Sep 21 07:38:49.052482: FIPS Product: YES Sep 21 07:38:49.052520: FIPS Kernel: NO Sep 21 07:38:49.052523: FIPS Mode: NO Sep 21 07:38:49.052526: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:38:49.052681: Initializing NSS Sep 21 07:38:49.052685: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:38:49.149595: NSS initialized Sep 21 07:38:49.149611: NSS crypto library initialized Sep 21 07:38:49.149613: FIPS HMAC integrity support [enabled] Sep 21 07:38:49.149615: FIPS mode disabled for pluto daemon Sep 21 07:38:49.222923: FIPS HMAC integrity verification self-test FAILED Sep 21 07:38:49.223023: libcap-ng support [enabled] Sep 21 07:38:49.223034: Linux audit support [enabled] Sep 21 07:38:49.223061: Linux audit activated Sep 21 07:38:49.223065: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:30395 Sep 21 07:38:49.223069: core dump dir: /tmp Sep 21 07:38:49.223071: secrets file: /etc/ipsec.secrets Sep 21 07:38:49.223073: leak-detective disabled Sep 21 07:38:49.223075: NSS crypto [enabled] Sep 21 07:38:49.223077: XAUTH PAM support [enabled] Sep 21 07:38:49.223149: | libevent is using pluto's memory allocator Sep 21 07:38:49.223155: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:38:49.223168: | libevent_malloc: new ptr-libevent@0x5611ca758f00 size 40 Sep 21 07:38:49.223174: | libevent_malloc: new ptr-libevent@0x5611ca75a1b0 size 40 Sep 21 07:38:49.223177: | libevent_malloc: new ptr-libevent@0x5611ca75a1e0 size 40 Sep 21 07:38:49.223179: | creating event base Sep 21 07:38:49.223182: | libevent_malloc: new ptr-libevent@0x5611ca75a170 size 56 Sep 21 07:38:49.223185: | libevent_malloc: new ptr-libevent@0x5611ca75a210 size 664 Sep 21 07:38:49.223196: | libevent_malloc: new ptr-libevent@0x5611ca75a4b0 size 24 Sep 21 07:38:49.223200: | libevent_malloc: new ptr-libevent@0x5611ca74bbc0 size 384 Sep 21 07:38:49.223209: | libevent_malloc: new ptr-libevent@0x5611ca75a4d0 size 16 Sep 21 07:38:49.223212: | libevent_malloc: new ptr-libevent@0x5611ca75a4f0 size 40 Sep 21 07:38:49.223215: | libevent_malloc: new ptr-libevent@0x5611ca75a520 size 48 Sep 21 07:38:49.223221: | libevent_realloc: new ptr-libevent@0x5611ca6de370 size 256 Sep 21 07:38:49.223224: | libevent_malloc: new ptr-libevent@0x5611ca75a560 size 16 Sep 21 07:38:49.223230: | libevent_free: release ptr-libevent@0x5611ca75a170 Sep 21 07:38:49.223233: | libevent initialized Sep 21 07:38:49.223237: | libevent_realloc: new ptr-libevent@0x5611ca75a580 size 64 Sep 21 07:38:49.223240: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:38:49.223254: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:38:49.223256: NAT-Traversal support [enabled] Sep 21 07:38:49.223259: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:38:49.223265: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:38:49.223272: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:38:49.223308: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:38:49.223312: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:38:49.223315: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:38:49.223362: Encryption algorithms: Sep 21 07:38:49.223371: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:38:49.223375: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:38:49.223379: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:38:49.223382: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:38:49.223386: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:38:49.223395: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:38:49.223399: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:38:49.223403: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:38:49.223407: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:38:49.223410: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:38:49.223414: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:38:49.223418: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:38:49.223421: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:38:49.223425: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:38:49.223429: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:38:49.223432: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:38:49.223435: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:38:49.223442: Hash algorithms: Sep 21 07:38:49.223445: MD5 IKEv1: IKE IKEv2: Sep 21 07:38:49.223448: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:38:49.223451: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:38:49.223454: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:38:49.223457: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:38:49.223469: PRF algorithms: Sep 21 07:38:49.223472: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:38:49.223475: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:38:49.223479: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:38:49.223482: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:38:49.223486: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:38:49.223489: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:38:49.223514: Integrity algorithms: Sep 21 07:38:49.223517: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:38:49.223521: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:38:49.223525: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:38:49.223529: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:38:49.223533: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:38:49.223536: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:38:49.223539: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:38:49.223542: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:38:49.223545: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:38:49.223558: DH algorithms: Sep 21 07:38:49.223562: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:38:49.223564: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:38:49.223567: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:38:49.223572: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:38:49.223575: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:38:49.223578: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:38:49.223581: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:38:49.223584: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:38:49.223587: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:38:49.223590: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:38:49.223593: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:38:49.223596: testing CAMELLIA_CBC: Sep 21 07:38:49.223598: Camellia: 16 bytes with 128-bit key Sep 21 07:38:49.223715: Camellia: 16 bytes with 128-bit key Sep 21 07:38:49.223744: Camellia: 16 bytes with 256-bit key Sep 21 07:38:49.223773: Camellia: 16 bytes with 256-bit key Sep 21 07:38:49.223807: testing AES_GCM_16: Sep 21 07:38:49.223813: empty string Sep 21 07:38:49.223841: one block Sep 21 07:38:49.223866: two blocks Sep 21 07:38:49.223891: two blocks with associated data Sep 21 07:38:49.223919: testing AES_CTR: Sep 21 07:38:49.223921: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:38:49.223948: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:38:49.223975: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:38:49.224003: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:38:49.224029: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:38:49.224056: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:38:49.224083: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:38:49.224109: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:38:49.224136: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:38:49.224163: testing AES_CBC: Sep 21 07:38:49.224166: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:38:49.224192: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:38:49.224221: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:38:49.224250: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:38:49.224283: testing AES_XCBC: Sep 21 07:38:49.224286: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:38:49.224404: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:38:49.224534: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:38:49.224660: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:38:49.224789: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:38:49.224900: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:38:49.225013: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:38:49.225295: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:38:49.225433: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:38:49.225576: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:38:49.225830: testing HMAC_MD5: Sep 21 07:38:49.225838: RFC 2104: MD5_HMAC test 1 Sep 21 07:38:49.226019: RFC 2104: MD5_HMAC test 2 Sep 21 07:38:49.226177: RFC 2104: MD5_HMAC test 3 Sep 21 07:38:49.226362: 8 CPU cores online Sep 21 07:38:49.226366: starting up 7 crypto helpers Sep 21 07:38:49.226398: started thread for crypto helper 0 Sep 21 07:38:49.226416: started thread for crypto helper 1 Sep 21 07:38:49.226441: started thread for crypto helper 2 Sep 21 07:38:49.226460: started thread for crypto helper 3 Sep 21 07:38:49.226477: started thread for crypto helper 4 Sep 21 07:38:49.226495: started thread for crypto helper 5 Sep 21 07:38:49.226517: started thread for crypto helper 6 Sep 21 07:38:49.226521: | checking IKEv1 state table Sep 21 07:38:49.226528: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:38:49.226530: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:38:49.226533: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:38:49.226535: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:38:49.226538: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:38:49.226540: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:38:49.226543: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:38:49.226545: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:38:49.226548: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:38:49.226550: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:38:49.226552: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:38:49.226554: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:38:49.226557: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:38:49.226560: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:38:49.226562: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:38:49.226564: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:38:49.226567: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:38:49.226569: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:38:49.226571: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:38:49.226574: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:38:49.226576: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:38:49.226579: | -> UNDEFINED EVENT_NULL Sep 21 07:38:49.226581: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:38:49.226584: | -> UNDEFINED EVENT_NULL Sep 21 07:38:49.226586: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:38:49.226589: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:38:49.226591: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:38:49.226593: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:38:49.226596: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:38:49.226598: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:38:49.226601: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:38:49.226603: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:38:49.226606: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:38:49.226608: | -> UNDEFINED EVENT_NULL Sep 21 07:38:49.226611: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:38:49.226613: | -> UNDEFINED EVENT_NULL Sep 21 07:38:49.226615: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:38:49.226618: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:38:49.226621: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:38:49.226623: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:38:49.226626: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:38:49.226628: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:38:49.226631: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:38:49.226633: | -> UNDEFINED EVENT_NULL Sep 21 07:38:49.226636: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:38:49.226638: | -> UNDEFINED EVENT_NULL Sep 21 07:38:49.226641: | INFO: category: informational flags: 0: Sep 21 07:38:49.226643: | -> UNDEFINED EVENT_NULL Sep 21 07:38:49.226645: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:38:49.226648: | -> UNDEFINED EVENT_NULL Sep 21 07:38:49.226650: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:38:49.226653: | -> XAUTH_R1 EVENT_NULL Sep 21 07:38:49.226655: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:38:49.226658: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:38:49.226660: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:38:49.226663: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:38:49.226665: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:38:49.226668: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:38:49.226670: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:38:49.226673: | -> UNDEFINED EVENT_NULL Sep 21 07:38:49.226675: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:38:49.226680: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:38:49.226683: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:38:49.226685: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:38:49.226688: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:38:49.226690: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:38:49.226697: | checking IKEv2 state table Sep 21 07:38:49.226703: | PARENT_I0: category: ignore flags: 0: Sep 21 07:38:49.226705: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:38:49.226708: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:38:49.226711: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:38:49.226714: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:38:49.226717: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:38:49.226720: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:38:49.226722: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:38:49.226725: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:38:49.226728: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:38:49.226730: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:38:49.226733: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:38:49.226736: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:38:49.226738: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:38:49.226741: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:38:49.226743: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:38:49.226746: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:38:49.226749: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:38:49.226752: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:38:49.226754: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:38:49.226757: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:38:49.226760: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:38:49.226763: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:38:49.226765: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:38:49.226768: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:38:49.226771: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:38:49.226773: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:38:49.226776: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:38:49.226779: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:38:49.226781: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:38:49.226790: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:38:49.226793: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:38:49.226796: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:38:49.226799: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:38:49.226802: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:38:49.226804: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:38:49.226807: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:38:49.226810: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:38:49.226813: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:38:49.226818: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:38:49.226821: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:38:49.226824: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:38:49.226827: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:38:49.226830: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:38:49.226833: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:38:49.226835: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:38:49.226838: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:38:49.226889: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:38:49.226945: | Hard-wiring algorithms Sep 21 07:38:49.226949: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:38:49.226952: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:38:49.226955: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:38:49.226957: | adding 3DES_CBC to kernel algorithm db Sep 21 07:38:49.226960: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:38:49.226962: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:38:49.226964: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:38:49.226966: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:38:49.226969: | adding AES_CTR to kernel algorithm db Sep 21 07:38:49.226971: | adding AES_CBC to kernel algorithm db Sep 21 07:38:49.226974: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:38:49.226976: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:38:49.226979: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:38:49.226981: | adding NULL to kernel algorithm db Sep 21 07:38:49.226984: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:38:49.226986: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:38:49.226989: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:38:49.226991: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:38:49.226993: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:38:49.226996: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:38:49.226998: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:38:49.227001: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:38:49.227003: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:38:49.227005: | adding NONE to kernel algorithm db Sep 21 07:38:49.227027: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:38:49.227033: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:38:49.227036: | setup kernel fd callback Sep 21 07:38:49.227039: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x5611ca764930 Sep 21 07:38:49.227042: | libevent_malloc: new ptr-libevent@0x5611ca76be00 size 128 Sep 21 07:38:49.227045: | libevent_malloc: new ptr-libevent@0x5611ca75a6c0 size 16 Sep 21 07:38:49.227051: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x5611ca75f1d0 Sep 21 07:38:49.227054: | libevent_malloc: new ptr-libevent@0x5611ca76be90 size 128 Sep 21 07:38:49.227056: | libevent_malloc: new ptr-libevent@0x5611ca75f120 size 16 Sep 21 07:38:49.227289: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:38:49.227297: selinux support is enabled. Sep 21 07:38:49.227371: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:38:49.227538: | unbound context created - setting debug level to 5 Sep 21 07:38:49.227570: | /etc/hosts lookups activated Sep 21 07:38:49.227585: | /etc/resolv.conf usage activated Sep 21 07:38:49.227648: | outgoing-port-avoid set 0-65535 Sep 21 07:38:49.227678: | outgoing-port-permit set 32768-60999 Sep 21 07:38:49.227681: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:38:49.227684: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:38:49.227687: | Setting up events, loop start Sep 21 07:38:49.227690: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x5611ca75ef20 Sep 21 07:38:49.227696: | libevent_malloc: new ptr-libevent@0x5611ca776400 size 128 Sep 21 07:38:49.227699: | libevent_malloc: new ptr-libevent@0x5611ca776490 size 16 Sep 21 07:38:49.227705: | libevent_realloc: new ptr-libevent@0x5611ca6dc5b0 size 256 Sep 21 07:38:49.227708: | libevent_malloc: new ptr-libevent@0x5611ca7764b0 size 8 Sep 21 07:38:49.227711: | libevent_realloc: new ptr-libevent@0x5611ca76b100 size 144 Sep 21 07:38:49.227714: | libevent_malloc: new ptr-libevent@0x5611ca7764d0 size 152 Sep 21 07:38:49.227717: | libevent_malloc: new ptr-libevent@0x5611ca776570 size 16 Sep 21 07:38:49.227721: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:38:49.227724: | libevent_malloc: new ptr-libevent@0x5611ca776590 size 8 Sep 21 07:38:49.227726: | libevent_malloc: new ptr-libevent@0x5611ca7765b0 size 152 Sep 21 07:38:49.227729: | signal event handler PLUTO_SIGTERM installed Sep 21 07:38:49.227732: | libevent_malloc: new ptr-libevent@0x5611ca776650 size 8 Sep 21 07:38:49.227734: | libevent_malloc: new ptr-libevent@0x5611ca776670 size 152 Sep 21 07:38:49.227737: | signal event handler PLUTO_SIGHUP installed Sep 21 07:38:49.227740: | libevent_malloc: new ptr-libevent@0x5611ca776710 size 8 Sep 21 07:38:49.227742: | libevent_realloc: release ptr-libevent@0x5611ca76b100 Sep 21 07:38:49.227745: | libevent_realloc: new ptr-libevent@0x5611ca776730 size 256 Sep 21 07:38:49.227748: | libevent_malloc: new ptr-libevent@0x5611ca76b100 size 152 Sep 21 07:38:49.227751: | signal event handler PLUTO_SIGSYS installed Sep 21 07:38:49.228114: | created addconn helper (pid:30575) using fork+execve Sep 21 07:38:49.228131: | forked child 30575 Sep 21 07:38:49.228167: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:38:49.228182: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:38:49.228189: listening for IKE messages Sep 21 07:38:49.228227: | Inspecting interface lo Sep 21 07:38:49.228234: | found lo with address 127.0.0.1 Sep 21 07:38:49.228237: | Inspecting interface eth0 Sep 21 07:38:49.228241: | found eth0 with address 192.0.3.254 Sep 21 07:38:49.228243: | Inspecting interface eth1 Sep 21 07:38:49.228247: | found eth1 with address 192.1.3.33 Sep 21 07:38:49.228293: Kernel supports NIC esp-hw-offload Sep 21 07:38:49.228303: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Sep 21 07:38:49.228326: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:38:49.228331: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:38:49.228335: adding interface eth1/eth1 192.1.3.33:4500 Sep 21 07:38:49.228361: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Sep 21 07:38:49.228383: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:38:49.228387: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:38:49.228391: adding interface eth0/eth0 192.0.3.254:4500 Sep 21 07:38:49.228416: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:38:49.228437: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:38:49.228441: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:38:49.228444: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:38:49.228509: | no interfaces to sort Sep 21 07:38:49.228514: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:38:49.228522: | add_fd_read_event_handler: new ethX-pe@0x5611ca75fca0 Sep 21 07:38:49.228525: | libevent_malloc: new ptr-libevent@0x5611ca776aa0 size 128 Sep 21 07:38:49.228528: | libevent_malloc: new ptr-libevent@0x5611ca776b30 size 16 Sep 21 07:38:49.228536: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:38:49.228539: | add_fd_read_event_handler: new ethX-pe@0x5611ca776b50 Sep 21 07:38:49.228542: | libevent_malloc: new ptr-libevent@0x5611ca776b90 size 128 Sep 21 07:38:49.228544: | libevent_malloc: new ptr-libevent@0x5611ca776c20 size 16 Sep 21 07:38:49.228552: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:38:49.228555: | add_fd_read_event_handler: new ethX-pe@0x5611ca776c40 Sep 21 07:38:49.228557: | libevent_malloc: new ptr-libevent@0x5611ca776c80 size 128 Sep 21 07:38:49.228560: | libevent_malloc: new ptr-libevent@0x5611ca776d10 size 16 Sep 21 07:38:49.228564: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Sep 21 07:38:49.228567: | add_fd_read_event_handler: new ethX-pe@0x5611ca776d30 Sep 21 07:38:49.228570: | libevent_malloc: new ptr-libevent@0x5611ca776d70 size 128 Sep 21 07:38:49.228572: | libevent_malloc: new ptr-libevent@0x5611ca776e00 size 16 Sep 21 07:38:49.228577: | setup callback for interface eth0 192.0.3.254:500 fd 19 Sep 21 07:38:49.228580: | add_fd_read_event_handler: new ethX-pe@0x5611ca776e20 Sep 21 07:38:49.228582: | libevent_malloc: new ptr-libevent@0x5611ca776e60 size 128 Sep 21 07:38:49.228585: | libevent_malloc: new ptr-libevent@0x5611ca776ef0 size 16 Sep 21 07:38:49.228589: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Sep 21 07:38:49.228592: | add_fd_read_event_handler: new ethX-pe@0x5611ca776f10 Sep 21 07:38:49.228594: | libevent_malloc: new ptr-libevent@0x5611ca776f50 size 128 Sep 21 07:38:49.228597: | libevent_malloc: new ptr-libevent@0x5611ca776fe0 size 16 Sep 21 07:38:49.228601: | setup callback for interface eth1 192.1.3.33:500 fd 17 Sep 21 07:38:49.228607: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:38:49.228609: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:38:49.228631: loading secrets from "/etc/ipsec.secrets" Sep 21 07:38:49.228645: | Processing PSK at line 1: passed Sep 21 07:38:49.228648: | certs and keys locked by 'process_secret' Sep 21 07:38:49.228653: | certs and keys unlocked by 'process_secret' Sep 21 07:38:49.228658: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:38:49.228667: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:38:49.228674: | spent 0.514 milliseconds in whack Sep 21 07:38:49.230852: | starting up helper thread 6 Sep 21 07:38:49.230870: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:38:49.230876: | crypto helper 6 waiting (nothing to do) Sep 21 07:38:49.230887: | starting up helper thread 4 Sep 21 07:38:49.230892: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:38:49.230894: | crypto helper 4 waiting (nothing to do) Sep 21 07:38:49.230906: | starting up helper thread 2 Sep 21 07:38:49.230911: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:38:49.230913: | crypto helper 2 waiting (nothing to do) Sep 21 07:38:49.230923: | starting up helper thread 0 Sep 21 07:38:49.230927: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:38:49.230930: | crypto helper 0 waiting (nothing to do) Sep 21 07:38:49.230948: | starting up helper thread 3 Sep 21 07:38:49.230953: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:38:49.230955: | crypto helper 3 waiting (nothing to do) Sep 21 07:38:49.230965: | starting up helper thread 1 Sep 21 07:38:49.230969: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:38:49.230972: | crypto helper 1 waiting (nothing to do) Sep 21 07:38:49.230985: | starting up helper thread 5 Sep 21 07:38:49.230989: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:38:49.230992: | crypto helper 5 waiting (nothing to do) Sep 21 07:38:49.331899: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:38:49.335255: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:38:49.335275: listening for IKE messages Sep 21 07:38:49.335312: | Inspecting interface lo Sep 21 07:38:49.335319: | found lo with address 127.0.0.1 Sep 21 07:38:49.335322: | Inspecting interface eth0 Sep 21 07:38:49.335326: | found eth0 with address 192.0.3.254 Sep 21 07:38:49.335333: | Inspecting interface eth1 Sep 21 07:38:49.335337: | found eth1 with address 192.1.3.33 Sep 21 07:38:49.335406: | no interfaces to sort Sep 21 07:38:49.335418: | libevent_free: release ptr-libevent@0x5611ca776aa0 Sep 21 07:38:49.335421: | free_event_entry: release EVENT_NULL-pe@0x5611ca75fca0 Sep 21 07:38:49.335424: | add_fd_read_event_handler: new ethX-pe@0x5611ca75fca0 Sep 21 07:38:49.335427: | libevent_malloc: new ptr-libevent@0x5611ca776aa0 size 128 Sep 21 07:38:49.335435: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:38:49.335439: | libevent_free: release ptr-libevent@0x5611ca776b90 Sep 21 07:38:49.335442: | free_event_entry: release EVENT_NULL-pe@0x5611ca776b50 Sep 21 07:38:49.335444: | add_fd_read_event_handler: new ethX-pe@0x5611ca776b50 Sep 21 07:38:49.335447: | libevent_malloc: new ptr-libevent@0x5611ca776b90 size 128 Sep 21 07:38:49.335451: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:38:49.335455: | libevent_free: release ptr-libevent@0x5611ca776c80 Sep 21 07:38:49.335458: | free_event_entry: release EVENT_NULL-pe@0x5611ca776c40 Sep 21 07:38:49.335460: | add_fd_read_event_handler: new ethX-pe@0x5611ca776c40 Sep 21 07:38:49.335463: | libevent_malloc: new ptr-libevent@0x5611ca776c80 size 128 Sep 21 07:38:49.335467: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Sep 21 07:38:49.335471: | libevent_free: release ptr-libevent@0x5611ca776d70 Sep 21 07:38:49.335473: | free_event_entry: release EVENT_NULL-pe@0x5611ca776d30 Sep 21 07:38:49.335476: | add_fd_read_event_handler: new ethX-pe@0x5611ca776d30 Sep 21 07:38:49.335479: | libevent_malloc: new ptr-libevent@0x5611ca776d70 size 128 Sep 21 07:38:49.335484: | setup callback for interface eth0 192.0.3.254:500 fd 19 Sep 21 07:38:49.335487: | libevent_free: release ptr-libevent@0x5611ca776e60 Sep 21 07:38:49.335489: | free_event_entry: release EVENT_NULL-pe@0x5611ca776e20 Sep 21 07:38:49.335492: | add_fd_read_event_handler: new ethX-pe@0x5611ca776e20 Sep 21 07:38:49.335494: | libevent_malloc: new ptr-libevent@0x5611ca776e60 size 128 Sep 21 07:38:49.335499: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Sep 21 07:38:49.335503: | libevent_free: release ptr-libevent@0x5611ca776f50 Sep 21 07:38:49.335505: | free_event_entry: release EVENT_NULL-pe@0x5611ca776f10 Sep 21 07:38:49.335508: | add_fd_read_event_handler: new ethX-pe@0x5611ca776f10 Sep 21 07:38:49.335510: | libevent_malloc: new ptr-libevent@0x5611ca776f50 size 128 Sep 21 07:38:49.335515: | setup callback for interface eth1 192.1.3.33:500 fd 17 Sep 21 07:38:49.335518: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:38:49.335520: forgetting secrets Sep 21 07:38:49.335526: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:38:49.335542: loading secrets from "/etc/ipsec.secrets" Sep 21 07:38:49.335549: | Processing PSK at line 1: passed Sep 21 07:38:49.335551: | certs and keys locked by 'process_secret' Sep 21 07:38:49.335554: | certs and keys unlocked by 'process_secret' Sep 21 07:38:49.335558: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:38:49.335566: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:38:49.335573: | spent 0.354 milliseconds in whack Sep 21 07:38:49.336051: | processing signal PLUTO_SIGCHLD Sep 21 07:38:49.336065: | waitpid returned pid 30575 (exited with status 0) Sep 21 07:38:49.336069: | reaped addconn helper child (status 0) Sep 21 07:38:49.336073: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:49.336078: | spent 0.0162 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:38:49.394457: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:38:49.397587: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:38:49.397602: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:38:49.397606: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:38:49.397608: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:38:49.397612: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:38:49.397661: | Added new connection northnet-eastnet with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO Sep 21 07:38:49.397720: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:38:49.397727: | from whack: got --esp=aes256-sha2 Sep 21 07:38:49.397742: | ESP/AH string values: AES_CBC_256-HMAC_SHA2_256_128 Sep 21 07:38:49.397749: | counting wild cards for 192.1.3.33 is 0 Sep 21 07:38:49.397753: | counting wild cards for 192.1.2.23 is 0 Sep 21 07:38:49.397764: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:38:49.397768: | new hp@0x5611ca743240 Sep 21 07:38:49.397772: added connection description "northnet-eastnet" Sep 21 07:38:49.397782: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO Sep 21 07:38:49.397799: | 192.0.3.0/24===192.1.3.33<192.1.3.33>...192.1.2.23<192.1.2.23>===192.0.2.0/24 Sep 21 07:38:49.397806: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:38:49.397816: | spent 0.262 milliseconds in whack Sep 21 07:38:49.487255: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:38:49.487282: | old debugging base+cpu-usage + none Sep 21 07:38:49.487285: | base debugging = base+cpu-usage Sep 21 07:38:49.487288: | old impairing none + suppress-retransmits Sep 21 07:38:49.487290: | base impairing = suppress-retransmits Sep 21 07:38:49.487297: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:38:49.487303: | spent 0.0559 milliseconds in whack Sep 21 07:38:49.643363: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:38:49.643390: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Sep 21 07:38:49.643395: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:38:49.643401: | start processing: connection "northnet-eastnet" (in initiate_a_connection() at initiate.c:186) Sep 21 07:38:49.643405: | connection 'northnet-eastnet' +POLICY_UP Sep 21 07:38:49.643409: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Sep 21 07:38:49.643412: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:38:49.643437: | creating state object #1 at 0x5611ca778590 Sep 21 07:38:49.643441: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:38:49.643449: | pstats #1 ikev2.ike started Sep 21 07:38:49.643453: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:38:49.643457: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:38:49.643464: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:38:49.643472: | suspend processing: connection "northnet-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:38:49.643478: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:38:49.643483: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:38:49.643488: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnet" IKE SA #1 "northnet-eastnet" Sep 21 07:38:49.643493: "northnet-eastnet" #1: initiating v2 parent SA Sep 21 07:38:49.643505: | constructing local IKE proposals for northnet-eastnet (IKE SA initiator selecting KE) Sep 21 07:38:49.643515: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:38:49.643530: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:38:49.643536: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:38:49.643543: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:38:49.643549: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:38:49.643556: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:38:49.643562: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:38:49.643569: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:38:49.643584: "northnet-eastnet": constructed local IKE proposals for northnet-eastnet (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:38:49.643593: | adding ikev2_outI1 KE work-order 1 for state #1 Sep 21 07:38:49.643598: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5611ca77ac40 Sep 21 07:38:49.643602: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:38:49.643607: | libevent_malloc: new ptr-libevent@0x5611ca77ac80 size 128 Sep 21 07:38:49.643620: | #1 spent 0.218 milliseconds in ikev2_parent_outI1() Sep 21 07:38:49.643624: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:38:49.643630: | RESET processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:38:49.643634: | RESET processing: connection "northnet-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:38:49.643638: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:38:49.643642: | close_any(fd@23) (in initiate_connection() at initiate.c:372) Sep 21 07:38:49.643646: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:38:49.643650: | spent 0.301 milliseconds in whack Sep 21 07:38:49.643834: | crypto helper 6 resuming Sep 21 07:38:49.643843: | crypto helper 6 starting work-order 1 for state #1 Sep 21 07:38:49.643849: | crypto helper 6 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Sep 21 07:38:49.644799: | crypto helper 6 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.000949 seconds Sep 21 07:38:49.644817: | (#1) spent 0.912 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Sep 21 07:38:49.644820: | crypto helper 6 sending results from work-order 1 for state #1 to event queue Sep 21 07:38:49.644823: | scheduling resume sending helper answer for #1 Sep 21 07:38:49.644827: | libevent_malloc: new ptr-libevent@0x7febcc006900 size 128 Sep 21 07:38:49.644836: | crypto helper 6 waiting (nothing to do) Sep 21 07:38:49.644925: | processing resume sending helper answer for #1 Sep 21 07:38:49.644940: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:38:49.644945: | crypto helper 6 replies to request ID 1 Sep 21 07:38:49.644947: | calling continuation function 0x5611c887a630 Sep 21 07:38:49.644950: | ikev2_parent_outI1_continue for #1 Sep 21 07:38:49.644983: | **emit ISAKMP Message: Sep 21 07:38:49.644987: | initiator cookie: Sep 21 07:38:49.644990: | 15 00 5c f1 36 77 c5 dc Sep 21 07:38:49.644993: | responder cookie: Sep 21 07:38:49.644995: | 00 00 00 00 00 00 00 00 Sep 21 07:38:49.644998: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:38:49.645001: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:38:49.645004: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:38:49.645007: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:38:49.645010: | Message ID: 0 (0x0) Sep 21 07:38:49.645013: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:38:49.645031: | using existing local IKE proposals for connection northnet-eastnet (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:38:49.645035: | Emitting ikev2_proposals ... Sep 21 07:38:49.645038: | ***emit IKEv2 Security Association Payload: Sep 21 07:38:49.645042: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:49.645044: | flags: none (0x0) Sep 21 07:38:49.645048: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:38:49.645051: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:38:49.645054: | discarding INTEG=NONE Sep 21 07:38:49.645057: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:38:49.645060: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:38:49.645062: | prop #: 1 (0x1) Sep 21 07:38:49.645065: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:38:49.645067: | spi size: 0 (0x0) Sep 21 07:38:49.645070: | # transforms: 11 (0xb) Sep 21 07:38:49.645073: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:38:49.645076: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645079: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645081: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:38:49.645084: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:38:49.645087: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645090: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:38:49.645093: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:38:49.645096: | length/value: 256 (0x100) Sep 21 07:38:49.645099: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:38:49.645101: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645104: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645107: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:49.645109: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:38:49.645112: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645118: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645121: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645123: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645126: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645129: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:49.645131: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:38:49.645134: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645137: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645139: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645142: | discarding INTEG=NONE Sep 21 07:38:49.645144: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645146: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645149: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.645152: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:38:49.645155: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645157: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645160: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645162: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645164: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645167: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.645170: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:38:49.645174: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645176: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645179: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645181: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645184: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645186: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.645189: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:38:49.645191: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645194: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645197: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645200: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645202: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645204: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.645207: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:38:49.645210: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645213: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645215: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645218: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645220: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645222: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.645231: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:38:49.645234: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645237: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645240: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645242: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645244: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645247: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.645249: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:38:49.645252: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645255: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645257: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645260: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645262: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645265: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.645267: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:38:49.645270: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645273: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645275: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645277: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645280: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:38:49.645282: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.645284: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:38:49.645287: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645290: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645293: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645295: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:38:49.645298: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:38:49.645301: | discarding INTEG=NONE Sep 21 07:38:49.645303: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:38:49.645306: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:38:49.645308: | prop #: 2 (0x2) Sep 21 07:38:49.645311: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:38:49.645313: | spi size: 0 (0x0) Sep 21 07:38:49.645315: | # transforms: 11 (0xb) Sep 21 07:38:49.645319: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:38:49.645321: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:38:49.645324: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645326: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645329: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:38:49.645331: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:38:49.645334: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645339: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:38:49.645342: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:38:49.645344: | length/value: 128 (0x80) Sep 21 07:38:49.645347: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:38:49.645350: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645352: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645355: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:49.645357: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:38:49.645360: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645363: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645365: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645368: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645370: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645373: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:49.645375: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:38:49.645378: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645380: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645383: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645385: | discarding INTEG=NONE Sep 21 07:38:49.645387: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645390: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645392: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.645394: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:38:49.645397: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645400: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645402: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645404: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645406: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645409: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.645411: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:38:49.645414: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645417: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645419: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645421: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645424: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645426: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.645428: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:38:49.645431: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645434: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645436: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645439: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645441: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645443: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.645449: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:38:49.645452: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645454: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645456: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645458: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645460: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645462: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.645464: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:38:49.645466: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645469: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645470: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645472: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645474: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645476: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.645478: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:38:49.645480: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645483: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645485: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645487: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645489: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645491: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.645493: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:38:49.645495: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645497: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645499: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645501: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645503: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:38:49.645505: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.645507: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:38:49.645509: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645512: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645514: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645516: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:38:49.645518: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:38:49.645520: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:38:49.645522: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:38:49.645524: | prop #: 3 (0x3) Sep 21 07:38:49.645526: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:38:49.645528: | spi size: 0 (0x0) Sep 21 07:38:49.645530: | # transforms: 13 (0xd) Sep 21 07:38:49.645533: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:38:49.645539: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:38:49.645542: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645544: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645546: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:38:49.645548: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:38:49.645550: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645553: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:38:49.645555: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:38:49.645558: | length/value: 256 (0x100) Sep 21 07:38:49.645560: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:38:49.645562: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645564: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645566: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:49.645569: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:38:49.645571: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645574: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645577: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645579: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645581: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645583: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:49.645586: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:38:49.645589: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645591: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645594: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645596: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645598: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645600: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:38:49.645603: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:38:49.645606: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645608: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645611: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645613: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645615: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645617: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:38:49.645620: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:38:49.645622: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645625: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645627: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645630: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645632: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645634: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.645637: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:38:49.645639: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645645: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645648: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645650: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645653: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645655: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.645657: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:38:49.645660: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645663: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645665: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645668: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645670: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645672: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.645674: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:38:49.645677: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645680: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645682: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645684: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645687: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645689: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.645691: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:38:49.645694: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645697: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645699: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645702: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645704: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645706: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.645708: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:38:49.645711: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645714: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645716: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645718: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645721: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645723: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.645725: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:38:49.645729: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645731: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645734: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645737: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645739: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645743: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.645745: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:38:49.645748: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645751: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645753: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645755: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645758: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:38:49.645760: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.645762: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:38:49.645765: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645768: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645771: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645773: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:38:49.645776: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:38:49.645779: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:38:49.645782: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:38:49.645797: | prop #: 4 (0x4) Sep 21 07:38:49.645800: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:38:49.645803: | spi size: 0 (0x0) Sep 21 07:38:49.645805: | # transforms: 13 (0xd) Sep 21 07:38:49.645809: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:38:49.645813: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:38:49.645817: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645820: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645823: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:38:49.645826: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:38:49.645830: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645833: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:38:49.645837: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:38:49.645840: | length/value: 128 (0x80) Sep 21 07:38:49.645843: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:38:49.645846: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645849: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645852: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:49.645855: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:38:49.645864: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645868: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645871: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645874: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645878: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645881: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:49.645884: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:38:49.645888: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645894: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645898: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645901: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645904: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645907: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:38:49.645910: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:38:49.645914: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645918: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645921: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645924: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645927: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645930: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:38:49.645934: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:38:49.645938: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645942: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645945: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645948: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645951: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645954: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.645957: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:38:49.645962: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645966: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645969: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645972: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645975: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645978: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.645981: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:38:49.645985: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.645989: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.645993: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.645996: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.645999: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.646002: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.646005: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:38:49.646009: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.646013: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.646017: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.646020: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.646023: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.646026: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.646029: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:38:49.646034: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.646038: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.646042: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.646045: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.646048: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.646051: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.646054: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:38:49.646058: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.646062: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.646065: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.646068: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.646071: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.646074: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.646077: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:38:49.646082: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.646086: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.646089: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.646092: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.646095: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.646098: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.646101: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:38:49.646105: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.646109: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.646112: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.646115: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.646119: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:38:49.646121: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.646125: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:38:49.646129: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.646133: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.646136: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.646139: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:38:49.646143: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:38:49.646147: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:38:49.646151: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:38:49.646154: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:38:49.646157: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:49.646160: | flags: none (0x0) Sep 21 07:38:49.646163: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:38:49.646167: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:38:49.646172: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:38:49.646176: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:38:49.646180: | ikev2 g^x c0 a3 44 9d b1 55 f0 29 98 68 d4 4e e5 71 b0 b7 Sep 21 07:38:49.646183: | ikev2 g^x a7 3f 41 54 ef e3 9d 32 6a b2 28 95 3d 45 3e 8b Sep 21 07:38:49.646186: | ikev2 g^x 55 22 62 03 e6 09 0d 8e 9f 7a 78 7e 8c 2c 69 f3 Sep 21 07:38:49.646189: | ikev2 g^x ee f6 fe 76 15 82 47 f2 ea 16 e3 58 24 8b 76 d1 Sep 21 07:38:49.646192: | ikev2 g^x 7a fb 6e 51 63 55 b5 f8 fd 00 7d e1 f9 dc 4c d7 Sep 21 07:38:49.646195: | ikev2 g^x 02 72 e7 b7 25 40 86 91 e3 8d be 33 64 89 7b 08 Sep 21 07:38:49.646198: | ikev2 g^x fc 29 ac a2 94 9a bd e7 dc 22 68 57 be 74 0a b0 Sep 21 07:38:49.646201: | ikev2 g^x 32 71 ae b3 a9 c5 d7 d6 88 58 de ab 44 86 8a ab Sep 21 07:38:49.646204: | ikev2 g^x 77 7d 82 aa 85 8a 7d 5c 5e 2e e4 87 c3 64 2b 49 Sep 21 07:38:49.646207: | ikev2 g^x a7 56 6f 3b 70 34 d8 27 83 7b 19 4e ca 65 63 a3 Sep 21 07:38:49.646210: | ikev2 g^x 1b cb 0b 58 c0 77 af 6a 73 42 71 7a 78 3f 8c 45 Sep 21 07:38:49.646213: | ikev2 g^x b7 73 3d 28 ee 1a ff 23 8a 27 11 12 c8 f1 e3 87 Sep 21 07:38:49.646216: | ikev2 g^x ec 01 12 0e 14 b2 bd b2 bb 68 91 24 6d f5 a2 40 Sep 21 07:38:49.646219: | ikev2 g^x 3d 0d bb ba 32 b8 55 47 87 85 d8 37 3f f3 c8 f3 Sep 21 07:38:49.646222: | ikev2 g^x e5 90 56 68 c6 0e c7 96 d4 c4 d1 25 00 8f 3e 62 Sep 21 07:38:49.646225: | ikev2 g^x c3 f0 05 0c 35 ce c3 b0 ed 16 ff f7 87 a0 d8 6c Sep 21 07:38:49.646228: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:38:49.646231: | ***emit IKEv2 Nonce Payload: Sep 21 07:38:49.646234: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:38:49.646237: | flags: none (0x0) Sep 21 07:38:49.646241: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:38:49.646245: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:38:49.646249: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:38:49.646252: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:38:49.646255: | IKEv2 nonce de 52 5e 64 6f c1 ba b3 14 57 90 1f e7 c0 cc 05 Sep 21 07:38:49.646258: | IKEv2 nonce b3 b7 f8 0d 07 c1 11 68 98 f1 d6 6e 29 be 04 ed Sep 21 07:38:49.646261: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:38:49.646264: | Adding a v2N Payload Sep 21 07:38:49.646267: | ***emit IKEv2 Notify Payload: Sep 21 07:38:49.646270: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:49.646273: | flags: none (0x0) Sep 21 07:38:49.646276: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:49.646279: | SPI size: 0 (0x0) Sep 21 07:38:49.646283: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:38:49.646287: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:38:49.646291: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:38:49.646294: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:38:49.646298: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:38:49.646301: | natd_hash: rcookie is zero Sep 21 07:38:49.646320: | natd_hash: hasher=0x5611c89507a0(20) Sep 21 07:38:49.646323: | natd_hash: icookie= 15 00 5c f1 36 77 c5 dc Sep 21 07:38:49.646326: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:38:49.646329: | natd_hash: ip= c0 01 03 21 Sep 21 07:38:49.646332: | natd_hash: port= 01 f4 Sep 21 07:38:49.646335: | natd_hash: hash= 1b 9f 81 31 ed 65 89 e4 da 0c f2 e8 e1 58 20 f7 Sep 21 07:38:49.646338: | natd_hash: hash= 32 49 8d 9b Sep 21 07:38:49.646342: | Adding a v2N Payload Sep 21 07:38:49.646345: | ***emit IKEv2 Notify Payload: Sep 21 07:38:49.646348: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:49.646351: | flags: none (0x0) Sep 21 07:38:49.646353: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:49.646356: | SPI size: 0 (0x0) Sep 21 07:38:49.646359: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:38:49.646364: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:38:49.646367: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:38:49.646371: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:38:49.646374: | Notify data 1b 9f 81 31 ed 65 89 e4 da 0c f2 e8 e1 58 20 f7 Sep 21 07:38:49.646377: | Notify data 32 49 8d 9b Sep 21 07:38:49.646380: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:38:49.646382: | natd_hash: rcookie is zero Sep 21 07:38:49.646389: | natd_hash: hasher=0x5611c89507a0(20) Sep 21 07:38:49.646392: | natd_hash: icookie= 15 00 5c f1 36 77 c5 dc Sep 21 07:38:49.646395: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:38:49.646398: | natd_hash: ip= c0 01 02 17 Sep 21 07:38:49.646400: | natd_hash: port= 01 f4 Sep 21 07:38:49.646404: | natd_hash: hash= be 0e d5 1e 8b bd 25 e2 a0 0d 5b 26 25 3c fb 5c Sep 21 07:38:49.646406: | natd_hash: hash= aa 87 9f 5d Sep 21 07:38:49.646409: | Adding a v2N Payload Sep 21 07:38:49.646411: | ***emit IKEv2 Notify Payload: Sep 21 07:38:49.646414: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:49.646417: | flags: none (0x0) Sep 21 07:38:49.646420: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:49.646423: | SPI size: 0 (0x0) Sep 21 07:38:49.646426: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:38:49.646430: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:38:49.646434: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:38:49.646437: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:38:49.646440: | Notify data be 0e d5 1e 8b bd 25 e2 a0 0d 5b 26 25 3c fb 5c Sep 21 07:38:49.646443: | Notify data aa 87 9f 5d Sep 21 07:38:49.646446: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:38:49.646449: | emitting length of ISAKMP Message: 828 Sep 21 07:38:49.646460: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:38:49.646471: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:38:49.646476: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:38:49.646480: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:38:49.646484: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:38:49.646488: | Message ID: updating counters for #1 to 4294967295 after switching state Sep 21 07:38:49.646491: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:38:49.646498: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:38:49.646501: "northnet-eastnet" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:38:49.646514: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:38:49.646528: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:38:49.646531: | 15 00 5c f1 36 77 c5 dc 00 00 00 00 00 00 00 00 Sep 21 07:38:49.646534: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:38:49.646537: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:38:49.646541: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:38:49.646544: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:38:49.646547: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:38:49.646550: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:38:49.646552: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:38:49.646555: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:38:49.646558: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:38:49.646561: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:38:49.646564: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:38:49.646567: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:38:49.646569: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:38:49.646572: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:38:49.646575: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:38:49.646578: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:38:49.646581: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:38:49.646584: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:38:49.646587: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:38:49.646590: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:38:49.646592: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:38:49.646595: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:38:49.646598: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:38:49.646601: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:38:49.646604: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:38:49.646607: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:38:49.646610: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:38:49.646613: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:38:49.646615: | 28 00 01 08 00 0e 00 00 c0 a3 44 9d b1 55 f0 29 Sep 21 07:38:49.646618: | 98 68 d4 4e e5 71 b0 b7 a7 3f 41 54 ef e3 9d 32 Sep 21 07:38:49.646621: | 6a b2 28 95 3d 45 3e 8b 55 22 62 03 e6 09 0d 8e Sep 21 07:38:49.646624: | 9f 7a 78 7e 8c 2c 69 f3 ee f6 fe 76 15 82 47 f2 Sep 21 07:38:49.646627: | ea 16 e3 58 24 8b 76 d1 7a fb 6e 51 63 55 b5 f8 Sep 21 07:38:49.646630: | fd 00 7d e1 f9 dc 4c d7 02 72 e7 b7 25 40 86 91 Sep 21 07:38:49.646632: | e3 8d be 33 64 89 7b 08 fc 29 ac a2 94 9a bd e7 Sep 21 07:38:49.646635: | dc 22 68 57 be 74 0a b0 32 71 ae b3 a9 c5 d7 d6 Sep 21 07:38:49.646638: | 88 58 de ab 44 86 8a ab 77 7d 82 aa 85 8a 7d 5c Sep 21 07:38:49.646641: | 5e 2e e4 87 c3 64 2b 49 a7 56 6f 3b 70 34 d8 27 Sep 21 07:38:49.646644: | 83 7b 19 4e ca 65 63 a3 1b cb 0b 58 c0 77 af 6a Sep 21 07:38:49.646647: | 73 42 71 7a 78 3f 8c 45 b7 73 3d 28 ee 1a ff 23 Sep 21 07:38:49.646650: | 8a 27 11 12 c8 f1 e3 87 ec 01 12 0e 14 b2 bd b2 Sep 21 07:38:49.646652: | bb 68 91 24 6d f5 a2 40 3d 0d bb ba 32 b8 55 47 Sep 21 07:38:49.646655: | 87 85 d8 37 3f f3 c8 f3 e5 90 56 68 c6 0e c7 96 Sep 21 07:38:49.646658: | d4 c4 d1 25 00 8f 3e 62 c3 f0 05 0c 35 ce c3 b0 Sep 21 07:38:49.646661: | ed 16 ff f7 87 a0 d8 6c 29 00 00 24 de 52 5e 64 Sep 21 07:38:49.646663: | 6f c1 ba b3 14 57 90 1f e7 c0 cc 05 b3 b7 f8 0d Sep 21 07:38:49.646666: | 07 c1 11 68 98 f1 d6 6e 29 be 04 ed 29 00 00 08 Sep 21 07:38:49.646669: | 00 00 40 2e 29 00 00 1c 00 00 40 04 1b 9f 81 31 Sep 21 07:38:49.646671: | ed 65 89 e4 da 0c f2 e8 e1 58 20 f7 32 49 8d 9b Sep 21 07:38:49.646674: | 00 00 00 1c 00 00 40 05 be 0e d5 1e 8b bd 25 e2 Sep 21 07:38:49.646677: | a0 0d 5b 26 25 3c fb 5c aa 87 9f 5d Sep 21 07:38:49.646775: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:38:49.646782: | libevent_free: release ptr-libevent@0x5611ca77ac80 Sep 21 07:38:49.646792: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5611ca77ac40 Sep 21 07:38:49.646799: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:38:49.646802: "northnet-eastnet" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:38:49.646811: | event_schedule: new EVENT_RETRANSMIT-pe@0x5611ca77ac40 Sep 21 07:38:49.646816: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Sep 21 07:38:49.646819: | libevent_malloc: new ptr-libevent@0x5611ca77ac80 size 128 Sep 21 07:38:49.646826: | #1 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 50176.015074 Sep 21 07:38:49.646830: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Sep 21 07:38:49.647788: | #1 spent 1.81 milliseconds in resume sending helper answer Sep 21 07:38:49.647801: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:38:49.647806: | libevent_free: release ptr-libevent@0x7febcc006900 Sep 21 07:38:49.650624: | spent 0.00293 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:38:49.650647: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:38:49.650651: | 15 00 5c f1 36 77 c5 dc e3 fe e0 15 e4 b7 70 02 Sep 21 07:38:49.650654: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Sep 21 07:38:49.650657: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:38:49.650659: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:38:49.650662: | 04 00 00 0e 28 00 01 08 00 0e 00 00 85 c0 f3 c0 Sep 21 07:38:49.650665: | 3b 8a b5 c3 79 9a d0 f7 64 79 43 fb f0 42 e2 de Sep 21 07:38:49.650667: | 45 fa 46 04 e8 e3 c6 5e ad 14 96 22 ad 8e db f9 Sep 21 07:38:49.650670: | 67 07 a2 80 79 73 09 0b 48 ee b2 46 31 5b 7c 8a Sep 21 07:38:49.650673: | d0 ee e4 5a c0 85 88 9c 48 48 7e 31 9e c8 d3 09 Sep 21 07:38:49.650676: | 94 c4 ac 8c 78 17 9b 65 09 95 ff 70 6b d1 07 e8 Sep 21 07:38:49.650678: | e6 74 d0 28 ad 83 c7 0d 32 c3 e3 29 50 77 e9 fe Sep 21 07:38:49.650681: | 3a 94 84 1e e5 25 b4 6e 04 30 97 8c 49 fa e5 90 Sep 21 07:38:49.650684: | 08 c8 e0 fd c9 8e 19 12 86 75 0e 89 5a 52 0d 4b Sep 21 07:38:49.650686: | 05 ff 4d 3b 71 50 39 76 3e 5b 95 9e c5 3a 24 c6 Sep 21 07:38:49.650689: | 68 dc b0 08 4e 42 74 e4 f9 4a a6 5a 20 ac c1 25 Sep 21 07:38:49.650692: | c3 97 61 7c 57 ff 3c 58 28 92 58 34 75 e2 c6 1c Sep 21 07:38:49.650694: | fa 8c c7 0b c6 9c c2 cc fa e6 98 f0 8d 0a 9e 97 Sep 21 07:38:49.650697: | 48 4b 8d c2 07 ea 4b 22 13 87 30 ec 51 47 ff 69 Sep 21 07:38:49.650700: | cb a1 0f 81 c7 1c a5 e9 e3 cf 89 b5 d6 4f 5a c5 Sep 21 07:38:49.650703: | b4 af 04 97 4f 2c 5c d4 c6 9d 34 c0 24 b2 b4 e7 Sep 21 07:38:49.650705: | c7 47 fa a3 b1 f0 98 fc c5 74 e6 61 29 00 00 24 Sep 21 07:38:49.650708: | 9c de 09 fa fb ed eb 21 ac c1 1d 99 79 2a 90 95 Sep 21 07:38:49.650711: | 7a 39 4b 21 de 91 66 5b 49 8d 29 3c a7 54 c6 a9 Sep 21 07:38:49.650713: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:38:49.650716: | 38 51 e1 cc fe 74 a4 c1 13 59 6b d5 68 0e 03 5f Sep 21 07:38:49.650719: | 53 7b aa 51 00 00 00 1c 00 00 40 05 b7 c9 bf fb Sep 21 07:38:49.650721: | 5d bb d7 b6 e5 38 37 18 28 3d e0 da 62 e2 48 54 Sep 21 07:38:49.650726: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:38:49.650730: | **parse ISAKMP Message: Sep 21 07:38:49.650733: | initiator cookie: Sep 21 07:38:49.650736: | 15 00 5c f1 36 77 c5 dc Sep 21 07:38:49.650738: | responder cookie: Sep 21 07:38:49.650741: | e3 fe e0 15 e4 b7 70 02 Sep 21 07:38:49.650744: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:38:49.650747: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:38:49.650750: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:38:49.650753: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:38:49.650756: | Message ID: 0 (0x0) Sep 21 07:38:49.650761: | length: 432 (0x1b0) Sep 21 07:38:49.650764: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:38:49.650768: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Sep 21 07:38:49.650773: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Sep 21 07:38:49.650779: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:38:49.650789: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:38:49.650794: | #1 is idle Sep 21 07:38:49.650796: | #1 idle Sep 21 07:38:49.650799: | unpacking clear payload Sep 21 07:38:49.650802: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:38:49.650805: | ***parse IKEv2 Security Association Payload: Sep 21 07:38:49.650808: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:38:49.650811: | flags: none (0x0) Sep 21 07:38:49.650814: | length: 40 (0x28) Sep 21 07:38:49.650817: | processing payload: ISAKMP_NEXT_v2SA (len=36) Sep 21 07:38:49.650819: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:38:49.650823: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:38:49.650825: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:38:49.650828: | flags: none (0x0) Sep 21 07:38:49.650831: | length: 264 (0x108) Sep 21 07:38:49.650833: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:38:49.650923: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:38:49.650928: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:38:49.650931: | ***parse IKEv2 Nonce Payload: Sep 21 07:38:49.650934: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:38:49.650937: | flags: none (0x0) Sep 21 07:38:49.650939: | length: 36 (0x24) Sep 21 07:38:49.650942: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:38:49.650945: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:38:49.650948: | ***parse IKEv2 Notify Payload: Sep 21 07:38:49.650951: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:38:49.650954: | flags: none (0x0) Sep 21 07:38:49.650957: | length: 8 (0x8) Sep 21 07:38:49.650959: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:49.650962: | SPI size: 0 (0x0) Sep 21 07:38:49.650966: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:38:49.650968: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:38:49.650971: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:38:49.650974: | ***parse IKEv2 Notify Payload: Sep 21 07:38:49.650977: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:38:49.650980: | flags: none (0x0) Sep 21 07:38:49.650982: | length: 28 (0x1c) Sep 21 07:38:49.650985: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:49.650988: | SPI size: 0 (0x0) Sep 21 07:38:49.650991: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:38:49.650994: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:38:49.650997: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:38:49.650999: | ***parse IKEv2 Notify Payload: Sep 21 07:38:49.651002: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:49.651005: | flags: none (0x0) Sep 21 07:38:49.651008: | length: 28 (0x1c) Sep 21 07:38:49.651010: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:49.651013: | SPI size: 0 (0x0) Sep 21 07:38:49.651016: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:38:49.651019: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:38:49.651023: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Sep 21 07:38:49.651030: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:38:49.651033: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:38:49.651036: | Now let's proceed with state specific processing Sep 21 07:38:49.651039: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:38:49.651046: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Sep 21 07:38:49.651071: | using existing local IKE proposals for connection northnet-eastnet (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:38:49.651076: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Sep 21 07:38:49.651079: | local proposal 1 type ENCR has 1 transforms Sep 21 07:38:49.651082: | local proposal 1 type PRF has 2 transforms Sep 21 07:38:49.651085: | local proposal 1 type INTEG has 1 transforms Sep 21 07:38:49.651088: | local proposal 1 type DH has 8 transforms Sep 21 07:38:49.651091: | local proposal 1 type ESN has 0 transforms Sep 21 07:38:49.651095: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:38:49.651098: | local proposal 2 type ENCR has 1 transforms Sep 21 07:38:49.651101: | local proposal 2 type PRF has 2 transforms Sep 21 07:38:49.651104: | local proposal 2 type INTEG has 1 transforms Sep 21 07:38:49.651106: | local proposal 2 type DH has 8 transforms Sep 21 07:38:49.651109: | local proposal 2 type ESN has 0 transforms Sep 21 07:38:49.651113: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:38:49.651116: | local proposal 3 type ENCR has 1 transforms Sep 21 07:38:49.651119: | local proposal 3 type PRF has 2 transforms Sep 21 07:38:49.651122: | local proposal 3 type INTEG has 2 transforms Sep 21 07:38:49.651124: | local proposal 3 type DH has 8 transforms Sep 21 07:38:49.651127: | local proposal 3 type ESN has 0 transforms Sep 21 07:38:49.651131: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:38:49.651134: | local proposal 4 type ENCR has 1 transforms Sep 21 07:38:49.651137: | local proposal 4 type PRF has 2 transforms Sep 21 07:38:49.651140: | local proposal 4 type INTEG has 2 transforms Sep 21 07:38:49.651142: | local proposal 4 type DH has 8 transforms Sep 21 07:38:49.651145: | local proposal 4 type ESN has 0 transforms Sep 21 07:38:49.651149: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:38:49.651152: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:38:49.651155: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:38:49.651158: | length: 36 (0x24) Sep 21 07:38:49.651160: | prop #: 1 (0x1) Sep 21 07:38:49.651163: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:38:49.651166: | spi size: 0 (0x0) Sep 21 07:38:49.651169: | # transforms: 3 (0x3) Sep 21 07:38:49.651173: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:38:49.651177: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:49.651180: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.651182: | length: 12 (0xc) Sep 21 07:38:49.651185: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:38:49.651188: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:38:49.651191: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:38:49.651194: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:38:49.651197: | length/value: 256 (0x100) Sep 21 07:38:49.651202: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:38:49.651205: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:49.651208: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.651212: | length: 8 (0x8) Sep 21 07:38:49.651215: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:49.651218: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:38:49.651222: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:38:49.651226: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:49.651228: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:38:49.651231: | length: 8 (0x8) Sep 21 07:38:49.651234: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:49.651237: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:38:49.651241: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:38:49.651246: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:38:49.651251: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:38:49.651254: | remote proposal 1 matches local proposal 1 Sep 21 07:38:49.651258: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Sep 21 07:38:49.651261: | converting proposal to internal trans attrs Sep 21 07:38:49.651275: | natd_hash: hasher=0x5611c89507a0(20) Sep 21 07:38:49.651278: | natd_hash: icookie= 15 00 5c f1 36 77 c5 dc Sep 21 07:38:49.651281: | natd_hash: rcookie= e3 fe e0 15 e4 b7 70 02 Sep 21 07:38:49.651283: | natd_hash: ip= c0 01 03 21 Sep 21 07:38:49.651286: | natd_hash: port= 01 f4 Sep 21 07:38:49.651289: | natd_hash: hash= b7 c9 bf fb 5d bb d7 b6 e5 38 37 18 28 3d e0 da Sep 21 07:38:49.651291: | natd_hash: hash= 62 e2 48 54 Sep 21 07:38:49.651298: | natd_hash: hasher=0x5611c89507a0(20) Sep 21 07:38:49.651300: | natd_hash: icookie= 15 00 5c f1 36 77 c5 dc Sep 21 07:38:49.651303: | natd_hash: rcookie= e3 fe e0 15 e4 b7 70 02 Sep 21 07:38:49.651306: | natd_hash: ip= c0 01 02 17 Sep 21 07:38:49.651308: | natd_hash: port= 01 f4 Sep 21 07:38:49.651311: | natd_hash: hash= 38 51 e1 cc fe 74 a4 c1 13 59 6b d5 68 0e 03 5f Sep 21 07:38:49.651313: | natd_hash: hash= 53 7b aa 51 Sep 21 07:38:49.651316: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:38:49.651319: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:38:49.651322: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:38:49.651325: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:38:49.651331: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:38:49.651336: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Sep 21 07:38:49.651339: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:38:49.651342: | #1 STATE_PARENT_I1: retransmits: cleared Sep 21 07:38:49.651346: | libevent_free: release ptr-libevent@0x5611ca77ac80 Sep 21 07:38:49.651349: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5611ca77ac40 Sep 21 07:38:49.651353: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5611ca77ac40 Sep 21 07:38:49.651357: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:38:49.651360: | libevent_malloc: new ptr-libevent@0x5611ca77ac80 size 128 Sep 21 07:38:49.651371: | #1 spent 0.323 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Sep 21 07:38:49.651378: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:38:49.651382: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Sep 21 07:38:49.651385: | suspending state #1 and saving MD Sep 21 07:38:49.651388: | #1 is busy; has a suspended MD Sep 21 07:38:49.651393: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:38:49.651398: | "northnet-eastnet" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:38:49.651405: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:38:49.651410: | #1 spent 0.702 milliseconds in ikev2_process_packet() Sep 21 07:38:49.651414: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:38:49.651418: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:38:49.651421: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:38:49.651426: | spent 0.718 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:38:49.651435: | crypto helper 4 resuming Sep 21 07:38:49.651440: | crypto helper 4 starting work-order 2 for state #1 Sep 21 07:38:49.651444: | crypto helper 4 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Sep 21 07:38:49.652398: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:38:49.652817: | crypto helper 4 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001372 seconds Sep 21 07:38:49.652826: | (#1) spent 1.38 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Sep 21 07:38:49.652831: | crypto helper 4 sending results from work-order 2 for state #1 to event queue Sep 21 07:38:49.652834: | scheduling resume sending helper answer for #1 Sep 21 07:38:49.652838: | libevent_malloc: new ptr-libevent@0x7febc4006b90 size 128 Sep 21 07:38:49.652846: | crypto helper 4 waiting (nothing to do) Sep 21 07:38:49.652857: | processing resume sending helper answer for #1 Sep 21 07:38:49.652864: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:38:49.652868: | crypto helper 4 replies to request ID 2 Sep 21 07:38:49.652871: | calling continuation function 0x5611c887a630 Sep 21 07:38:49.652874: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Sep 21 07:38:49.652882: | creating state object #2 at 0x5611ca77d580 Sep 21 07:38:49.652885: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:38:49.652889: | pstats #2 ikev2.child started Sep 21 07:38:49.652893: | duplicating state object #1 "northnet-eastnet" as #2 for IPSEC SA Sep 21 07:38:49.652899: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:38:49.652906: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:38:49.652911: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Sep 21 07:38:49.652917: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Sep 21 07:38:49.652921: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:38:49.652924: | libevent_free: release ptr-libevent@0x5611ca77ac80 Sep 21 07:38:49.652928: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5611ca77ac40 Sep 21 07:38:49.652931: | event_schedule: new EVENT_SA_REPLACE-pe@0x5611ca77ac40 Sep 21 07:38:49.652935: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Sep 21 07:38:49.652938: | libevent_malloc: new ptr-libevent@0x5611ca77ac80 size 128 Sep 21 07:38:49.652942: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Sep 21 07:38:49.652948: | **emit ISAKMP Message: Sep 21 07:38:49.652951: | initiator cookie: Sep 21 07:38:49.652954: | 15 00 5c f1 36 77 c5 dc Sep 21 07:38:49.652957: | responder cookie: Sep 21 07:38:49.652959: | e3 fe e0 15 e4 b7 70 02 Sep 21 07:38:49.652962: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:38:49.652965: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:38:49.652968: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:38:49.652971: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:38:49.652978: | Message ID: 1 (0x1) Sep 21 07:38:49.652982: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:38:49.652985: | ***emit IKEv2 Encryption Payload: Sep 21 07:38:49.652989: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:49.652991: | flags: none (0x0) Sep 21 07:38:49.652995: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:38:49.652999: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:38:49.653003: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:38:49.653011: | IKEv2 CERT: send a certificate? Sep 21 07:38:49.653015: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Sep 21 07:38:49.653018: | IDr payload will NOT be sent Sep 21 07:38:49.653032: | ****emit IKEv2 Identification - Initiator - Payload: Sep 21 07:38:49.653036: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:49.653038: | flags: none (0x0) Sep 21 07:38:49.653041: | ID type: ID_IPV4_ADDR (0x1) Sep 21 07:38:49.653046: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Sep 21 07:38:49.653049: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:38:49.653053: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Sep 21 07:38:49.653056: | my identity c0 01 03 21 Sep 21 07:38:49.653059: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Sep 21 07:38:49.653067: | not sending INITIAL_CONTACT Sep 21 07:38:49.653071: | ****emit IKEv2 Authentication Payload: Sep 21 07:38:49.653074: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:49.653076: | flags: none (0x0) Sep 21 07:38:49.653079: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:38:49.653084: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:38:49.653087: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:38:49.653091: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Sep 21 07:38:49.653098: | started looking for secret for 192.1.3.33->192.1.2.23 of kind PKK_PSK Sep 21 07:38:49.653102: | actually looking for secret for 192.1.3.33->192.1.2.23 of kind PKK_PSK Sep 21 07:38:49.653106: | line 1: key type PKK_PSK(192.1.3.33) to type PKK_PSK Sep 21 07:38:49.653112: | 1: compared key (none) to 192.1.3.33 / 192.1.2.23 -> 002 Sep 21 07:38:49.653117: | 2: compared key (none) to 192.1.3.33 / 192.1.2.23 -> 002 Sep 21 07:38:49.653120: | line 1: match=002 Sep 21 07:38:49.653123: | match 002 beats previous best_match 000 match=0x5611ca76bfe0 (line=1) Sep 21 07:38:49.653126: | concluding with best_match=002 best=0x5611ca76bfe0 (lineno=1) Sep 21 07:38:49.653184: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Sep 21 07:38:49.653188: | PSK auth 82 f1 ba 9b 14 5d 15 7e 59 b8 03 56 da ae b1 7b Sep 21 07:38:49.653191: | PSK auth 1d ca 5d c0 50 33 bd b6 2f 0d cc c8 2d b0 a2 84 Sep 21 07:38:49.653194: | PSK auth 99 c7 9f 66 53 c8 61 6a f1 3a c0 01 6c 20 0e ad Sep 21 07:38:49.653197: | PSK auth 7d 5b 97 04 6d b2 f6 50 03 ea 2c 4e 7b 61 53 3c Sep 21 07:38:49.653200: | emitting length of IKEv2 Authentication Payload: 72 Sep 21 07:38:49.653203: | getting first pending from state #1 Sep 21 07:38:49.653222: | netlink_get_spi: allocated 0x4b540562 for esp.0@192.1.3.33 Sep 21 07:38:49.653227: | constructing ESP/AH proposals with all DH removed for northnet-eastnet (IKE SA initiator emitting ESP/AH proposals) Sep 21 07:38:49.653232: | converting proposal AES_CBC_256-HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:38:49.653238: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:38:49.653249: "northnet-eastnet": constructed local ESP/AH proposals for northnet-eastnet (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:38:49.653260: | Emitting ikev2_proposals ... Sep 21 07:38:49.653263: | ****emit IKEv2 Security Association Payload: Sep 21 07:38:49.653266: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:49.653269: | flags: none (0x0) Sep 21 07:38:49.653273: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:38:49.653277: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:38:49.653280: | discarding DH=NONE Sep 21 07:38:49.653283: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:38:49.653286: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:38:49.653288: | prop #: 1 (0x1) Sep 21 07:38:49.653291: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:38:49.653294: | spi size: 4 (0x4) Sep 21 07:38:49.653297: | # transforms: 3 (0x3) Sep 21 07:38:49.653300: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:38:49.653304: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:38:49.653307: | our spi 4b 54 05 62 Sep 21 07:38:49.653309: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.653312: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.653315: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:38:49.653318: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:38:49.653322: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.653325: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:38:49.653328: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:38:49.653331: | length/value: 256 (0x100) Sep 21 07:38:49.653334: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:38:49.653337: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.653340: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.653343: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:38:49.653346: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:38:49.653350: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.653354: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.653358: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.653361: | discarding DH=NONE Sep 21 07:38:49.653363: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:38:49.653366: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:38:49.653369: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:38:49.653372: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:38:49.653376: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.653380: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:49.653383: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:49.653386: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:38:49.653390: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:38:49.653393: | emitting length of IKEv2 Security Association Payload: 44 Sep 21 07:38:49.653396: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:38:49.653402: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:38:49.653405: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:49.653408: | flags: none (0x0) Sep 21 07:38:49.653410: | number of TS: 1 (0x1) Sep 21 07:38:49.653415: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:38:49.653418: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:38:49.653421: | *****emit IKEv2 Traffic Selector: Sep 21 07:38:49.653424: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:38:49.653427: | IP Protocol ID: 0 (0x0) Sep 21 07:38:49.653430: | start port: 0 (0x0) Sep 21 07:38:49.653433: | end port: 65535 (0xffff) Sep 21 07:38:49.653436: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:38:49.653439: | IP start c0 00 03 00 Sep 21 07:38:49.653442: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:38:49.653444: | IP end c0 00 03 ff Sep 21 07:38:49.653447: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:38:49.653450: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:38:49.653453: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:38:49.653456: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:49.653459: | flags: none (0x0) Sep 21 07:38:49.653461: | number of TS: 1 (0x1) Sep 21 07:38:49.653466: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:38:49.653469: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:38:49.653472: | *****emit IKEv2 Traffic Selector: Sep 21 07:38:49.653475: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:38:49.653478: | IP Protocol ID: 0 (0x0) Sep 21 07:38:49.653480: | start port: 0 (0x0) Sep 21 07:38:49.653483: | end port: 65535 (0xffff) Sep 21 07:38:49.653486: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:38:49.653489: | IP start c0 00 02 00 Sep 21 07:38:49.653492: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:38:49.653494: | IP end c0 00 02 ff Sep 21 07:38:49.653497: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:38:49.653500: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:38:49.653503: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:38:49.653507: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:38:49.653509: | Adding a v2N Payload Sep 21 07:38:49.653512: | ****emit IKEv2 Notify Payload: Sep 21 07:38:49.653515: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:49.653517: | flags: none (0x0) Sep 21 07:38:49.653520: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:49.653523: | SPI size: 0 (0x0) Sep 21 07:38:49.653526: | Notify Message Type: v2N_MOBIKE_SUPPORTED (0x400c) Sep 21 07:38:49.653530: | next payload chain: setting previous 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:38:49.653533: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:38:49.653537: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:38:49.653540: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:38:49.653544: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:38:49.653547: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:38:49.653550: | emitting length of IKEv2 Encryption Payload: 213 Sep 21 07:38:49.653554: | emitting length of ISAKMP Message: 241 Sep 21 07:38:49.653568: | suspend processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:38:49.653574: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:38:49.653580: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Sep 21 07:38:49.653583: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Sep 21 07:38:49.653587: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Sep 21 07:38:49.653590: | Message ID: updating counters for #2 to 0 after switching state Sep 21 07:38:49.653596: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Sep 21 07:38:49.653602: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Sep 21 07:38:49.653607: "northnet-eastnet" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:38:49.653617: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:38:49.653624: | sending 241 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:38:49.653627: | 15 00 5c f1 36 77 c5 dc e3 fe e0 15 e4 b7 70 02 Sep 21 07:38:49.653630: | 2e 20 23 08 00 00 00 01 00 00 00 f1 23 00 00 d5 Sep 21 07:38:49.653632: | 37 6b 03 af 75 47 1a 49 b3 0a e6 85 1f 42 d5 a6 Sep 21 07:38:49.653636: | a3 1b b0 7c a8 54 95 99 91 e8 64 90 5d b5 b5 55 Sep 21 07:38:49.653639: | 91 b2 12 97 0c e5 9b 4f 0f 9e 7c 58 4c 27 33 d5 Sep 21 07:38:49.653641: | ba 06 28 ef 5e 83 12 bb f1 94 7a 2b 46 25 83 c0 Sep 21 07:38:49.653644: | 80 37 5a e3 99 d5 bb c9 f8 53 c1 c1 5e 50 3f 37 Sep 21 07:38:49.653647: | 2e 26 a1 65 d6 3a b8 d2 09 09 2e 41 77 2c 10 60 Sep 21 07:38:49.653650: | 1c 6c 34 f1 9a bd e4 dc db 4f 93 23 b0 59 b3 44 Sep 21 07:38:49.653652: | a7 08 f5 03 04 43 e5 92 a1 f4 e6 a6 4e 32 1d 4b Sep 21 07:38:49.653655: | 57 6f 1a 32 ae 3c 5c 42 79 86 85 84 e7 30 de 34 Sep 21 07:38:49.653658: | f0 32 b7 27 2e aa 43 53 72 29 00 52 3f cd f4 53 Sep 21 07:38:49.653661: | 73 44 83 8a 26 5e 0e f4 0a 57 e1 d9 e9 dc fc 03 Sep 21 07:38:49.653664: | f4 c6 22 9b d2 d4 71 b3 cf 7e 41 cc c8 63 46 43 Sep 21 07:38:49.653666: | db 09 81 bf 25 66 67 91 12 19 60 d7 5e f4 d7 e1 Sep 21 07:38:49.653669: | 2f Sep 21 07:38:49.653715: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:38:49.653719: "northnet-eastnet" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:38:49.653728: | event_schedule: new EVENT_RETRANSMIT-pe@0x5611ca77a9c0 Sep 21 07:38:49.653732: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 Sep 21 07:38:49.653735: | libevent_malloc: new ptr-libevent@0x5611ca77aaa0 size 128 Sep 21 07:38:49.653741: | #2 STATE_PARENT_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 50176.021991 Sep 21 07:38:49.653745: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:38:49.653751: | #1 spent 0.855 milliseconds in resume sending helper answer Sep 21 07:38:49.653757: | stop processing: state #2 connection "northnet-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:38:49.653761: | libevent_free: release ptr-libevent@0x7febc4006b90 Sep 21 07:38:49.768696: | spent 0.0024 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:38:49.768715: | *received 241 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:38:49.768718: | 15 00 5c f1 36 77 c5 dc e3 fe e0 15 e4 b7 70 02 Sep 21 07:38:49.768723: | 2e 20 23 20 00 00 00 01 00 00 00 f1 29 00 00 d5 Sep 21 07:38:49.768725: | 8f 63 b9 e6 21 54 1f 42 45 1d 0a 1e 8d 18 60 c8 Sep 21 07:38:49.768727: | d6 16 f4 98 ac d9 6e ed ed fb 4f e7 26 60 f3 91 Sep 21 07:38:49.768730: | 95 e4 49 60 28 20 93 c8 1d 67 bf ac 89 29 93 fe Sep 21 07:38:49.768732: | ca f6 be 27 bf 15 f3 52 e1 00 13 5e 0c df 1b 71 Sep 21 07:38:49.768734: | 7c 17 29 c7 c7 01 24 99 2f dd f9 31 1d 87 51 23 Sep 21 07:38:49.768737: | 02 64 e1 57 17 15 4b f6 d9 d5 28 ae 50 49 72 e3 Sep 21 07:38:49.768739: | 53 bb e7 9f 9e 0d 63 cd c3 22 79 e4 11 b6 d4 85 Sep 21 07:38:49.768741: | fe a3 be 1c f8 fc 1a df 0d a5 65 5d 4a 28 7a c5 Sep 21 07:38:49.768744: | 5d 0e a3 a1 58 07 02 ed 63 eb a6 57 2e ad 89 9b Sep 21 07:38:49.768746: | 0b b4 3b 52 aa 5c 24 62 9d f1 ac aa 54 00 d3 86 Sep 21 07:38:49.768748: | 70 63 7d 95 f5 86 38 7d 21 89 32 40 7d 24 1c c9 Sep 21 07:38:49.768751: | f1 f3 25 c5 49 c0 f7 55 48 e7 73 68 00 32 8c a1 Sep 21 07:38:49.768753: | ea f7 c6 8d c6 85 a3 d6 b3 ee b9 1f 68 36 07 bf Sep 21 07:38:49.768755: | 04 Sep 21 07:38:49.768760: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:38:49.768763: | **parse ISAKMP Message: Sep 21 07:38:49.768766: | initiator cookie: Sep 21 07:38:49.768768: | 15 00 5c f1 36 77 c5 dc Sep 21 07:38:49.768771: | responder cookie: Sep 21 07:38:49.768773: | e3 fe e0 15 e4 b7 70 02 Sep 21 07:38:49.768776: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:38:49.768778: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:38:49.768781: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:38:49.768787: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:38:49.768791: | Message ID: 1 (0x1) Sep 21 07:38:49.768794: | length: 241 (0xf1) Sep 21 07:38:49.768797: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:38:49.768800: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:38:49.768804: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:38:49.768811: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:38:49.768814: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:38:49.768818: | suspend processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:38:49.768823: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:38:49.768825: | #2 is idle Sep 21 07:38:49.768828: | #2 idle Sep 21 07:38:49.768830: | unpacking clear payload Sep 21 07:38:49.768833: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:38:49.768835: | ***parse IKEv2 Encryption Payload: Sep 21 07:38:49.768838: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:38:49.768840: | flags: none (0x0) Sep 21 07:38:49.768843: | length: 213 (0xd5) Sep 21 07:38:49.768845: | processing payload: ISAKMP_NEXT_v2SK (len=209) Sep 21 07:38:49.768849: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:38:49.768864: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:38:49.768867: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:38:49.768870: | **parse IKEv2 Notify Payload: Sep 21 07:38:49.768873: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:38:49.768875: | flags: none (0x0) Sep 21 07:38:49.768877: | length: 8 (0x8) Sep 21 07:38:49.768880: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:49.768882: | SPI size: 0 (0x0) Sep 21 07:38:49.768885: | Notify Message Type: v2N_MOBIKE_SUPPORTED (0x400c) Sep 21 07:38:49.768888: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:38:49.768890: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:38:49.768893: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:38:49.768895: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:38:49.768900: | flags: none (0x0) Sep 21 07:38:49.768902: | length: 12 (0xc) Sep 21 07:38:49.768905: | ID type: ID_IPV4_ADDR (0x1) Sep 21 07:38:49.768907: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Sep 21 07:38:49.768910: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:38:49.768913: | **parse IKEv2 Authentication Payload: Sep 21 07:38:49.768915: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:38:49.768917: | flags: none (0x0) Sep 21 07:38:49.768920: | length: 72 (0x48) Sep 21 07:38:49.768922: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:38:49.768925: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Sep 21 07:38:49.768927: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:38:49.768929: | **parse IKEv2 Security Association Payload: Sep 21 07:38:49.768932: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:38:49.768934: | flags: none (0x0) Sep 21 07:38:49.768936: | length: 44 (0x2c) Sep 21 07:38:49.768939: | processing payload: ISAKMP_NEXT_v2SA (len=40) Sep 21 07:38:49.768941: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:38:49.768944: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:38:49.768946: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:38:49.768949: | flags: none (0x0) Sep 21 07:38:49.768951: | length: 24 (0x18) Sep 21 07:38:49.768953: | number of TS: 1 (0x1) Sep 21 07:38:49.768956: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:38:49.768958: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:38:49.768960: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:38:49.768963: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:49.768965: | flags: none (0x0) Sep 21 07:38:49.768967: | length: 24 (0x18) Sep 21 07:38:49.768970: | number of TS: 1 (0x1) Sep 21 07:38:49.768972: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:38:49.768975: | selected state microcode Initiator: process IKE_AUTH response Sep 21 07:38:49.768977: | Now let's proceed with state specific processing Sep 21 07:38:49.768980: | calling processor Initiator: process IKE_AUTH response Sep 21 07:38:49.768983: | received v2N_MOBIKE_SUPPORTED and sent Sep 21 07:38:49.768988: | parsing 4 raw bytes of IKEv2 Identification - Responder - Payload into peer ID Sep 21 07:38:49.768990: | peer ID c0 01 02 17 Sep 21 07:38:49.768994: | offered CA: '%none' Sep 21 07:38:49.768998: "northnet-eastnet" #2: IKEv2 mode peer ID is ID_IPV4_ADDR: '192.1.2.23' Sep 21 07:38:49.769036: | verifying AUTH payload Sep 21 07:38:49.769042: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Sep 21 07:38:49.769047: | started looking for secret for 192.1.3.33->192.1.2.23 of kind PKK_PSK Sep 21 07:38:49.769051: | actually looking for secret for 192.1.3.33->192.1.2.23 of kind PKK_PSK Sep 21 07:38:49.769054: | line 1: key type PKK_PSK(192.1.3.33) to type PKK_PSK Sep 21 07:38:49.769059: | 1: compared key (none) to 192.1.3.33 / 192.1.2.23 -> 002 Sep 21 07:38:49.769064: | 2: compared key (none) to 192.1.3.33 / 192.1.2.23 -> 002 Sep 21 07:38:49.769066: | line 1: match=002 Sep 21 07:38:49.769069: | match 002 beats previous best_match 000 match=0x5611ca76bfe0 (line=1) Sep 21 07:38:49.769072: | concluding with best_match=002 best=0x5611ca76bfe0 (lineno=1) Sep 21 07:38:49.769142: "northnet-eastnet" #2: Authenticated using authby=secret Sep 21 07:38:49.769154: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Sep 21 07:38:49.769160: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Sep 21 07:38:49.769164: | state #1 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:38:49.769168: | libevent_free: release ptr-libevent@0x5611ca77ac80 Sep 21 07:38:49.769171: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5611ca77ac40 Sep 21 07:38:49.769174: | event_schedule: new EVENT_SA_REKEY-pe@0x5611ca77ac40 Sep 21 07:38:49.769177: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Sep 21 07:38:49.769183: | libevent_malloc: new ptr-libevent@0x5611ca77ac80 size 128 Sep 21 07:38:49.769416: | pstats #1 ikev2.ike established Sep 21 07:38:49.769423: | TSi: parsing 1 traffic selectors Sep 21 07:38:49.769426: | ***parse IKEv2 Traffic Selector: Sep 21 07:38:49.769429: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:38:49.769432: | IP Protocol ID: 0 (0x0) Sep 21 07:38:49.769435: | length: 16 (0x10) Sep 21 07:38:49.769437: | start port: 0 (0x0) Sep 21 07:38:49.769440: | end port: 65535 (0xffff) Sep 21 07:38:49.769442: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:38:49.769445: | TS low c0 00 03 00 Sep 21 07:38:49.769448: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:38:49.769450: | TS high c0 00 03 ff Sep 21 07:38:49.769453: | TSi: parsed 1 traffic selectors Sep 21 07:38:49.769455: | TSr: parsing 1 traffic selectors Sep 21 07:38:49.769458: | ***parse IKEv2 Traffic Selector: Sep 21 07:38:49.769461: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:38:49.769464: | IP Protocol ID: 0 (0x0) Sep 21 07:38:49.769466: | length: 16 (0x10) Sep 21 07:38:49.769468: | start port: 0 (0x0) Sep 21 07:38:49.769471: | end port: 65535 (0xffff) Sep 21 07:38:49.769473: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:38:49.769476: | TS low c0 00 02 00 Sep 21 07:38:49.769478: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:38:49.769481: | TS high c0 00 02 ff Sep 21 07:38:49.769483: | TSr: parsed 1 traffic selectors Sep 21 07:38:49.769491: | evaluating our conn="northnet-eastnet" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:38:49.769496: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:38:49.769503: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Sep 21 07:38:49.769506: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:38:49.769509: | TSi[0] port match: YES fitness 65536 Sep 21 07:38:49.769512: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:38:49.769515: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:38:49.769520: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:38:49.769526: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:38:49.769529: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:38:49.769532: | TSr[0] port match: YES fitness 65536 Sep 21 07:38:49.769535: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:38:49.769538: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:38:49.769541: | best fit so far: TSi[0] TSr[0] Sep 21 07:38:49.769543: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:38:49.769546: | printing contents struct traffic_selector Sep 21 07:38:49.769548: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:38:49.769550: | ipprotoid: 0 Sep 21 07:38:49.769553: | port range: 0-65535 Sep 21 07:38:49.769557: | ip range: 192.0.3.0-192.0.3.255 Sep 21 07:38:49.769559: | printing contents struct traffic_selector Sep 21 07:38:49.769562: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:38:49.769564: | ipprotoid: 0 Sep 21 07:38:49.769566: | port range: 0-65535 Sep 21 07:38:49.769570: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:38:49.769580: | using existing local ESP/AH proposals for northnet-eastnet (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:38:49.769583: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals Sep 21 07:38:49.769587: | local proposal 1 type ENCR has 1 transforms Sep 21 07:38:49.769590: | local proposal 1 type PRF has 0 transforms Sep 21 07:38:49.769593: | local proposal 1 type INTEG has 1 transforms Sep 21 07:38:49.769596: | local proposal 1 type DH has 1 transforms Sep 21 07:38:49.769601: | local proposal 1 type ESN has 1 transforms Sep 21 07:38:49.769605: | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:38:49.769608: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:38:49.769611: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:38:49.769614: | length: 40 (0x28) Sep 21 07:38:49.769617: | prop #: 1 (0x1) Sep 21 07:38:49.769619: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:38:49.769622: | spi size: 4 (0x4) Sep 21 07:38:49.769625: | # transforms: 3 (0x3) Sep 21 07:38:49.769628: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:38:49.769631: | remote SPI db b4 e4 87 Sep 21 07:38:49.769634: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals Sep 21 07:38:49.769638: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:49.769641: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.769643: | length: 12 (0xc) Sep 21 07:38:49.769646: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:38:49.769649: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:38:49.769652: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:38:49.769655: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:38:49.769657: | length/value: 256 (0x100) Sep 21 07:38:49.769663: | remote proposal 1 transform 0 (ENCR=AES_CBC_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:38:49.769666: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:49.769668: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:49.769671: | length: 8 (0x8) Sep 21 07:38:49.769674: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:38:49.769677: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:38:49.769681: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_256_128) matches local proposal 1 type 3 (INTEG) transform 0 Sep 21 07:38:49.769684: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:49.769687: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:38:49.769690: | length: 8 (0x8) Sep 21 07:38:49.769692: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:38:49.769694: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:38:49.769698: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:38:49.769702: | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none Sep 21 07:38:49.769708: | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN Sep 21 07:38:49.769711: | remote proposal 1 matches local proposal 1 Sep 21 07:38:49.769714: | remote accepted the proposal 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED[first-match] Sep 21 07:38:49.769719: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=dbb4e487;ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Sep 21 07:38:49.769722: | converting proposal to internal trans attrs Sep 21 07:38:49.769727: | ignored received NOTIFY (16396): v2N_MOBIKE_SUPPORTED Sep 21 07:38:49.769731: | integ=sha2_256: .key_size=32 encrypt=aes: .key_size=32 .salt_size=0 keymat_len=64 Sep 21 07:38:49.769917: | #1 spent 1.06 milliseconds Sep 21 07:38:49.769926: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:38:49.769929: | could_route called for northnet-eastnet (kind=CK_PERMANENT) Sep 21 07:38:49.769932: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:38:49.769935: | conn northnet-eastnet mark 0/00000000, 0/00000000 vs Sep 21 07:38:49.769938: | conn northnet-eastnet mark 0/00000000, 0/00000000 Sep 21 07:38:49.769943: | route owner of "northnet-eastnet" unrouted: NULL; eroute owner: NULL Sep 21 07:38:49.769947: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA2_256_128 Sep 21 07:38:49.769950: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12 Sep 21 07:38:49.769956: | st->st_esp.keymat_len=64 is encrypt_keymat_size=32 + integ_keymat_size=32 Sep 21 07:38:49.769960: | setting IPsec SA replay-window to 32 Sep 21 07:38:49.769964: | NIC esp-hw-offload not for connection 'northnet-eastnet' not available on interface eth1 Sep 21 07:38:49.769968: | netlink: enabling tunnel mode Sep 21 07:38:49.769970: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:38:49.769973: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:38:49.770221: | netlink response for Add SA esp.dbb4e487@192.1.2.23 included non-error error Sep 21 07:38:49.770227: | set up outgoing SA, ref=0/0 Sep 21 07:38:49.770231: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA2_256_128 Sep 21 07:38:49.770234: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12 Sep 21 07:38:49.770237: | st->st_esp.keymat_len=64 is encrypt_keymat_size=32 + integ_keymat_size=32 Sep 21 07:38:49.770241: | setting IPsec SA replay-window to 32 Sep 21 07:38:49.770244: | NIC esp-hw-offload not for connection 'northnet-eastnet' not available on interface eth1 Sep 21 07:38:49.770247: | netlink: enabling tunnel mode Sep 21 07:38:49.770249: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:38:49.770252: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:38:49.770387: | netlink response for Add SA esp.4b540562@192.1.3.33 included non-error error Sep 21 07:38:49.770394: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Sep 21 07:38:49.770402: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Sep 21 07:38:49.770406: | IPsec Sa SPD priority set to 1042407 Sep 21 07:38:49.770601: | raw_eroute result=success Sep 21 07:38:49.770607: | set up incoming SA, ref=0/0 Sep 21 07:38:49.770610: | sr for #2: unrouted Sep 21 07:38:49.770613: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:38:49.770616: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:38:49.770619: | conn northnet-eastnet mark 0/00000000, 0/00000000 vs Sep 21 07:38:49.770622: | conn northnet-eastnet mark 0/00000000, 0/00000000 Sep 21 07:38:49.770626: | route owner of "northnet-eastnet" unrouted: NULL; eroute owner: NULL Sep 21 07:38:49.770630: | route_and_eroute with c: northnet-eastnet (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:38:49.770633: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Sep 21 07:38:49.770640: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:38:49.770644: | IPsec Sa SPD priority set to 1042407 Sep 21 07:38:49.770745: | raw_eroute result=success Sep 21 07:38:49.770751: | running updown command "ipsec _updown" for verb up Sep 21 07:38:49.770755: | command executing up-client Sep 21 07:38:49.770788: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' Sep 21 07:38:49.770796: | popen cmd is 1052 chars long Sep 21 07:38:49.770799: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' P: Sep 21 07:38:49.770805: | cmd( 80):LUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY: Sep 21 07:38:49.770808: | cmd( 160):_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' : Sep 21 07:38:49.770811: | cmd( 240):PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLU: Sep 21 07:38:49.770813: | cmd( 320):TO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='1: Sep 21 07:38:49.770816: | cmd( 400):92.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PL: Sep 21 07:38:49.770818: | cmd( 480):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Sep 21 07:38:49.770821: | cmd( 560): PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+: Sep 21 07:38:49.770824: | cmd( 640):ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUT: Sep 21 07:38:49.770826: | cmd( 720):O_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_: Sep 21 07:38:49.770829: | cmd( 800):PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNE: Sep 21 07:38:49.770831: | cmd( 880):R='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE: Sep 21 07:38:49.770834: | cmd( 960):='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xdbb4e487 SPI_OUT=0x4b540562 ipsec : Sep 21 07:38:49.770836: | cmd(1040):_updown 2>&1: Sep 21 07:38:49.813629: | route_and_eroute: firewall_notified: true Sep 21 07:38:49.813647: | running updown command "ipsec _updown" for verb prepare Sep 21 07:38:49.813651: | command executing prepare-client Sep 21 07:38:49.813683: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S Sep 21 07:38:49.813687: | popen cmd is 1057 chars long Sep 21 07:38:49.813691: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:38:49.813693: | cmd( 80):et' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLU: Sep 21 07:38:49.813696: | cmd( 160):TO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.: Sep 21 07:38:49.813698: | cmd( 240):3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Sep 21 07:38:49.813701: | cmd( 320):' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_: Sep 21 07:38:49.813704: | cmd( 400):ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.: Sep 21 07:38:49.813706: | cmd( 480):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Sep 21 07:38:49.813708: | cmd( 560):L='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=: Sep 21 07:38:49.813711: | cmd( 640):'PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO': Sep 21 07:38:49.813713: | cmd( 720): PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUT: Sep 21 07:38:49.813715: | cmd( 800):O_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_: Sep 21 07:38:49.813718: | cmd( 880):BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_: Sep 21 07:38:49.813727: | cmd( 960):IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xdbb4e487 SPI_OUT=0x4b540562 i: Sep 21 07:38:49.813730: | cmd(1040):psec _updown 2>&1: Sep 21 07:38:49.835627: | running updown command "ipsec _updown" for verb route Sep 21 07:38:49.835641: | command executing route-client Sep 21 07:38:49.835673: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARE Sep 21 07:38:49.835677: | popen cmd is 1055 chars long Sep 21 07:38:49.835680: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Sep 21 07:38:49.835682: | cmd( 80):' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO: Sep 21 07:38:49.835685: | cmd( 160):_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.: Sep 21 07:38:49.835688: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : Sep 21 07:38:49.835690: | cmd( 320):PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: Sep 21 07:38:49.835693: | cmd( 400):='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0': Sep 21 07:38:49.835695: | cmd( 480): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Sep 21 07:38:49.835698: | cmd( 560):'0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='P: Sep 21 07:38:49.835700: | cmd( 640):SK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' P: Sep 21 07:38:49.835703: | cmd( 720):LUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_: Sep 21 07:38:49.835705: | cmd( 800):IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BA: Sep 21 07:38:49.835708: | cmd( 880):NNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IF: Sep 21 07:38:49.835710: | cmd( 960):ACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xdbb4e487 SPI_OUT=0x4b540562 ips: Sep 21 07:38:49.835713: | cmd(1040):ec _updown 2>&1: Sep 21 07:38:49.894599: | route_and_eroute: instance "northnet-eastnet", setting eroute_owner {spd=0x5611ca777970,sr=0x5611ca777970} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:38:49.894926: | #1 spent 0.985 milliseconds in install_ipsec_sa() Sep 21 07:38:49.894938: | inR2: instance northnet-eastnet[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:38:49.894943: | state #2 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:38:49.894946: | #2 STATE_PARENT_I2: retransmits: cleared Sep 21 07:38:49.894951: | libevent_free: release ptr-libevent@0x5611ca77aaa0 Sep 21 07:38:49.894955: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5611ca77a9c0 Sep 21 07:38:49.894961: | #2 spent 1.81 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Sep 21 07:38:49.894969: | [RE]START processing: state #2 connection "northnet-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:38:49.894974: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Sep 21 07:38:49.894981: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Sep 21 07:38:49.894985: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:38:49.894988: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:38:49.894994: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Sep 21 07:38:49.895000: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:38:49.895003: | pstats #2 ikev2.child established Sep 21 07:38:49.895013: "northnet-eastnet" #2: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Sep 21 07:38:49.895027: | NAT-T: encaps is 'auto' Sep 21 07:38:49.895032: "northnet-eastnet" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xdbb4e487 <0x4b540562 xfrm=AES_CBC_256-HMAC_SHA2_256_128 NATOA=none NATD=none DPD=passive} Sep 21 07:38:49.895038: | releasing whack for #2 (sock=fd@25) Sep 21 07:38:49.895042: | close_any(fd@25) (in release_whack() at state.c:654) Sep 21 07:38:49.895045: | releasing whack and unpending for parent #1 Sep 21 07:38:49.895048: | unpending state #1 connection "northnet-eastnet" Sep 21 07:38:49.895053: | delete from pending Child SA with 192.1.2.23 "northnet-eastnet" Sep 21 07:38:49.895056: | removing pending policy for no connection {0x5611ca749cc0} Sep 21 07:38:49.895063: | close_any(fd@24) (in release_whack() at state.c:654) Sep 21 07:38:49.895068: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Sep 21 07:38:49.895072: | event_schedule: new EVENT_SA_REKEY-pe@0x5611ca77a9c0 Sep 21 07:38:49.895076: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Sep 21 07:38:49.895079: | libevent_malloc: new ptr-libevent@0x5611ca77aaa0 size 128 Sep 21 07:38:49.895087: | stop processing: state #2 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:38:49.895092: | #1 spent 2.21 milliseconds in ikev2_process_packet() Sep 21 07:38:49.895097: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:38:49.895100: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:38:49.895104: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:38:49.895108: | spent 2.23 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:38:49.895122: | processing signal PLUTO_SIGCHLD Sep 21 07:38:49.895128: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:49.895133: | spent 0.00552 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:38:49.895135: | processing signal PLUTO_SIGCHLD Sep 21 07:38:49.895139: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:49.895142: | spent 0.00318 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:38:49.895145: | processing signal PLUTO_SIGCHLD Sep 21 07:38:49.895148: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:49.895152: | spent 0.00327 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:38:51.109405: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:38:51.109429: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:38:51.109434: | FOR_EACH_STATE_... in sort_states Sep 21 07:38:51.109441: | get_sa_info esp.4b540562@192.1.3.33 Sep 21 07:38:51.109885: | get_sa_info esp.dbb4e487@192.1.2.23 Sep 21 07:38:51.109910: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:38:51.109917: | spent 0.51 milliseconds in whack Sep 21 07:38:56.437113: | kernel_process_msg_cb process netlink message Sep 21 07:38:56.437133: | netlink_get: XFRM_MSG_GETPOLICY message Sep 21 07:38:56.437135: | xfrm netlink address change RTM_DELADDR msg len 80 Sep 21 07:38:56.437145: | XFRM RTM_DELADDR 192.1.3.33 IFA_LOCAL Sep 21 07:38:56.437147: | FOR_EACH_STATE_... in record_deladdr (for_each_state) Sep 21 07:38:56.437153: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23:500 (in for_each_state() at state.c:1572) Sep 21 07:38:56.437156: | stop processing: state #2 connection "northnet-eastnet" from 192.1.2.23:500 (in for_each_state() at state.c:1574) Sep 21 07:38:56.437159: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in for_each_state() at state.c:1572) Sep 21 07:38:56.437161: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:38:56.437164: | conn northnet-eastnet mark 0/00000000, 0/00000000 vs Sep 21 07:38:56.437165: | conn northnet-eastnet mark 0/00000000, 0/00000000 Sep 21 07:38:56.437168: | route owner of "northnet-eastnet" unrouted: NULL Sep 21 07:38:56.437170: | running updown command "ipsec _updown" for verb down Sep 21 07:38:56.437172: | command executing down-client Sep 21 07:38:56.437191: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051529' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VT Sep 21 07:38:56.437193: | popen cmd is 1063 chars long Sep 21 07:38:56.437195: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet': Sep 21 07:38:56.437197: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_: Sep 21 07:38:56.437199: | cmd( 160):MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0: Sep 21 07:38:56.437200: | cmd( 240):' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' P: Sep 21 07:38:56.437202: | cmd( 320):LUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=: Sep 21 07:38:56.437203: | cmd( 400):'192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' : Sep 21 07:38:56.437205: | cmd( 480):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Sep 21 07:38:56.437220: | cmd( 560):0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051529' PLUTO_CONN_P: Sep 21 07:38:56.437221: | cmd( 640):OLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+E: Sep 21 07:38:56.437223: | cmd( 720):SN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=: Sep 21 07:38:56.437224: | cmd( 800):0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO: Sep 21 07:38:56.437226: | cmd( 880):_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0: Sep 21 07:38:56.437227: | cmd( 960):' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xdbb4e487 SPI_OUT=0x4b54: Sep 21 07:38:56.437229: | cmd(1040):0562 ipsec _updown 2>&1: Sep 21 07:38:56.444913: | running updown command "ipsec _updown" for verb unroute Sep 21 07:38:56.444925: | command executing unroute-client Sep 21 07:38:56.444946: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051529' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING=' Sep 21 07:38:56.444951: | popen cmd is 1066 chars long Sep 21 07:38:56.444953: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:38:56.444955: | cmd( 80):et' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLU: Sep 21 07:38:56.444956: | cmd( 160):TO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.: Sep 21 07:38:56.444958: | cmd( 240):3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Sep 21 07:38:56.444959: | cmd( 320):' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_: Sep 21 07:38:56.444961: | cmd( 400):ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.: Sep 21 07:38:56.444963: | cmd( 480):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Sep 21 07:38:56.444964: | cmd( 560):L='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051529' PLUTO_CON: Sep 21 07:38:56.444966: | cmd( 640):N_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIK: Sep 21 07:38:56.444967: | cmd( 720):E+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAIL: Sep 21 07:38:56.444969: | cmd( 800):ED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PL: Sep 21 07:38:56.444970: | cmd( 880):UTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED: Sep 21 07:38:56.444972: | cmd( 960):='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xdbb4e487 SPI_OUT=0x4: Sep 21 07:38:56.444973: | cmd(1040):b540562 ipsec _updown 2>&1: Sep 21 07:38:56.453179: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.453192: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.453194: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.453195: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.453198: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.453200: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.453201: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.453208: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.453221: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.453225: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.453237: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.453242: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.453291: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.453297: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.453299: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.453304: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.453306: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.453308: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.453310: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.453594: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.453601: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.453602: "northnet-eastnet" #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:56.454846: "northnet-eastnet" #1: unroute-client output: RTNETLINK answers: Network is unreachable Sep 21 07:38:56.457275: | event_schedule: new EVENT_v2_ADDR_CHANGE-pe@0x7febcc002b20 Sep 21 07:38:56.457285: | inserting event EVENT_v2_ADDR_CHANGE, timeout in 0 seconds for #1 Sep 21 07:38:56.457289: | libevent_malloc: new ptr-libevent@0x5611ca77cf50 size 128 Sep 21 07:38:56.457295: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in for_each_state() at state.c:1574) Sep 21 07:38:56.457298: | IKEv2 received address RTM_DELADDR type 3 Sep 21 07:38:56.457300: | IKEv2 received address RTM_DELADDR type 8 Sep 21 07:38:56.457301: | IKEv2 received address RTM_DELADDR type 6 Sep 21 07:38:56.457306: | netlink_get: XFRM_MSG_UPDPOLICY message Sep 21 07:38:56.457308: | netlink_get: XFRM_MSG_UPDPOLICY message Sep 21 07:38:56.457310: | netlink_get: XFRM_MSG_UPDPOLICY message Sep 21 07:38:56.457313: | netlink_get: XFRM_MSG_UPDPOLICY message Sep 21 07:38:56.457319: | spent 0.665 milliseconds in kernel message Sep 21 07:38:56.457329: | timer_event_cb: processing event@0x7febcc002b20 Sep 21 07:38:56.457331: | handling event EVENT_v2_ADDR_CHANGE for parent state #1 Sep 21 07:38:56.457334: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:38:56.457337: | #1 IKEv2 local address change Sep 21 07:38:56.457539: "northnet-eastnet" #1: unexpected TRY AGAIN from second resolve_defaultroute_one Sep 21 07:38:56.457544: "northnet-eastnet" #1: no local source address to reach remote 192.1.2.23, local gateway Sep 21 07:38:56.457547: | libevent_free: release ptr-libevent@0x5611ca77cf50 Sep 21 07:38:56.457549: | free_event_entry: release EVENT_v2_ADDR_CHANGE-pe@0x7febcc002b20 Sep 21 07:38:56.457553: | #1 spent 0.223 milliseconds in timer_event_cb() EVENT_v2_ADDR_CHANGE Sep 21 07:38:56.457556: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:38:56.457558: | processing signal PLUTO_SIGCHLD Sep 21 07:38:56.457562: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:56.457564: | spent 0.00379 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:38:56.457566: | processing signal PLUTO_SIGCHLD Sep 21 07:38:56.457568: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:56.457571: | spent 0.00232 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:38:56.595136: | kernel_process_msg_cb process netlink message Sep 21 07:38:56.595153: | netlink_get: XFRM_MSG_DELPOLICY message Sep 21 07:38:56.595156: | xfrm netlink address change RTM_NEWADDR msg len 80 Sep 21 07:38:56.595159: | XFRM RTM_NEWADDR 192.1.8.22 IFA_LOCAL Sep 21 07:38:56.595161: | FOR_EACH_STATE_... in record_newaddr (for_each_state) Sep 21 07:38:56.595166: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23:500 (in for_each_state() at state.c:1572) Sep 21 07:38:56.595169: | stop processing: state #2 connection "northnet-eastnet" from 192.1.2.23:500 (in for_each_state() at state.c:1574) Sep 21 07:38:56.595172: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in for_each_state() at state.c:1572) Sep 21 07:38:56.595175: | event_schedule: new EVENT_v2_ADDR_CHANGE-pe@0x7febcc002b20 Sep 21 07:38:56.595181: | inserting event EVENT_v2_ADDR_CHANGE, timeout in 3 seconds for #1 Sep 21 07:38:56.595183: | libevent_malloc: new ptr-libevent@0x5611ca77cf50 size 128 Sep 21 07:38:56.595187: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in for_each_state() at state.c:1574) Sep 21 07:38:56.595189: | IKEv2 received address RTM_NEWADDR type 3 Sep 21 07:38:56.595190: | IKEv2 received address RTM_NEWADDR type 8 Sep 21 07:38:56.595192: | IKEv2 received address RTM_NEWADDR type 6 Sep 21 07:38:56.595194: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:38:56.595196: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:38:56.595198: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:38:56.595200: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:38:56.595206: | spent 0.0541 milliseconds in kernel message Sep 21 07:38:56.648670: | kernel_process_msg_cb process netlink message Sep 21 07:38:56.648687: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:38:56.648693: | spent 0.0075 milliseconds in kernel message Sep 21 07:38:59.598863: | timer_event_cb: processing event@0x7febcc002b20 Sep 21 07:38:59.598875: | handling event EVENT_v2_ADDR_CHANGE for parent state #1 Sep 21 07:38:59.598882: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:38:59.598885: | #1 IKEv2 local address change Sep 21 07:38:59.599059: | #1 no interface for 192.1.8.22:500 try to initialize Sep 21 07:38:59.599082: | Inspecting interface lo Sep 21 07:38:59.599086: | found lo with address 127.0.0.1 Sep 21 07:38:59.599088: | Inspecting interface eth0 Sep 21 07:38:59.599091: | found eth0 with address 192.0.3.254 Sep 21 07:38:59.599092: | Inspecting interface eth1 Sep 21 07:38:59.599095: | found eth1 with address 192.1.8.22 Sep 21 07:38:59.599124: "northnet-eastnet" #1: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.8.22:500 Sep 21 07:38:59.599140: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:38:59.599144: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:38:59.599146: "northnet-eastnet" #1: adding interface eth1/eth1 192.1.8.22:4500 Sep 21 07:38:59.599195: | no interfaces to sort Sep 21 07:38:59.599198: | add_fd_read_event_handler: new ethX-pe@0x5611ca7772a0 Sep 21 07:38:59.599201: | libevent_malloc: new ptr-libevent@0x5611ca77cfe0 size 128 Sep 21 07:38:59.599204: | libevent_malloc: new ptr-libevent@0x5611ca77ac20 size 16 Sep 21 07:38:59.599217: | setup callback for interface eth1 192.1.8.22:4500 fd 23 Sep 21 07:38:59.599223: | add_fd_read_event_handler: new ethX-pe@0x5611ca749cc0 Sep 21 07:38:59.599226: | libevent_malloc: new ptr-libevent@0x5611ca7826e0 size 128 Sep 21 07:38:59.599229: | libevent_malloc: new ptr-libevent@0x5611ca77ab50 size 16 Sep 21 07:38:59.599235: | setup callback for interface eth1 192.1.8.22:500 fd 16 Sep 21 07:38:59.599241: | libevent_free: release ptr-libevent@0x5611ca776aa0 Sep 21 07:38:59.599244: | free_event_entry: release EVENT_NULL-pe@0x5611ca75fca0 Sep 21 07:38:59.599247: | add_fd_read_event_handler: new ethX-pe@0x5611ca75fca0 Sep 21 07:38:59.599250: | libevent_malloc: new ptr-libevent@0x5611ca776aa0 size 128 Sep 21 07:38:59.599255: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:38:59.599260: | libevent_free: release ptr-libevent@0x5611ca776b90 Sep 21 07:38:59.599263: | free_event_entry: release EVENT_NULL-pe@0x5611ca776b50 Sep 21 07:38:59.599265: | add_fd_read_event_handler: new ethX-pe@0x5611ca776b50 Sep 21 07:38:59.599268: | libevent_malloc: new ptr-libevent@0x5611ca776b90 size 128 Sep 21 07:38:59.599273: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:38:59.599277: | libevent_free: release ptr-libevent@0x5611ca776c80 Sep 21 07:38:59.599279: | free_event_entry: release EVENT_NULL-pe@0x5611ca776c40 Sep 21 07:38:59.599282: | add_fd_read_event_handler: new ethX-pe@0x5611ca776c40 Sep 21 07:38:59.599285: | libevent_malloc: new ptr-libevent@0x5611ca776c80 size 128 Sep 21 07:38:59.599289: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Sep 21 07:38:59.599296: | libevent_free: release ptr-libevent@0x5611ca776d70 Sep 21 07:38:59.599299: | free_event_entry: release EVENT_NULL-pe@0x5611ca776d30 Sep 21 07:38:59.599301: | add_fd_read_event_handler: new ethX-pe@0x5611ca776d30 Sep 21 07:38:59.599304: | libevent_malloc: new ptr-libevent@0x5611ca776d70 size 128 Sep 21 07:38:59.599309: | setup callback for interface eth0 192.0.3.254:500 fd 19 Sep 21 07:38:59.599313: | libevent_free: release ptr-libevent@0x5611ca776e60 Sep 21 07:38:59.599315: | free_event_entry: release EVENT_NULL-pe@0x5611ca776e20 Sep 21 07:38:59.599318: | add_fd_read_event_handler: new ethX-pe@0x5611ca776e20 Sep 21 07:38:59.599320: | libevent_malloc: new ptr-libevent@0x5611ca776e60 size 128 Sep 21 07:38:59.599325: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Sep 21 07:38:59.599329: | libevent_free: release ptr-libevent@0x5611ca776f50 Sep 21 07:38:59.599332: | free_event_entry: release EVENT_NULL-pe@0x5611ca776f10 Sep 21 07:38:59.599334: | add_fd_read_event_handler: new ethX-pe@0x5611ca776f10 Sep 21 07:38:59.599337: | libevent_malloc: new ptr-libevent@0x5611ca776f50 size 128 Sep 21 07:38:59.599342: | setup callback for interface eth1 192.1.3.33:500 fd 17 Sep 21 07:38:59.599348: | #1 MOBIKE new source address 192.1.8.22 remote 192.1.2.23:500 and gateway 192.1.8.254 Sep 21 07:38:59.599351: | Opening output PBS mobike informational request Sep 21 07:38:59.599355: | **emit ISAKMP Message: Sep 21 07:38:59.599357: | initiator cookie: Sep 21 07:38:59.599360: | 15 00 5c f1 36 77 c5 dc Sep 21 07:38:59.599362: | responder cookie: Sep 21 07:38:59.599364: | e3 fe e0 15 e4 b7 70 02 Sep 21 07:38:59.599367: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:38:59.599370: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:38:59.599373: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:38:59.599376: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:38:59.599379: | Message ID: 2 (0x2) Sep 21 07:38:59.599382: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:38:59.599385: | ***emit IKEv2 Encryption Payload: Sep 21 07:38:59.599388: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:59.599390: | flags: none (0x0) Sep 21 07:38:59.599394: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:38:59.599397: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'mobike informational request' Sep 21 07:38:59.599400: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:38:59.599409: | Adding a v2N Payload Sep 21 07:38:59.599412: | ****emit IKEv2 Notify Payload: Sep 21 07:38:59.599415: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:59.599417: | flags: none (0x0) Sep 21 07:38:59.599419: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:59.599422: | SPI size: 0 (0x0) Sep 21 07:38:59.599425: | Notify Message Type: v2N_UPDATE_SA_ADDRESSES (0x4010) Sep 21 07:38:59.599428: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:38:59.599430: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Sep 21 07:38:59.599433: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:38:59.599436: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:38:59.599453: | natd_hash: hasher=0x5611c89507a0(20) Sep 21 07:38:59.599456: | natd_hash: icookie= 15 00 5c f1 36 77 c5 dc Sep 21 07:38:59.599458: | natd_hash: rcookie= e3 fe e0 15 e4 b7 70 02 Sep 21 07:38:59.599461: | natd_hash: ip= c0 01 08 16 Sep 21 07:38:59.599463: | natd_hash: port= 01 f4 Sep 21 07:38:59.599465: | natd_hash: hash= dc dc 4b a2 b0 ca 6d 0f cf bd dc de 4c 2a 63 bf Sep 21 07:38:59.599468: | natd_hash: hash= a5 24 ab a0 Sep 21 07:38:59.599470: | Adding a v2N Payload Sep 21 07:38:59.599474: | ****emit IKEv2 Notify Payload: Sep 21 07:38:59.599477: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:59.599479: | flags: none (0x0) Sep 21 07:38:59.599481: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:59.599483: | SPI size: 0 (0x0) Sep 21 07:38:59.599486: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:38:59.599489: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:38:59.599491: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Sep 21 07:38:59.599494: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:38:59.599496: | Notify data dc dc 4b a2 b0 ca 6d 0f cf bd dc de 4c 2a 63 bf Sep 21 07:38:59.599498: | Notify data a5 24 ab a0 Sep 21 07:38:59.599500: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:38:59.599506: | natd_hash: hasher=0x5611c89507a0(20) Sep 21 07:38:59.599508: | natd_hash: icookie= 15 00 5c f1 36 77 c5 dc Sep 21 07:38:59.599510: | natd_hash: rcookie= e3 fe e0 15 e4 b7 70 02 Sep 21 07:38:59.599511: | natd_hash: ip= c0 01 02 17 Sep 21 07:38:59.599513: | natd_hash: port= 01 f4 Sep 21 07:38:59.599515: | natd_hash: hash= 38 51 e1 cc fe 74 a4 c1 13 59 6b d5 68 0e 03 5f Sep 21 07:38:59.599517: | natd_hash: hash= 53 7b aa 51 Sep 21 07:38:59.599518: | Adding a v2N Payload Sep 21 07:38:59.599520: | ****emit IKEv2 Notify Payload: Sep 21 07:38:59.599522: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:59.599524: | flags: none (0x0) Sep 21 07:38:59.599526: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:59.599528: | SPI size: 0 (0x0) Sep 21 07:38:59.599530: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:38:59.599533: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:38:59.599535: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Sep 21 07:38:59.599537: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:38:59.599540: | Notify data 38 51 e1 cc fe 74 a4 c1 13 59 6b d5 68 0e 03 5f Sep 21 07:38:59.599542: | Notify data 53 7b aa 51 Sep 21 07:38:59.599544: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:38:59.599547: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:38:59.599550: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:38:59.599553: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:38:59.599556: | emitting length of IKEv2 Encryption Payload: 93 Sep 21 07:38:59.599558: | emitting length of ISAKMP Message: 121 Sep 21 07:38:59.599573: | sending 121 bytes for mobike informational request through eth1 from 192.1.8.22:500 to 192.1.2.23:500 (using #1) Sep 21 07:38:59.599576: | 15 00 5c f1 36 77 c5 dc e3 fe e0 15 e4 b7 70 02 Sep 21 07:38:59.599578: | 2e 20 25 08 00 00 00 02 00 00 00 79 29 00 00 5d Sep 21 07:38:59.599580: | fa 0d 80 89 79 5a 72 c1 71 05 f2 29 71 52 d6 44 Sep 21 07:38:59.599583: | 8e d3 9d b7 93 89 75 73 f1 63 01 9f c4 d2 92 d9 Sep 21 07:38:59.599585: | 25 af c9 1d 7c 44 73 a1 25 41 cf 32 5f 0d 6a bd Sep 21 07:38:59.599587: | 92 00 a9 b6 96 c1 19 65 4d 49 aa d0 bf 3d ce 2e Sep 21 07:38:59.599590: | 12 6a c3 d5 74 19 a4 27 07 3b e2 2b 4c 93 7e eb Sep 21 07:38:59.599592: | c4 24 f2 1f b3 c3 df 5f 4b Sep 21 07:38:59.599670: | Message ID: #1 XXX: in initiate_mobike_probe() hacking around record'n'send bypassing send queue; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:38:59.599675: | Message ID: sent #1 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->2 wip.responder=-1 Sep 21 07:38:59.599679: | libevent_free: release ptr-libevent@0x5611ca77cf50 Sep 21 07:38:59.599683: | free_event_entry: release EVENT_v2_ADDR_CHANGE-pe@0x7febcc002b20 Sep 21 07:38:59.599688: | #1 spent 0.775 milliseconds in timer_event_cb() EVENT_v2_ADDR_CHANGE Sep 21 07:38:59.599692: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:38:59.600256: | spent 0.00228 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:38:59.600275: | *received 113 bytes from 192.1.2.23:500 on eth1 (192.1.8.22:500) Sep 21 07:38:59.600279: | 15 00 5c f1 36 77 c5 dc e3 fe e0 15 e4 b7 70 02 Sep 21 07:38:59.600281: | 2e 20 25 20 00 00 00 02 00 00 00 71 29 00 00 55 Sep 21 07:38:59.600283: | ab cb 92 bf 19 62 91 77 14 64 d6 fa 52 12 6d 27 Sep 21 07:38:59.600284: | 61 5a a3 06 55 d9 4e 0a 11 37 df c9 a8 29 37 48 Sep 21 07:38:59.600286: | 15 a7 cb d6 2b a1 7b e5 25 12 a5 83 52 ed 5c 1c Sep 21 07:38:59.600287: | fa 22 0b b1 bf 7b ce 1e 32 c6 ee 1f fc 33 ca c3 Sep 21 07:38:59.600289: | 67 53 11 2f 59 e6 9c 27 17 77 61 4f 51 d1 e9 28 Sep 21 07:38:59.600290: | 4f Sep 21 07:38:59.600293: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:38:59.600295: | **parse ISAKMP Message: Sep 21 07:38:59.600297: | initiator cookie: Sep 21 07:38:59.600298: | 15 00 5c f1 36 77 c5 dc Sep 21 07:38:59.600300: | responder cookie: Sep 21 07:38:59.600301: | e3 fe e0 15 e4 b7 70 02 Sep 21 07:38:59.600303: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:38:59.600305: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:38:59.600306: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:38:59.600308: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:38:59.600310: | Message ID: 2 (0x2) Sep 21 07:38:59.600311: | length: 113 (0x71) Sep 21 07:38:59.600326: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:38:59.600328: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response Sep 21 07:38:59.600331: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:38:59.600335: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:38:59.600338: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:38:59.600340: | #1 is idle Sep 21 07:38:59.600341: | #1 idle Sep 21 07:38:59.600342: | unpacking clear payload Sep 21 07:38:59.600344: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:38:59.600346: | ***parse IKEv2 Encryption Payload: Sep 21 07:38:59.600348: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:38:59.600349: | flags: none (0x0) Sep 21 07:38:59.600351: | length: 85 (0x55) Sep 21 07:38:59.600352: | processing payload: ISAKMP_NEXT_v2SK (len=81) Sep 21 07:38:59.600354: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:38:59.600362: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:38:59.600364: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:38:59.600365: | **parse IKEv2 Notify Payload: Sep 21 07:38:59.600367: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:38:59.600368: | flags: none (0x0) Sep 21 07:38:59.600370: | length: 28 (0x1c) Sep 21 07:38:59.600371: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:59.600373: | SPI size: 0 (0x0) Sep 21 07:38:59.600374: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:38:59.600376: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:38:59.600377: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:38:59.600379: | **parse IKEv2 Notify Payload: Sep 21 07:38:59.600380: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:59.600382: | flags: none (0x0) Sep 21 07:38:59.600383: | length: 28 (0x1c) Sep 21 07:38:59.600385: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:59.600386: | SPI size: 0 (0x0) Sep 21 07:38:59.600391: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:38:59.600393: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:38:59.600395: | selected state microcode I3: Informational Request Sep 21 07:38:59.600396: | Now let's proceed with state specific processing Sep 21 07:38:59.600397: | calling processor I3: Informational Request Sep 21 07:38:59.600400: | an informational response Sep 21 07:38:59.600401: | TODO: process v2N_NAT_DETECTION_SOURCE_IP in MOBIKE response Sep 21 07:38:59.600403: | TODO: process v2N_NAT_DETECTION_DESTINATION_IP in MOBIKE response Sep 21 07:38:59.600406: | #2 pst=#1 MOBIKE update local address 192.1.3.33:500 -> 192.1.8.22:500 Sep 21 07:38:59.600410: | initiator migrate kernel SA esp.dbb4e487@192.1.3.33:500 to 192.1.8.22:500 reqid=16389 XFRM_OUT Sep 21 07:38:59.600443: | initiator migrate kernel SA esp.4b540562@192.1.3.33:500 to 192.1.8.22:500 reqid=16389 XFRM_IN Sep 21 07:38:59.600463: | initiator migrate kernel SA esp.4b540562@192.1.3.33:500 to 192.1.8.22:500 reqid=16389 XFRM_FWD Sep 21 07:38:59.600472: "northnet-eastnet" #1: success MOBIKE update local address 192.1.3.33:500 -> 192.1.8.22:500 Sep 21 07:38:59.600474: | free hp@0x5611ca743240 Sep 21 07:38:59.600478: | connect_to_host_pair: 192.1.8.22:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:38:59.600479: | new hp@0x5611ca77add0 Sep 21 07:38:59.600481: | running updown command "ipsec _updown" for verb up Sep 21 07:38:59.600483: | command executing up-client Sep 21 07:38:59.600500: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051529' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S Sep 21 07:38:59.600502: | popen cmd is 1062 chars long Sep 21 07:38:59.600504: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' P: Sep 21 07:38:59.600506: | cmd( 80):LUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_M: Sep 21 07:38:59.600507: | cmd( 160):Y_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0': Sep 21 07:38:59.600509: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL: Sep 21 07:38:59.600510: | cmd( 320):UTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=': Sep 21 07:38:59.600512: | cmd( 400):192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' P: Sep 21 07:38:59.600514: | cmd( 480):LUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0: Sep 21 07:38:59.600515: | cmd( 560):' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051529' PLUTO_CONN_PO: Sep 21 07:38:59.600517: | cmd( 640):LICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ES: Sep 21 07:38:59.600518: | cmd( 720):N_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0: Sep 21 07:38:59.600520: | cmd( 800): PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_: Sep 21 07:38:59.600521: | cmd( 880):PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0': Sep 21 07:38:59.600523: | cmd( 960): VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xdbb4e487 SPI_OUT=0x4b540: Sep 21 07:38:59.600526: | cmd(1040):562 ipsec _updown 2>&1: Sep 21 07:38:59.607392: | running updown command "ipsec _updown" for verb route Sep 21 07:38:59.607416: | command executing route-client Sep 21 07:38:59.607435: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051529' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' Sep 21 07:38:59.607437: | popen cmd is 1065 chars long Sep 21 07:38:59.607439: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Sep 21 07:38:59.607441: | cmd( 80):' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUT: Sep 21 07:38:59.607443: | cmd( 160):O_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3: Sep 21 07:38:59.607444: | cmd( 240):.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0': Sep 21 07:38:59.607446: | cmd( 320): PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_I: Sep 21 07:38:59.607447: | cmd( 400):D='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0: Sep 21 07:38:59.607449: | cmd( 480):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Sep 21 07:38:59.607451: | cmd( 560):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051529' PLUTO_CONN: Sep 21 07:38:59.607452: | cmd( 640):_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE: Sep 21 07:38:59.607454: | cmd( 720):+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILE: Sep 21 07:38:59.607455: | cmd( 800):D=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLU: Sep 21 07:38:59.607457: | cmd( 880):TO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED=: Sep 21 07:38:59.607458: | cmd( 960):'0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xdbb4e487 SPI_OUT=0x4b: Sep 21 07:38:59.607460: | cmd(1040):540562 ipsec _updown 2>&1: Sep 21 07:38:59.616758: | #1 updating local interface from 192.1.8.22:500 to 192.1.8.22:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:38:59.616774: "northnet-eastnet" #1: MOBIKE response: updating IPsec SA Sep 21 07:38:59.616778: | Received an INFORMATIONAL non-delete request; updating liveness, no longer pending. Sep 21 07:38:59.616793: | #1 spent 0.401 milliseconds in processing: I3: Informational Request in ikev2_process_state_packet() Sep 21 07:38:59.616801: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:38:59.616804: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:38:59.616808: | Message ID: updating counters for #1 to 2 after switching state Sep 21 07:38:59.616813: | Message ID: recv #1 response 2; ike: initiator.sent=2 initiator.recv=1->2 responder.sent=-1 responder.recv=-1 wip.initiator=2->-1 wip.responder=-1 Sep 21 07:38:59.616817: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:38:59.616824: | STATE_PARENT_I3: PARENT SA established Sep 21 07:38:59.616829: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:38:59.616835: | #1 spent 0.578 milliseconds in ikev2_process_packet() Sep 21 07:38:59.616838: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:38:59.616841: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:38:59.616842: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:38:59.616846: | spent 0.589 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:38:59.616855: | processing signal PLUTO_SIGCHLD Sep 21 07:38:59.616859: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:59.616862: | spent 0.00398 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:38:59.616863: | processing signal PLUTO_SIGCHLD Sep 21 07:38:59.616866: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:59.616868: | spent 0.00237 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:39:07.318394: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@24 (in whack_handle() at rcv_whack.c:721) Sep 21 07:39:07.318434: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:39:07.318443: | FOR_EACH_STATE_... in sort_states Sep 21 07:39:07.318455: | get_sa_info esp.4b540562@192.1.8.22 Sep 21 07:39:07.318479: | get_sa_info esp.dbb4e487@192.1.2.23 Sep 21 07:39:07.318515: | close_any(fd@24) (in whack_process() at rcv_whack.c:700) Sep 21 07:39:07.318531: | spent 0.15 milliseconds in whack Sep 21 07:39:07.717059: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@24 (in whack_handle() at rcv_whack.c:721) Sep 21 07:39:07.717746: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:39:07.717763: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:39:07.718015: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:39:07.718034: | FOR_EACH_STATE_... in sort_states Sep 21 07:39:07.718074: | get_sa_info esp.4b540562@192.1.8.22 Sep 21 07:39:07.718122: | get_sa_info esp.dbb4e487@192.1.2.23 Sep 21 07:39:07.718194: | close_any(fd@24) (in whack_process() at rcv_whack.c:700) Sep 21 07:39:07.718214: | spent 1.16 milliseconds in whack Sep 21 07:39:08.107229: | spent 0.00305 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:39:08.107248: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.8.22:500) Sep 21 07:39:08.107250: | 15 00 5c f1 36 77 c5 dc e3 fe e0 15 e4 b7 70 02 Sep 21 07:39:08.107252: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:39:08.107254: | 4c 46 0f 19 45 12 fa aa 9e 67 d0 5a 1d a4 8e 97 Sep 21 07:39:08.107255: | c4 46 d8 b0 f7 f1 23 48 2f ca a5 aa 34 17 0e c8 Sep 21 07:39:08.107257: | 99 eb 39 a5 c8 Sep 21 07:39:08.107260: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:39:08.107262: | **parse ISAKMP Message: Sep 21 07:39:08.107264: | initiator cookie: Sep 21 07:39:08.107266: | 15 00 5c f1 36 77 c5 dc Sep 21 07:39:08.107267: | responder cookie: Sep 21 07:39:08.107269: | e3 fe e0 15 e4 b7 70 02 Sep 21 07:39:08.107270: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:39:08.107272: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:39:08.107274: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:39:08.107276: | flags: none (0x0) Sep 21 07:39:08.107277: | Message ID: 0 (0x0) Sep 21 07:39:08.107279: | length: 69 (0x45) Sep 21 07:39:08.107296: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:39:08.107298: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:39:08.107301: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:39:08.107306: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:39:08.107310: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:39:08.107313: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:39:08.107315: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:39:08.107331: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 Sep 21 07:39:08.107333: | unpacking clear payload Sep 21 07:39:08.107334: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:39:08.107336: | ***parse IKEv2 Encryption Payload: Sep 21 07:39:08.107338: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:39:08.107340: | flags: none (0x0) Sep 21 07:39:08.107341: | length: 41 (0x29) Sep 21 07:39:08.107343: | processing payload: ISAKMP_NEXT_v2SK (len=37) Sep 21 07:39:08.107346: | Message ID: start-responder #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:39:08.107347: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:39:08.107358: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:39:08.107360: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:39:08.107362: | **parse IKEv2 Delete Payload: Sep 21 07:39:08.107364: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:39:08.107365: | flags: none (0x0) Sep 21 07:39:08.107367: | length: 12 (0xc) Sep 21 07:39:08.107368: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:39:08.107370: | SPI size: 4 (0x4) Sep 21 07:39:08.107371: | number of SPIs: 1 (0x1) Sep 21 07:39:08.107373: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:39:08.107374: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:39:08.107376: | Now let's proceed with state specific processing Sep 21 07:39:08.107377: | calling processor I3: INFORMATIONAL Request Sep 21 07:39:08.107380: | an informational request should send a response Sep 21 07:39:08.107384: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:39:08.107386: | **emit ISAKMP Message: Sep 21 07:39:08.107387: | initiator cookie: Sep 21 07:39:08.107389: | 15 00 5c f1 36 77 c5 dc Sep 21 07:39:08.107390: | responder cookie: Sep 21 07:39:08.107392: | e3 fe e0 15 e4 b7 70 02 Sep 21 07:39:08.107393: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:39:08.107395: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:39:08.107396: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:39:08.107399: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:39:08.107400: | Message ID: 0 (0x0) Sep 21 07:39:08.107402: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:39:08.107404: | ***emit IKEv2 Encryption Payload: Sep 21 07:39:08.107405: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:39:08.107407: | flags: none (0x0) Sep 21 07:39:08.107409: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:39:08.107411: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:39:08.107413: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:39:08.107417: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:39:08.107419: | SPI db b4 e4 87 Sep 21 07:39:08.107420: | delete PROTO_v2_ESP SA(0xdbb4e487) Sep 21 07:39:08.107422: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Sep 21 07:39:08.107424: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Sep 21 07:39:08.107441: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xdbb4e487) Sep 21 07:39:08.107443: "northnet-eastnet" #1: received Delete SA payload: replace IPsec State #2 now Sep 21 07:39:08.107445: | state #2 requesting EVENT_SA_REKEY to be deleted Sep 21 07:39:08.107449: | libevent_free: release ptr-libevent@0x5611ca77aaa0 Sep 21 07:39:08.107451: | free_event_entry: release EVENT_SA_REKEY-pe@0x5611ca77a9c0 Sep 21 07:39:08.107453: | event_schedule: new EVENT_SA_REPLACE-pe@0x5611ca77a9c0 Sep 21 07:39:08.107456: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Sep 21 07:39:08.107458: | libevent_malloc: new ptr-libevent@0x5611ca77aaa0 size 128 Sep 21 07:39:08.107460: | ****emit IKEv2 Delete Payload: Sep 21 07:39:08.107462: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:39:08.107463: | flags: none (0x0) Sep 21 07:39:08.107465: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:39:08.107466: | SPI size: 4 (0x4) Sep 21 07:39:08.107468: | number of SPIs: 1 (0x1) Sep 21 07:39:08.107470: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:39:08.107472: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:39:08.107474: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:39:08.107475: | local SPIs 4b 54 05 62 Sep 21 07:39:08.107477: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:39:08.107491: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:39:08.107493: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:39:08.107495: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:39:08.107497: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:39:08.107498: | emitting length of ISAKMP Message: 69 Sep 21 07:39:08.107506: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.8.22:500 to 192.1.2.23:500 (using #1) Sep 21 07:39:08.107508: | 15 00 5c f1 36 77 c5 dc e3 fe e0 15 e4 b7 70 02 Sep 21 07:39:08.107509: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:39:08.107511: | 42 aa ea 97 44 1d 48 3c 0c b6 9e 41 1e 46 6a 79 Sep 21 07:39:08.107512: | 34 7b 96 f8 53 a1 e0 5b 8c f3 9c 3b dc e1 c2 24 Sep 21 07:39:08.107514: | 13 cd 46 c5 25 Sep 21 07:39:08.107538: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:39:08.107542: | Message ID: sent #1 response 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:39:08.107546: | #1 spent 0.153 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:39:08.107549: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:39:08.107552: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:39:08.107554: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:39:08.107557: | Message ID: recv #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:39:08.107559: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:39:08.107561: "northnet-eastnet" #1: STATE_PARENT_I3: PARENT SA established Sep 21 07:39:08.107565: | stop processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:39:08.107567: | #1 spent 0.315 milliseconds in ikev2_process_packet() Sep 21 07:39:08.107570: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:39:08.107572: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:39:08.107574: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:39:08.107578: | spent 0.325 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:39:08.107583: | timer_event_cb: processing event@0x5611ca77a9c0 Sep 21 07:39:08.107585: | handling event EVENT_SA_REPLACE for child state #2 Sep 21 07:39:08.107587: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:39:08.107590: | picked newest_ipsec_sa #2 for #2 Sep 21 07:39:08.107591: | replacing stale CHILD SA Sep 21 07:39:08.107594: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:39:08.107596: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:39:08.107598: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:39:08.107601: | creating state object #3 at 0x5611ca782800 Sep 21 07:39:08.107602: | State DB: adding IKEv2 state #3 in UNDEFINED Sep 21 07:39:08.107608: | pstats #3 ikev2.child started Sep 21 07:39:08.107610: | duplicating state object #1 "northnet-eastnet" as #3 for IPSEC SA Sep 21 07:39:08.107613: | #3 setting local endpoint to 192.1.8.22:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:39:08.107617: | Message ID: init_child #1.#3; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:39:08.107620: | suspend processing: state #2 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:39:08.107622: | start processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:39:08.107625: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Sep 21 07:39:08.107628: | create child proposal's DH changed from no-PFS to MODP2048, flushing Sep 21 07:39:08.107630: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnet (ESP/AH initiator emitting proposals) Sep 21 07:39:08.107634: | converting proposal AES_CBC_256-HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:39:08.107638: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:39:08.107641: "northnet-eastnet": constructed local ESP/AH proposals for northnet-eastnet (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:39:08.107645: | #3 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Sep 21 07:39:08.107647: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x7febcc002b20 Sep 21 07:39:08.107649: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Sep 21 07:39:08.107651: | libevent_malloc: new ptr-libevent@0x5611ca782770 size 128 Sep 21 07:39:08.107654: | RESET processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:39:08.107656: | event_schedule: new EVENT_SA_EXPIRE-pe@0x5611ca783930 Sep 21 07:39:08.107658: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Sep 21 07:39:08.107660: | libevent_malloc: new ptr-libevent@0x5611ca77cf50 size 128 Sep 21 07:39:08.107661: | libevent_free: release ptr-libevent@0x5611ca77aaa0 Sep 21 07:39:08.107663: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5611ca77a9c0 Sep 21 07:39:08.107666: | #2 spent 0.0827 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:39:08.107668: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:39:08.107671: | timer_event_cb: processing event@0x7febcc002b20 Sep 21 07:39:08.107673: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Sep 21 07:39:08.107675: | start processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:39:08.107678: | adding Child Rekey Initiator KE and nonce ni work-order 3 for state #3 Sep 21 07:39:08.107680: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5611ca77a9c0 Sep 21 07:39:08.107683: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:39:08.107685: | libevent_malloc: new ptr-libevent@0x5611ca77aaa0 size 128 Sep 21 07:39:08.107691: | libevent_free: release ptr-libevent@0x5611ca782770 Sep 21 07:39:08.107693: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x7febcc002b20 Sep 21 07:39:08.107696: | #3 spent 0.0242 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:39:08.107698: | stop processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:39:08.107701: | timer_event_cb: processing event@0x5611ca783930 Sep 21 07:39:08.107702: | handling event EVENT_SA_EXPIRE for child state #2 Sep 21 07:39:08.107705: | start processing: state #2 connection "northnet-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:39:08.107707: | picked newest_ipsec_sa #2 for #2 Sep 21 07:39:08.107708: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:39:08.107710: | pstats #2 ikev2.child re-failed exchange-timeout Sep 21 07:39:08.107712: | pstats #2 ikev2.child deleted completed Sep 21 07:39:08.107713: | #2 spent 1.89 milliseconds in total Sep 21 07:39:08.107716: | [RE]START processing: state #2 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:39:08.107718: "northnet-eastnet" #2: deleting state (STATE_V2_IPSEC_I) aged 18.454s and NOT sending notification Sep 21 07:39:08.107720: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Sep 21 07:39:08.107719: | crypto helper 2 resuming Sep 21 07:39:08.107723: | get_sa_info esp.dbb4e487@192.1.2.23 Sep 21 07:39:08.107729: | crypto helper 2 starting work-order 3 for state #3 Sep 21 07:39:08.107738: | crypto helper 2 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 Sep 21 07:39:08.107742: | get_sa_info esp.4b540562@192.1.8.22 Sep 21 07:39:08.107748: "northnet-eastnet" #2: ESP traffic information: in=168B out=168B Sep 21 07:39:08.107750: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:39:08.107831: | running updown command "ipsec _updown" for verb down Sep 21 07:39:08.107837: | command executing down-client Sep 21 07:39:08.107854: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051529' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' V Sep 21 07:39:08.107856: | popen cmd is 1064 chars long Sep 21 07:39:08.107858: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet': Sep 21 07:39:08.107860: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO: Sep 21 07:39:08.107861: | cmd( 160):_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.: Sep 21 07:39:08.107863: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : Sep 21 07:39:08.107864: | cmd( 320):PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: Sep 21 07:39:08.107866: | cmd( 400):='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0': Sep 21 07:39:08.107869: | cmd( 480): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Sep 21 07:39:08.107871: | cmd( 560):'0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051529' PLUTO_CONN_: Sep 21 07:39:08.107873: | cmd( 640):POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+: Sep 21 07:39:08.107874: | cmd( 720):ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED: Sep 21 07:39:08.107876: | cmd( 800):=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUT: Sep 21 07:39:08.107877: | cmd( 880):O_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED=': Sep 21 07:39:08.107879: | cmd( 960):0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xdbb4e487 SPI_OUT=0x4b5: Sep 21 07:39:08.107880: | cmd(1040):40562 ipsec _updown 2>&1: Sep 21 07:39:08.108367: | crypto helper 2 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 3 time elapsed 0.000629 seconds Sep 21 07:39:08.108374: | (#3) spent 0.631 milliseconds in crypto helper computing work-order 3: Child Rekey Initiator KE and nonce ni (pcr) Sep 21 07:39:08.108376: | crypto helper 2 sending results from work-order 3 for state #3 to event queue Sep 21 07:39:08.108378: | scheduling resume sending helper answer for #3 Sep 21 07:39:08.108380: | libevent_malloc: new ptr-libevent@0x7febc8006900 size 128 Sep 21 07:39:08.108384: | crypto helper 2 waiting (nothing to do) Sep 21 07:39:08.114584: | shunt_eroute() called for connection 'northnet-eastnet' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:39:08.114594: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:39:08.114597: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Sep 21 07:39:08.114599: | IPsec Sa SPD priority set to 1042407 Sep 21 07:39:08.114641: | delete esp.dbb4e487@192.1.2.23 Sep 21 07:39:08.114661: | netlink response for Del SA esp.dbb4e487@192.1.2.23 included non-error error Sep 21 07:39:08.114664: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Sep 21 07:39:08.114668: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.8.22 (raw_eroute) Sep 21 07:39:08.114702: | raw_eroute result=success Sep 21 07:39:08.114705: | delete esp.4b540562@192.1.8.22 Sep 21 07:39:08.114721: | netlink response for Del SA esp.4b540562@192.1.8.22 included non-error error Sep 21 07:39:08.114724: | in connection_discard for connection northnet-eastnet Sep 21 07:39:08.114726: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Sep 21 07:39:08.114728: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:39:08.114732: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:39:08.114736: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Sep 21 07:39:08.114738: | can't expire unused IKE SA #1; it has the child #3 Sep 21 07:39:08.114740: | libevent_free: release ptr-libevent@0x5611ca77cf50 Sep 21 07:39:08.114742: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x5611ca783930 Sep 21 07:39:08.114744: | in statetime_stop() and could not find #2 Sep 21 07:39:08.114746: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:39:08.114758: | spent 0.00191 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:39:08.114765: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.8.22:500) Sep 21 07:39:08.114767: | 15 00 5c f1 36 77 c5 dc e3 fe e0 15 e4 b7 70 02 Sep 21 07:39:08.114769: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Sep 21 07:39:08.114770: | 9a 0b bd 6b 5d 03 1d 08 07 97 f8 64 23 fa cc 60 Sep 21 07:39:08.114772: | 0b a5 47 b3 35 98 cf b9 01 8e 8e 40 79 5e 53 30 Sep 21 07:39:08.114773: | 1b Sep 21 07:39:08.114776: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:39:08.114778: | **parse ISAKMP Message: Sep 21 07:39:08.114782: | initiator cookie: Sep 21 07:39:08.114791: | 15 00 5c f1 36 77 c5 dc Sep 21 07:39:08.114793: | responder cookie: Sep 21 07:39:08.114794: | e3 fe e0 15 e4 b7 70 02 Sep 21 07:39:08.114796: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:39:08.114798: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:39:08.114799: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:39:08.114801: | flags: none (0x0) Sep 21 07:39:08.114803: | Message ID: 1 (0x1) Sep 21 07:39:08.114804: | length: 65 (0x41) Sep 21 07:39:08.114806: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:39:08.114822: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:39:08.114824: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:39:08.114828: | start processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:39:08.114830: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:39:08.114833: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:39:08.114835: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:39:08.114837: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 Sep 21 07:39:08.114839: | unpacking clear payload Sep 21 07:39:08.114840: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:39:08.114843: | ***parse IKEv2 Encryption Payload: Sep 21 07:39:08.114845: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:39:08.114847: | flags: none (0x0) Sep 21 07:39:08.114850: | length: 37 (0x25) Sep 21 07:39:08.114867: | processing payload: ISAKMP_NEXT_v2SK (len=33) Sep 21 07:39:08.114872: | Message ID: start-responder #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:39:08.114875: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:39:08.114888: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:39:08.114891: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:39:08.114893: | **parse IKEv2 Delete Payload: Sep 21 07:39:08.114895: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:39:08.114896: | flags: none (0x0) Sep 21 07:39:08.114898: | length: 8 (0x8) Sep 21 07:39:08.114899: | protocol ID: PROTO_v2_IKE (0x1) Sep 21 07:39:08.114901: | SPI size: 0 (0x0) Sep 21 07:39:08.114902: | number of SPIs: 0 (0x0) Sep 21 07:39:08.114904: | processing payload: ISAKMP_NEXT_v2D (len=0) Sep 21 07:39:08.114906: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:39:08.114907: | Now let's proceed with state specific processing Sep 21 07:39:08.114909: | calling processor I3: INFORMATIONAL Request Sep 21 07:39:08.114924: | an informational request should send a response Sep 21 07:39:08.114928: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:39:08.114930: | **emit ISAKMP Message: Sep 21 07:39:08.114932: | initiator cookie: Sep 21 07:39:08.114933: | 15 00 5c f1 36 77 c5 dc Sep 21 07:39:08.114935: | responder cookie: Sep 21 07:39:08.114936: | e3 fe e0 15 e4 b7 70 02 Sep 21 07:39:08.114937: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:39:08.114939: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:39:08.114941: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:39:08.114942: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:39:08.114944: | Message ID: 1 (0x1) Sep 21 07:39:08.114946: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:39:08.114948: | ***emit IKEv2 Encryption Payload: Sep 21 07:39:08.114949: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:39:08.114951: | flags: none (0x0) Sep 21 07:39:08.114954: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:39:08.114956: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:39:08.114958: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:39:08.114964: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:39:08.114966: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:39:08.114968: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:39:08.114969: | emitting length of IKEv2 Encryption Payload: 29 Sep 21 07:39:08.114971: | emitting length of ISAKMP Message: 57 Sep 21 07:39:08.114978: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.8.22:500 to 192.1.2.23:500 (using #1) Sep 21 07:39:08.114980: | 15 00 5c f1 36 77 c5 dc e3 fe e0 15 e4 b7 70 02 Sep 21 07:39:08.114982: | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d Sep 21 07:39:08.114983: | 82 40 f0 35 0f b5 4a 00 b4 43 55 99 83 5f cd 4c Sep 21 07:39:08.114984: | 48 26 14 ea bf a2 42 28 3e Sep 21 07:39:08.115007: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:39:08.115011: | Message ID: sent #1 response 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:39:08.115013: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Sep 21 07:39:08.115015: | pstats #3 ikev2.child deleted other Sep 21 07:39:08.115018: | #3 spent 0.0242 milliseconds in total Sep 21 07:39:08.115020: | suspend processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:39:08.115023: | start processing: state #3 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:39:08.115026: "northnet-eastnet" #3: deleting other state #3 (STATE_CHILDSA_DEL) aged 0.007s and NOT sending notification Sep 21 07:39:08.115028: | child state #3: CHILDSA_DEL(informational) => delete Sep 21 07:39:08.115030: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:39:08.115032: | libevent_free: release ptr-libevent@0x5611ca77aaa0 Sep 21 07:39:08.115033: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5611ca77a9c0 Sep 21 07:39:08.115036: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Sep 21 07:39:08.115040: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.8.22 (raw_eroute) Sep 21 07:39:08.115049: | raw_eroute result=success Sep 21 07:39:08.115051: | in connection_discard for connection northnet-eastnet Sep 21 07:39:08.115052: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Sep 21 07:39:08.115054: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:39:08.115057: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:39:08.115060: | resume processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:39:08.115062: | State DB: IKEv2 state not found (delete_my_family) Sep 21 07:39:08.115064: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Sep 21 07:39:08.115066: | pstats #1 ikev2.ike deleted completed Sep 21 07:39:08.115068: | #1 spent 9.98 milliseconds in total Sep 21 07:39:08.115070: | [RE]START processing: state #1 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:39:08.115073: "northnet-eastnet" #1: deleting state (STATE_IKESA_DEL) aged 18.471s and NOT sending notification Sep 21 07:39:08.115074: | parent state #1: IKESA_DEL(established IKE SA) => delete Sep 21 07:39:08.115121: | state #1 requesting EVENT_SA_REKEY to be deleted Sep 21 07:39:08.115125: | libevent_free: release ptr-libevent@0x5611ca77ac80 Sep 21 07:39:08.115127: | free_event_entry: release EVENT_SA_REKEY-pe@0x5611ca77ac40 Sep 21 07:39:08.115128: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:39:08.115130: | picked newest_isakmp_sa #0 for #1 Sep 21 07:39:08.115132: "northnet-eastnet" #1: deleting IKE SA for connection 'northnet-eastnet' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:39:08.115134: | add revival: connection 'northnet-eastnet' added to the list and scheduled for 0 seconds Sep 21 07:39:08.115136: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Sep 21 07:39:08.115139: | in connection_discard for connection northnet-eastnet Sep 21 07:39:08.115140: | State DB: deleting IKEv2 state #1 in IKESA_DEL Sep 21 07:39:08.115142: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Sep 21 07:39:08.115153: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:39:08.115163: | in statetime_stop() and could not find #1 Sep 21 07:39:08.115165: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:39:08.115168: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Sep 21 07:39:08.115170: | STF_OK but no state object remains Sep 21 07:39:08.115171: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:39:08.115173: | in statetime_stop() and could not find #1 Sep 21 07:39:08.115176: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:39:08.115178: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:39:08.115179: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:39:08.115183: | spent 0.405 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:39:08.115187: | processing resume sending helper answer for #3 Sep 21 07:39:08.115190: | crypto helper 2 replies to request ID 3 Sep 21 07:39:08.115191: | calling continuation function 0x5611c887a630 Sep 21 07:39:08.115193: | work-order 3 state #3 crypto result suppressed Sep 21 07:39:08.115199: | (#3) spent 0.0091 milliseconds in resume sending helper answer Sep 21 07:39:08.115201: | libevent_free: release ptr-libevent@0x7febc8006900 Sep 21 07:39:08.115203: | processing signal PLUTO_SIGCHLD Sep 21 07:39:08.115207: | waitpid returned ECHILD (no child processes left) Sep 21 07:39:08.115209: | spent 0.0037 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:39:08.115212: | processing global timer EVENT_REVIVE_CONNS Sep 21 07:39:08.115214: Initiating connection northnet-eastnet which received a Delete/Notify but must remain up per local policy Sep 21 07:39:08.115216: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:39:08.115219: | start processing: connection "northnet-eastnet" (in initiate_a_connection() at initiate.c:186) Sep 21 07:39:08.115221: | connection 'northnet-eastnet' +POLICY_UP Sep 21 07:39:08.115223: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Sep 21 07:39:08.115225: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:39:08.115228: | creating state object #4 at 0x5611ca77d580 Sep 21 07:39:08.115229: | State DB: adding IKEv2 state #4 in UNDEFINED Sep 21 07:39:08.115234: | pstats #4 ikev2.ike started Sep 21 07:39:08.115236: | Message ID: init #4: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:39:08.115238: | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:39:08.115241: | Message ID: init_ike #4; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:39:08.115245: | suspend processing: connection "northnet-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:39:08.115248: | start processing: state #4 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:39:08.115252: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:39:08.115254: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnet" IKE SA #4 "northnet-eastnet" Sep 21 07:39:08.115257: "northnet-eastnet" #4: initiating v2 parent SA Sep 21 07:39:08.115267: | using existing local IKE proposals for connection northnet-eastnet (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:39:08.115270: | adding ikev2_outI1 KE work-order 4 for state #4 Sep 21 07:39:08.115272: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7febc8002b20 Sep 21 07:39:08.115275: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Sep 21 07:39:08.115277: | libevent_malloc: new ptr-libevent@0x7febc8006900 size 128 Sep 21 07:39:08.115283: | #4 spent 0.0642 milliseconds in ikev2_parent_outI1() Sep 21 07:39:08.115301: | RESET processing: state #4 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:39:08.115303: | RESET processing: connection "northnet-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:39:08.115305: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:39:08.115308: | spent 0.0931 milliseconds in global timer EVENT_REVIVE_CONNS Sep 21 07:39:08.115308: | crypto helper 0 resuming Sep 21 07:39:08.115316: | crypto helper 0 starting work-order 4 for state #4 Sep 21 07:39:08.115319: | crypto helper 0 doing build KE and nonce (ikev2_outI1 KE); request ID 4 Sep 21 07:39:08.115908: | crypto helper 0 finished build KE and nonce (ikev2_outI1 KE); request ID 4 time elapsed 0.000589 seconds Sep 21 07:39:08.115917: | (#4) spent 0.594 milliseconds in crypto helper computing work-order 4: ikev2_outI1 KE (pcr) Sep 21 07:39:08.115919: | crypto helper 0 sending results from work-order 4 for state #4 to event queue Sep 21 07:39:08.115921: | scheduling resume sending helper answer for #4 Sep 21 07:39:08.115924: | libevent_malloc: new ptr-libevent@0x7febbc006900 size 128 Sep 21 07:39:08.115930: | crypto helper 0 waiting (nothing to do) Sep 21 07:39:08.115966: | processing resume sending helper answer for #4 Sep 21 07:39:08.115974: | start processing: state #4 connection "northnet-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:39:08.115978: | crypto helper 0 replies to request ID 4 Sep 21 07:39:08.115980: | calling continuation function 0x5611c887a630 Sep 21 07:39:08.115982: | ikev2_parent_outI1_continue for #4 Sep 21 07:39:08.115986: | **emit ISAKMP Message: Sep 21 07:39:08.115988: | initiator cookie: Sep 21 07:39:08.115990: | bd 0f b5 bf 50 e5 a2 f6 Sep 21 07:39:08.115991: | responder cookie: Sep 21 07:39:08.115993: | 00 00 00 00 00 00 00 00 Sep 21 07:39:08.115995: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:39:08.115997: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:39:08.115998: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:39:08.116000: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:39:08.116002: | Message ID: 0 (0x0) Sep 21 07:39:08.116004: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:39:08.116015: | using existing local IKE proposals for connection northnet-eastnet (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:39:08.116020: | Emitting ikev2_proposals ... Sep 21 07:39:08.116022: | ***emit IKEv2 Security Association Payload: Sep 21 07:39:08.116023: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:39:08.116025: | flags: none (0x0) Sep 21 07:39:08.116027: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:39:08.116029: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:39:08.116031: | discarding INTEG=NONE Sep 21 07:39:08.116033: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:39:08.116035: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:39:08.116037: | prop #: 1 (0x1) Sep 21 07:39:08.116038: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:39:08.116040: | spi size: 0 (0x0) Sep 21 07:39:08.116041: | # transforms: 11 (0xb) Sep 21 07:39:08.116043: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:39:08.116045: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116047: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116049: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:39:08.116050: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:39:08.116052: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116054: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:39:08.116056: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:39:08.116058: | length/value: 256 (0x100) Sep 21 07:39:08.116060: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:39:08.116061: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116063: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116065: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:39:08.116066: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:39:08.116068: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116070: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116072: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116073: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116075: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116077: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:39:08.116078: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:39:08.116080: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116082: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116084: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116085: | discarding INTEG=NONE Sep 21 07:39:08.116087: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116089: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116090: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116093: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:39:08.116095: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116097: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116099: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116100: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116102: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116103: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116105: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:39:08.116107: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116109: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116111: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116112: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116114: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116115: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116117: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:39:08.116119: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116121: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116122: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116124: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116126: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116127: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116129: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:39:08.116131: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116133: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116134: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116136: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116137: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116139: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116141: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:39:08.116143: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116144: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116146: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116148: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116149: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116151: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116152: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:39:08.116154: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116156: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116158: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116161: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116162: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116164: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116165: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:39:08.116167: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116169: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116171: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116172: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116174: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:39:08.116175: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116177: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:39:08.116179: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116181: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116182: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116184: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:39:08.116185: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:39:08.116187: | discarding INTEG=NONE Sep 21 07:39:08.116189: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:39:08.116190: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:39:08.116192: | prop #: 2 (0x2) Sep 21 07:39:08.116193: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:39:08.116195: | spi size: 0 (0x0) Sep 21 07:39:08.116196: | # transforms: 11 (0xb) Sep 21 07:39:08.116198: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:39:08.116200: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:39:08.116202: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116204: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116205: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:39:08.116207: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:39:08.116208: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116210: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:39:08.116212: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:39:08.116214: | length/value: 128 (0x80) Sep 21 07:39:08.116215: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:39:08.116217: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116218: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116220: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:39:08.116222: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:39:08.116224: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116225: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116227: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116229: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116230: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116232: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:39:08.116233: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:39:08.116236: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116238: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116240: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116241: | discarding INTEG=NONE Sep 21 07:39:08.116243: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116244: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116246: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116247: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:39:08.116249: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116251: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116253: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116254: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116256: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116258: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116259: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:39:08.116261: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116263: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116265: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116266: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116268: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116269: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116271: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:39:08.116273: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116275: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116276: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116278: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116279: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116281: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116283: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:39:08.116285: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116286: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116288: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116290: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116291: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116293: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116294: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:39:08.116296: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116298: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116300: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116302: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116309: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116311: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116313: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:39:08.116315: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116316: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116318: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116320: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116321: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116323: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116324: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:39:08.116326: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116328: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116330: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116331: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116333: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:39:08.116335: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116336: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:39:08.116338: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116340: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116342: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116344: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:39:08.116345: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:39:08.116347: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:39:08.116349: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:39:08.116350: | prop #: 3 (0x3) Sep 21 07:39:08.116352: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:39:08.116353: | spi size: 0 (0x0) Sep 21 07:39:08.116355: | # transforms: 13 (0xd) Sep 21 07:39:08.116357: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:39:08.116359: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:39:08.116360: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116362: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116364: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:39:08.116365: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:39:08.116367: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116369: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:39:08.116370: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:39:08.116372: | length/value: 256 (0x100) Sep 21 07:39:08.116374: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:39:08.116375: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116377: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116378: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:39:08.116380: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:39:08.116382: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116385: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116387: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116388: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116390: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116391: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:39:08.116393: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:39:08.116395: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116397: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116398: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116400: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116401: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116403: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:39:08.116405: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:39:08.116407: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116408: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116410: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116412: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116413: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116415: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:39:08.116416: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:39:08.116418: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116420: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116422: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116423: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116425: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116427: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116428: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:39:08.116430: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116432: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116434: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116435: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116437: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116438: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116440: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:39:08.116442: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116444: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116445: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116447: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116448: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116451: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116453: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:39:08.116454: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116456: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116458: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116460: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116461: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116463: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116464: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:39:08.116466: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116468: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116470: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116472: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116473: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116475: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116476: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:39:08.116478: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116480: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116482: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116483: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116485: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116487: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116488: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:39:08.116490: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116492: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116494: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116495: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116497: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116498: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116500: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:39:08.116502: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116504: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116506: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116507: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116509: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:39:08.116510: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116512: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:39:08.116514: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116516: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116518: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116520: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:39:08.116522: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:39:08.116524: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:39:08.116525: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:39:08.116527: | prop #: 4 (0x4) Sep 21 07:39:08.116528: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:39:08.116530: | spi size: 0 (0x0) Sep 21 07:39:08.116532: | # transforms: 13 (0xd) Sep 21 07:39:08.116533: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:39:08.116535: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:39:08.116537: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116539: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116540: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:39:08.116542: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:39:08.116544: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116545: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:39:08.116547: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:39:08.116549: | length/value: 128 (0x80) Sep 21 07:39:08.116550: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:39:08.116552: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116554: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116555: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:39:08.116557: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:39:08.116559: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116560: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116562: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116564: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116565: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116567: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:39:08.116569: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:39:08.116570: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116572: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116574: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116576: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116577: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116579: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:39:08.116580: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:39:08.116582: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116584: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116586: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116587: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116589: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116590: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:39:08.116592: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:39:08.116595: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116597: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116599: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116600: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116602: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116603: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116605: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:39:08.116607: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116609: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116610: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116612: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116613: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116615: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116617: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:39:08.116619: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116620: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116622: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116624: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116625: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116627: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116628: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:39:08.116630: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116632: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116634: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116636: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116637: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116639: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116640: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:39:08.116642: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116644: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116646: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116647: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116649: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116651: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116652: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:39:08.116654: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116656: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116658: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116659: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116661: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116663: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116665: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:39:08.116667: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116669: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116671: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116672: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116674: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116675: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116677: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:39:08.116679: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116681: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116682: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116684: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:39:08.116685: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:39:08.116687: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:39:08.116688: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:39:08.116690: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:39:08.116692: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:39:08.116694: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:39:08.116695: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:39:08.116697: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:39:08.116699: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:39:08.116701: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:39:08.116702: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:39:08.116704: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:39:08.116706: | flags: none (0x0) Sep 21 07:39:08.116707: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:39:08.116710: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:39:08.116711: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:39:08.116714: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:39:08.116715: | ikev2 g^x bd 24 6c d9 29 23 6f 4b 09 98 7c 1e 8e 41 4c a2 Sep 21 07:39:08.116717: | ikev2 g^x 6c e0 25 43 49 37 c0 81 a1 27 4e 07 6c 7f b8 7d Sep 21 07:39:08.116718: | ikev2 g^x 50 78 77 1a e7 1b ca 5b e9 54 7e 96 2c 4a d1 13 Sep 21 07:39:08.116720: | ikev2 g^x df a8 8b 88 15 83 24 d5 17 0e 8b 5d b1 c9 b6 33 Sep 21 07:39:08.116722: | ikev2 g^x 25 f4 7e 40 36 fe 17 c6 bc f3 e4 9e a4 56 f6 c0 Sep 21 07:39:08.116723: | ikev2 g^x b3 3e ba 20 c9 27 a0 a3 f0 5f 4b 38 45 72 27 81 Sep 21 07:39:08.116725: | ikev2 g^x 54 07 bd db 6c 1b 0c 75 83 50 25 b5 8f f7 ad ae Sep 21 07:39:08.116726: | ikev2 g^x b9 b6 cb 74 76 a8 e3 31 c2 90 21 06 e4 4d 32 99 Sep 21 07:39:08.116728: | ikev2 g^x 3c 00 38 96 5b ee 5f 5a 98 d2 17 80 13 58 34 5c Sep 21 07:39:08.116729: | ikev2 g^x ba 6b 13 77 e0 53 77 26 1b a5 ba 38 41 05 b2 84 Sep 21 07:39:08.116731: | ikev2 g^x 26 f7 7e a9 d7 1e 32 f9 77 00 6a c8 1f ec 84 26 Sep 21 07:39:08.116733: | ikev2 g^x d1 83 92 02 5a 42 f0 24 c7 1f 0a e3 70 66 fb 2f Sep 21 07:39:08.116735: | ikev2 g^x 96 2e 29 e2 13 7a 34 9c 35 15 1d 42 f7 8c f6 12 Sep 21 07:39:08.116736: | ikev2 g^x 1b 2c 5e d4 39 6a c7 2b d9 c9 b2 51 22 33 9e d6 Sep 21 07:39:08.116738: | ikev2 g^x cd 16 76 62 6e 93 a5 a4 6c 2f e5 30 07 28 5e 59 Sep 21 07:39:08.116739: | ikev2 g^x b0 51 cf 31 4d 91 a8 a3 57 5f 0a 09 d7 39 d8 e0 Sep 21 07:39:08.116741: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:39:08.116743: | ***emit IKEv2 Nonce Payload: Sep 21 07:39:08.116744: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:39:08.116746: | flags: none (0x0) Sep 21 07:39:08.116748: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:39:08.116750: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:39:08.116752: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:39:08.116753: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:39:08.116755: | IKEv2 nonce 41 de 74 2b 96 58 5d 17 1a be 47 e1 e0 1e 2e ed Sep 21 07:39:08.116757: | IKEv2 nonce 28 c5 b9 9c 96 66 14 a3 26 23 6a 06 86 04 b0 11 Sep 21 07:39:08.116758: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:39:08.116760: | Adding a v2N Payload Sep 21 07:39:08.116761: | ***emit IKEv2 Notify Payload: Sep 21 07:39:08.116763: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:39:08.116764: | flags: none (0x0) Sep 21 07:39:08.116766: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:39:08.116768: | SPI size: 0 (0x0) Sep 21 07:39:08.116770: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:39:08.116772: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:39:08.116773: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:39:08.116775: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:39:08.116777: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:39:08.116779: | natd_hash: rcookie is zero Sep 21 07:39:08.116792: | natd_hash: hasher=0x5611c89507a0(20) Sep 21 07:39:08.116794: | natd_hash: icookie= bd 0f b5 bf 50 e5 a2 f6 Sep 21 07:39:08.116796: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:39:08.116797: | natd_hash: ip= c0 01 08 16 Sep 21 07:39:08.116816: | natd_hash: port= 01 f4 Sep 21 07:39:08.116818: | natd_hash: hash= 7e ed ad e6 5a ef 2e dd 6c 32 7b 6c 4e 6b 20 2a Sep 21 07:39:08.116819: | natd_hash: hash= 06 27 c5 b3 Sep 21 07:39:08.116823: | Adding a v2N Payload Sep 21 07:39:08.116825: | ***emit IKEv2 Notify Payload: Sep 21 07:39:08.116827: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:39:08.116828: | flags: none (0x0) Sep 21 07:39:08.116830: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:39:08.116831: | SPI size: 0 (0x0) Sep 21 07:39:08.116833: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:39:08.116835: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:39:08.116837: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:39:08.116839: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:39:08.116840: | Notify data 7e ed ad e6 5a ef 2e dd 6c 32 7b 6c 4e 6b 20 2a Sep 21 07:39:08.116842: | Notify data 06 27 c5 b3 Sep 21 07:39:08.116856: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:39:08.116858: | natd_hash: rcookie is zero Sep 21 07:39:08.116862: | natd_hash: hasher=0x5611c89507a0(20) Sep 21 07:39:08.116863: | natd_hash: icookie= bd 0f b5 bf 50 e5 a2 f6 Sep 21 07:39:08.116865: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:39:08.116868: | natd_hash: ip= c0 01 02 17 Sep 21 07:39:08.116869: | natd_hash: port= 01 f4 Sep 21 07:39:08.116871: | natd_hash: hash= bc db 5c ca 5c a4 68 8d 23 ba 1a c8 b2 ec f9 37 Sep 21 07:39:08.116872: | natd_hash: hash= 2f 69 c8 6e Sep 21 07:39:08.116873: | Adding a v2N Payload Sep 21 07:39:08.116875: | ***emit IKEv2 Notify Payload: Sep 21 07:39:08.116876: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:39:08.116878: | flags: none (0x0) Sep 21 07:39:08.116879: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:39:08.116881: | SPI size: 0 (0x0) Sep 21 07:39:08.116882: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:39:08.116884: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:39:08.116886: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:39:08.116888: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:39:08.116889: | Notify data bc db 5c ca 5c a4 68 8d 23 ba 1a c8 b2 ec f9 37 Sep 21 07:39:08.116891: | Notify data 2f 69 c8 6e Sep 21 07:39:08.116892: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:39:08.116894: | emitting length of ISAKMP Message: 828 Sep 21 07:39:08.116898: | stop processing: state #4 connection "northnet-eastnet" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:39:08.116902: | start processing: state #4 connection "northnet-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:39:08.116904: | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:39:08.116906: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:39:08.116908: | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:39:08.116910: | Message ID: updating counters for #4 to 4294967295 after switching state Sep 21 07:39:08.116912: | Message ID: IKE #4 skipping update_recv as MD is fake Sep 21 07:39:08.116915: | Message ID: sent #4 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:39:08.116917: "northnet-eastnet" #4: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:39:08.116920: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.8.22:500) Sep 21 07:39:08.116923: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.8.22:500 to 192.1.2.23:500 (using #4) Sep 21 07:39:08.116925: | bd 0f b5 bf 50 e5 a2 f6 00 00 00 00 00 00 00 00 Sep 21 07:39:08.116927: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:39:08.116928: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:39:08.116929: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:39:08.116931: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:39:08.116932: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:39:08.116934: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:39:08.116935: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:39:08.116936: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:39:08.116938: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:39:08.116939: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:39:08.116941: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:39:08.116942: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:39:08.116943: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:39:08.116945: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:39:08.116946: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:39:08.116947: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:39:08.116949: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:39:08.116950: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:39:08.116954: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:39:08.116956: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:39:08.116957: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:39:08.116958: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:39:08.116960: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:39:08.116961: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:39:08.116963: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:39:08.116964: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:39:08.116965: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:39:08.116967: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:39:08.116968: | 28 00 01 08 00 0e 00 00 bd 24 6c d9 29 23 6f 4b Sep 21 07:39:08.116969: | 09 98 7c 1e 8e 41 4c a2 6c e0 25 43 49 37 c0 81 Sep 21 07:39:08.116971: | a1 27 4e 07 6c 7f b8 7d 50 78 77 1a e7 1b ca 5b Sep 21 07:39:08.116972: | e9 54 7e 96 2c 4a d1 13 df a8 8b 88 15 83 24 d5 Sep 21 07:39:08.116974: | 17 0e 8b 5d b1 c9 b6 33 25 f4 7e 40 36 fe 17 c6 Sep 21 07:39:08.116975: | bc f3 e4 9e a4 56 f6 c0 b3 3e ba 20 c9 27 a0 a3 Sep 21 07:39:08.116976: | f0 5f 4b 38 45 72 27 81 54 07 bd db 6c 1b 0c 75 Sep 21 07:39:08.116978: | 83 50 25 b5 8f f7 ad ae b9 b6 cb 74 76 a8 e3 31 Sep 21 07:39:08.116979: | c2 90 21 06 e4 4d 32 99 3c 00 38 96 5b ee 5f 5a Sep 21 07:39:08.116981: | 98 d2 17 80 13 58 34 5c ba 6b 13 77 e0 53 77 26 Sep 21 07:39:08.116982: | 1b a5 ba 38 41 05 b2 84 26 f7 7e a9 d7 1e 32 f9 Sep 21 07:39:08.116983: | 77 00 6a c8 1f ec 84 26 d1 83 92 02 5a 42 f0 24 Sep 21 07:39:08.116985: | c7 1f 0a e3 70 66 fb 2f 96 2e 29 e2 13 7a 34 9c Sep 21 07:39:08.116986: | 35 15 1d 42 f7 8c f6 12 1b 2c 5e d4 39 6a c7 2b Sep 21 07:39:08.116988: | d9 c9 b2 51 22 33 9e d6 cd 16 76 62 6e 93 a5 a4 Sep 21 07:39:08.116989: | 6c 2f e5 30 07 28 5e 59 b0 51 cf 31 4d 91 a8 a3 Sep 21 07:39:08.116990: | 57 5f 0a 09 d7 39 d8 e0 29 00 00 24 41 de 74 2b Sep 21 07:39:08.116992: | 96 58 5d 17 1a be 47 e1 e0 1e 2e ed 28 c5 b9 9c Sep 21 07:39:08.116993: | 96 66 14 a3 26 23 6a 06 86 04 b0 11 29 00 00 08 Sep 21 07:39:08.116994: | 00 00 40 2e 29 00 00 1c 00 00 40 04 7e ed ad e6 Sep 21 07:39:08.116996: | 5a ef 2e dd 6c 32 7b 6c 4e 6b 20 2a 06 27 c5 b3 Sep 21 07:39:08.116997: | 00 00 00 1c 00 00 40 05 bc db 5c ca 5c a4 68 8d Sep 21 07:39:08.116999: | 23 ba 1a c8 b2 ec f9 37 2f 69 c8 6e Sep 21 07:39:08.117020: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:39:08.117023: | libevent_free: release ptr-libevent@0x7febc8006900 Sep 21 07:39:08.117025: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7febc8002b20 Sep 21 07:39:08.117026: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:39:08.117028: "northnet-eastnet" #4: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Sep 21 07:39:08.117031: | event_schedule: new EVENT_RETRANSMIT-pe@0x7febc8002b20 Sep 21 07:39:08.117033: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #4 Sep 21 07:39:08.117035: | libevent_malloc: new ptr-libevent@0x7febc8006900 size 128 Sep 21 07:39:08.117038: | #4 STATE_PARENT_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 50194.485295 Sep 21 07:39:08.117041: | resume sending helper answer for #4 suppresed complete_v2_state_transition() and stole MD Sep 21 07:39:08.117044: | #4 spent 1.05 milliseconds in resume sending helper answer Sep 21 07:39:08.117047: | stop processing: state #4 connection "northnet-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:39:08.117049: | libevent_free: release ptr-libevent@0x7febbc006900 Sep 21 07:39:08.553052: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@24 (in whack_handle() at rcv_whack.c:721) Sep 21 07:39:08.553072: shutting down Sep 21 07:39:08.553081: | processing: RESET whack log_fd (was fd@24) (in exit_pluto() at plutomain.c:1825) Sep 21 07:39:08.553084: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:39:08.553089: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:39:08.553090: forgetting secrets Sep 21 07:39:08.553093: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:39:08.553097: | start processing: connection "northnet-eastnet" (in delete_connection() at connections.c:189) Sep 21 07:39:08.553099: | removing pending policy for no connection {0x5611ca6d7db0} Sep 21 07:39:08.553101: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:39:08.553103: | pass 0 Sep 21 07:39:08.553104: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:39:08.553106: | state #4 Sep 21 07:39:08.553109: | suspend processing: connection "northnet-eastnet" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:39:08.553113: | start processing: state #4 connection "northnet-eastnet" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:39:08.553115: | pstats #4 ikev2.ike deleted other Sep 21 07:39:08.553118: | #4 spent 1.71 milliseconds in total Sep 21 07:39:08.553121: | [RE]START processing: state #4 connection "northnet-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:39:08.553124: "northnet-eastnet" #4: deleting state (STATE_PARENT_I1) aged 0.437s and NOT sending notification Sep 21 07:39:08.553126: | parent state #4: PARENT_I1(half-open IKE SA) => delete Sep 21 07:39:08.553129: | state #4 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:39:08.553131: | #4 STATE_PARENT_I1: retransmits: cleared Sep 21 07:39:08.553134: | libevent_free: release ptr-libevent@0x7febc8006900 Sep 21 07:39:08.553136: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7febc8002b20 Sep 21 07:39:08.553138: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:39:08.553140: | picked newest_isakmp_sa #0 for #4 Sep 21 07:39:08.553142: "northnet-eastnet" #4: deleting IKE SA for connection 'northnet-eastnet' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:39:08.553145: | add revival: connection 'northnet-eastnet' added to the list and scheduled for 5 seconds Sep 21 07:39:08.553147: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Sep 21 07:39:08.553151: | stop processing: connection "northnet-eastnet" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:39:08.553153: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:39:08.553155: | in connection_discard for connection northnet-eastnet Sep 21 07:39:08.553157: | State DB: deleting IKEv2 state #4 in PARENT_I1 Sep 21 07:39:08.553159: | parent state #4: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Sep 21 07:39:08.553175: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:39:08.553178: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:39:08.553180: | pass 1 Sep 21 07:39:08.553182: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:39:08.553186: | shunt_eroute() called for connection 'northnet-eastnet' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:39:08.553190: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:39:08.553192: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Sep 21 07:39:08.553231: | priority calculation of connection "northnet-eastnet" is 0xfe7e7 Sep 21 07:39:08.553239: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:39:08.553241: | conn northnet-eastnet mark 0/00000000, 0/00000000 vs Sep 21 07:39:08.553243: | conn northnet-eastnet mark 0/00000000, 0/00000000 Sep 21 07:39:08.553245: | route owner of "northnet-eastnet" unrouted: NULL Sep 21 07:39:08.553247: | running updown command "ipsec _updown" for verb unroute Sep 21 07:39:08.553250: | command executing unroute-client Sep 21 07:39:08.553273: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI Sep 21 07:39:08.553278: | popen cmd is 1045 chars long Sep 21 07:39:08.553281: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:39:08.553285: | cmd( 80):et' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.8.254' PLUTO_ME='192.1.8.22' PL: Sep 21 07:39:08.553288: | cmd( 160):UTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0: Sep 21 07:39:08.553291: | cmd( 240):.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL=': Sep 21 07:39:08.553294: | cmd( 320):0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEE: Sep 21 07:39:08.553297: | cmd( 400):R_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Sep 21 07:39:08.553300: | cmd( 480):2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Sep 21 07:39:08.553303: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC: Sep 21 07:39:08.553307: | cmd( 640):Y='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_N: Sep 21 07:39:08.553310: | cmd( 720):O' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PL: Sep 21 07:39:08.553313: | cmd( 800):UTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEE: Sep 21 07:39:08.553317: | cmd( 880):R_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VT: Sep 21 07:39:08.553319: | cmd( 960):I_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown: Sep 21 07:39:08.553321: | cmd(1040): 2>&1: Sep 21 07:39:08.560323: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:08.560334: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:08.560336: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:08.560338: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:08.560340: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:08.560342: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:08.560343: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:08.560350: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:08.560401: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:08.560407: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:08.560409: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:08.560410: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:08.560411: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:08.560414: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:08.560415: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:08.560417: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:08.560626: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:08.560632: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:08.560634: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:08.564370: | free hp@0x5611ca77add0 Sep 21 07:39:08.564380: | flush revival: connection 'northnet-eastnet' revival flushed Sep 21 07:39:08.564383: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:39:08.564389: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:39:08.564391: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:39:08.564400: shutting down interface eth1/eth1 192.1.8.22:4500 Sep 21 07:39:08.564402: shutting down interface eth1/eth1 192.1.8.22:500 Sep 21 07:39:08.564404: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:39:08.564406: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:39:08.564408: shutting down interface eth0/eth0 192.0.3.254:4500 Sep 21 07:39:08.564410: shutting down interface eth0/eth0 192.0.3.254:500 Sep 21 07:39:08.564412: shutting down interface eth1/eth1 192.1.3.33:4500 Sep 21 07:39:08.564414: shutting down interface eth1/eth1 192.1.3.33:500 Sep 21 07:39:08.564417: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:39:08.564423: | libevent_free: release ptr-libevent@0x5611ca77cfe0 Sep 21 07:39:08.564426: | free_event_entry: release EVENT_NULL-pe@0x5611ca7772a0 Sep 21 07:39:08.564433: | libevent_free: release ptr-libevent@0x5611ca7826e0 Sep 21 07:39:08.564435: | free_event_entry: release EVENT_NULL-pe@0x5611ca749cc0 Sep 21 07:39:08.564440: | libevent_free: release ptr-libevent@0x5611ca776aa0 Sep 21 07:39:08.564442: | free_event_entry: release EVENT_NULL-pe@0x5611ca75fca0 Sep 21 07:39:08.564447: | libevent_free: release ptr-libevent@0x5611ca776b90 Sep 21 07:39:08.564448: | free_event_entry: release EVENT_NULL-pe@0x5611ca776b50 Sep 21 07:39:08.564453: | libevent_free: release ptr-libevent@0x5611ca776c80 Sep 21 07:39:08.564454: | free_event_entry: release EVENT_NULL-pe@0x5611ca776c40 Sep 21 07:39:08.564459: | libevent_free: release ptr-libevent@0x5611ca776d70 Sep 21 07:39:08.564460: | free_event_entry: release EVENT_NULL-pe@0x5611ca776d30 Sep 21 07:39:08.564465: | libevent_free: release ptr-libevent@0x5611ca776e60 Sep 21 07:39:08.564466: | free_event_entry: release EVENT_NULL-pe@0x5611ca776e20 Sep 21 07:39:08.564471: | libevent_free: release ptr-libevent@0x5611ca776f50 Sep 21 07:39:08.564472: | free_event_entry: release EVENT_NULL-pe@0x5611ca776f10 Sep 21 07:39:08.564476: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:39:08.564880: | libevent_free: release ptr-libevent@0x5611ca776400 Sep 21 07:39:08.564885: | free_event_entry: release EVENT_NULL-pe@0x5611ca75ef20 Sep 21 07:39:08.564888: | libevent_free: release ptr-libevent@0x5611ca76be90 Sep 21 07:39:08.564890: | free_event_entry: release EVENT_NULL-pe@0x5611ca75f1d0 Sep 21 07:39:08.564892: | libevent_free: release ptr-libevent@0x5611ca76be00 Sep 21 07:39:08.564894: | free_event_entry: release EVENT_NULL-pe@0x5611ca764930 Sep 21 07:39:08.564896: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:39:08.564898: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:39:08.564899: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:39:08.564901: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:39:08.564902: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:39:08.564904: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:39:08.564905: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:39:08.564907: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:39:08.564909: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:39:08.564912: | libevent_free: release ptr-libevent@0x5611ca7764d0 Sep 21 07:39:08.564914: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:39:08.564916: | libevent_free: release ptr-libevent@0x5611ca7765b0 Sep 21 07:39:08.564920: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:39:08.564922: | libevent_free: release ptr-libevent@0x5611ca776670 Sep 21 07:39:08.564924: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:39:08.564926: | libevent_free: release ptr-libevent@0x5611ca76b100 Sep 21 07:39:08.564927: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:39:08.564929: | releasing event base Sep 21 07:39:08.564938: | libevent_free: release ptr-libevent@0x5611ca776730 Sep 21 07:39:08.564940: | libevent_free: release ptr-libevent@0x5611ca74bbc0 Sep 21 07:39:08.564942: | libevent_free: release ptr-libevent@0x5611ca75a4b0 Sep 21 07:39:08.564944: | libevent_free: release ptr-libevent@0x5611ca75a580 Sep 21 07:39:08.564945: | libevent_free: release ptr-libevent@0x5611ca75a4d0 Sep 21 07:39:08.564947: | libevent_free: release ptr-libevent@0x5611ca776490 Sep 21 07:39:08.564949: | libevent_free: release ptr-libevent@0x5611ca776570 Sep 21 07:39:08.564950: | libevent_free: release ptr-libevent@0x5611ca75a560 Sep 21 07:39:08.564951: | libevent_free: release ptr-libevent@0x5611ca75a6c0 Sep 21 07:39:08.564953: | libevent_free: release ptr-libevent@0x5611ca75f120 Sep 21 07:39:08.564954: | libevent_free: release ptr-libevent@0x5611ca77ab50 Sep 21 07:39:08.564956: | libevent_free: release ptr-libevent@0x5611ca776fe0 Sep 21 07:39:08.564957: | libevent_free: release ptr-libevent@0x5611ca776ef0 Sep 21 07:39:08.564959: | libevent_free: release ptr-libevent@0x5611ca776e00 Sep 21 07:39:08.564960: | libevent_free: release ptr-libevent@0x5611ca776d10 Sep 21 07:39:08.564962: | libevent_free: release ptr-libevent@0x5611ca776c20 Sep 21 07:39:08.564963: | libevent_free: release ptr-libevent@0x5611ca776b30 Sep 21 07:39:08.564965: | libevent_free: release ptr-libevent@0x5611ca77ac20 Sep 21 07:39:08.564966: | libevent_free: release ptr-libevent@0x5611ca6de370 Sep 21 07:39:08.564968: | libevent_free: release ptr-libevent@0x5611ca776650 Sep 21 07:39:08.564969: | libevent_free: release ptr-libevent@0x5611ca776590 Sep 21 07:39:08.564971: | libevent_free: release ptr-libevent@0x5611ca7764b0 Sep 21 07:39:08.564972: | libevent_free: release ptr-libevent@0x5611ca776710 Sep 21 07:39:08.564974: | libevent_free: release ptr-libevent@0x5611ca6dc5b0 Sep 21 07:39:08.564976: | libevent_free: release ptr-libevent@0x5611ca75a4f0 Sep 21 07:39:08.564977: | libevent_free: release ptr-libevent@0x5611ca75a520 Sep 21 07:39:08.564979: | libevent_free: release ptr-libevent@0x5611ca75a210 Sep 21 07:39:08.564980: | releasing global libevent data Sep 21 07:39:08.564982: | libevent_free: release ptr-libevent@0x5611ca758f00 Sep 21 07:39:08.564984: | libevent_free: release ptr-libevent@0x5611ca75a1b0 Sep 21 07:39:08.564986: | libevent_free: release ptr-libevent@0x5611ca75a1e0