH response Sep 21 07:38:49.860435: | Now let's proceed with state specific processing Sep 21 07:38:49.860437: | calling processor Initiator: process IKE_AUTH response Sep 21 07:38:49.860441: | received v2N_MOBIKE_SUPPORTED and sent Sep 21 07:38:49.860445: | parsing 4 raw bytes of IKEv2 Identification - Responder - Payload into peer ID Sep 21 07:38:49.860447: | peer ID c0 01 02 17 Sep 21 07:38:49.860451: | offered CA: '%none' Sep 21 07:38:49.860456: "northnet-eastnet" #2: IKEv2 mode peer ID is ID_IPV4_ADDR: '192.1.2.23' Sep 21 07:38:49.860498: | verifying AUTH payload Sep 21 07:38:49.860503: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Sep 21 07:38:49.860508: | started looking for secret for 192.1.3.33->192.1.2.23 of kind PKK_PSK Sep 21 07:38:49.860512: | actually looking for secret for 192.1.3.33->192.1.2.23 of kind PKK_PSK Sep 21 07:38:49.860515: | line 1: key type PKK_PSK(192.1.3.33) to type PKK_PSK Sep 21 07:38:49.860520: | 1: compared key (none) to 192.1.3.33 / 192.1.2.23 -> 002 Sep 21 07:38:49.860524: | 2: compared key (none) to 192.1.3.33 / 192.1.2.23 -> 002 Sep 21 07:38:49.860527: | line 1: match=002 Sep 21 07:38:49.860530: | match 002 beats previous best_match 000 match=0x55de3c07d5d0 (line=1) Sep 21 07:38:49.860532: | concluding with best_match=002 best=0x55de3c07d5d0 (lineno=1) Sep 21 07:38:49.860597: "northnet-eastnet" #2: Authenticated using authby=secret Sep 21 07:38:49.860605: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Sep 21 07:38:49.860609: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Sep 21 07:38:49.860612: | state #1 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:38:49.860616: | libevent_free: release ptr-libevent@0x55de3c089ec0 Sep 21 07:38:49.860619: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55de3c089e80 Sep 21 07:38:49.860622: | event_schedule: new EVENT_SA_REKEY-pe@0x55de3c089e80 Sep 21 07:38:49.860625: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Sep 21 07:38:49.860628: | libevent_malloc: new ptr-libevent@0x55de3c089ec0 size 128 Sep 21 07:38:49.861190: | pstats #1 ikev2.ike established Sep 21 07:38:49.861200: | TSi: parsing 1 traffic selectors Sep 21 07:38:49.861204: | ***parse IKEv2 Traffic Selector: Sep 21 07:38:49.861207: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:38:49.861209: | IP Protocol ID: 0 (0x0) Sep 21 07:38:49.861211: | length: 16 (0x10) Sep 21 07:38:49.861212: | start port: 0 (0x0) Sep 21 07:38:49.861214: | end port: 65535 (0xffff) Sep 21 07:38:49.861217: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:38:49.861219: | TS low c0 00 03 00 Sep 21 07:38:49.861221: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:38:49.861222: | TS high c0 00 03 ff Sep 21 07:38:49.861224: | TSi: parsed 1 traffic selectors Sep 21 07:38:49.861226: | TSr: parsing 1 traffic selectors Sep 21 07:38:49.861228: | ***parse IKEv2 Traffic Selector: Sep 21 07:38:49.861230: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:38:49.861232: | IP Protocol ID: 0 (0x0) Sep 21 07:38:49.861234: | length: 16 (0x10) Sep 21 07:38:49.861236: | start port: 0 (0x0) Sep 21 07:38:49.861237: | end port: 65535 (0xffff) Sep 21 07:38:49.861239: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:38:49.861241: | TS low c0 00 02 00 Sep 21 07:38:49.861243: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:38:49.861245: | TS high c0 00 02 ff Sep 21 07:38:49.861247: | TSr: parsed 1 traffic selectors Sep 21 07:38:49.861252: | evaluating our conn="northnet-eastnet" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:38:49.861257: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:38:49.861263: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:38:49.861266: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:38:49.861268: | TSi[0] port match: YES fitness 65536 Sep 21 07:38:49.861273: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:38:49.861276: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:38:49.861280: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:38:49.861284: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:38:49.861287: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:38:49.861289: | TSr[0] port match: YES fitness 65536 Sep 21 07:38:49.861291: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:38:49.861293: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:38:49.861295: | best fit so far: TSi[0] TSr[0] Sep 21 07:38:49.861297: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:38:49.861299: | printing contents struct traffic_selector Sep 21 07:38:49.861301: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:38:49.861303: | ipprotoid: 0 Sep 21 07:38:49.861305: | port range: 0-65535 Sep 21 07:38:49.861308: | ip range: 192.0.3.0-192.0.3.255 Sep 21 07:38:49.861310: | printing contents struct traffic_selector Sep 21 07:38:49.861312: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:38:49.861313: | ipprotoid: 0 Sep 21 07:38:49.861315: | port range: 0-65535 Sep 21 07:38:49.861318: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:38:49.861325: | using existing local ESP/AH proposals for northnet-eastnet (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:38:49.861328: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals Sep 21 07:38:49.861335: | local proposal 1 type ENCR has 1 transforms Sep 21 07:38:49.861337: | local proposal 1 type PRF has 0 transforms Sep 21 07:38:49.861339: | local proposal 1 type INTEG has 1 transforms Sep 21 07:38:49.861341: | local proposal 1 type DH has 1 transforms Sep 21 07:38:49.861343: | local proposal 1 type ESN has 1 transforms Sep 21 07:38:49.861346: | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:38:49.861349: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:38:49.861352: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:38:49.861355: | length: 40 (0x28) Sep 21 07:38:49.861357: | prop #: 1 (0x1) Sep 21 07:38:49.861359: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:38:49.861361: | spi size: 4 (0x4) Sep 21 07:38:49.861364: | # transforms: 3 (0x3) Sep 21 07:38:49.861367: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:38:49.861369: | remote SPI dd 14 16 dd Sep 21 07:38:49.861372: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals Sep 21 07:38:49.861375: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:49.861377: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.861379: | length: 12 (0xc) Sep 21 07:38:49.861381: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:38:49.861383: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:38:49.861385: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:38:49.861388: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:38:49.861390: | length/value: 256 (0x100) Sep 21 07:38:49.861393: | remote proposal 1 transform 0 (ENCR=AES_CBC_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:38:49.861396: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:49.861398: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.861400: | length: 8 (0x8) Sep 21 07:38:49.861401: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:38:49.861404: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:38:49.861407: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_256_128) matches local proposal 1 type 3 (INTEG) transform 0 Sep 21 07:38:49.861409: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:49.861413: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:38:49.861415: | length: 8 (0x8) Sep 21 07:38:49.861417: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:38:49.861419: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:38:49.861421: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:38:49.861424: | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none Sep 21 07:38:49.861428: | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN Sep 21 07:38:49.861430: | remote proposal 1 matches local proposal 1 Sep 21 07:38:49.861433: | remote accepted the proposal 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED[first-match] Sep 21 07:38:49.861437: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=dd1416dd;ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Sep 21 07:38:49.861439: | converting proposal to internal trans attrs Sep 21 07:38:49.861445: | ignored received NOTIFY (16396): v2N_MOBIKE_SUPPORTED Sep 21 07:38:49.861448: | integ=sha2_256: .key_size=32 encrypt=aes: .key_size=32 .salt_size=0 keymat_len=64 Sep 21 07:38:49.861591: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:38:49.861596: | could_route called for northnet-eastnet (kind=CK_PERMANENT) Sep 21 07:38:49.861598: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:38:49.861601: | conn northnet-eastnet mark 0/00000000, 0/00000000 vs Sep 21 07:38:49.861603: | conn northnet-eastnet mark 0/00000000, 0/00000000 Sep 21 07:38:49.861609: | route owner of "northnet-eastnet" unrouted: NULL; eroute owner: NULL Sep 21 07:38:49.861612: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA2_256_128 Sep 21 07:38:49.861615: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12 Sep 21 07:38:49.861617: | st->st_esp.keymat_len=64 is encrypt_keymat_size=32 + integ_keymat_size=32 Sep 21 07:38:49.861621: | setting IPsec SA replay-window to 32 Sep 21 07:38:49.861624: | NIC esp-hw-offload not for connection 'northnet-eastnet' not available on interface eth1 Sep 21 07:38:49.861627: | netlink: enabling tunnel mode Sep 21 07:38:49.861629: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:38:49.861631: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:38:49.861981: | netlink response for Add SA esp.dd1416dd@192.1.2.23 included non-error error Sep 21 07:38:49.861990: | set up outgoing SA, ref=0/0 Sep 21 07:38:49.861993: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA2_256_128 Sep 21 07:38:49.861996: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12 Sep 21 07:38:49.861998: | st->st_esp.keymat_len=64 is encrypt_keymat_size=32 + integ_keymat_size=32 Sep 21 07:38:49.862002: | setting IPsec SA replay-window to 32 Sep 21 07:38:49.862005: | NIC esp-hw-offload not for connection 'northnet-eastnet' not available on interface eth1 Sep 21 07:38:49.862007: | netlink: enabling tunnel mode Sep 21 07:38:49.862009: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:38:49.862012: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:38:49.862152: | netlink response for Add SA esp.657ee0be@192.1.3.33 included non-error error Sep 21 07:38:49.862158: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Sep 21 07:38:49.862165: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Sep 21 07:38:49.862169: | IPsec Sa SPD priority set to 1042407 Sep 21 07:38:49.862353: | raw_eroute result=success Sep 21 07:38:49.862359: | set up incoming SA, ref=0/0 Sep 21 07:38:49.862362: | sr for #2: unrouted Sep 21 07:38:49.862365: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:38:49.862368: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:38:49.862371: | conn northnet-eastnet mark 0/00000000, 0/00000000 vs Sep 21 07:38:49.862377: | conn northnet-eastnet mark 0/00000000, 0/00000000 Sep 21 07:38:49.862381: | route owner of "northnet-eastnet" unrouted: NULL; eroute owner: NULL Sep 21 07:38:49.862385: | route_and_eroute with c: northnet-eastnet (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:38:49.862388: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Sep 21 07:38:49.862395: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:38:49.862398: | IPsec Sa SPD priority set to 1042407 Sep 21 07:38:49.862488: | raw_eroute result=success Sep 21 07:38:49.862494: | running updown command "ipsec _updown" for verb up Sep 21 07:38:49.862497: | command executing up-client Sep 21 07:38:49.862522: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' Sep 21 07:38:49.862525: | popen cmd is 1052 chars long Sep 21 07:38:49.862528: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' P: Sep 21 07:38:49.862530: | cmd( 80):LUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY: Sep 21 07:38:49.862532: | cmd( 160):_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' : Sep 21 07:38:49.862535: | cmd( 240):PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLU: Sep 21 07:38:49.862537: | cmd( 320):TO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='1: Sep 21 07:38:49.862539: | cmd( 400):92.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PL: Sep 21 07:38:49.862541: | cmd( 480):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Sep 21 07:38:49.862543: | cmd( 560): PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+: Sep 21 07:38:49.862545: | cmd( 640):ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUT: Sep 21 07:38:49.862548: | cmd( 720):O_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_: Sep 21 07:38:49.862550: | cmd( 800):PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNE: Sep 21 07:38:49.862552: | cmd( 880):R='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE: Sep 21 07:38:49.862554: | cmd( 960):='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xdd1416dd SPI_OUT=0x657ee0be ipsec : Sep 21 07:38:49.862556: | cmd(1040):_updown 2>&1: Sep 21 07:38:49.896925: | route_and_eroute: firewall_notified: true Sep 21 07:38:49.896938: | running updown command "ipsec _updown" for verb prepare Sep 21 07:38:49.896942: | command executing prepare-client Sep 21 07:38:49.896973: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S Sep 21 07:38:49.896982: | popen cmd is 1057 chars long Sep 21 07:38:49.896985: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:38:49.896988: | cmd( 80):et' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLU: Sep 21 07:38:49.896991: | cmd( 160):TO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.: Sep 21 07:38:49.896994: | cmd( 240):3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Sep 21 07:38:49.896996: | cmd( 320):' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_: Sep 21 07:38:49.896999: | cmd( 400):ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.: Sep 21 07:38:49.897001: | cmd( 480):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Sep 21 07:38:49.897004: | cmd( 560):L='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=: Sep 21 07:38:49.897007: | cmd( 640):'PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO': Sep 21 07:38:49.897009: | cmd( 720): PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUT: Sep 21 07:38:49.897012: | cmd( 800):O_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_: Sep 21 07:38:49.897014: | cmd( 880):BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_: Sep 21 07:38:49.897017: | cmd( 960):IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xdd1416dd SPI_OUT=0x657ee0be i: Sep 21 07:38:49.897019: | cmd(1040):psec _updown 2>&1: Sep 21 07:38:49.918630: | running updown command "ipsec _updown" for verb route Sep 21 07:38:49.918647: | command executing route-client Sep 21 07:38:49.918678: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARE Sep 21 07:38:49.918682: | popen cmd is 1055 chars long Sep 21 07:38:49.918685: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Sep 21 07:38:49.918688: | cmd( 80):' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO: Sep 21 07:38:49.918690: | cmd( 160):_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.: Sep 21 07:38:49.918693: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : Sep 21 07:38:49.918695: | cmd( 320):PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: Sep 21 07:38:49.918698: | cmd( 400):='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0': Sep 21 07:38:49.918704: | cmd( 480): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Sep 21 07:38:49.918707: | cmd( 560):'0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='P: Sep 21 07:38:49.918710: | cmd( 640):SK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' P: Sep 21 07:38:49.918712: | cmd( 720):LUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_: Sep 21 07:38:49.918715: | cmd( 800):IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BA: Sep 21 07:38:49.918717: | cmd( 880):NNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IF: Sep 21 07:38:49.918720: | cmd( 960):ACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xdd1416dd SPI_OUT=0x657ee0be ips: Sep 21 07:38:49.918722: | cmd(1040):ec _updown 2>&1: Sep 21 07:38:49.944042: | route_and_eroute: instance "northnet-eastnet", setting eroute_owner {spd=0x55de3c0890b0,sr=0x55de3c0890b0} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:38:49.944140: | #1 spent 0.939 milliseconds in install_ipsec_sa() Sep 21 07:38:49.944148: | inR2: instance northnet-eastnet[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:38:49.944152: | state #2 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:38:49.944155: | #2 STATE_PARENT_I2: retransmits: cleared Sep 21 07:38:49.944160: | libevent_free: release ptr-libevent@0x55de3c08c4e0 Sep 21 07:38:49.944164: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55de3c08c400 Sep 21 07:38:49.944169: | #2 spent 1.65 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Sep 21 07:38:49.944176: | [RE]START processing: state #2 connection "northnet-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:38:49.944180: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Sep 21 07:38:49.944183: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Sep 21 07:38:49.944187: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:38:49.944190: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:38:49.944195: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Sep 21 07:38:49.944201: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:38:49.944204: | pstats #2 ikev2.child established Sep 21 07:38:49.944213: "northnet-eastnet" #2: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Sep 21 07:38:49.944225: | NAT-T: encaps is 'auto' Sep 21 07:38:49.944231: "northnet-eastnet" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xdd1416dd <0x657ee0be xfrm=AES_CBC_256-HMAC_SHA2_256_128 NATOA=none NATD=none DPD=passive} Sep 21 07:38:49.944236: | releasing whack for #2 (sock=fd@27) Sep 21 07:38:49.944239: | close_any(fd@27) (in release_whack() at state.c:654) Sep 21 07:38:49.944242: | releasing whack and unpending for parent #1 Sep 21 07:38:49.944244: | unpending state #1 connection "northnet-eastnet" Sep 21 07:38:49.944249: | delete from pending Child SA with 192.1.2.23 "northnet-eastnet" Sep 21 07:38:49.944251: | removing pending policy for no connection {0x55de3c0194a0} Sep 21 07:38:49.944258: | close_any(fd@26) (in release_whack() at state.c:654) Sep 21 07:38:49.944263: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Sep 21 07:38:49.944266: | event_schedule: new EVENT_SA_REKEY-pe@0x55de3c08c400 Sep 21 07:38:49.944269: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Sep 21 07:38:49.944273: | libevent_malloc: new ptr-libevent@0x55de3c08c4e0 size 128 Sep 21 07:38:49.944280: | stop processing: state #2 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:38:49.944288: | #1 spent 2.04 milliseconds in ikev2_process_packet() Sep 21 07:38:49.944292: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:38:49.944295: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:38:49.944298: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:38:49.944302: | spent 2.05 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:38:49.944313: | processing signal PLUTO_SIGCHLD Sep 21 07:38:49.944318: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:49.944323: | spent 0.00501 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:38:49.944325: | processing signal PLUTO_SIGCHLD Sep 21 07:38:49.944328: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:49.944332: | spent 0.00329 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:38:49.944334: | processing signal PLUTO_SIGCHLD Sep 21 07:38:49.944337: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:49.944341: | spent 0.00332 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:38:51.177328: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:38:51.177352: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:38:51.177356: | FOR_EACH_STATE_... in sort_states Sep 21 07:38:51.177364: | get_sa_info esp.657ee0be@192.1.3.33 Sep 21 07:38:51.177381: | get_sa_info esp.dd1416dd@192.1.2.23 Sep 21 07:38:51.177401: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:38:51.177408: | spent 0.0903 milliseconds in whack Sep 21 07:38:56.493685: | kernel_process_msg_cb process netlink message Sep 21 07:38:56.493704: | netlink_get: XFRM_MSG_UPDPOLICY message Sep 21 07:38:56.493713: | spent 0.00923 milliseconds in kernel message Sep 21 07:38:56.547749: | kernel_process_msg_cb process netlink message Sep 21 07:38:56.547768: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:38:56.547774: | spent 0.0073 milliseconds in kernel message Sep 21 07:38:56.600085: | kernel_process_msg_cb process netlink message Sep 21 07:38:56.600116: | netlink_get: XFRM_MSG_GETPOLICY message Sep 21 07:38:56.600118: | xfrm netlink address change RTM_DELADDR msg len 80 Sep 21 07:38:56.600122: | XFRM RTM_DELADDR 192.1.3.33 IFA_LOCAL Sep 21 07:38:56.600124: | FOR_EACH_STATE_... in record_deladdr (for_each_state) Sep 21 07:38:56.600129: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23:500 (in for_each_state() at state.c:1572) Sep 21 07:38:56.600132: | stop processing: state #2 connection "northnet-eastnet" from 192.1.2.23:500 (in for_each_state() at state.c:1574) Sep 21 07:38:56.600137: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in for_each_state() at state.c:1572) Sep 21 07:38:56.600140: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:38:56.600143: | conn northnet-eastnet mark 0/00000000, 0/00000000 vs Sep 21 07:38:56.600146: | conn northnet-eastnet mark 0/00000000, 0/00000000 Sep 21 07:38:56.600161: | route owner of "northnet-eastnet" unrouted: NULL Sep 21 07:38:56.600164: | running updown command "ipsec _updown" for verb down Sep 21 07:38:56.600167: | command executing down-client Sep 21 07:38:56.600195: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051529' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VT Sep 21 07:38:56.600203: | popen cmd is 1063 chars long Sep 21 07:38:56.600206: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet': Sep 21 07:38:56.600208: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_: Sep 21 07:38:56.600211: | cmd( 160):MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0: Sep 21 07:38:56.600213: | cmd( 240):' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' P: Sep 21 07:38:56.600215: | cmd( 320):LUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=: Sep 21 07:38:56.600218: | cmd( 400):'192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' : Sep 21 07:38:56.600220: | cmd( 480):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Sep 21 07:38:56.600222: | cmd( 560):0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051529' PLUTO_CONN_P: Sep 21 07:38:56.600225: | cmd( 640):OLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+E: Sep 21 07:38:56.600227: | cmd( 720):SN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=: Sep 21 07:38:56.600229: | cmd( 800):0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO: Sep 21 07:38:56.600232: | cmd( 880):_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0: Sep 21 07:38:56.600234: | cmd( 960):' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xdd1416dd SPI_OUT=0x657e: Sep 21 07:38:56.600236: | cmd(1040):e0be ipsec _updown 2>&1: Sep 21 07:38:56.607544: | running updown command "ipsec _updown" for verb unroute Sep 21 07:38:56.607557: | command executing unroute-client Sep 21 07:38:56.607577: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051529' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING=' Sep 21 07:38:56.607579: | popen cmd is 1066 chars long Sep 21 07:38:56.607582: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:38:56.607583: | cmd( 80):et' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLU: Sep 21 07:38:56.607585: | cmd( 160):TO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.: Sep 21 07:38:56.607587: | cmd( 240):3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Sep 21 07:38:56.607588: | cmd( 320):' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_: Sep 21 07:38:56.607590: | cmd( 400):ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.: Sep 21 07:38:56.607591: | cmd( 480):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Sep 21 07:38:56.607593: | cmd( 560):L='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051529' PLUTO_CON: Sep 21 07:38:56.607596: | cmd( 640):N_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIK: Sep 21 07:38:56.607598: | cmd( 720):E+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAIL: Sep 21 07:38:56.607600: | cmd( 800):ED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PL: Sep 21 07:38:56.607601: | cmd( 880):UTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED: Sep 21 07:38:56.607603: | cmd( 960):='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xdd1416dd SPI_OUT=0x6: Sep 21 07:38:56.607604: | cmd(1040):57ee0be ipsec _updown 2>&1: Sep 21 07:38:56.615464: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.615487: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.615491: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.615495: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.615504: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.615519: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.615533: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.615546: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.615559: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.615571: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.615585: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.615599: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.615614: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.615627: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.615640: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.615652: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.615667: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.615679: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.615692: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.615705: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.615718: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.615732: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.616026: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.616038: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.616052: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.620078: | event_schedule: new EVENT_v2_ADDR_CHANGE-pe@0x7f947c002b20 Sep 21 07:38:56.620090: | inserting event EVENT_v2_ADDR_CHANGE, timeout in 0 seconds for #1 Sep 21 07:38:56.620093: | libevent_malloc: new ptr-libevent@0x55de3c08e6f0 size 128 Sep 21 07:38:56.620101: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in for_each_state() at state.c:1574) Sep 21 07:38:56.620104: | IKEv2 received address RTM_DELADDR type 3 Sep 21 07:38:56.620105: | IKEv2 received address RTM_DELADDR type 8 Sep 21 07:38:56.620107: | IKEv2 received address RTM_DELADDR type 6 Sep 21 07:38:56.620113: | netlink_get: XFRM_MSG_UPDPOLICY message Sep 21 07:38:56.620116: | netlink_get: XFRM_MSG_UPDPOLICY message Sep 21 07:38:56.620118: | netlink_get: XFRM_MSG_UPDPOLICY message Sep 21 07:38:56.620120: | netlink_get: XFRM_MSG_UPDPOLICY message Sep 21 07:38:56.620125: | spent 0.627 milliseconds in kernel message Sep 21 07:38:56.620137: | timer_event_cb: processing event@0x7f947c002b20 Sep 21 07:38:56.620141: | handling event EVENT_v2_ADDR_CHANGE for parent state #1 Sep 21 07:38:56.620147: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:38:56.620150: | #1 IKEv2 local address change Sep 21 07:38:56.620398: | #1 MOBIKE new source address 192.1.8.22 remote 192.1.2.23:500 and gateway 192.1.8.254 Sep 21 07:38:56.620403: | Opening output PBS mobike informational request Sep 21 07:38:56.620407: | **emit ISAKMP Message: Sep 21 07:38:56.620409: | initiator cookie: Sep 21 07:38:56.620412: | 1b 4a a3 ae a4 7b 22 0d Sep 21 07:38:56.620414: | responder cookie: Sep 21 07:38:56.620416: | af 24 43 63 c6 85 f5 b2 Sep 21 07:38:56.620419: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:38:56.620422: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:38:56.620425: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:38:56.620428: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:38:56.620431: | Message ID: 2 (0x2) Sep 21 07:38:56.620434: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:38:56.620437: | ***emit IKEv2 Encryption Payload: Sep 21 07:38:56.620439: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:56.620442: | flags: none (0x0) Sep 21 07:38:56.620445: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:38:56.620448: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'mobike informational request' Sep 21 07:38:56.620451: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:38:56.620461: | Adding a v2N Payload Sep 21 07:38:56.620463: | ****emit IKEv2 Notify Payload: Sep 21 07:38:56.620466: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:56.620468: | flags: none (0x0) Sep 21 07:38:56.620471: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:56.620473: | SPI size: 0 (0x0) Sep 21 07:38:56.620476: | Notify Message Type: v2N_UPDATE_SA_ADDRESSES (0x4010) Sep 21 07:38:56.620479: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:38:56.620482: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Sep 21 07:38:56.620485: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:38:56.620488: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:38:56.620503: | natd_hash: hasher=0x55de3a4f67a0(20) Sep 21 07:38:56.620506: | natd_hash: icookie= 1b 4a a3 ae a4 7b 22 0d Sep 21 07:38:56.620508: | natd_hash: rcookie= af 24 43 63 c6 85 f5 b2 Sep 21 07:38:56.620510: | natd_hash: ip= c0 01 08 16 Sep 21 07:38:56.620513: | natd_hash: port= 01 f4 Sep 21 07:38:56.620515: | natd_hash: hash= 98 89 63 fc af cc 7c 4c 73 1e 3d fe d8 f8 75 cd Sep 21 07:38:56.620517: | natd_hash: hash= af 5c 2a 2b Sep 21 07:38:56.620519: | Adding a v2N Payload Sep 21 07:38:56.620522: | ****emit IKEv2 Notify Payload: Sep 21 07:38:56.620524: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:56.620526: | flags: none (0x0) Sep 21 07:38:56.620529: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:56.620531: | SPI size: 0 (0x0) Sep 21 07:38:56.620534: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:38:56.620537: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:38:56.620539: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Sep 21 07:38:56.620543: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:38:56.620545: | Notify data 98 89 63 fc af cc 7c 4c 73 1e 3d fe d8 f8 75 cd Sep 21 07:38:56.620546: | Notify data af 5c 2a 2b Sep 21 07:38:56.620548: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:38:56.620552: | natd_hash: hasher=0x55de3a4f67a0(20) Sep 21 07:38:56.620554: | natd_hash: icookie= 1b 4a a3 ae a4 7b 22 0d Sep 21 07:38:56.620556: | natd_hash: rcookie= af 24 43 63 c6 85 f5 b2 Sep 21 07:38:56.620557: | natd_hash: ip= c0 01 02 17 Sep 21 07:38:56.620560: | natd_hash: port= 01 f4 Sep 21 07:38:56.620562: | natd_hash: hash= 70 81 e8 e9 dd a0 f1 cc 97 c9 e9 b3 0d 80 3b 53 Sep 21 07:38:56.620565: | natd_hash: hash= 9e c2 93 f0 Sep 21 07:38:56.620567: | Adding a v2N Payload Sep 21 07:38:56.620569: | ****emit IKEv2 Notify Payload: Sep 21 07:38:56.620571: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:56.620574: | flags: none (0x0) Sep 21 07:38:56.620576: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:56.620578: | SPI size: 0 (0x0) Sep 21 07:38:56.620581: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:38:56.620584: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:38:56.620586: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Sep 21 07:38:56.620589: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:38:56.620591: | Notify data 70 81 e8 e9 dd a0 f1 cc 97 c9 e9 b3 0d 80 3b 53 Sep 21 07:38:56.620593: | Notify data 9e c2 93 f0 Sep 21 07:38:56.620596: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:38:56.620598: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:38:56.620602: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:38:56.620604: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:38:56.620607: | emitting length of IKEv2 Encryption Payload: 93 Sep 21 07:38:56.620609: | emitting length of ISAKMP Message: 121 Sep 21 07:38:56.620625: | sending 121 bytes for mobike informational request through eth1 from 192.1.8.22:500 to 192.1.2.23:500 (using #1) Sep 21 07:38:56.620628: | 1b 4a a3 ae a4 7b 22 0d af 24 43 63 c6 85 f5 b2 Sep 21 07:38:56.620630: | 2e 20 25 08 00 00 00 02 00 00 00 79 29 00 00 5d Sep 21 07:38:56.620632: | ae 1a f6 e1 63 98 dc 90 a6 ff 4a 58 cd 8f 35 fe Sep 21 07:38:56.620634: | 5b 26 09 d3 99 84 c9 dd 28 44 aa 2e 4c 52 4a 60 Sep 21 07:38:56.620637: | b7 c9 35 9a c9 37 71 5d 5d 64 a1 db 8e b6 2e b5 Sep 21 07:38:56.620639: | be d7 25 e2 bd 54 4e ee e4 9f 23 83 d9 fb 0a 04 Sep 21 07:38:56.620641: | 66 57 ae 11 10 c5 5f 65 93 60 f1 7d ed a8 4c 74 Sep 21 07:38:56.620643: | 65 e9 23 0b 33 ea 0d 7a 41 Sep 21 07:38:56.620724: | Message ID: #1 XXX: in initiate_mobike_probe() hacking around record'n'send bypassing send queue; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:38:56.620731: | Message ID: sent #1 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->2 wip.responder=-1 Sep 21 07:38:56.620735: | libevent_free: release ptr-libevent@0x55de3c08e6f0 Sep 21 07:38:56.620737: | free_event_entry: release EVENT_v2_ADDR_CHANGE-pe@0x7f947c002b20 Sep 21 07:38:56.620742: | #1 spent 0.549 milliseconds in timer_event_cb() EVENT_v2_ADDR_CHANGE Sep 21 07:38:56.620745: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:38:56.620747: | processing signal PLUTO_SIGCHLD Sep 21 07:38:56.620750: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:56.620753: | spent 0.00338 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:38:56.620756: | processing signal PLUTO_SIGCHLD Sep 21 07:38:56.620758: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:56.620760: | spent 0.0022 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:38:56.621330: | spent 0.00177 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:38:56.621342: | *received 113 bytes from 192.1.2.23:500 on eth1 (192.1.8.22:500) Sep 21 07:38:56.621344: | 1b 4a a3 ae a4 7b 22 0d af 24 43 63 c6 85 f5 b2 Sep 21 07:38:56.621345: | 2e 20 25 20 00 00 00 02 00 00 00 71 29 00 00 55 Sep 21 07:38:56.621347: | 8a 98 ba 78 2d 66 13 a1 6b 61 32 08 e0 b4 0a 21 Sep 21 07:38:56.621348: | fa 3b e3 02 f1 e1 b3 cd 86 30 97 8c 2b a8 cd 2f Sep 21 07:38:56.621349: | 46 79 6a e7 3d c9 2d 8d 06 45 dc d4 79 35 6a 61 Sep 21 07:38:56.621351: | c6 cc 62 5b 31 f4 5c b3 32 eb d4 2c f2 36 3a b9 Sep 21 07:38:56.621352: | e1 1a ad ea ff 81 5f 14 e3 e1 b5 af 76 fd ef 1e Sep 21 07:38:56.621353: | 21 Sep 21 07:38:56.621356: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:38:56.621358: | **parse ISAKMP Message: Sep 21 07:38:56.621359: | initiator cookie: Sep 21 07:38:56.621361: | 1b 4a a3 ae a4 7b 22 0d Sep 21 07:38:56.621362: | responder cookie: Sep 21 07:38:56.621363: | af 24 43 63 c6 85 f5 b2 Sep 21 07:38:56.621365: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:38:56.621367: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:38:56.621368: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:38:56.621370: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:38:56.621371: | Message ID: 2 (0x2) Sep 21 07:38:56.621373: | length: 113 (0x71) Sep 21 07:38:56.621374: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:38:56.621376: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response Sep 21 07:38:56.621379: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:38:56.621382: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:38:56.621385: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:38:56.621387: | #1 is idle Sep 21 07:38:56.621388: | #1 idle Sep 21 07:38:56.621389: | unpacking clear payload Sep 21 07:38:56.621391: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:38:56.621393: | ***parse IKEv2 Encryption Payload: Sep 21 07:38:56.621394: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:38:56.621396: | flags: none (0x0) Sep 21 07:38:56.621397: | length: 85 (0x55) Sep 21 07:38:56.621399: | processing payload: ISAKMP_NEXT_v2SK (len=81) Sep 21 07:38:56.621400: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:38:56.621408: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:38:56.621409: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:38:56.621411: | **parse IKEv2 Notify Payload: Sep 21 07:38:56.621412: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:38:56.621414: | flags: none (0x0) Sep 21 07:38:56.621415: | length: 28 (0x1c) Sep 21 07:38:56.621417: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:56.621418: | SPI size: 0 (0x0) Sep 21 07:38:56.621420: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:38:56.621421: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:38:56.621422: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:38:56.621424: | **parse IKEv2 Notify Payload: Sep 21 07:38:56.621425: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:56.621427: | flags: none (0x0) Sep 21 07:38:56.621428: | length: 28 (0x1c) Sep 21 07:38:56.621429: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:56.621431: | SPI size: 0 (0x0) Sep 21 07:38:56.621432: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:38:56.621434: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:38:56.621437: | selected state microcode I3: Informational Request Sep 21 07:38:56.621438: | Now let's proceed with state specific processing Sep 21 07:38:56.621440: | calling processor I3: Informational Request Sep 21 07:38:56.621442: | an informational response Sep 21 07:38:56.621443: | TODO: process v2N_NAT_DETECTION_SOURCE_IP in MOBIKE response Sep 21 07:38:56.621445: | TODO: process v2N_NAT_DETECTION_DESTINATION_IP in MOBIKE response Sep 21 07:38:56.621448: | #2 pst=#1 MOBIKE update local address 192.1.3.33:500 -> 192.1.8.22:500 Sep 21 07:38:56.621453: | initiator migrate kernel SA esp.dd1416dd@192.1.3.33:500 to 192.1.8.22:500 reqid=16389 XFRM_OUT Sep 21 07:38:56.621484: | initiator migrate kernel SA esp.657ee0be@192.1.3.33:500 to 192.1.8.22:500 reqid=16389 XFRM_IN Sep 21 07:38:56.621504: | initiator migrate kernel SA esp.657ee0be@192.1.3.33:500 to 192.1.8.22:500 reqid=16389 XFRM_FWD Sep 21 07:38:56.621513: "northnet-eastnet" #1: success MOBIKE update local address 192.1.3.33:500 -> 192.1.8.22:500 Sep 21 07:38:56.621515: | free hp@0x55de3c054a20 Sep 21 07:38:56.621518: | connect_to_host_pair: 192.1.8.22:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:38:56.621520: | new hp@0x55de3c08c700 Sep 21 07:38:56.621522: | running updown command "ipsec _updown" for verb up Sep 21 07:38:56.621524: | command executing up-client Sep 21 07:38:56.621540: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051529' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S Sep 21 07:38:56.621543: | popen cmd is 1062 chars long Sep 21 07:38:56.621544: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' P: Sep 21 07:38:56.621546: | cmd( 80):LUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_M: Sep 21 07:38:56.621548: | cmd( 160):Y_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0': Sep 21 07:38:56.621549: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL: Sep 21 07:38:56.621551: | cmd( 320):UTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=': Sep 21 07:38:56.621552: | cmd( 400):192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' P: Sep 21 07:38:56.621553: | cmd( 480):LUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0: Sep 21 07:38:56.621555: | cmd( 560):' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051529' PLUTO_CONN_PO: Sep 21 07:38:56.621556: | cmd( 640):LICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ES: Sep 21 07:38:56.621558: | cmd( 720):N_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0: Sep 21 07:38:56.621559: | cmd( 800): PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_: Sep 21 07:38:56.621561: | cmd( 880):PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0': Sep 21 07:38:56.621562: | cmd( 960): VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xdd1416dd SPI_OUT=0x657ee: Sep 21 07:38:56.621564: | cmd(1040):0be ipsec _updown 2>&1: Sep 21 07:38:56.628220: | running updown command "ipsec _updown" for verb route Sep 21 07:38:56.628230: | command executing route-client Sep 21 07:38:56.628249: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051529' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' Sep 21 07:38:56.628251: | popen cmd is 1065 chars long Sep 21 07:38:56.628253: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Sep 21 07:38:56.628255: | cmd( 80):' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUT: Sep 21 07:38:56.628257: | cmd( 160):O_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3: Sep 21 07:38:56.628258: | cmd( 240):.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0': Sep 21 07:38:56.628260: | cmd( 320): PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_I: Sep 21 07:38:56.628261: | cmd( 400):D='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0: Sep 21 07:38:56.628263: | cmd( 480):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Sep 21 07:38:56.628265: | cmd( 560):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051529' PLUTO_CONN: Sep 21 07:38:56.628266: | cmd( 640):_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE: Sep 21 07:38:56.628268: | cmd( 720):+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILE: Sep 21 07:38:56.628269: | cmd( 800):D=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLU: Sep 21 07:38:56.628271: | cmd( 880):TO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED=: Sep 21 07:38:56.628272: | cmd( 960):'0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xdd1416dd SPI_OUT=0x65: Sep 21 07:38:56.628274: | cmd(1040):7ee0be ipsec _updown 2>&1: Sep 21 07:38:56.636834: | #1 updating local interface from 192.1.8.22:500 to 192.1.8.22:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:38:56.636845: "northnet-eastnet" #1: MOBIKE response: updating IPsec SA Sep 21 07:38:56.636847: | Received an INFORMATIONAL non-delete request; updating liveness, no longer pending. Sep 21 07:38:56.636855: | #1 spent 0.312 milliseconds in processing: I3: Informational Request in ikev2_process_state_packet() Sep 21 07:38:56.636859: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:38:56.636862: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:38:56.636865: | Message ID: updating counters for #1 to 2 after switching state Sep 21 07:38:56.636868: | Message ID: recv #1 response 2; ike: initiator.sent=2 initiator.recv=1->2 responder.sent=-1 responder.recv=-1 wip.initiator=2->-1 wip.responder=-1 Sep 21 07:38:56.636871: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:38:56.636873: | STATE_PARENT_I3: PARENT SA established Sep 21 07:38:56.636879: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:38:56.636883: | #1 spent 0.447 milliseconds in ikev2_process_packet() Sep 21 07:38:56.636886: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:38:56.636888: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:38:56.636890: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:38:56.636892: | spent 0.457 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:38:56.636902: | processing signal PLUTO_SIGCHLD Sep 21 07:38:56.636906: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:56.636908: | spent 0.00347 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:38:56.636910: | processing signal PLUTO_SIGCHLD Sep 21 07:38:56.636912: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:56.636914: | spent 0.00232 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:39:09.271841: | processing global timer EVENT_SHUNT_SCAN Sep 21 07:39:09.271870: | expiring aged bare shunts from shunt table Sep 21 07:39:09.271875: | spent 0.00366 milliseconds in global timer EVENT_SHUNT_SCAN Sep 21 07:39:11.201655: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:39:11.201725: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:39:11.201738: | FOR_EACH_STATE_... in sort_states Sep 21 07:39:11.201758: | get_sa_info esp.657ee0be@192.1.8.22 Sep 21 07:39:11.201837: | get_sa_info esp.dd1416dd@192.1.2.23 Sep 21 07:39:11.201917: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:39:11.201939: | spent 0.29 milliseconds in whack Sep 21 07:39:11.450986: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:39:11.451862: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:39:11.451895: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:39:11.452213: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:39:11.452232: | FOR_EACH_STATE_... in sort_states Sep 21 07:39:11.452287: | get_sa_info esp.657ee0be@192.1.8.22 Sep 21 07:39:11.452374: | get_sa_info esp.dd1416dd@192.1.2.23 Sep 21 07:39:11.452492: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:39:11.452515: | spent 1.54 milliseconds in whack Sep 21 07:39:11.754777: | spent 0.00275 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:39:11.754813: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.8.22:500) Sep 21 07:39:11.754817: | 1b 4a a3 ae a4 7b 22 0d af 24 43 63 c6 85 f5 b2 Sep 21 07:39:11.754818: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:39:11.754820: | 22 c1 bb 01 d4 59 1c 64 4e a8 67 e8 91 b5 4d 90 Sep 21 07:39:11.754834: | fc a2 3f a0 fa 59 1c 71 da 5c bb ba 54 a6 a8 1e Sep 21 07:39:11.754835: | d3 93 65 9b 17 Sep 21 07:39:11.754838: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:39:11.754841: | **parse ISAKMP Message: Sep 21 07:39:11.754843: | initiator cookie: Sep 21 07:39:11.754848: | 1b 4a a3 ae a4 7b 22 0d Sep 21 07:39:11.754849: | responder cookie: Sep 21 07:39:11.754851: | af 24 43 63 c6 85 f5 b2 Sep 21 07:39:11.754854: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:39:11.754856: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:39:11.754857: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:39:11.754859: | flags: none (0x0) Sep 21 07:39:11.754861: | Message ID: 0 (0x0) Sep 21 07:39:11.754877: | length: 69 (0x45) Sep 21 07:39:11.754879: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:39:11.754881: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:39:11.754885: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:39:11.754889: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:39:11.754897: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:39:11.754904: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:39:11.754907: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:39:11.754912: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 Sep 21 07:39:11.754914: | unpacking clear payload Sep 21 07:39:11.754931: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:39:11.754934: | ***parse IKEv2 Encryption Payload: Sep 21 07:39:11.754937: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:39:11.754939: | flags: none (0x0) Sep 21 07:39:11.754942: | length: 41 (0x29) Sep 21 07:39:11.754944: | processing payload: ISAKMP_NEXT_v2SK (len=37) Sep 21 07:39:11.754950: | Message ID: start-responder #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:39:11.754953: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:39:11.754967: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:39:11.754971: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:39:11.754974: | **parse IKEv2 Delete Payload: Sep 21 07:39:11.754976: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:39:11.754979: | flags: none (0x0) Sep 21 07:39:11.754981: | length: 12 (0xc) Sep 21 07:39:11.754983: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:39:11.754986: | SPI size: 4 (0x4) Sep 21 07:39:11.754988: | number of SPIs: 1 (0x1) Sep 21 07:39:11.754991: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:39:11.754994: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:39:11.754997: | Now let's proceed with state specific processing Sep 21 07:39:11.755000: | calling processor I3: INFORMATIONAL Request Sep 21 07:39:11.755004: | an informational request should send a response Sep 21 07:39:11.755010: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:39:11.755013: | **emit ISAKMP Message: Sep 21 07:39:11.755015: | initiator cookie: Sep 21 07:39:11.755018: | 1b 4a a3 ae a4 7b 22 0d Sep 21 07:39:11.755020: | responder cookie: Sep 21 07:39:11.755023: | af 24 43 63 c6 85 f5 b2 Sep 21 07:39:11.755025: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:39:11.755028: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:39:11.755031: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:39:11.755034: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:39:11.755036: | Message ID: 0 (0x0) Sep 21 07:39:11.755039: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:39:11.755042: | ***emit IKEv2 Encryption Payload: Sep 21 07:39:11.755045: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:39:11.755047: | flags: none (0x0) Sep 21 07:39:11.755051: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:39:11.755055: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:39:11.755058: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:39:11.755066: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:39:11.755069: | SPI dd 14 16 dd Sep 21 07:39:11.755071: | delete PROTO_v2_ESP SA(0xdd1416dd) Sep 21 07:39:11.755075: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Sep 21 07:39:11.755078: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Sep 21 07:39:11.755081: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xdd1416dd) Sep 21 07:39:11.755089: "northnet-eastnet" #1: received Delete SA payload: replace IPsec State #2 now Sep 21 07:39:11.755097: | state #2 requesting EVENT_SA_REKEY to be deleted Sep 21 07:39:11.755102: | libevent_free: release ptr-libevent@0x55de3c08c4e0 Sep 21 07:39:11.755106: | free_event_entry: release EVENT_SA_REKEY-pe@0x55de3c08c400 Sep 21 07:39:11.755110: | event_schedule: new EVENT_SA_REPLACE-pe@0x55de3c08c400 Sep 21 07:39:11.755115: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Sep 21 07:39:11.755119: | libevent_malloc: new ptr-libevent@0x55de3c08c4e0 size 128 Sep 21 07:39:11.755124: | ****emit IKEv2 Delete Payload: Sep 21 07:39:11.755128: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:39:11.755131: | flags: none (0x0) Sep 21 07:39:11.755134: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:39:11.755136: | SPI size: 4 (0x4) Sep 21 07:39:11.755138: | number of SPIs: 1 (0x1) Sep 21 07:39:11.755141: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:39:11.755144: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:39:11.755147: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:39:11.755149: | local SPIs 65 7e e0 be Sep 21 07:39:11.755152: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:39:11.755154: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:39:11.755157: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:39:11.755160: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:39:11.755162: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:39:11.755164: | emitting length of ISAKMP Message: 69 Sep 21 07:39:11.755178: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.8.22:500 to 192.1.2.23:500 (using #1) Sep 21 07:39:11.755182: | 1b 4a a3 ae a4 7b 22 0d af 24 43 63 c6 85 f5 b2 Sep 21 07:39:11.755184: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:39:11.755186: | 2e c9 a1 f8 4d 9f 9d bf 26 13 74 aa 62 2b 8e a8 Sep 21 07:39:11.755188: | 53 99 25 a0 0b ee e2 79 28 61 05 3f 2c 3f 1d ae Sep 21 07:39:11.755190: | f1 ea 49 01 ba Sep 21 07:39:11.755228: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:39:11.755234: | Message ID: sent #1 response 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:39:11.755240: | #1 spent 0.215 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:39:11.755246: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:39:11.755249: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:39:11.755253: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:39:11.755257: | Message ID: recv #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:39:11.755262: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:39:11.755265: "northnet-eastnet" #1: STATE_PARENT_I3: PARENT SA established Sep 21 07:39:11.755270: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:39:11.755275: | #1 spent 0.445 milliseconds in ikev2_process_packet() Sep 21 07:39:11.755280: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:39:11.755283: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:39:11.755287: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:39:11.755292: | spent 0.462 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:39:11.755298: | timer_event_cb: processing event@0x55de3c08c400 Sep 21 07:39:11.755301: | handling event EVENT_SA_REPLACE for child state #2 Sep 21 07:39:11.755306: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:39:11.755310: | picked newest_ipsec_sa #2 for #2 Sep 21 07:39:11.755312: | replacing stale CHILD SA Sep 21 07:39:11.755316: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:39:11.755319: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:39:11.755322: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:39:11.755326: | creating state object #3 at 0x55de3c093f60 Sep 21 07:39:11.755328: | State DB: adding IKEv2 state #3 in UNDEFINED Sep 21 07:39:11.755336: | pstats #3 ikev2.child started Sep 21 07:39:11.755339: | duplicating state object #1 "northnet-eastnet" as #3 for IPSEC SA Sep 21 07:39:11.755343: | #3 setting local endpoint to 192.1.8.22:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:39:11.755350: | Message ID: init_child #1.#3; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:39:11.755355: | suspend processing: state #2 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:39:11.755360: | start processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:39:11.755364: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Sep 21 07:39:11.755367: | create child proposal's DH changed from no-PFS to MODP2048, flushing Sep 21 07:39:11.755371: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnet (ESP/AH initiator emitting proposals) Sep 21 07:39:11.755375: | converting proposal AES_CBC_256-HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:39:11.755381: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:39:11.755385: "northnet-eastnet": constructed local ESP/AH proposals for northnet-eastnet (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:39:11.755390: | #3 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Sep 21 07:39:11.755393: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x7f947c002b20 Sep 21 07:39:11.755396: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Sep 21 07:39:11.755399: | libevent_malloc: new ptr-libevent@0x55de3c08e780 size 128 Sep 21 07:39:11.755404: | RESET processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:39:11.755407: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55de3c08c810 Sep 21 07:39:11.755410: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Sep 21 07:39:11.755413: | libevent_malloc: new ptr-libevent@0x55de3c08e6f0 size 128 Sep 21 07:39:11.755416: | libevent_free: release ptr-libevent@0x55de3c08c4e0 Sep 21 07:39:11.755418: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55de3c08c400 Sep 21 07:39:11.755423: | #2 spent 0.123 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:39:11.755426: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:39:11.755430: | timer_event_cb: processing event@0x7f947c002b20 Sep 21 07:39:11.755433: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Sep 21 07:39:11.755438: | start processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:39:11.755442: | adding Child Rekey Initiator KE and nonce ni work-order 3 for state #3 Sep 21 07:39:11.755447: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55de3c08c400 Sep 21 07:39:11.755451: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:39:11.755453: | libevent_malloc: new ptr-libevent@0x55de3c08c4e0 size 128 Sep 21 07:39:11.755459: | libevent_free: release ptr-libevent@0x55de3c08e780 Sep 21 07:39:11.755462: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x7f947c002b20 Sep 21 07:39:11.755466: | #3 spent 0.0349 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:39:11.755471: | stop processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:39:11.755474: | timer_event_cb: processing event@0x55de3c08c810 Sep 21 07:39:11.755476: | handling event EVENT_SA_EXPIRE for child state #2 Sep 21 07:39:11.755480: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:39:11.755483: | picked newest_ipsec_sa #2 for #2 Sep 21 07:39:11.755486: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:39:11.755489: | pstats #2 ikev2.child re-failed exchange-timeout Sep 21 07:39:11.755491: | pstats #2 ikev2.child deleted completed Sep 21 07:39:11.755492: | crypto helper 5 resuming Sep 21 07:39:11.755494: | #2 spent 1.77 milliseconds in total Sep 21 07:39:11.755505: | crypto helper 5 starting work-order 3 for state #3 Sep 21 07:39:11.755512: | [RE]START processing: state #2 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:39:11.755518: | crypto helper 5 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 Sep 21 07:39:11.755521: "northnet-eastnet" #2: deleting state (STATE_V2_IPSEC_I) aged 22.032s and NOT sending notification Sep 21 07:39:11.755524: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Sep 21 07:39:11.755527: | get_sa_info esp.dd1416dd@192.1.2.23 Sep 21 07:39:11.755540: | get_sa_info esp.657ee0be@192.1.8.22 Sep 21 07:39:11.755547: "northnet-eastnet" #2: ESP traffic information: in=336B out=336B Sep 21 07:39:11.755550: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:39:11.755606: | running updown command "ipsec _updown" for verb down Sep 21 07:39:11.755610: | command executing down-client Sep 21 07:39:11.755650: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051529' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' V Sep 21 07:39:11.755654: | popen cmd is 1064 chars long Sep 21 07:39:11.755657: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet': Sep 21 07:39:11.755660: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO: Sep 21 07:39:11.755662: | cmd( 160):_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.: Sep 21 07:39:11.755665: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : Sep 21 07:39:11.755667: | cmd( 320):PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: Sep 21 07:39:11.755672: | cmd( 400):='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0': Sep 21 07:39:11.755675: | cmd( 480): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Sep 21 07:39:11.755677: | cmd( 560):'0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051529' PLUTO_CONN_: Sep 21 07:39:11.755680: | cmd( 640):POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+: Sep 21 07:39:11.755683: | cmd( 720):ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED: Sep 21 07:39:11.755685: | cmd( 800):=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUT: Sep 21 07:39:11.755688: | cmd( 880):O_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED=': Sep 21 07:39:11.755690: | cmd( 960):0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xdd1416dd SPI_OUT=0x657: Sep 21 07:39:11.755693: | cmd(1040):ee0be ipsec _updown 2>&1: Sep 21 07:39:11.756112: | crypto helper 5 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 time elapsed 0.000594 seconds Sep 21 07:39:11.756121: | (#3) spent 0.597 milliseconds in crypto helper computing work-order 3: Child Rekey Initiator KE and nonce ni (pcr) Sep 21 07:39:11.756123: | crypto helper 5 sending results from work-order 3 for state #3 to event queue Sep 21 07:39:11.756125: | scheduling resume sending helper answer for #3 Sep 21 07:39:11.756127: | libevent_malloc: new ptr-libevent@0x7f9478006900 size 128 Sep 21 07:39:11.756132: | crypto helper 5 waiting (nothing to do) Sep 21 07:39:11.762189: | shunt_eroute() called for connection 'northnet-eastnet' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:39:11.762199: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:39:11.762202: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Sep 21 07:39:11.762204: | IPsec Sa SPD priority set to 1042407 Sep 21 07:39:11.762230: | delete esp.dd1416dd@192.1.2.23 Sep 21 07:39:11.762248: | netlink response for Del SA esp.dd1416dd@192.1.2.23 included non-error error Sep 21 07:39:11.762251: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Sep 21 07:39:11.762254: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.8.22 (raw_eroute) Sep 21 07:39:11.762304: | raw_eroute result=success Sep 21 07:39:11.762307: | delete esp.657ee0be@192.1.8.22 Sep 21 07:39:11.762323: | netlink response for Del SA esp.657ee0be@192.1.8.22 included non-error error Sep 21 07:39:11.762326: | in connection_discard for connection northnet-eastnet Sep 21 07:39:11.762328: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Sep 21 07:39:11.762330: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:39:11.762334: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:39:11.762338: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Sep 21 07:39:11.762339: | can't expire unused IKE SA #1; it has the child #3 Sep 21 07:39:11.762342: | libevent_free: release ptr-libevent@0x55de3c08e6f0 Sep 21 07:39:11.762344: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55de3c08c810 Sep 21 07:39:11.762345: | in statetime_stop() and could not find #2 Sep 21 07:39:11.762347: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:39:11.762358: | spent 0.00178 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:39:11.762366: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.8.22:500) Sep 21 07:39:11.762368: | 1b 4a a3 ae a4 7b 22 0d af 24 43 63 c6 85 f5 b2 Sep 21 07:39:11.762369: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Sep 21 07:39:11.762371: | 75 5c 7d b1 fc 4f e3 44 39 01 2e 6a 03 d7 d8 91 Sep 21 07:39:11.762372: | 2a 5e ff 02 0e 4f 9a ae 70 1a d2 1d 70 ed c6 0a Sep 21 07:39:11.762373: | 8a Sep 21 07:39:11.762376: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:39:11.762380: | **parse ISAKMP Message: Sep 21 07:39:11.762382: | initiator cookie: Sep 21 07:39:11.762383: | 1b 4a a3 ae a4 7b 22 0d Sep 21 07:39:11.762385: | responder cookie: Sep 21 07:39:11.762386: | af 24 43 63 c6 85 f5 b2 Sep 21 07:39:11.762388: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:39:11.762390: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:39:11.762391: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:39:11.762393: | flags: none (0x0) Sep 21 07:39:11.762395: | Message ID: 1 (0x1) Sep 21 07:39:11.762396: | length: 65 (0x41) Sep 21 07:39:11.762398: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:39:11.762400: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:39:11.762402: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:39:11.762406: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:39:11.762407: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:39:11.762410: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:39:11.762412: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:39:11.762415: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 Sep 21 07:39:11.762416: | unpacking clear payload Sep 21 07:39:11.762418: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:39:11.762420: | ***parse IKEv2 Encryption Payload: Sep 21 07:39:11.762421: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:39:11.762423: | flags: none (0x0) Sep 21 07:39:11.762424: | length: 37 (0x25) Sep 21 07:39:11.762426: | processing payload: ISAKMP_NEXT_v2SK (len=33) Sep 21 07:39:11.762429: | Message ID: start-responder #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:39:11.762430: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:39:11.762439: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:39:11.762441: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:39:11.762443: | **parse IKEv2 Delete Payload: Sep 21 07:39:11.762445: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:39:11.762446: | flags: none (0x0) Sep 21 07:39:11.762447: | length: 8 (0x8) Sep 21 07:39:11.762449: | protocol ID: PROTO_v2_IKE (0x1) Sep 21 07:39:11.762450: | SPI size: 0 (0x0) Sep 21 07:39:11.762452: | number of SPIs: 0 (0x0) Sep 21 07:39:11.762453: | processing payload: ISAKMP_NEXT_v2D (len=0) Sep 21 07:39:11.762455: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:39:11.762457: | Now let's proceed with state specific processing Sep 21 07:39:11.762458: | calling processor I3: INFORMATIONAL Request Sep 21 07:39:11.762461: | an informational request should send a response Sep 21 07:39:11.762464: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:39:11.762466: | **emit ISAKMP Message: Sep 21 07:39:11.762468: | initiator cookie: Sep 21 07:39:11.762469: | 1b 4a a3 ae a4 7b 22 0d Sep 21 07:39:11.762471: | responder cookie: Sep 21 07:39:11.762472: | af 24 43 63 c6 85 f5 b2 Sep 21 07:39:11.762473: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:39:11.762475: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:39:11.762477: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:39:11.762479: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:39:11.762480: | Message ID: 1 (0x1) Sep 21 07:39:11.762482: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:39:11.762484: | ***emit IKEv2 Encryption Payload: Sep 21 07:39:11.762485: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:39:11.762488: | flags: none (0x0) Sep 21 07:39:11.762490: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:39:11.762492: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:39:11.762494: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:39:11.762500: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:39:11.762502: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:39:11.762503: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:39:11.762505: | emitting length of IKEv2 Encryption Payload: 29 Sep 21 07:39:11.762506: | emitting length of ISAKMP Message: 57 Sep 21 07:39:11.762514: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.8.22:500 to 192.1.2.23:500 (using #1) Sep 21 07:39:11.762516: | 1b 4a a3 ae a4 7b 22 0d af 24 43 63 c6 85 f5 b2 Sep 21 07:39:11.762530: | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d Sep 21 07:39:11.762532: | fb 1a 9f 02 69 1a 0f 96 8c bf 27 71 5d a6 2a 72 Sep 21 07:39:11.762533: | f6 81 21 7d 6a 9a a5 ef 5f Sep 21 07:39:11.762556: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:39:11.762560: | Message ID: sent #1 response 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:39:11.762562: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Sep 21 07:39:11.762564: | pstats #3 ikev2.child deleted other Sep 21 07:39:11.762566: | #3 spent 0.0349 milliseconds in total Sep 21 07:39:11.762569: | suspend processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:39:11.762572: | start processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:39:11.762574: "northnet-eastnet" #3: deleting other state #3 (STATE_CHILDSA_DEL) aged 0.007s and NOT sending notification Sep 21 07:39:11.762576: | child state #3: CHILDSA_DEL(informational) => delete Sep 21 07:39:11.762578: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:39:11.762580: | libevent_free: release ptr-libevent@0x55de3c08c4e0 Sep 21 07:39:11.762581: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55de3c08c400 Sep 21 07:39:11.762583: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Sep 21 07:39:11.762587: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.8.22 (raw_eroute) Sep 21 07:39:11.762595: | raw_eroute result=success Sep 21 07:39:11.762597: | in connection_discard for connection northnet-eastnet Sep 21 07:39:11.762598: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Sep 21 07:39:11.762600: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:39:11.762603: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:39:11.762606: | resume processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:39:11.762608: | State DB: IKEv2 state not found (delete_my_family) Sep 21 07:39:11.762610: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Sep 21 07:39:11.762611: | pstats #1 ikev2.ike deleted completed Sep 21 07:39:11.762613: | #1 spent 9.33 milliseconds in total Sep 21 07:39:11.762616: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:39:11.762618: "northnet-eastnet" #1: deleting state (STATE_IKESA_DEL) aged 22.047s and NOT sending notification Sep 21 07:39:11.762621: | parent state #1: IKESA_DEL(established IKE SA) => delete Sep 21 07:39:11.762662: | state #1 requesting EVENT_SA_REKEY to be deleted Sep 21 07:39:11.762679: | libevent_free: release ptr-libevent@0x55de3c089ec0 Sep 21 07:39:11.762681: | free_event_entry: release EVENT_SA_REKEY-pe@0x55de3c089e80 Sep 21 07:39:11.762683: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:39:11.762684: | picked newest_isakmp_sa #0 for #1 Sep 21 07:39:11.762686: "northnet-eastnet" #1: deleting IKE SA for connection 'northnet-eastnet' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:39:11.762688: | add revival: connection 'northnet-eastnet' added to the list and scheduled for 0 seconds Sep 21 07:39:11.762690: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Sep 21 07:39:11.762692: | in connection_discard for connection northnet-eastnet Sep 21 07:39:11.762694: | State DB: deleting IKEv2 state #1 in IKESA_DEL Sep 21 07:39:11.762696: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Sep 21 07:39:11.762706: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:39:11.762717: | in statetime_stop() and could not find #1 Sep 21 07:39:11.762719: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:39:11.762721: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Sep 21 07:39:11.762723: | STF_OK but no state object remains Sep 21 07:39:11.762725: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:39:11.762726: | in statetime_stop() and could not find #1 Sep 21 07:39:11.762728: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:39:11.762730: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:39:11.762732: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:39:11.762735: | spent 0.363 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:39:11.762740: | processing resume sending helper answer for #3 Sep 21 07:39:11.762743: | crypto helper 5 replies to request ID 3 Sep 21 07:39:11.762744: | calling continuation function 0x55de3a420630 Sep 21 07:39:11.762746: | work-order 3 state #3 crypto result suppressed Sep 21 07:39:11.762754: | (#3) spent 0.0105 milliseconds in resume sending helper answer Sep 21 07:39:11.762756: | libevent_free: release ptr-libevent@0x7f9478006900 Sep 21 07:39:11.762757: | processing signal PLUTO_SIGCHLD Sep 21 07:39:11.762761: | waitpid returned ECHILD (no child processes left) Sep 21 07:39:11.762763: | spent 0.00337 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:39:11.762766: | processing global timer EVENT_REVIVE_CONNS Sep 21 07:39:11.762768: Initiating connection northnet-eastnet which received a Delete/Notify but must remain up per local policy Sep 21 07:39:11.762770: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:39:11.762773: | start processing: connection "northnet-eastnet" (in initiate_a_connection() at initiate.c:186) Sep 21 07:39:11.762775: | connection 'northnet-eastnet' +POLICY_UP Sep 21 07:39:11.762777: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Sep 21 07:39:11.762778: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:39:11.762782: | creating state object #4 at 0x55de3c08eeb0 Sep 21 07:39:11.762795: | State DB: adding IKEv2 state #4 in UNDEFINED Sep 21 07:39:11.762797: | pstats #4 ikev2.ike started Sep 21 07:39:11.762799: | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:39:11.762801: | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:39:11.762804: | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:39:11.762808: | suspend processing: connection "northnet-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:39:11.762813: | start processing: state #4 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:39:11.762814: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:39:11.762817: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnet" IKE SA #4 "northnet-eastnet" Sep 21 07:39:11.762819: "northnet-eastnet" #4: initiating v2 parent SA Sep 21 07:39:11.762830: | using existing local IKE proposals for connection northnet-eastnet (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:39:11.762833: | adding ikev2_outI1 KE work-order 4 for state #4 Sep 21 07:39:11.762835: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f9478002b20 Sep 21 07:39:11.762837: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Sep 21 07:39:11.762839: | libevent_malloc: new ptr-libevent@0x7f9478006900 size 128 Sep 21 07:39:11.762846: | #4 spent 0.0658 milliseconds in ikev2_parent_outI1() Sep 21 07:39:11.762853: | RESET processing: state #4 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:39:11.762858: | crypto helper 6 resuming Sep 21 07:39:11.762861: | RESET processing: connection "northnet-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:39:11.762877: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:39:11.762870: | crypto helper 6 starting work-order 4 for state #4 Sep 21 07:39:11.762903: | crypto helper 6 doing build KE and nonce (ikev2_outI1 KE); request ID 4 Sep 21 07:39:11.762881: | spent 0.101 milliseconds in global timer EVENT_REVIVE_CONNS Sep 21 07:39:11.763471: | crypto helper 6 finished build KE and nonce (ikev2_outI1 KE); request ID 4 time elapsed 0.000568 seconds Sep 21 07:39:11.763477: | (#4) spent 0.573 milliseconds in crypto helper computing work-order 4: ikev2_outI1 KE (pcr) Sep 21 07:39:11.763479: | crypto helper 6 sending results from work-order 4 for state #4 to event queue Sep 21 07:39:11.763480: | scheduling resume sending helper answer for #4 Sep 21 07:39:11.763482: | libevent_malloc: new ptr-libevent@0x7f946c006900 size 128 Sep 21 07:39:11.763487: | crypto helper 6 waiting (nothing to do) Sep 21 07:39:11.763492: | processing resume sending helper answer for #4 Sep 21 07:39:11.763498: | start processing: state #4 connection "northnet-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:39:11.763500: | crypto helper 6 replies to request ID 4 Sep 21 07:39:11.763502: | calling continuation function 0x55de3a420630 Sep 21 07:39:11.763504: | ikev2_parent_outI1_continue for #4 Sep 21 07:39:11.763507: | **emit ISAKMP Message: Sep 21 07:39:11.763509: | initiator cookie: Sep 21 07:39:11.763510: | db 1b 7c 39 ff 05 67 49 Sep 21 07:39:11.763511: | responder cookie: Sep 21 07:39:11.763513: | 00 00 00 00 00 00 00 00 Sep 21 07:39:11.763514: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:39:11.763516: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:39:11.763517: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:39:11.763519: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:39:11.763520: | Message ID: 0 (0x0) Sep 21 07:39:11.763522: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:39:11.763532: | using existing local IKE proposals for connection northnet-eastnet (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:39:11.763536: | Emitting ikev2_proposals ... Sep 21 07:39:11.763538: | ***emit IKEv2 Security Association Payload: Sep 21 07:39:11.763540: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:39:11.763541: | flags: none (0x0) Sep 21 07:39:11.763543: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:39:11.763545: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:39:11.763547: | discarding INTEG=NONE Sep 21 07:39:11.763548: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:39:11.763550: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:39:11.763551: | prop #: 1 (0x1) Sep 21 07:39:11.763553: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:39:11.763554: | spi size: 0 (0x0) Sep 21 07:39:11.763555: | # transforms: 11 (0xb) Sep 21 07:39:11.763557: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:39:11.763559: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763560: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763562: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:39:11.763563: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:39:11.763565: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763567: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:39:11.763569: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:39:11.763570: | length/value: 256 (0x100) Sep 21 07:39:11.763572: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:39:11.763573: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763575: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763576: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:39:11.763578: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:39:11.763579: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763581: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763583: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763584: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763585: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763587: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:39:11.763588: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:39:11.763590: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763591: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763593: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763594: | discarding INTEG=NONE Sep 21 07:39:11.763596: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763597: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763599: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.763600: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:39:11.763602: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763604: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763605: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763607: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763608: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763609: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.763611: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:39:11.763612: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763614: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763616: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763617: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763618: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763620: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.763621: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:39:11.763623: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763624: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763626: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763627: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763629: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763630: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.763631: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:39:11.763633: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763635: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763636: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763637: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763639: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763640: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.763642: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:39:11.763643: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763645: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763646: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763648: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763649: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763651: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.763652: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:39:11.763654: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763655: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763658: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763659: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763660: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763662: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.763663: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:39:11.763665: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763666: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763668: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763669: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763671: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:39:11.763672: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.763673: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:39:11.763675: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763677: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763678: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763680: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:39:11.763681: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:39:11.763683: | discarding INTEG=NONE Sep 21 07:39:11.763684: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:39:11.763686: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:39:11.763687: | prop #: 2 (0x2) Sep 21 07:39:11.763688: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:39:11.763690: | spi size: 0 (0x0) Sep 21 07:39:11.763691: | # transforms: 11 (0xb) Sep 21 07:39:11.763693: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:39:11.763695: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:39:11.763696: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763698: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763699: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:39:11.763700: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:39:11.763702: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763703: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:39:11.763705: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:39:11.763706: | length/value: 128 (0x80) Sep 21 07:39:11.763708: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:39:11.763709: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763711: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763712: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:39:11.763713: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:39:11.763715: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763717: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763718: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763720: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763721: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763722: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:39:11.763725: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:39:11.763727: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763728: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763730: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763731: | discarding INTEG=NONE Sep 21 07:39:11.763732: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763734: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763735: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.763736: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:39:11.763738: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763740: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763741: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763743: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763744: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763745: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.763747: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:39:11.763748: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763750: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763751: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763753: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763754: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763756: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.763757: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:39:11.763759: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763760: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763762: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763763: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763764: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763766: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.763767: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:39:11.763769: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763770: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763772: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763773: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763775: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763776: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.763778: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:39:11.763779: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763781: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763787: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763793: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763794: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763796: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.763797: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:39:11.763799: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763801: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763802: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763803: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763805: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763806: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.763808: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:39:11.763809: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763831: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763833: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763834: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763836: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:39:11.763837: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.763838: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:39:11.763840: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763842: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763843: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763845: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:39:11.763847: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:39:11.763848: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:39:11.763850: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:39:11.763851: | prop #: 3 (0x3) Sep 21 07:39:11.763852: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:39:11.763854: | spi size: 0 (0x0) Sep 21 07:39:11.763855: | # transforms: 13 (0xd) Sep 21 07:39:11.763870: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:39:11.763871: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:39:11.763873: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763874: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763876: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:39:11.763877: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:39:11.763879: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763880: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:39:11.763882: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:39:11.763883: | length/value: 256 (0x100) Sep 21 07:39:11.763884: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:39:11.763886: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763887: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763889: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:39:11.763890: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:39:11.763893: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763895: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763897: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763898: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763899: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763901: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:39:11.763902: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:39:11.763904: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763905: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763907: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763908: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763910: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763911: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:39:11.763912: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:39:11.763914: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763916: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763917: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763919: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763920: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763921: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:39:11.763923: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:39:11.763924: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763926: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763927: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763929: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763930: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763932: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.763933: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:39:11.763935: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763936: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763938: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763939: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763940: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763942: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.763943: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:39:11.763945: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763947: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763948: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763949: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763952: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763953: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.763954: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:39:11.763956: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763958: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763959: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763961: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763962: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763963: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.763965: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:39:11.763966: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763968: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763969: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763971: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763972: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763974: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.763975: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:39:11.763977: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763978: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763980: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763981: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763982: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763984: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.763985: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:39:11.763987: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763988: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.763990: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.763991: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.763993: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763994: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.763995: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:39:11.763997: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.763999: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.764000: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.764001: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.764003: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:39:11.764004: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.764006: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:39:11.764007: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.764009: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.764011: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.764013: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:39:11.764014: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:39:11.764016: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:39:11.764017: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:39:11.764019: | prop #: 4 (0x4) Sep 21 07:39:11.764020: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:39:11.764021: | spi size: 0 (0x0) Sep 21 07:39:11.764023: | # transforms: 13 (0xd) Sep 21 07:39:11.764024: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:39:11.764026: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:39:11.764027: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.764029: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.764030: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:39:11.764032: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:39:11.764033: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.764035: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:39:11.764036: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:39:11.764037: | length/value: 128 (0x80) Sep 21 07:39:11.764039: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:39:11.764040: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.764042: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.764043: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:39:11.764044: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:39:11.764046: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.764048: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.764049: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.764051: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.764052: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.764053: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:39:11.764055: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:39:11.764056: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.764058: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.764059: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.764061: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.764062: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.764064: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:39:11.764065: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:39:11.764067: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.764068: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.764070: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.764071: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.764072: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.764074: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:39:11.764076: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:39:11.764078: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.764079: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.764081: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.764082: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.764084: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.764085: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.764086: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:39:11.764088: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.764090: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.764091: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.764092: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.764094: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.764095: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.764097: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:39:11.764098: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.764100: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.764101: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.764103: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.764104: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.764105: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.764107: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:39:11.764109: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.764110: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.764112: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.764113: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.764114: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.764116: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.764117: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:39:11.764119: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.764120: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.764122: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.764123: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.764125: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.764126: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.764127: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:39:11.764129: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.764131: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.764132: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.764134: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.764136: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.764137: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.764138: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:39:11.764140: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.764142: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.764143: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.764144: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.764146: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.764147: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.764149: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:39:11.764150: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.764152: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.764153: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.764155: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:11.764156: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:39:11.764157: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:11.764159: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:39:11.764160: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:11.764162: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:11.764164: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:11.764165: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:39:11.764167: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:39:11.764168: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:39:11.764170: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:39:11.764171: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:39:11.764173: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:39:11.764174: | flags: none (0x0) Sep 21 07:39:11.764176: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:39:11.764177: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:39:11.764179: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:39:11.764181: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:39:11.764183: | ikev2 g^x 4e 52 3b 4d be 49 19 9d 38 33 75 14 f9 a3 0b e7 Sep 21 07:39:11.764184: | ikev2 g^x 37 a2 39 6c 00 3c 49 88 37 c8 05 27 3f 33 dc 3c Sep 21 07:39:11.764185: | ikev2 g^x 84 16 a5 cf a0 43 5e 63 ed 9e b6 34 8a bc ec 9a Sep 21 07:39:11.764187: | ikev2 g^x 71 74 ce ff 85 69 69 7b 39 be d3 f6 02 b8 ad f3 Sep 21 07:39:11.764188: | ikev2 g^x 34 94 44 67 c0 43 a2 0d 1d af 9f c9 8f 05 b1 74 Sep 21 07:39:11.764189: | ikev2 g^x 0c 95 0e ca 62 f9 33 98 64 72 6f 1b 64 08 b2 26 Sep 21 07:39:11.764191: | ikev2 g^x bf 71 cc b6 dc 52 98 1a f6 c1 5a ae 04 5c 77 ac Sep 21 07:39:11.764192: | ikev2 g^x dd 59 24 d2 15 be 9a 12 fb bd ae 49 51 30 96 f9 Sep 21 07:39:11.764193: | ikev2 g^x e4 05 d6 5e 78 72 92 af ec bb 38 db 1f 91 4d 6c Sep 21 07:39:11.764195: | ikev2 g^x 9b 19 9d 17 36 36 8d 26 ca bc 48 e2 e1 84 44 a7 Sep 21 07:39:11.764198: | ikev2 g^x e2 ab 5a ee 14 b6 1c 7b 14 bd cd 4d 36 e3 d8 74 Sep 21 07:39:11.764199: | ikev2 g^x d2 fa dc 0b 45 57 97 a9 f9 22 84 0c 2c 1f 30 f3 Sep 21 07:39:11.764201: | ikev2 g^x ed e7 df f5 16 eb 29 3d 1a 65 f7 7e 20 cd 51 b1 Sep 21 07:39:11.764202: | ikev2 g^x df ca 8d ae 1c be 1e f5 fe 33 fd 7d d7 d8 a5 8a Sep 21 07:39:11.764203: | ikev2 g^x cb 7b 32 db af 86 11 b5 08 43 bf 61 41 66 0c 11 Sep 21 07:39:11.764205: | ikev2 g^x a3 08 1f 51 c1 90 8a 3c 41 2c 19 14 b4 ff e5 e2 Sep 21 07:39:11.764206: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:39:11.764208: | ***emit IKEv2 Nonce Payload: Sep 21 07:39:11.764209: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:39:11.764210: | flags: none (0x0) Sep 21 07:39:11.764212: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:39:11.764214: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:39:11.764216: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:39:11.764217: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:39:11.764219: | IKEv2 nonce b7 59 12 e0 49 10 58 44 e0 54 ca 17 53 c4 6b 38 Sep 21 07:39:11.764220: | IKEv2 nonce f3 14 b6 51 1c ad 19 c5 1a 37 7e ba e8 7b 19 ca Sep 21 07:39:11.764221: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:39:11.764223: | Adding a v2N Payload Sep 21 07:39:11.764224: | ***emit IKEv2 Notify Payload: Sep 21 07:39:11.764226: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:39:11.764227: | flags: none (0x0) Sep 21 07:39:11.764229: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:39:11.764230: | SPI size: 0 (0x0) Sep 21 07:39:11.764232: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:39:11.764234: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:39:11.764235: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:39:11.764237: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:39:11.764239: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:39:11.764240: | natd_hash: rcookie is zero Sep 21 07:39:11.764250: | natd_hash: hasher=0x55de3a4f67a0(20) Sep 21 07:39:11.764252: | natd_hash: icookie= db 1b 7c 39 ff 05 67 49 Sep 21 07:39:11.764253: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:39:11.764255: | natd_hash: ip= c0 01 08 16 Sep 21 07:39:11.764256: | natd_hash: port= 01 f4 Sep 21 07:39:11.764258: | natd_hash: hash= cf dc 42 4e 43 56 a8 56 22 99 c1 e5 5a 44 24 e5 Sep 21 07:39:11.764259: | natd_hash: hash= 7e e8 db de Sep 21 07:39:11.764260: | Adding a v2N Payload Sep 21 07:39:11.764262: | ***emit IKEv2 Notify Payload: Sep 21 07:39:11.764263: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:39:11.764264: | flags: none (0x0) Sep 21 07:39:11.764266: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:39:11.764267: | SPI size: 0 (0x0) Sep 21 07:39:11.764269: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:39:11.764270: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:39:11.764272: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:39:11.764274: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:39:11.764275: | Notify data cf dc 42 4e 43 56 a8 56 22 99 c1 e5 5a 44 24 e5 Sep 21 07:39:11.764276: | Notify data 7e e8 db de Sep 21 07:39:11.764278: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:39:11.764279: | natd_hash: rcookie is zero Sep 21 07:39:11.764283: | natd_hash: hasher=0x55de3a4f67a0(20) Sep 21 07:39:11.764284: | natd_hash: icookie= db 1b 7c 39 ff 05 67 49 Sep 21 07:39:11.764287: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:39:11.764288: | natd_hash: ip= c0 01 02 17 Sep 21 07:39:11.764289: | natd_hash: port= 01 f4 Sep 21 07:39:11.764291: | natd_hash: hash= db d6 40 96 8c b4 c6 8e 93 23 6b 1e 6e 29 e3 0b Sep 21 07:39:11.764292: | natd_hash: hash= 86 a5 4c 84 Sep 21 07:39:11.764293: | Adding a v2N Payload Sep 21 07:39:11.764295: | ***emit IKEv2 Notify Payload: Sep 21 07:39:11.764296: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:39:11.764297: | flags: none (0x0) Sep 21 07:39:11.764299: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:39:11.764300: | SPI size: 0 (0x0) Sep 21 07:39:11.764302: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:39:11.764303: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:39:11.764305: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:39:11.764307: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:39:11.764308: | Notify data db d6 40 96 8c b4 c6 8e 93 23 6b 1e 6e 29 e3 0b Sep 21 07:39:11.764309: | Notify data 86 a5 4c 84 Sep 21 07:39:11.764311: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:39:11.764312: | emitting length of ISAKMP Message: 828 Sep 21 07:39:11.764316: | stop processing: state #4 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:39:11.764320: | start processing: state #4 connection "northnet-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:39:11.764322: | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:39:11.764324: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:39:11.764326: | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:39:11.764328: | Message ID: updating counters for #4 to 4294967295 after switching state Sep 21 07:39:11.764330: | Message ID: IKE #4 skipping update_recv as MD is fake Sep 21 07:39:11.764332: | Message ID: sent #4 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:39:11.764334: "northnet-eastnet" #4: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:39:11.764337: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.8.22:500) Sep 21 07:39:11.764340: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.8.22:500 to 192.1.2.23:500 (using #4) Sep 21 07:39:11.764342: | db 1b 7c 39 ff 05 67 49 00 00 00 00 00 00 00 00 Sep 21 07:39:11.764343: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:39:11.764344: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:39:11.764346: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:39:11.764347: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:39:11.764348: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:39:11.764350: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:39:11.764351: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:39:11.764352: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:39:11.764354: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:39:11.764355: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:39:11.764356: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:39:11.764358: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:39:11.764359: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:39:11.764360: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:39:11.764362: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:39:11.764363: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:39:11.764364: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:39:11.764366: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:39:11.764368: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:39:11.764369: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:39:11.764370: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:39:11.764372: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:39:11.764373: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:39:11.764374: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:39:11.764376: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:39:11.764377: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:39:11.764378: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:39:11.764380: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:39:11.764381: | 28 00 01 08 00 0e 00 00 4e 52 3b 4d be 49 19 9d Sep 21 07:39:11.764382: | 38 33 75 14 f9 a3 0b e7 37 a2 39 6c 00 3c 49 88 Sep 21 07:39:11.764384: | 37 c8 05 27 3f 33 dc 3c 84 16 a5 cf a0 43 5e 63 Sep 21 07:39:11.764385: | ed 9e b6 34 8a bc ec 9a 71 74 ce ff 85 69 69 7b Sep 21 07:39:11.764386: | 39 be d3 f6 02 b8 ad f3 34 94 44 67 c0 43 a2 0d Sep 21 07:39:11.764388: | 1d af 9f c9 8f 05 b1 74 0c 95 0e ca 62 f9 33 98 Sep 21 07:39:11.764389: | 64 72 6f 1b 64 08 b2 26 bf 71 cc b6 dc 52 98 1a Sep 21 07:39:11.764390: | f6 c1 5a ae 04 5c 77 ac dd 59 24 d2 15 be 9a 12 Sep 21 07:39:11.764392: | fb bd ae 49 51 30 96 f9 e4 05 d6 5e 78 72 92 af Sep 21 07:39:11.764393: | ec bb 38 db 1f 91 4d 6c 9b 19 9d 17 36 36 8d 26 Sep 21 07:39:11.764394: | ca bc 48 e2 e1 84 44 a7 e2 ab 5a ee 14 b6 1c 7b Sep 21 07:39:11.764396: | 14 bd cd 4d 36 e3 d8 74 d2 fa dc 0b 45 57 97 a9 Sep 21 07:39:11.764397: | f9 22 84 0c 2c 1f 30 f3 ed e7 df f5 16 eb 29 3d Sep 21 07:39:11.764398: | 1a 65 f7 7e 20 cd 51 b1 df ca 8d ae 1c be 1e f5 Sep 21 07:39:11.764399: | fe 33 fd 7d d7 d8 a5 8a cb 7b 32 db af 86 11 b5 Sep 21 07:39:11.764401: | 08 43 bf 61 41 66 0c 11 a3 08 1f 51 c1 90 8a 3c Sep 21 07:39:11.764402: | 41 2c 19 14 b4 ff e5 e2 29 00 00 24 b7 59 12 e0 Sep 21 07:39:11.764403: | 49 10 58 44 e0 54 ca 17 53 c4 6b 38 f3 14 b6 51 Sep 21 07:39:11.764405: | 1c ad 19 c5 1a 37 7e ba e8 7b 19 ca 29 00 00 08 Sep 21 07:39:11.764406: | 00 00 40 2e 29 00 00 1c 00 00 40 04 cf dc 42 4e Sep 21 07:39:11.764407: | 43 56 a8 56 22 99 c1 e5 5a 44 24 e5 7e e8 db de Sep 21 07:39:11.764409: | 00 00 00 1c 00 00 40 05 db d6 40 96 8c b4 c6 8e Sep 21 07:39:11.764410: | 93 23 6b 1e 6e 29 e3 0b 86 a5 4c 84 Sep 21 07:39:11.764431: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:39:11.764434: | libevent_free: release ptr-libevent@0x7f9478006900 Sep 21 07:39:11.764436: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f9478002b20 Sep 21 07:39:11.764437: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:39:11.764439: "northnet-eastnet" #4: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:39:11.764442: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f9478002b20 Sep 21 07:39:11.764444: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #4 Sep 21 07:39:11.764445: | libevent_malloc: new ptr-libevent@0x7f9478006900 size 128 Sep 21 07:39:11.764448: | #4 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 50198.132706 Sep 21 07:39:11.764451: | resume sending helper answer for #4 suppresed complete_v2_state_transition() and stole MD Sep 21 07:39:11.764454: | #4 spent 0.939 milliseconds in resume sending helper answer Sep 21 07:39:11.764457: | stop processing: state #4 connection "northnet-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:39:11.764459: | libevent_free: release ptr-libevent@0x7f946c006900 Sep 21 07:39:12.168816: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:39:12.168853: shutting down Sep 21 07:39:12.168862: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:39:12.168865: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:39:12.168872: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:39:12.168874: forgetting secrets Sep 21 07:39:12.168878: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:39:12.168883: | start processing: connection "northnet-eastnet" (in delete_connection() at connections.c:189) Sep 21 07:39:12.168886: | removing pending policy for no connection {0x55de3bfe8db0} Sep 21 07:39:12.168890: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:39:12.168892: | pass 0 Sep 21 07:39:12.168895: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:39:12.168898: | state #4 Sep 21 07:39:12.168901: | suspend processing: connection "northnet-eastnet" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:39:12.168907: | start processing: state #4 connection "northnet-eastnet" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:39:12.168911: | pstats #4 ikev2.ike deleted other Sep 21 07:39:12.168916: | #4 spent 1.58 milliseconds in total Sep 21 07:39:12.168921: | [RE]START processing: state #4 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:39:12.168926: "northnet-eastnet" #4: deleting state (STATE_PARENT_I1) aged 0.406s and NOT sending notification Sep 21 07:39:12.168929: | parent state #4: PARENT_I1(half-open IKE SA) => delete Sep 21 07:39:12.168932: | state #4 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:39:12.168935: | #4 STATE_PARENT_I1: retransmits: cleared Sep 21 07:39:12.168940: | libevent_free: release ptr-libevent@0x7f9478006900 Sep 21 07:39:12.168943: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f9478002b20 Sep 21 07:39:12.168946: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:39:12.168949: | picked newest_isakmp_sa #0 for #4 Sep 21 07:39:12.168952: "northnet-eastnet" #4: deleting IKE SA for connection 'northnet-eastnet' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:39:12.168956: | add revival: connection 'northnet-eastnet' added to the list and scheduled for 5 seconds Sep 21 07:39:12.168959: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Sep 21 07:39:12.168966: | stop processing: connection "northnet-eastnet" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:39:12.168969: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:39:12.168971: | in connection_discard for connection northnet-eastnet Sep 21 07:39:12.168974: | State DB: deleting IKEv2 state #4 in PARENT_I1 Sep 21 07:39:12.168978: | parent state #4: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Sep 21 07:39:12.168996: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:39:12.169001: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:39:12.169003: | pass 1 Sep 21 07:39:12.169006: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:39:12.169012: | shunt_eroute() called for connection 'northnet-eastnet' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:39:12.169017: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:39:12.169020: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Sep 21 07:39:12.169065: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Sep 21 07:39:12.169075: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:39:12.169078: | conn northnet-eastnet mark 0/00000000, 0/00000000 vs Sep 21 07:39:12.169081: | conn northnet-eastnet mark 0/00000000, 0/00000000 Sep 21 07:39:12.169084: | route owner of "northnet-eastnet" unrouted: NULL Sep 21 07:39:12.169089: | running updown command "ipsec _updown" for verb unroute Sep 21 07:39:12.169092: | command executing unroute-client Sep 21 07:39:12.169120: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI Sep 21 07:39:12.169124: | popen cmd is 1045 chars long Sep 21 07:39:12.169127: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:39:12.169129: | cmd( 80):et' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PL: Sep 21 07:39:12.169132: | cmd( 160):UTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0: Sep 21 07:39:12.169134: | cmd( 240):.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL=': Sep 21 07:39:12.169136: | cmd( 320):0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEE: Sep 21 07:39:12.169139: | cmd( 400):R_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Sep 21 07:39:12.169141: | cmd( 480):2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Sep 21 07:39:12.169143: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC: Sep 21 07:39:12.169146: | cmd( 640):Y='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_N: Sep 21 07:39:12.169148: | cmd( 720):O' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PL: Sep 21 07:39:12.169150: | cmd( 800):UTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEE: Sep 21 07:39:12.169153: | cmd( 880):R_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VT: Sep 21 07:39:12.169155: | cmd( 960):I_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown: Sep 21 07:39:12.169157: | cmd(1040): 2>&1: Sep 21 07:39:12.176308: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:12.176323: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:12.176326: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:12.176329: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:12.176339: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:12.176348: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:12.176358: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:12.176367: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:12.176375: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:12.176383: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:12.176393: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:12.176403: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:12.176412: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:12.176421: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:12.176429: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:12.176438: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:12.176448: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:12.176600: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:12.176609: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:12.176619: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:12.180138: | free hp@0x55de3c08c700 Sep 21 07:39:12.180148: | flush revival: connection 'northnet-eastnet' revival flushed Sep 21 07:39:12.180152: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:39:12.180160: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:39:12.180162: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:39:12.180172: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:39:12.180176: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:39:12.180179: shutting down interface eth0/eth0 192.0.3.254:4500 Sep 21 07:39:12.180182: shutting down interface eth0/eth0 192.0.3.254:500 Sep 21 07:39:12.180185: shutting down interface eth1/eth1 192.1.3.33:4500 Sep 21 07:39:12.180188: shutting down interface eth1/eth1 192.1.3.33:500 Sep 21 07:39:12.180191: shutting down interface eth1/eth1 192.1.8.22:4500 Sep 21 07:39:12.180194: shutting down interface eth1/eth1 192.1.8.22:500 Sep 21 07:39:12.180198: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:39:12.180206: | libevent_free: release ptr-libevent@0x55de3c0881f0 Sep 21 07:39:12.180209: | free_event_entry: release EVENT_NULL-pe@0x55de3c0881b0 Sep 21 07:39:12.180218: | libevent_free: release ptr-libevent@0x55de3c0882e0 Sep 21 07:39:12.180220: | free_event_entry: release EVENT_NULL-pe@0x55de3c0882a0 Sep 21 07:39:12.180226: | libevent_free: release ptr-libevent@0x55de3c0883d0 Sep 21 07:39:12.180229: | free_event_entry: release EVENT_NULL-pe@0x55de3c088390 Sep 21 07:39:12.180234: | libevent_free: release ptr-libevent@0x55de3c0884c0 Sep 21 07:39:12.180237: | free_event_entry: release EVENT_NULL-pe@0x55de3c088480 Sep 21 07:39:12.180244: | libevent_free: release ptr-libevent@0x55de3c0885b0 Sep 21 07:39:12.180246: | free_event_entry: release EVENT_NULL-pe@0x55de3c088570 Sep 21 07:39:12.180252: | libevent_free: release ptr-libevent@0x55de3c0886a0 Sep 21 07:39:12.180254: | free_event_entry: release EVENT_NULL-pe@0x55de3c088660 Sep 21 07:39:12.180260: | libevent_free: release ptr-libevent@0x55de3c088790 Sep 21 07:39:12.180262: | free_event_entry: release EVENT_NULL-pe@0x55de3c088750 Sep 21 07:39:12.180268: | libevent_free: release ptr-libevent@0x55de3c088e50 Sep 21 07:39:12.180270: | free_event_entry: release EVENT_NULL-pe@0x55de3c088e10 Sep 21 07:39:12.180275: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:39:12.180681: | libevent_free: release ptr-libevent@0x55de3c0879f0 Sep 21 07:39:12.180687: | free_event_entry: release EVENT_NULL-pe@0x55de3c070510 Sep 21 07:39:12.180690: | libevent_free: release ptr-libevent@0x55de3c07d480 Sep 21 07:39:12.180693: | free_event_entry: release EVENT_NULL-pe@0x55de3c0707c0 Sep 21 07:39:12.180696: | libevent_free: release ptr-libevent@0x55de3c07d3f0 Sep 21 07:39:12.180698: | free_event_entry: release EVENT_NULL-pe@0x55de3c075f20 Sep 21 07:39:12.180701: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:39:12.180704: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:39:12.180706: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:39:12.180708: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:39:12.180711: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:39:12.180713: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:39:12.180715: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:39:12.180717: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:39:12.180720: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:39:12.180724: | libevent_free: release ptr-libevent@0x55de3c087ac0 Sep 21 07:39:12.180730: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:39:12.180733: | libevent_free: release ptr-libevent@0x55de3c087ba0 Sep 21 07:39:12.180735: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:39:12.180738: | libevent_free: release ptr-libevent@0x55de3c087c60 Sep 21 07:39:12.180740: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:39:12.180743: | libevent_free: release ptr-libevent@0x55de3c07c6f0 Sep 21 07:39:12.180746: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:39:12.180748: | releasing event base Sep 21 07:39:12.180759: | libevent_free: release ptr-libevent@0x55de3c087d20 Sep 21 07:39:12.180761: | libevent_free: release ptr-libevent@0x55de3c05d260 Sep 21 07:39:12.180765: | libevent_free: release ptr-libevent@0x55de3c06baa0 Sep 21 07:39:12.180767: | libevent_free: release ptr-libevent@0x55de3c06bb70 Sep 21 07:39:12.180769: | libevent_free: release ptr-libevent@0x55de3c06bac0 Sep 21 07:39:12.180772: | libevent_free: release ptr-libevent@0x55de3c087a80 Sep 21 07:39:12.180774: | libevent_free: release ptr-libevent@0x55de3c087b60 Sep 21 07:39:12.180777: | libevent_free: release ptr-libevent@0x55de3c06bb50 Sep 21 07:39:12.180779: | libevent_free: release ptr-libevent@0x55de3c06bcb0 Sep 21 07:39:12.180781: | libevent_free: release ptr-libevent@0x55de3c070710 Sep 21 07:39:12.180787: | libevent_free: release ptr-libevent@0x55de3c088ee0 Sep 21 07:39:12.180789: | libevent_free: release ptr-libevent@0x55de3c088820 Sep 21 07:39:12.180792: | libevent_free: release ptr-libevent@0x55de3c088730 Sep 21 07:39:12.180794: | libevent_free: release ptr-libevent@0x55de3c088640 Sep 21 07:39:12.180796: | libevent_free: release ptr-libevent@0x55de3c088550 Sep 21 07:39:12.180798: | libevent_free: release ptr-libevent@0x55de3c088460 Sep 21 07:39:12.180801: | libevent_free: release ptr-libevent@0x55de3c088370 Sep 21 07:39:12.180803: | libevent_free: release ptr-libevent@0x55de3c088280 Sep 21 07:39:12.180822: | libevent_free: release ptr-libevent@0x55de3bfef370 Sep 21 07:39:12.180826: | libevent_free: release ptr-libevent@0x55de3c087c40 Sep 21 07:39:12.180829: | libevent_free: release ptr-libevent@0x55de3c087b80 Sep 21 07:39:12.180831: | libevent_free: release ptr-libevent@0x55de3c087aa0 Sep 21 07:39:12.180833: | libevent_free: release ptr-libevent@0x55de3c087d00 Sep 21 07:39:12.180836: | libevent_free: release ptr-libevent@0x55de3bfed5b0 Sep 21 07:39:12.180839: | libevent_free: release ptr-libevent@0x55de3c06bae0 Sep 21 07:39:12.180841: | libevent_free: release ptr-libevent@0x55de3c06bb10 Sep 21 07:39:12.180844: | libevent_free: release ptr-libevent@0x55de3c06b800 Sep 21 07:39:12.180846: | releasing global libevent data Sep 21 07:39:12.180861: | libevent_free: release ptr-libevent@0x55de3c06a4f0 Sep 21 07:39:12.180864: | libevent_free: release ptr-libevent@0x55de3c06b7a0 Sep 21 07:39:12.180867: | libevent_free: release ptr-libevent@0x55de3c06b7d0