Sep 21 07:38:48.002836: FIPS Product: YES Sep 21 07:38:48.002880: FIPS Kernel: NO Sep 21 07:38:48.002883: FIPS Mode: NO Sep 21 07:38:48.002886: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:38:48.003064: Initializing NSS Sep 21 07:38:48.003068: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:38:48.069120: NSS initialized Sep 21 07:38:48.069132: NSS crypto library initialized Sep 21 07:38:48.069135: FIPS HMAC integrity support [enabled] Sep 21 07:38:48.069137: FIPS mode disabled for pluto daemon Sep 21 07:38:48.173347: FIPS HMAC integrity verification self-test FAILED Sep 21 07:38:48.173491: libcap-ng support [enabled] Sep 21 07:38:48.173500: Linux audit support [enabled] Sep 21 07:38:48.173947: Linux audit activated Sep 21 07:38:48.173962: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:29168 Sep 21 07:38:48.173967: core dump dir: /tmp Sep 21 07:38:48.173969: secrets file: /etc/ipsec.secrets Sep 21 07:38:48.173971: leak-detective disabled Sep 21 07:38:48.173973: NSS crypto [enabled] Sep 21 07:38:48.173975: XAUTH PAM support [enabled] Sep 21 07:38:48.174052: | libevent is using pluto's memory allocator Sep 21 07:38:48.174062: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:38:48.174075: | libevent_malloc: new ptr-libevent@0x563b6ea45070 size 40 Sep 21 07:38:48.174079: | libevent_malloc: new ptr-libevent@0x563b6ea450a0 size 40 Sep 21 07:38:48.174083: | libevent_malloc: new ptr-libevent@0x563b6ea46650 size 40 Sep 21 07:38:48.174085: | creating event base Sep 21 07:38:48.174088: | libevent_malloc: new ptr-libevent@0x563b6ea46da0 size 56 Sep 21 07:38:48.174092: | libevent_malloc: new ptr-libevent@0x563b6ea46de0 size 664 Sep 21 07:38:48.174103: | libevent_malloc: new ptr-libevent@0x563b6ea47080 size 24 Sep 21 07:38:48.174107: | libevent_malloc: new ptr-libevent@0x563b6ea1c5f0 size 384 Sep 21 07:38:48.174117: | libevent_malloc: new ptr-libevent@0x563b6ea470a0 size 16 Sep 21 07:38:48.174120: | libevent_malloc: new ptr-libevent@0x563b6ea470c0 size 40 Sep 21 07:38:48.174123: | libevent_malloc: new ptr-libevent@0x563b6ea470f0 size 48 Sep 21 07:38:48.174129: | libevent_realloc: new ptr-libevent@0x563b6ea47130 size 256 Sep 21 07:38:48.174131: | libevent_malloc: new ptr-libevent@0x563b6ea47240 size 16 Sep 21 07:38:48.174138: | libevent_free: release ptr-libevent@0x563b6ea46da0 Sep 21 07:38:48.174141: | libevent initialized Sep 21 07:38:48.174145: | libevent_realloc: new ptr-libevent@0x563b6ea47260 size 64 Sep 21 07:38:48.174152: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:38:48.174169: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:38:48.174171: NAT-Traversal support [enabled] Sep 21 07:38:48.174174: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:38:48.174180: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:38:48.174184: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:38:48.174223: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:38:48.174227: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:38:48.174231: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:38:48.174285: Encryption algorithms: Sep 21 07:38:48.174292: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:38:48.174296: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:38:48.174300: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:38:48.174304: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:38:48.174307: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:38:48.174318: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:38:48.174322: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:38:48.174325: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:38:48.174329: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:38:48.174333: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:38:48.174336: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:38:48.174340: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:38:48.174343: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:38:48.174347: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:38:48.174351: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:38:48.174354: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:38:48.174357: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:38:48.174364: Hash algorithms: Sep 21 07:38:48.174367: MD5 IKEv1: IKE IKEv2: Sep 21 07:38:48.174370: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:38:48.174373: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:38:48.174376: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:38:48.174379: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:38:48.174392: PRF algorithms: Sep 21 07:38:48.174395: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:38:48.174398: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:38:48.174402: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:38:48.174405: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:38:48.174408: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:38:48.174411: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:38:48.174436: Integrity algorithms: Sep 21 07:38:48.174440: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:38:48.174444: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:38:48.174448: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:38:48.174452: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:38:48.174456: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:38:48.174458: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:38:48.174462: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:38:48.174465: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:38:48.174468: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:38:48.174481: DH algorithms: Sep 21 07:38:48.174484: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:38:48.174487: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:38:48.174490: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:38:48.174497: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:38:48.174500: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:38:48.174503: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:38:48.174505: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:38:48.174509: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:38:48.174512: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:38:48.174515: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:38:48.174518: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:38:48.174520: testing CAMELLIA_CBC: Sep 21 07:38:48.174523: Camellia: 16 bytes with 128-bit key Sep 21 07:38:48.174651: Camellia: 16 bytes with 128-bit key Sep 21 07:38:48.174684: Camellia: 16 bytes with 256-bit key Sep 21 07:38:48.174715: Camellia: 16 bytes with 256-bit key Sep 21 07:38:48.174743: testing AES_GCM_16: Sep 21 07:38:48.174746: empty string Sep 21 07:38:48.174773: one block Sep 21 07:38:48.174804: two blocks Sep 21 07:38:48.175510: two blocks with associated data Sep 21 07:38:48.175552: testing AES_CTR: Sep 21 07:38:48.175556: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:38:48.175585: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:38:48.175616: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:38:48.175646: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:38:48.175673: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:38:48.175702: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:38:48.175731: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:38:48.175758: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:38:48.175791: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:38:48.175824: testing AES_CBC: Sep 21 07:38:48.175827: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:38:48.175856: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:38:48.175885: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:38:48.175916: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:38:48.175954: testing AES_XCBC: Sep 21 07:38:48.175958: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:38:48.176083: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:38:48.176201: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:38:48.176331: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:38:48.176453: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:38:48.176579: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:38:48.176707: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:38:48.176997: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:38:48.177139: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:38:48.177283: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:38:48.177524: testing HMAC_MD5: Sep 21 07:38:48.177530: RFC 2104: MD5_HMAC test 1 Sep 21 07:38:48.177715: RFC 2104: MD5_HMAC test 2 Sep 21 07:38:48.177868: RFC 2104: MD5_HMAC test 3 Sep 21 07:38:48.178164: 8 CPU cores online Sep 21 07:38:48.178170: starting up 7 crypto helpers Sep 21 07:38:48.178209: started thread for crypto helper 0 Sep 21 07:38:48.178236: started thread for crypto helper 1 Sep 21 07:38:48.178258: started thread for crypto helper 2 Sep 21 07:38:48.178279: started thread for crypto helper 3 Sep 21 07:38:48.178301: started thread for crypto helper 4 Sep 21 07:38:48.178322: started thread for crypto helper 5 Sep 21 07:38:48.178348: started thread for crypto helper 6 Sep 21 07:38:48.178353: | checking IKEv1 state table Sep 21 07:38:48.178362: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:38:48.178364: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:38:48.178367: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:38:48.178369: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:38:48.178372: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:38:48.178374: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:38:48.178377: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:38:48.178379: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:38:48.178382: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:38:48.178384: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:38:48.178386: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:38:48.178389: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:38:48.178391: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:38:48.178393: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:38:48.178395: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:38:48.178397: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:38:48.178399: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:38:48.178401: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:38:48.178404: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:38:48.178406: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:38:48.178408: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:38:48.178410: | -> UNDEFINED EVENT_NULL Sep 21 07:38:48.178413: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:38:48.178415: | -> UNDEFINED EVENT_NULL Sep 21 07:38:48.178417: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:38:48.178419: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:38:48.178421: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:38:48.178423: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:38:48.178425: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:38:48.178427: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:38:48.178429: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:38:48.178431: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:38:48.178434: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:38:48.178436: | -> UNDEFINED EVENT_NULL Sep 21 07:38:48.178438: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:38:48.178440: | -> UNDEFINED EVENT_NULL Sep 21 07:38:48.178442: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:38:48.178444: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:38:48.178446: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:38:48.178449: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:38:48.178451: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:38:48.178453: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:38:48.178456: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:38:48.178458: | -> UNDEFINED EVENT_NULL Sep 21 07:38:48.178460: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:38:48.178462: | -> UNDEFINED EVENT_NULL Sep 21 07:38:48.178465: | INFO: category: informational flags: 0: Sep 21 07:38:48.178467: | -> UNDEFINED EVENT_NULL Sep 21 07:38:48.178469: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:38:48.178471: | -> UNDEFINED EVENT_NULL Sep 21 07:38:48.178473: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:38:48.178475: | -> XAUTH_R1 EVENT_NULL Sep 21 07:38:48.178477: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:38:48.178478: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:38:48.178480: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:38:48.178482: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:38:48.178484: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:38:48.178486: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:38:48.178488: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:38:48.178490: | -> UNDEFINED EVENT_NULL Sep 21 07:38:48.178492: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:38:48.178496: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:38:48.178498: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:38:48.178500: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:38:48.178502: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:38:48.178504: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:38:48.178510: | checking IKEv2 state table Sep 21 07:38:48.178515: | PARENT_I0: category: ignore flags: 0: Sep 21 07:38:48.178517: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:38:48.178520: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:38:48.178522: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:38:48.178524: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:38:48.178527: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:38:48.178529: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:38:48.178532: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:38:48.178534: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:38:48.178536: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:38:48.178538: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:38:48.178541: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:38:48.178543: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:38:48.178545: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:38:48.178547: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:38:48.178549: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:38:48.178552: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:38:48.178554: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:38:48.178556: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:38:48.178559: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:38:48.178561: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:38:48.178563: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:38:48.178566: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:38:48.178568: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:38:48.178571: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:38:48.178573: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:38:48.178576: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:38:48.178578: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:38:48.178581: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:38:48.178583: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:38:48.178586: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:38:48.178588: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:38:48.178590: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:38:48.178593: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:38:48.178595: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:38:48.178598: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:38:48.178601: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:38:48.178604: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:38:48.178606: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:38:48.178611: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:38:48.178614: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:38:48.178616: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:38:48.178619: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:38:48.178622: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:38:48.178625: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:38:48.178627: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:38:48.178630: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:38:48.178679: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:38:48.178818: | starting up helper thread 2 Sep 21 07:38:48.178838: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:38:48.178842: | crypto helper 2 waiting (nothing to do) Sep 21 07:38:48.180473: | Hard-wiring algorithms Sep 21 07:38:48.180482: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:38:48.180488: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:38:48.180490: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:38:48.180492: | adding 3DES_CBC to kernel algorithm db Sep 21 07:38:48.180495: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:38:48.180497: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:38:48.180499: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:38:48.180501: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:38:48.180503: | adding AES_CTR to kernel algorithm db Sep 21 07:38:48.180505: | adding AES_CBC to kernel algorithm db Sep 21 07:38:48.180507: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:38:48.180509: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:38:48.180512: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:38:48.180514: | adding NULL to kernel algorithm db Sep 21 07:38:48.180516: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:38:48.180519: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:38:48.180521: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:38:48.180523: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:38:48.180525: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:38:48.180527: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:38:48.180530: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:38:48.180532: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:38:48.180534: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:38:48.180537: | adding NONE to kernel algorithm db Sep 21 07:38:48.180565: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:38:48.180573: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:38:48.180575: | setup kernel fd callback Sep 21 07:38:48.180579: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x563b6ea4cdc0 Sep 21 07:38:48.180583: | libevent_malloc: new ptr-libevent@0x563b6ea58b60 size 128 Sep 21 07:38:48.180586: | libevent_malloc: new ptr-libevent@0x563b6ea47450 size 16 Sep 21 07:38:48.180594: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x563b6ea4cd80 Sep 21 07:38:48.180597: | libevent_malloc: new ptr-libevent@0x563b6ea58bf0 size 128 Sep 21 07:38:48.180600: | libevent_malloc: new ptr-libevent@0x563b6ea4bd40 size 16 Sep 21 07:38:48.180632: | starting up helper thread 1 Sep 21 07:38:48.180643: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:38:48.180645: | crypto helper 1 waiting (nothing to do) Sep 21 07:38:48.180659: | starting up helper thread 6 Sep 21 07:38:48.180664: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:38:48.180667: | crypto helper 6 waiting (nothing to do) Sep 21 07:38:48.180673: | starting up helper thread 5 Sep 21 07:38:48.180810: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:38:48.180822: | crypto helper 5 waiting (nothing to do) Sep 21 07:38:48.180840: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:38:48.180850: selinux support is enabled. Sep 21 07:38:48.181331: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:38:48.181507: | unbound context created - setting debug level to 5 Sep 21 07:38:48.181539: | /etc/hosts lookups activated Sep 21 07:38:48.181556: | /etc/resolv.conf usage activated Sep 21 07:38:48.181618: | outgoing-port-avoid set 0-65535 Sep 21 07:38:48.181650: | outgoing-port-permit set 32768-60999 Sep 21 07:38:48.181653: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:38:48.181657: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:38:48.181660: | Setting up events, loop start Sep 21 07:38:48.181663: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x563b6ea46da0 Sep 21 07:38:48.181667: | libevent_malloc: new ptr-libevent@0x563b6ea63160 size 128 Sep 21 07:38:48.181670: | libevent_malloc: new ptr-libevent@0x563b6ea631f0 size 16 Sep 21 07:38:48.181677: | libevent_realloc: new ptr-libevent@0x563b6ea63210 size 256 Sep 21 07:38:48.181680: | libevent_malloc: new ptr-libevent@0x563b6ea63320 size 8 Sep 21 07:38:48.181683: | libevent_realloc: new ptr-libevent@0x563b6ea57ee0 size 144 Sep 21 07:38:48.181686: | libevent_malloc: new ptr-libevent@0x563b6ea63340 size 152 Sep 21 07:38:48.181689: | libevent_malloc: new ptr-libevent@0x563b6ea633e0 size 16 Sep 21 07:38:48.181694: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:38:48.181697: | libevent_malloc: new ptr-libevent@0x563b6ea63400 size 8 Sep 21 07:38:48.181699: | libevent_malloc: new ptr-libevent@0x563b6ea63420 size 152 Sep 21 07:38:48.181702: | signal event handler PLUTO_SIGTERM installed Sep 21 07:38:48.181704: | libevent_malloc: new ptr-libevent@0x563b6ea634c0 size 8 Sep 21 07:38:48.181707: | libevent_malloc: new ptr-libevent@0x563b6ea634e0 size 152 Sep 21 07:38:48.181709: | signal event handler PLUTO_SIGHUP installed Sep 21 07:38:48.181712: | libevent_malloc: new ptr-libevent@0x563b6ea63580 size 8 Sep 21 07:38:48.181715: | libevent_realloc: release ptr-libevent@0x563b6ea57ee0 Sep 21 07:38:48.181718: | libevent_realloc: new ptr-libevent@0x563b6ea635a0 size 256 Sep 21 07:38:48.181721: | libevent_malloc: new ptr-libevent@0x563b6ea57ee0 size 152 Sep 21 07:38:48.181724: | signal event handler PLUTO_SIGSYS installed Sep 21 07:38:48.182111: | created addconn helper (pid:29374) using fork+execve Sep 21 07:38:48.182128: | forked child 29374 Sep 21 07:38:48.182172: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:38:48.182193: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:38:48.182200: listening for IKE messages Sep 21 07:38:48.182257: | Inspecting interface lo Sep 21 07:38:48.182265: | found lo with address 127.0.0.1 Sep 21 07:38:48.182268: | Inspecting interface eth0 Sep 21 07:38:48.182272: | found eth0 with address 192.1.3.209 Sep 21 07:38:48.182274: | Inspecting interface eth0 Sep 21 07:38:48.182278: | found eth0 with address 192.1.33.222 Sep 21 07:38:48.182329: Kernel supports NIC esp-hw-offload Sep 21 07:38:48.182346: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.1.33.222:500 Sep 21 07:38:48.182372: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:38:48.182377: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:38:48.182380: adding interface eth0/eth0 192.1.33.222:4500 Sep 21 07:38:48.182414: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.1.3.209:500 Sep 21 07:38:48.182443: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:38:48.182448: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:38:48.182452: adding interface eth0/eth0 192.1.3.209:4500 Sep 21 07:38:48.182486: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:38:48.182517: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:38:48.182527: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:38:48.182531: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:38:48.182609: | no interfaces to sort Sep 21 07:38:48.182614: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:38:48.182623: | add_fd_read_event_handler: new ethX-pe@0x563b6ea63980 Sep 21 07:38:48.182627: | libevent_malloc: new ptr-libevent@0x563b6ea639c0 size 128 Sep 21 07:38:48.182630: | libevent_malloc: new ptr-libevent@0x563b6ea63a50 size 16 Sep 21 07:38:48.182636: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:38:48.182639: | add_fd_read_event_handler: new ethX-pe@0x563b6ea63a70 Sep 21 07:38:48.182641: | libevent_malloc: new ptr-libevent@0x563b6ea63ab0 size 128 Sep 21 07:38:48.182644: | libevent_malloc: new ptr-libevent@0x563b6ea63b40 size 16 Sep 21 07:38:48.182648: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:38:48.182651: | add_fd_read_event_handler: new ethX-pe@0x563b6ea63b60 Sep 21 07:38:48.182653: | libevent_malloc: new ptr-libevent@0x563b6ea63ba0 size 128 Sep 21 07:38:48.182656: | libevent_malloc: new ptr-libevent@0x563b6ea63c30 size 16 Sep 21 07:38:48.182660: | setup callback for interface eth0 192.1.3.209:4500 fd 20 Sep 21 07:38:48.182663: | add_fd_read_event_handler: new ethX-pe@0x563b6ea63c50 Sep 21 07:38:48.182665: | libevent_malloc: new ptr-libevent@0x563b6ea63c90 size 128 Sep 21 07:38:48.182668: | libevent_malloc: new ptr-libevent@0x563b6ea63d20 size 16 Sep 21 07:38:48.182672: | setup callback for interface eth0 192.1.3.209:500 fd 19 Sep 21 07:38:48.182674: | add_fd_read_event_handler: new ethX-pe@0x563b6ea63d40 Sep 21 07:38:48.182677: | libevent_malloc: new ptr-libevent@0x563b6ea63d80 size 128 Sep 21 07:38:48.182679: | libevent_malloc: new ptr-libevent@0x563b6ea63e10 size 16 Sep 21 07:38:48.182684: | setup callback for interface eth0 192.1.33.222:4500 fd 18 Sep 21 07:38:48.182686: | add_fd_read_event_handler: new ethX-pe@0x563b6ea63e30 Sep 21 07:38:48.182689: | libevent_malloc: new ptr-libevent@0x563b6ea63e70 size 128 Sep 21 07:38:48.182691: | libevent_malloc: new ptr-libevent@0x563b6ea63f00 size 16 Sep 21 07:38:48.182696: | setup callback for interface eth0 192.1.33.222:500 fd 17 Sep 21 07:38:48.182702: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:38:48.182705: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:38:48.182726: loading secrets from "/etc/ipsec.secrets" Sep 21 07:38:48.182747: | Processing PSK at line 1: passed Sep 21 07:38:48.182751: | certs and keys locked by 'process_secret' Sep 21 07:38:48.182755: | certs and keys unlocked by 'process_secret' Sep 21 07:38:48.182761: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:38:48.182913: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:38:48.182925: | spent 0.566 milliseconds in whack Sep 21 07:38:48.186890: | starting up helper thread 3 Sep 21 07:38:48.186910: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:38:48.186915: | crypto helper 3 waiting (nothing to do) Sep 21 07:38:48.186927: | starting up helper thread 4 Sep 21 07:38:48.186932: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:38:48.186935: | crypto helper 4 waiting (nothing to do) Sep 21 07:38:48.186971: | starting up helper thread 0 Sep 21 07:38:48.186980: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:38:48.186983: | crypto helper 0 waiting (nothing to do) Sep 21 07:38:48.236130: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:38:48.236160: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:38:48.236166: listening for IKE messages Sep 21 07:38:48.236201: | Inspecting interface lo Sep 21 07:38:48.236208: | found lo with address 127.0.0.1 Sep 21 07:38:48.236210: | Inspecting interface eth0 Sep 21 07:38:48.236214: | found eth0 with address 192.1.3.209 Sep 21 07:38:48.236222: | Inspecting interface eth0 Sep 21 07:38:48.236225: | found eth0 with address 192.1.33.222 Sep 21 07:38:48.236301: | no interfaces to sort Sep 21 07:38:48.236311: | libevent_free: release ptr-libevent@0x563b6ea639c0 Sep 21 07:38:48.236314: | free_event_entry: release EVENT_NULL-pe@0x563b6ea63980 Sep 21 07:38:48.236317: | add_fd_read_event_handler: new ethX-pe@0x563b6ea63980 Sep 21 07:38:48.236320: | libevent_malloc: new ptr-libevent@0x563b6ea639c0 size 128 Sep 21 07:38:48.236328: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:38:48.236333: | libevent_free: release ptr-libevent@0x563b6ea63ab0 Sep 21 07:38:48.236335: | free_event_entry: release EVENT_NULL-pe@0x563b6ea63a70 Sep 21 07:38:48.236338: | add_fd_read_event_handler: new ethX-pe@0x563b6ea63a70 Sep 21 07:38:48.236340: | libevent_malloc: new ptr-libevent@0x563b6ea63ab0 size 128 Sep 21 07:38:48.236345: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:38:48.236348: | libevent_free: release ptr-libevent@0x563b6ea63ba0 Sep 21 07:38:48.236351: | free_event_entry: release EVENT_NULL-pe@0x563b6ea63b60 Sep 21 07:38:48.236353: | add_fd_read_event_handler: new ethX-pe@0x563b6ea63b60 Sep 21 07:38:48.236356: | libevent_malloc: new ptr-libevent@0x563b6ea63ba0 size 128 Sep 21 07:38:48.236361: | setup callback for interface eth0 192.1.3.209:4500 fd 20 Sep 21 07:38:48.236364: | libevent_free: release ptr-libevent@0x563b6ea63c90 Sep 21 07:38:48.236367: | free_event_entry: release EVENT_NULL-pe@0x563b6ea63c50 Sep 21 07:38:48.236369: | add_fd_read_event_handler: new ethX-pe@0x563b6ea63c50 Sep 21 07:38:48.236371: | libevent_malloc: new ptr-libevent@0x563b6ea63c90 size 128 Sep 21 07:38:48.236376: | setup callback for interface eth0 192.1.3.209:500 fd 19 Sep 21 07:38:48.236380: | libevent_free: release ptr-libevent@0x563b6ea63d80 Sep 21 07:38:48.236382: | free_event_entry: release EVENT_NULL-pe@0x563b6ea63d40 Sep 21 07:38:48.236385: | add_fd_read_event_handler: new ethX-pe@0x563b6ea63d40 Sep 21 07:38:48.236387: | libevent_malloc: new ptr-libevent@0x563b6ea63d80 size 128 Sep 21 07:38:48.236392: | setup callback for interface eth0 192.1.33.222:4500 fd 18 Sep 21 07:38:48.236395: | libevent_free: release ptr-libevent@0x563b6ea63e70 Sep 21 07:38:48.236398: | free_event_entry: release EVENT_NULL-pe@0x563b6ea63e30 Sep 21 07:38:48.236400: | add_fd_read_event_handler: new ethX-pe@0x563b6ea63e30 Sep 21 07:38:48.236403: | libevent_malloc: new ptr-libevent@0x563b6ea63e70 size 128 Sep 21 07:38:48.236408: | setup callback for interface eth0 192.1.33.222:500 fd 17 Sep 21 07:38:48.236411: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:38:48.236414: forgetting secrets Sep 21 07:38:48.236420: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:38:48.236435: loading secrets from "/etc/ipsec.secrets" Sep 21 07:38:48.236443: | Processing PSK at line 1: passed Sep 21 07:38:48.236446: | certs and keys locked by 'process_secret' Sep 21 07:38:48.236448: | certs and keys unlocked by 'process_secret' Sep 21 07:38:48.236453: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:38:48.236461: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:38:48.236468: | spent 0.34 milliseconds in whack Sep 21 07:38:48.236979: | processing signal PLUTO_SIGCHLD Sep 21 07:38:48.236994: | waitpid returned pid 29374 (exited with status 0) Sep 21 07:38:48.236998: | reaped addconn helper child (status 0) Sep 21 07:38:48.237003: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:48.237007: | spent 0.0173 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:38:48.344997: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:38:48.345029: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:38:48.345033: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:38:48.345036: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:38:48.345038: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:38:48.345049: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:38:48.345095: | Added new connection road-eastnet with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO Sep 21 07:38:48.345151: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:38:48.345157: | from whack: got --esp=aes256-sha2 Sep 21 07:38:48.345172: | ESP/AH string values: AES_CBC_256-HMAC_SHA2_256_128 Sep 21 07:38:48.345179: | counting wild cards for 192.1.3.209 is 0 Sep 21 07:38:48.345184: | counting wild cards for 192.1.2.23 is 0 Sep 21 07:38:48.345190: | based upon policy narrowing=yes, the connection is a template. Sep 21 07:38:48.345197: | connect_to_host_pair: 192.1.3.209:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:38:48.345199: | new hp@0x563b6ea47490 Sep 21 07:38:48.345205: added connection description "road-eastnet" Sep 21 07:38:48.345215: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO Sep 21 07:38:48.345225: | 192.1.3.209<192.1.3.209>[+MC+S=C]...192.1.2.23<192.1.2.23>===192.0.2.0/24 Sep 21 07:38:48.345232: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:38:48.345239: | spent 0.244 milliseconds in whack Sep 21 07:38:48.521429: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:38:48.521451: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Sep 21 07:38:48.521456: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:38:48.521461: | start processing: connection "road-eastnet" (in initiate_a_connection() at initiate.c:186) Sep 21 07:38:48.521471: | find_host_pair: comparing 192.1.3.209:500 to 192.1.2.23:500 but ignoring ports Sep 21 07:38:48.521477: | connect_to_host_pair: 192.1.3.209:500 192.1.2.23:500 -> hp@0x563b6ea47490: road-eastnet Sep 21 07:38:48.521479: | connection 'road-eastnet' +POLICY_UP Sep 21 07:38:48.521483: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Sep 21 07:38:48.521485: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:38:48.521504: | creating state object #1 at 0x563b6ea65a90 Sep 21 07:38:48.521508: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:38:48.521517: | pstats #1 ikev2.ike started Sep 21 07:38:48.521520: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:38:48.521524: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:38:48.521529: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:38:48.521537: | suspend processing: connection "road-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:38:48.521543: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:38:48.521547: | dup_any(fd@24) -> fd@25 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:38:48.521553: | Queuing pending IPsec SA negotiating with 192.1.2.23 "road-eastnet"[1] 192.1.2.23 IKE SA #1 "road-eastnet"[1] 192.1.2.23 Sep 21 07:38:48.521559: "road-eastnet"[1] 192.1.2.23 #1: initiating v2 parent SA Sep 21 07:38:48.521571: | constructing local IKE proposals for road-eastnet (IKE SA initiator selecting KE) Sep 21 07:38:48.521579: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:38:48.521588: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:38:48.521597: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:38:48.521602: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:38:48.521606: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:38:48.521611: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:38:48.521615: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:38:48.521620: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:38:48.521632: "road-eastnet"[1] 192.1.2.23: constructed local IKE proposals for road-eastnet (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:38:48.521643: | adding ikev2_outI1 KE work-order 1 for state #1 Sep 21 07:38:48.521647: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x563b6ea68140 Sep 21 07:38:48.521650: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:38:48.521654: | libevent_malloc: new ptr-libevent@0x563b6ea68180 size 128 Sep 21 07:38:48.521666: | #1 spent 0.204 milliseconds in ikev2_parent_outI1() Sep 21 07:38:48.521670: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:38:48.521675: | RESET processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:38:48.521678: | RESET processing: connection "road-eastnet" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:38:48.521681: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:38:48.521685: | close_any(fd@23) (in initiate_connection() at initiate.c:372) Sep 21 07:38:48.521688: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:38:48.521692: | spent 0.274 milliseconds in whack Sep 21 07:38:48.521703: | crypto helper 2 resuming Sep 21 07:38:48.521707: | crypto helper 2 starting work-order 1 for state #1 Sep 21 07:38:48.521711: | crypto helper 2 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Sep 21 07:38:48.522756: | crypto helper 2 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.001043 seconds Sep 21 07:38:48.522766: | (#1) spent 1.05 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Sep 21 07:38:48.522769: | crypto helper 2 sending results from work-order 1 for state #1 to event queue Sep 21 07:38:48.522772: | scheduling resume sending helper answer for #1 Sep 21 07:38:48.522775: | libevent_malloc: new ptr-libevent@0x7fa6f0006900 size 128 Sep 21 07:38:48.522795: | processing resume sending helper answer for #1 Sep 21 07:38:48.522804: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:38:48.522812: | crypto helper 2 replies to request ID 1 Sep 21 07:38:48.522814: | calling continuation function 0x563b6d03e630 Sep 21 07:38:48.522817: | ikev2_parent_outI1_continue for #1 Sep 21 07:38:48.522850: | **emit ISAKMP Message: Sep 21 07:38:48.522855: | initiator cookie: Sep 21 07:38:48.522857: | f2 5c 15 dd 35 85 91 5e Sep 21 07:38:48.522860: | responder cookie: Sep 21 07:38:48.522861: | 00 00 00 00 00 00 00 00 Sep 21 07:38:48.522864: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:38:48.522867: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:38:48.522870: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:38:48.522873: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:38:48.522875: | Message ID: 0 (0x0) Sep 21 07:38:48.522881: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:38:48.522899: | using existing local IKE proposals for connection road-eastnet (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:38:48.522902: | Emitting ikev2_proposals ... Sep 21 07:38:48.522905: | ***emit IKEv2 Security Association Payload: Sep 21 07:38:48.522908: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:48.522911: | flags: none (0x0) Sep 21 07:38:48.522914: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:38:48.522917: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:38:48.522920: | discarding INTEG=NONE Sep 21 07:38:48.522923: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:38:48.522926: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:38:48.522928: | prop #: 1 (0x1) Sep 21 07:38:48.522931: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:38:48.522933: | spi size: 0 (0x0) Sep 21 07:38:48.522936: | # transforms: 11 (0xb) Sep 21 07:38:48.522938: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:38:48.522941: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.522944: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.522947: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:38:48.522949: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:38:48.522952: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.522955: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:38:48.522958: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:38:48.522960: | length/value: 256 (0x100) Sep 21 07:38:48.522963: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:38:48.522966: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.522968: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.522971: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:48.522973: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:38:48.522976: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.522979: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.522985: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.522988: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.522990: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.522993: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:48.522995: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:38:48.522998: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523001: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523004: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523006: | discarding INTEG=NONE Sep 21 07:38:48.523008: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523011: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523013: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523016: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:38:48.523019: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523022: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523024: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523027: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523029: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523032: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523034: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:38:48.523037: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523040: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523042: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523045: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523047: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523050: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523052: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:38:48.523055: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523058: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523060: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523063: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523065: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523067: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523070: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:38:48.523073: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523076: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523078: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523081: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523083: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523086: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523088: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:38:48.523091: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523096: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523098: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523101: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523103: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523106: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523108: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:38:48.523111: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523114: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523116: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523119: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523121: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523124: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523126: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:38:48.523129: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523132: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523134: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523137: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523139: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:38:48.523142: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523144: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:38:48.523147: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523150: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523152: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523155: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:38:48.523158: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:38:48.523160: | discarding INTEG=NONE Sep 21 07:38:48.523162: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:38:48.523165: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:38:48.523167: | prop #: 2 (0x2) Sep 21 07:38:48.523170: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:38:48.523172: | spi size: 0 (0x0) Sep 21 07:38:48.523174: | # transforms: 11 (0xb) Sep 21 07:38:48.523177: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:38:48.523180: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:38:48.523183: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523185: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523188: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:38:48.523190: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:38:48.523193: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523195: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:38:48.523198: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:38:48.523200: | length/value: 128 (0x80) Sep 21 07:38:48.523203: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:38:48.523207: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523210: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523212: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:48.523214: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:38:48.523217: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523220: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523223: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523225: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523228: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523230: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:48.523232: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:38:48.523235: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523238: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523241: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523243: | discarding INTEG=NONE Sep 21 07:38:48.523245: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523247: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523250: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523252: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:38:48.523255: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523258: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523260: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523263: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523265: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523268: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523270: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:38:48.523273: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523276: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523278: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523281: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523283: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523286: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523288: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:38:48.523291: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523294: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523296: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523299: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523301: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523303: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523306: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:38:48.523309: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523313: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523316: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523318: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523320: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523323: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523325: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:38:48.523328: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523331: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523334: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523336: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523338: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523341: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523343: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:38:48.523346: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523349: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523352: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523354: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523356: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523359: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523361: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:38:48.523364: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523367: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523370: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523372: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523374: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:38:48.523377: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523379: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:38:48.523382: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523385: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523387: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523390: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:38:48.523393: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:38:48.523395: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:38:48.523398: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:38:48.523400: | prop #: 3 (0x3) Sep 21 07:38:48.523403: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:38:48.523405: | spi size: 0 (0x0) Sep 21 07:38:48.523407: | # transforms: 13 (0xd) Sep 21 07:38:48.523410: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:38:48.523413: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:38:48.523416: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523422: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523424: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:38:48.523426: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:38:48.523429: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523432: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:38:48.523434: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:38:48.523436: | length/value: 256 (0x100) Sep 21 07:38:48.523439: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:38:48.523441: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523444: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523446: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:48.523449: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:38:48.523452: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523454: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523457: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523459: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523462: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523464: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:48.523467: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:38:48.523470: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523472: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523475: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523477: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523480: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523482: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:38:48.523485: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:38:48.523487: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523490: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523493: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523495: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523498: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523500: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:38:48.523502: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:38:48.523505: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523508: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523511: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523513: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523515: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523518: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523520: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:38:48.523523: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523526: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523532: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523534: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523537: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523539: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523542: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:38:48.523544: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523547: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523550: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523552: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523555: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523557: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523559: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:38:48.523562: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523565: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523568: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523570: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523572: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523575: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523577: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:38:48.523580: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523583: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523585: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523588: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523590: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523593: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523595: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:38:48.523598: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523601: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523603: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523606: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523608: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523610: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523613: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:38:48.523616: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523619: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523621: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523623: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523626: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523628: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523631: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:38:48.523634: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523637: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523640: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523642: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523645: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:38:48.523647: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523650: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:38:48.523653: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523655: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523658: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523661: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:38:48.523663: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:38:48.523666: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:38:48.523668: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:38:48.523671: | prop #: 4 (0x4) Sep 21 07:38:48.523673: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:38:48.523675: | spi size: 0 (0x0) Sep 21 07:38:48.523678: | # transforms: 13 (0xd) Sep 21 07:38:48.523681: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:38:48.523684: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:38:48.523686: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523688: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523691: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:38:48.523693: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:38:48.523696: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523698: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:38:48.523701: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:38:48.523703: | length/value: 128 (0x80) Sep 21 07:38:48.523706: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:38:48.523708: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523711: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523713: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:48.523716: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:38:48.523719: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523721: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523724: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523727: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523729: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523731: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:48.523734: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:38:48.523737: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523739: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523742: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523746: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523748: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523751: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:38:48.523753: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:38:48.523756: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523758: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523761: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523763: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523766: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523768: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:38:48.523771: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:38:48.523773: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523776: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523778: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523781: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523786: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523791: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523794: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:38:48.523797: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523799: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523802: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523805: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523807: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523809: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523811: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:38:48.523813: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523816: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523818: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523820: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523822: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523825: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523827: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:38:48.523829: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523832: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523834: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523836: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523838: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523840: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523843: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:38:48.523845: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523850: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523852: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523854: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523857: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523859: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523861: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:38:48.523864: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523867: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523869: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523871: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523873: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523875: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523877: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:38:48.523880: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523883: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523885: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523887: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523890: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523892: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523894: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:38:48.523897: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523900: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523902: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523905: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.523907: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:38:48.523909: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.523912: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:38:48.523914: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.523917: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.523919: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.523922: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:38:48.523925: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:38:48.523927: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:38:48.523929: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:38:48.523932: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:38:48.523934: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:48.523936: | flags: none (0x0) Sep 21 07:38:48.523939: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:38:48.523942: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:38:48.523944: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:38:48.523949: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:38:48.523952: | ikev2 g^x e1 4d 83 8b d7 59 88 d7 fa 28 66 80 d7 6d e0 3c Sep 21 07:38:48.523954: | ikev2 g^x 27 a6 5d 03 26 de 5b ba d6 4f ed a4 51 c5 a8 68 Sep 21 07:38:48.523956: | ikev2 g^x a5 97 9b c7 58 1a b2 ba 81 5e 41 34 42 e2 09 35 Sep 21 07:38:48.523959: | ikev2 g^x 4c 4e 56 7d 83 5a 3c 34 a5 93 03 2d 11 fe d8 25 Sep 21 07:38:48.523961: | ikev2 g^x 89 d6 f3 98 0a 2e d6 d4 ac fb 80 13 42 b9 60 a6 Sep 21 07:38:48.523963: | ikev2 g^x 40 24 8e 8a 0a eb 06 fc 0f bf 20 b1 01 e6 7a 5d Sep 21 07:38:48.523965: | ikev2 g^x d2 84 e9 12 da f3 1c 30 a9 7d 73 d7 6c 6a 0a 46 Sep 21 07:38:48.523967: | ikev2 g^x 47 1e 03 eb d9 32 ca 0a 9c 24 3e c0 48 8e 3c 74 Sep 21 07:38:48.523969: | ikev2 g^x ce 47 ac bb 43 38 b4 d0 a1 01 83 ee fa 96 80 90 Sep 21 07:38:48.523971: | ikev2 g^x bf bb 28 27 51 4f f8 42 a5 68 4f 01 e5 0f 29 de Sep 21 07:38:48.523973: | ikev2 g^x c7 e7 ce f5 e6 56 db c3 21 ab 82 b8 87 63 d9 55 Sep 21 07:38:48.523975: | ikev2 g^x 23 97 ae 69 c7 0a e9 ad 78 4e a8 31 db 52 39 ba Sep 21 07:38:48.523978: | ikev2 g^x 89 09 d9 fa 87 dd 41 fe 62 b6 76 82 ab e5 a2 1e Sep 21 07:38:48.523980: | ikev2 g^x 26 71 25 36 7b b2 21 6f 6f b9 a1 cc 28 36 06 8d Sep 21 07:38:48.523982: | ikev2 g^x aa 77 f1 0b b0 7d cc 5d 94 05 c7 d6 2d bd 25 6a Sep 21 07:38:48.523985: | ikev2 g^x 12 05 57 f4 dd da f0 ce 59 d0 24 17 6c b1 54 7a Sep 21 07:38:48.523987: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:38:48.523990: | ***emit IKEv2 Nonce Payload: Sep 21 07:38:48.523993: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:38:48.523995: | flags: none (0x0) Sep 21 07:38:48.523998: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:38:48.524001: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:38:48.524004: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:38:48.524007: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:38:48.524010: | IKEv2 nonce 90 09 c9 18 03 a4 c1 d3 de 82 8f 87 56 a5 57 89 Sep 21 07:38:48.524012: | IKEv2 nonce 97 ea 7f 8d 1e ac 33 10 71 63 98 47 c9 e1 fe f8 Sep 21 07:38:48.524015: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:38:48.524017: | Adding a v2N Payload Sep 21 07:38:48.524020: | ***emit IKEv2 Notify Payload: Sep 21 07:38:48.524022: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:48.524025: | flags: none (0x0) Sep 21 07:38:48.524028: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:48.524030: | SPI size: 0 (0x0) Sep 21 07:38:48.524033: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:38:48.524035: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:38:48.524038: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:38:48.524041: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:38:48.524044: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:38:48.524047: | natd_hash: rcookie is zero Sep 21 07:38:48.524062: | natd_hash: hasher=0x563b6d1147a0(20) Sep 21 07:38:48.524066: | natd_hash: icookie= f2 5c 15 dd 35 85 91 5e Sep 21 07:38:48.524068: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:38:48.524070: | natd_hash: ip= c0 01 03 d1 Sep 21 07:38:48.524072: | natd_hash: port= 01 f4 Sep 21 07:38:48.524074: | natd_hash: hash= e4 71 4f 98 8e a0 31 69 b2 a6 a3 a3 4b 39 ae 67 Sep 21 07:38:48.524077: | natd_hash: hash= a1 f7 02 54 Sep 21 07:38:48.524079: | Adding a v2N Payload Sep 21 07:38:48.524081: | ***emit IKEv2 Notify Payload: Sep 21 07:38:48.524084: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:48.524089: | flags: none (0x0) Sep 21 07:38:48.524091: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:48.524094: | SPI size: 0 (0x0) Sep 21 07:38:48.524096: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:38:48.524099: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:38:48.524102: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:38:48.524105: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:38:48.524107: | Notify data e4 71 4f 98 8e a0 31 69 b2 a6 a3 a3 4b 39 ae 67 Sep 21 07:38:48.524109: | Notify data a1 f7 02 54 Sep 21 07:38:48.524112: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:38:48.524114: | natd_hash: rcookie is zero Sep 21 07:38:48.524122: | natd_hash: hasher=0x563b6d1147a0(20) Sep 21 07:38:48.524125: | natd_hash: icookie= f2 5c 15 dd 35 85 91 5e Sep 21 07:38:48.524127: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:38:48.524129: | natd_hash: ip= c0 01 02 17 Sep 21 07:38:48.524131: | natd_hash: port= 01 f4 Sep 21 07:38:48.524133: | natd_hash: hash= a7 f7 6d 20 22 47 29 10 ad 97 64 f6 3e 05 e5 e1 Sep 21 07:38:48.524135: | natd_hash: hash= b6 56 9d 65 Sep 21 07:38:48.524138: | Adding a v2N Payload Sep 21 07:38:48.524140: | ***emit IKEv2 Notify Payload: Sep 21 07:38:48.524142: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:48.524144: | flags: none (0x0) Sep 21 07:38:48.524147: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:48.524149: | SPI size: 0 (0x0) Sep 21 07:38:48.524151: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:38:48.524154: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:38:48.524156: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:38:48.524159: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:38:48.524161: | Notify data a7 f7 6d 20 22 47 29 10 ad 97 64 f6 3e 05 e5 e1 Sep 21 07:38:48.524163: | Notify data b6 56 9d 65 Sep 21 07:38:48.524165: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:38:48.524167: | emitting length of ISAKMP Message: 828 Sep 21 07:38:48.524175: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:38:48.524186: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:38:48.524190: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:38:48.524193: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:38:48.524196: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:38:48.524199: | Message ID: updating counters for #1 to 4294967295 after switching state Sep 21 07:38:48.524201: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:38:48.524206: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:38:48.524210: "road-eastnet"[1] 192.1.2.23 #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:38:48.524223: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.209:500) Sep 21 07:38:48.524235: | sending 828 bytes for STATE_PARENT_I0 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) Sep 21 07:38:48.524237: | f2 5c 15 dd 35 85 91 5e 00 00 00 00 00 00 00 00 Sep 21 07:38:48.524240: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:38:48.524242: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:38:48.524244: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:38:48.524246: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:38:48.524250: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:38:48.524252: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:38:48.524254: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:38:48.524256: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:38:48.524258: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:38:48.524260: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:38:48.524262: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:38:48.524264: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:38:48.524266: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:38:48.524268: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:38:48.524270: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:38:48.524272: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:38:48.524274: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:38:48.524276: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:38:48.524279: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:38:48.524281: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:38:48.524283: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:38:48.524285: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:38:48.524287: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:38:48.524288: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:38:48.524290: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:38:48.524293: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:38:48.524295: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:38:48.524297: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:38:48.524299: | 28 00 01 08 00 0e 00 00 e1 4d 83 8b d7 59 88 d7 Sep 21 07:38:48.524301: | fa 28 66 80 d7 6d e0 3c 27 a6 5d 03 26 de 5b ba Sep 21 07:38:48.524303: | d6 4f ed a4 51 c5 a8 68 a5 97 9b c7 58 1a b2 ba Sep 21 07:38:48.524305: | 81 5e 41 34 42 e2 09 35 4c 4e 56 7d 83 5a 3c 34 Sep 21 07:38:48.524307: | a5 93 03 2d 11 fe d8 25 89 d6 f3 98 0a 2e d6 d4 Sep 21 07:38:48.524309: | ac fb 80 13 42 b9 60 a6 40 24 8e 8a 0a eb 06 fc Sep 21 07:38:48.524312: | 0f bf 20 b1 01 e6 7a 5d d2 84 e9 12 da f3 1c 30 Sep 21 07:38:48.524314: | a9 7d 73 d7 6c 6a 0a 46 47 1e 03 eb d9 32 ca 0a Sep 21 07:38:48.524316: | 9c 24 3e c0 48 8e 3c 74 ce 47 ac bb 43 38 b4 d0 Sep 21 07:38:48.524318: | a1 01 83 ee fa 96 80 90 bf bb 28 27 51 4f f8 42 Sep 21 07:38:48.524320: | a5 68 4f 01 e5 0f 29 de c7 e7 ce f5 e6 56 db c3 Sep 21 07:38:48.524321: | 21 ab 82 b8 87 63 d9 55 23 97 ae 69 c7 0a e9 ad Sep 21 07:38:48.524323: | 78 4e a8 31 db 52 39 ba 89 09 d9 fa 87 dd 41 fe Sep 21 07:38:48.524326: | 62 b6 76 82 ab e5 a2 1e 26 71 25 36 7b b2 21 6f Sep 21 07:38:48.524328: | 6f b9 a1 cc 28 36 06 8d aa 77 f1 0b b0 7d cc 5d Sep 21 07:38:48.524330: | 94 05 c7 d6 2d bd 25 6a 12 05 57 f4 dd da f0 ce Sep 21 07:38:48.524332: | 59 d0 24 17 6c b1 54 7a 29 00 00 24 90 09 c9 18 Sep 21 07:38:48.524334: | 03 a4 c1 d3 de 82 8f 87 56 a5 57 89 97 ea 7f 8d Sep 21 07:38:48.524336: | 1e ac 33 10 71 63 98 47 c9 e1 fe f8 29 00 00 08 Sep 21 07:38:48.524338: | 00 00 40 2e 29 00 00 1c 00 00 40 04 e4 71 4f 98 Sep 21 07:38:48.524340: | 8e a0 31 69 b2 a6 a3 a3 4b 39 ae 67 a1 f7 02 54 Sep 21 07:38:48.524343: | 00 00 00 1c 00 00 40 05 a7 f7 6d 20 22 47 29 10 Sep 21 07:38:48.524345: | ad 97 64 f6 3e 05 e5 e1 b6 56 9d 65 Sep 21 07:38:48.524433: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:38:48.524440: | libevent_free: release ptr-libevent@0x563b6ea68180 Sep 21 07:38:48.524443: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x563b6ea68140 Sep 21 07:38:48.524446: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:38:48.524450: | event_schedule: new EVENT_RETRANSMIT-pe@0x563b6ea68140 Sep 21 07:38:48.524456: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Sep 21 07:38:48.524459: | libevent_malloc: new ptr-libevent@0x563b6ea68180 size 128 Sep 21 07:38:48.524464: | #1 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 50174.892714 Sep 21 07:38:48.524468: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Sep 21 07:38:48.524473: | #1 spent 1.59 milliseconds in resume sending helper answer Sep 21 07:38:48.524480: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:38:48.524483: | libevent_free: release ptr-libevent@0x7fa6f0006900 Sep 21 07:38:48.522782: | crypto helper 2 waiting (nothing to do) Sep 21 07:38:48.527887: | spent 0.0023 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:38:48.527911: | *received 432 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) Sep 21 07:38:48.527915: | f2 5c 15 dd 35 85 91 5e fe 60 0c d8 30 87 30 93 Sep 21 07:38:48.527917: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Sep 21 07:38:48.527919: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:38:48.527922: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:38:48.527924: | 04 00 00 0e 28 00 01 08 00 0e 00 00 23 ab c3 49 Sep 21 07:38:48.527926: | 94 26 30 6b df e5 12 a9 e8 ef 2b 9d 1e 83 54 37 Sep 21 07:38:48.527928: | 32 f7 bd e0 30 4e 7d ab 1f 74 36 b3 c1 4b f1 59 Sep 21 07:38:48.527931: | 0a c5 8e 19 f5 06 a0 ac 30 ee 64 c6 81 61 ec a4 Sep 21 07:38:48.527933: | d9 ff 1c ad a7 d8 77 6a a9 3b 70 c8 7c e1 53 13 Sep 21 07:38:48.527935: | fa 90 12 6a a8 c1 71 e4 b1 c0 e7 fd c8 37 3b d7 Sep 21 07:38:48.527937: | 9d e5 44 29 82 71 67 c2 52 d7 87 74 e8 ef bc 71 Sep 21 07:38:48.527940: | 15 a6 fc 6d 38 d0 6b 10 a0 18 df 16 99 f8 b5 f9 Sep 21 07:38:48.527942: | f2 cf 83 73 6c 03 e9 96 75 02 6c d1 a3 66 6d 3d Sep 21 07:38:48.527944: | c4 d0 1e e3 fc e4 d9 3f 5d 05 72 3a 79 fa 6a 77 Sep 21 07:38:48.527946: | 77 cd 7b 7b a9 31 fe ee 44 90 46 b4 fd bf 79 88 Sep 21 07:38:48.527949: | 97 04 80 ef a6 be 37 e3 9d 8a ce a4 d3 a1 32 b6 Sep 21 07:38:48.527951: | b1 7c 29 48 8e 07 85 a2 88 ce 2a 36 b0 6b 16 a8 Sep 21 07:38:48.527953: | 93 d6 39 e3 3e cc b6 b2 6d 83 9a 5e cb 31 35 e7 Sep 21 07:38:48.527955: | 90 18 e1 bd 4b 36 7a a8 34 87 6f 63 fa ef d5 1e Sep 21 07:38:48.527958: | 0d 44 56 f0 79 6a 6d b0 e3 ad 8b b5 a1 ca ce ed Sep 21 07:38:48.527960: | dd 5d cd 15 3c ba 3b ab 38 90 fb 8b 29 00 00 24 Sep 21 07:38:48.527962: | 7d 3f ce c5 b0 db e8 69 2d e4 6d 37 f5 3a fd 8a Sep 21 07:38:48.527964: | 0e 4c ff 7c 3b 8f a9 ea d2 0c 34 c2 8b 30 e7 ea Sep 21 07:38:48.527967: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:38:48.527969: | 3b e1 f8 77 11 a9 4e 53 c6 d4 c3 38 94 20 a9 75 Sep 21 07:38:48.527972: | a9 86 3e 15 00 00 00 1c 00 00 40 05 71 32 45 81 Sep 21 07:38:48.527974: | c9 ab 5d 46 0a 00 8e cf 08 7d 43 7d 28 2e e4 f6 Sep 21 07:38:48.527978: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:38:48.527982: | **parse ISAKMP Message: Sep 21 07:38:48.527984: | initiator cookie: Sep 21 07:38:48.527986: | f2 5c 15 dd 35 85 91 5e Sep 21 07:38:48.527989: | responder cookie: Sep 21 07:38:48.527991: | fe 60 0c d8 30 87 30 93 Sep 21 07:38:48.527993: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:38:48.527996: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:38:48.527998: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:38:48.528001: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:38:48.528003: | Message ID: 0 (0x0) Sep 21 07:38:48.528006: | length: 432 (0x1b0) Sep 21 07:38:48.528009: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:38:48.528012: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Sep 21 07:38:48.528017: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Sep 21 07:38:48.528025: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:38:48.528030: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:38:48.528033: | #1 is idle Sep 21 07:38:48.528035: | #1 idle Sep 21 07:38:48.528038: | unpacking clear payload Sep 21 07:38:48.528040: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:38:48.528043: | ***parse IKEv2 Security Association Payload: Sep 21 07:38:48.528045: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:38:48.528047: | flags: none (0x0) Sep 21 07:38:48.528050: | length: 40 (0x28) Sep 21 07:38:48.528052: | processing payload: ISAKMP_NEXT_v2SA (len=36) Sep 21 07:38:48.528055: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:38:48.528057: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:38:48.528060: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:38:48.528062: | flags: none (0x0) Sep 21 07:38:48.528064: | length: 264 (0x108) Sep 21 07:38:48.528066: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:38:48.528069: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:38:48.528071: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:38:48.528073: | ***parse IKEv2 Nonce Payload: Sep 21 07:38:48.528075: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:38:48.528078: | flags: none (0x0) Sep 21 07:38:48.528080: | length: 36 (0x24) Sep 21 07:38:48.528082: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:38:48.528084: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:38:48.528087: | ***parse IKEv2 Notify Payload: Sep 21 07:38:48.528089: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:38:48.528091: | flags: none (0x0) Sep 21 07:38:48.528094: | length: 8 (0x8) Sep 21 07:38:48.528096: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:48.528098: | SPI size: 0 (0x0) Sep 21 07:38:48.528101: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:38:48.528104: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:38:48.528106: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:38:48.528108: | ***parse IKEv2 Notify Payload: Sep 21 07:38:48.528110: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:38:48.528113: | flags: none (0x0) Sep 21 07:38:48.528115: | length: 28 (0x1c) Sep 21 07:38:48.528117: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:48.528119: | SPI size: 0 (0x0) Sep 21 07:38:48.528122: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:38:48.528124: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:38:48.528126: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:38:48.528128: | ***parse IKEv2 Notify Payload: Sep 21 07:38:48.528131: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:48.528133: | flags: none (0x0) Sep 21 07:38:48.528135: | length: 28 (0x1c) Sep 21 07:38:48.528138: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:48.528140: | SPI size: 0 (0x0) Sep 21 07:38:48.528142: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:38:48.528144: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:38:48.528147: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Sep 21 07:38:48.528150: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:38:48.528153: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:38:48.528155: | Now let's proceed with state specific processing Sep 21 07:38:48.528158: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:38:48.528161: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Sep 21 07:38:48.528178: | using existing local IKE proposals for connection road-eastnet (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:38:48.528183: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Sep 21 07:38:48.528186: | local proposal 1 type ENCR has 1 transforms Sep 21 07:38:48.528189: | local proposal 1 type PRF has 2 transforms Sep 21 07:38:48.528191: | local proposal 1 type INTEG has 1 transforms Sep 21 07:38:48.528193: | local proposal 1 type DH has 8 transforms Sep 21 07:38:48.528196: | local proposal 1 type ESN has 0 transforms Sep 21 07:38:48.528199: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:38:48.528201: | local proposal 2 type ENCR has 1 transforms Sep 21 07:38:48.528204: | local proposal 2 type PRF has 2 transforms Sep 21 07:38:48.528206: | local proposal 2 type INTEG has 1 transforms Sep 21 07:38:48.528208: | local proposal 2 type DH has 8 transforms Sep 21 07:38:48.528211: | local proposal 2 type ESN has 0 transforms Sep 21 07:38:48.528213: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:38:48.528216: | local proposal 3 type ENCR has 1 transforms Sep 21 07:38:48.528218: | local proposal 3 type PRF has 2 transforms Sep 21 07:38:48.528220: | local proposal 3 type INTEG has 2 transforms Sep 21 07:38:48.528223: | local proposal 3 type DH has 8 transforms Sep 21 07:38:48.528225: | local proposal 3 type ESN has 0 transforms Sep 21 07:38:48.528228: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:38:48.528231: | local proposal 4 type ENCR has 1 transforms Sep 21 07:38:48.528233: | local proposal 4 type PRF has 2 transforms Sep 21 07:38:48.528235: | local proposal 4 type INTEG has 2 transforms Sep 21 07:38:48.528238: | local proposal 4 type DH has 8 transforms Sep 21 07:38:48.528240: | local proposal 4 type ESN has 0 transforms Sep 21 07:38:48.528243: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:38:48.528245: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:38:48.528248: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:38:48.528250: | length: 36 (0x24) Sep 21 07:38:48.528252: | prop #: 1 (0x1) Sep 21 07:38:48.528255: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:38:48.528257: | spi size: 0 (0x0) Sep 21 07:38:48.528259: | # transforms: 3 (0x3) Sep 21 07:38:48.528262: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:38:48.528265: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:48.528268: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.528270: | length: 12 (0xc) Sep 21 07:38:48.528272: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:38:48.528275: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:38:48.528277: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:38:48.528280: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:38:48.528282: | length/value: 256 (0x100) Sep 21 07:38:48.528286: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:38:48.528289: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:48.528291: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.528294: | length: 8 (0x8) Sep 21 07:38:48.528296: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:48.528298: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:38:48.528303: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:38:48.528306: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:48.528308: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:38:48.528310: | length: 8 (0x8) Sep 21 07:38:48.528313: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:48.528315: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:38:48.528318: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:38:48.528322: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:38:48.528326: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:38:48.528328: | remote proposal 1 matches local proposal 1 Sep 21 07:38:48.528331: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Sep 21 07:38:48.528333: | converting proposal to internal trans attrs Sep 21 07:38:48.528347: | natd_hash: hasher=0x563b6d1147a0(20) Sep 21 07:38:48.528350: | natd_hash: icookie= f2 5c 15 dd 35 85 91 5e Sep 21 07:38:48.528352: | natd_hash: rcookie= fe 60 0c d8 30 87 30 93 Sep 21 07:38:48.528354: | natd_hash: ip= c0 01 03 d1 Sep 21 07:38:48.528357: | natd_hash: port= 01 f4 Sep 21 07:38:48.528359: | natd_hash: hash= 71 32 45 81 c9 ab 5d 46 0a 00 8e cf 08 7d 43 7d Sep 21 07:38:48.528361: | natd_hash: hash= 28 2e e4 f6 Sep 21 07:38:48.528367: | natd_hash: hasher=0x563b6d1147a0(20) Sep 21 07:38:48.528370: | natd_hash: icookie= f2 5c 15 dd 35 85 91 5e Sep 21 07:38:48.528372: | natd_hash: rcookie= fe 60 0c d8 30 87 30 93 Sep 21 07:38:48.528374: | natd_hash: ip= c0 01 02 17 Sep 21 07:38:48.528376: | natd_hash: port= 01 f4 Sep 21 07:38:48.528378: | natd_hash: hash= 3b e1 f8 77 11 a9 4e 53 c6 d4 c3 38 94 20 a9 75 Sep 21 07:38:48.528380: | natd_hash: hash= a9 86 3e 15 Sep 21 07:38:48.528383: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:38:48.528385: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:38:48.528387: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:38:48.528390: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:38:48.528396: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:38:48.528399: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Sep 21 07:38:48.528402: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:38:48.528405: | #1 STATE_PARENT_I1: retransmits: cleared Sep 21 07:38:48.528408: | libevent_free: release ptr-libevent@0x563b6ea68180 Sep 21 07:38:48.528411: | free_event_entry: release EVENT_RETRANSMIT-pe@0x563b6ea68140 Sep 21 07:38:48.528414: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x563b6ea68140 Sep 21 07:38:48.528417: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:38:48.528420: | libevent_malloc: new ptr-libevent@0x563b6ea68180 size 128 Sep 21 07:38:48.528429: | #1 spent 0.267 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Sep 21 07:38:48.528436: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:38:48.528439: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Sep 21 07:38:48.528441: | suspending state #1 and saving MD Sep 21 07:38:48.528444: | #1 is busy; has a suspended MD Sep 21 07:38:48.528449: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:38:48.528453: | "road-eastnet"[1] 192.1.2.23 #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:38:48.528459: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:38:48.528464: | #1 spent 0.565 milliseconds in ikev2_process_packet() Sep 21 07:38:48.528468: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:38:48.528471: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:38:48.528473: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:38:48.528477: | spent 0.578 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:38:48.528489: | crypto helper 1 resuming Sep 21 07:38:48.528494: | crypto helper 1 starting work-order 2 for state #1 Sep 21 07:38:48.528497: | crypto helper 1 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Sep 21 07:38:48.529457: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:38:48.529899: | crypto helper 1 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001401 seconds Sep 21 07:38:48.529907: | (#1) spent 1.4 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Sep 21 07:38:48.529910: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Sep 21 07:38:48.529913: | scheduling resume sending helper answer for #1 Sep 21 07:38:48.529916: | libevent_malloc: new ptr-libevent@0x7fa6e8006b90 size 128 Sep 21 07:38:48.529923: | crypto helper 1 waiting (nothing to do) Sep 21 07:38:48.529932: | processing resume sending helper answer for #1 Sep 21 07:38:48.529938: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:38:48.529942: | crypto helper 1 replies to request ID 2 Sep 21 07:38:48.529944: | calling continuation function 0x563b6d03e630 Sep 21 07:38:48.529947: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Sep 21 07:38:48.529953: | creating state object #2 at 0x563b6ea6aa80 Sep 21 07:38:48.529956: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:38:48.529959: | pstats #2 ikev2.child started Sep 21 07:38:48.529963: | duplicating state object #1 "road-eastnet"[1] 192.1.2.23 as #2 for IPSEC SA Sep 21 07:38:48.529968: | #2 setting local endpoint to 192.1.3.209:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:38:48.529973: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:38:48.529978: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Sep 21 07:38:48.529982: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Sep 21 07:38:48.529985: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:38:48.529988: | libevent_free: release ptr-libevent@0x563b6ea68180 Sep 21 07:38:48.529990: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x563b6ea68140 Sep 21 07:38:48.529993: | event_schedule: new EVENT_SA_REPLACE-pe@0x563b6ea68140 Sep 21 07:38:48.529996: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Sep 21 07:38:48.529999: | libevent_malloc: new ptr-libevent@0x563b6ea68180 size 128 Sep 21 07:38:48.530002: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Sep 21 07:38:48.530007: | **emit ISAKMP Message: Sep 21 07:38:48.530010: | initiator cookie: Sep 21 07:38:48.530012: | f2 5c 15 dd 35 85 91 5e Sep 21 07:38:48.530014: | responder cookie: Sep 21 07:38:48.530017: | fe 60 0c d8 30 87 30 93 Sep 21 07:38:48.530019: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:38:48.530022: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:38:48.530024: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:38:48.530027: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:38:48.530029: | Message ID: 1 (0x1) Sep 21 07:38:48.530032: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:38:48.530038: | ***emit IKEv2 Encryption Payload: Sep 21 07:38:48.530041: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:48.530043: | flags: none (0x0) Sep 21 07:38:48.530046: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:38:48.530049: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:38:48.530052: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:38:48.530058: | IKEv2 CERT: send a certificate? Sep 21 07:38:48.530062: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Sep 21 07:38:48.530064: | IDr payload will NOT be sent Sep 21 07:38:48.530078: | ****emit IKEv2 Identification - Initiator - Payload: Sep 21 07:38:48.530081: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:48.530083: | flags: none (0x0) Sep 21 07:38:48.530085: | ID type: ID_IPV4_ADDR (0x1) Sep 21 07:38:48.530088: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Sep 21 07:38:48.530091: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:38:48.530094: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Sep 21 07:38:48.530097: | my identity c0 01 03 d1 Sep 21 07:38:48.530099: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Sep 21 07:38:48.530107: | not sending INITIAL_CONTACT Sep 21 07:38:48.530110: | ****emit IKEv2 Authentication Payload: Sep 21 07:38:48.530113: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:48.530115: | flags: none (0x0) Sep 21 07:38:48.530117: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:38:48.530120: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:38:48.530123: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:38:48.530126: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Sep 21 07:38:48.530132: | started looking for secret for 192.1.3.209->192.1.2.23 of kind PKK_PSK Sep 21 07:38:48.530136: | actually looking for secret for 192.1.3.209->192.1.2.23 of kind PKK_PSK Sep 21 07:38:48.530139: | line 1: key type PKK_PSK(192.1.3.209) to type PKK_PSK Sep 21 07:38:48.530144: | 1: compared key (none) to 192.1.3.209 / 192.1.2.23 -> 002 Sep 21 07:38:48.530148: | 2: compared key (none) to 192.1.3.209 / 192.1.2.23 -> 002 Sep 21 07:38:48.530151: | line 1: match=002 Sep 21 07:38:48.530154: | match 002 beats previous best_match 000 match=0x563b6ea58d40 (line=1) Sep 21 07:38:48.530156: | concluding with best_match=002 best=0x563b6ea58d40 (lineno=1) Sep 21 07:38:48.530213: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Sep 21 07:38:48.530216: | PSK auth ed 8e a1 68 de 95 24 9c 3e 80 4b 30 fb 31 3e c0 Sep 21 07:38:48.530219: | PSK auth e5 d9 d2 b4 54 b9 2f 5a b9 1a 2d 2d 66 fe 1e b5 Sep 21 07:38:48.530221: | PSK auth 3d 06 25 49 ec cd 24 32 a2 25 7c d4 6a 77 f5 f6 Sep 21 07:38:48.530223: | PSK auth 36 e3 6d 29 85 54 8f 5f b8 84 fa 54 29 63 81 28 Sep 21 07:38:48.530226: | emitting length of IKEv2 Authentication Payload: 72 Sep 21 07:38:48.530229: | Send Configuration Payload request Sep 21 07:38:48.530231: | ****emit IKEv2 Configuration Payload: Sep 21 07:38:48.530234: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:38:48.530236: | flags: none (0x0) Sep 21 07:38:48.530239: | ikev2_cfg_type: IKEv2_CP_CFG_REQUEST (0x1) Sep 21 07:38:48.530242: | next payload chain: ignoring supplied 'IKEv2 Configuration Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Sep 21 07:38:48.530244: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Configuration Payload (47:ISAKMP_NEXT_v2CP) Sep 21 07:38:48.530249: | next payload chain: saving location 'IKEv2 Configuration Payload'.'next payload type' in 'reply packet' Sep 21 07:38:48.530252: | *****emit IKEv2 Configuration Payload Attribute: Sep 21 07:38:48.530254: | Attribute Type: IKEv2_INTERNAL_IP4_ADDRESS (0x1) Sep 21 07:38:48.530257: | emitting length of IKEv2 Configuration Payload Attribute: 0 Sep 21 07:38:48.530259: | *****emit IKEv2 Configuration Payload Attribute: Sep 21 07:38:48.530262: | Attribute Type: IKEv2_INTERNAL_IP4_DNS (0x3) Sep 21 07:38:48.530264: | emitting length of IKEv2 Configuration Payload Attribute: 0 Sep 21 07:38:48.530266: | *****emit IKEv2 Configuration Payload Attribute: Sep 21 07:38:48.530269: | Attribute Type: IKEv2_INTERNAL_IP6_ADDRESS (0x8) Sep 21 07:38:48.530271: | emitting length of IKEv2 Configuration Payload Attribute: 0 Sep 21 07:38:48.530273: | *****emit IKEv2 Configuration Payload Attribute: Sep 21 07:38:48.530276: | Attribute Type: IKEv2_INTERNAL_IP6_DNS (0xa) Sep 21 07:38:48.530278: | emitting length of IKEv2 Configuration Payload Attribute: 0 Sep 21 07:38:48.530280: | *****emit IKEv2 Configuration Payload Attribute: Sep 21 07:38:48.530282: | Attribute Type: IKEv2_INTERNAL_DNS_DOMAIN (0x19) Sep 21 07:38:48.530285: | emitting length of IKEv2 Configuration Payload Attribute: 0 Sep 21 07:38:48.530287: | emitting length of IKEv2 Configuration Payload: 28 Sep 21 07:38:48.530289: | getting first pending from state #1 Sep 21 07:38:48.530310: | netlink_get_spi: allocated 0x5b01cf2e for esp.0@192.1.3.209 Sep 21 07:38:48.530314: | constructing ESP/AH proposals with all DH removed for road-eastnet (IKE SA initiator emitting ESP/AH proposals) Sep 21 07:38:48.530318: | converting proposal AES_CBC_256-HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:38:48.530323: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:38:48.530328: "road-eastnet"[1] 192.1.2.23: constructed local ESP/AH proposals for road-eastnet (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:38:48.530338: | Emitting ikev2_proposals ... Sep 21 07:38:48.530341: | ****emit IKEv2 Security Association Payload: Sep 21 07:38:48.530343: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:48.530345: | flags: none (0x0) Sep 21 07:38:48.530348: | next payload chain: setting previous 'IKEv2 Configuration Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:38:48.530351: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:38:48.530354: | discarding DH=NONE Sep 21 07:38:48.530356: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:38:48.530359: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:38:48.530361: | prop #: 1 (0x1) Sep 21 07:38:48.530363: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:38:48.530366: | spi size: 4 (0x4) Sep 21 07:38:48.530368: | # transforms: 3 (0x3) Sep 21 07:38:48.530371: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:38:48.530373: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:38:48.530376: | our spi 5b 01 cf 2e Sep 21 07:38:48.530378: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.530380: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.530383: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:38:48.530385: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:38:48.530388: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.530390: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:38:48.530393: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:38:48.530395: | length/value: 256 (0x100) Sep 21 07:38:48.530398: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:38:48.530402: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.530404: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.530407: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:38:48.530409: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:38:48.530412: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.530415: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.530417: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.530419: | discarding DH=NONE Sep 21 07:38:48.530422: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:38:48.530424: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:38:48.530426: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:38:48.530429: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:38:48.530431: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.530434: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:48.530436: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:48.530439: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:38:48.530441: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:38:48.530444: | emitting length of IKEv2 Security Association Payload: 44 Sep 21 07:38:48.530446: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:38:48.530450: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:38:48.530452: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:48.530454: | flags: none (0x0) Sep 21 07:38:48.530457: | number of TS: 1 (0x1) Sep 21 07:38:48.530460: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:38:48.530462: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:38:48.530465: | *****emit IKEv2 Traffic Selector: Sep 21 07:38:48.530467: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:38:48.530469: | IP Protocol ID: 0 (0x0) Sep 21 07:38:48.530472: | start port: 0 (0x0) Sep 21 07:38:48.530474: | end port: 65535 (0xffff) Sep 21 07:38:48.530477: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:38:48.530479: | IP start c0 01 03 d1 Sep 21 07:38:48.530482: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:38:48.530484: | IP end c0 01 03 d1 Sep 21 07:38:48.530486: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:38:48.530489: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:38:48.530491: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:38:48.530493: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:48.530496: | flags: none (0x0) Sep 21 07:38:48.530498: | number of TS: 1 (0x1) Sep 21 07:38:48.530501: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:38:48.530504: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:38:48.530506: | *****emit IKEv2 Traffic Selector: Sep 21 07:38:48.530508: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:38:48.530510: | IP Protocol ID: 0 (0x0) Sep 21 07:38:48.530515: | start port: 0 (0x0) Sep 21 07:38:48.530517: | end port: 65535 (0xffff) Sep 21 07:38:48.530520: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:38:48.530522: | IP start c0 00 02 00 Sep 21 07:38:48.530524: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:38:48.530526: | IP end c0 00 02 ff Sep 21 07:38:48.530528: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:38:48.530531: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:38:48.530533: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:38:48.530536: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:38:48.530538: | Adding a v2N Payload Sep 21 07:38:48.530540: | ****emit IKEv2 Notify Payload: Sep 21 07:38:48.530543: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:48.530545: | flags: none (0x0) Sep 21 07:38:48.530547: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:48.530550: | SPI size: 0 (0x0) Sep 21 07:38:48.530552: | Notify Message Type: v2N_MOBIKE_SUPPORTED (0x400c) Sep 21 07:38:48.530555: | next payload chain: setting previous 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:38:48.530558: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:38:48.530560: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:38:48.530563: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:38:48.530566: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:38:48.530569: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:38:48.530571: | emitting length of IKEv2 Encryption Payload: 241 Sep 21 07:38:48.530573: | emitting length of ISAKMP Message: 269 Sep 21 07:38:48.530586: | suspend processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:38:48.530592: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:38:48.530596: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Sep 21 07:38:48.530599: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Sep 21 07:38:48.530602: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Sep 21 07:38:48.530604: | Message ID: updating counters for #2 to 0 after switching state Sep 21 07:38:48.530609: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Sep 21 07:38:48.530614: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Sep 21 07:38:48.530619: "road-eastnet"[1] 192.1.2.23 #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:38:48.530628: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.3.209:500) Sep 21 07:38:48.530634: | sending 269 bytes for STATE_PARENT_I1 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 (using #1) Sep 21 07:38:48.530637: | f2 5c 15 dd 35 85 91 5e fe 60 0c d8 30 87 30 93 Sep 21 07:38:48.530639: | 2e 20 23 08 00 00 00 01 00 00 01 0d 23 00 00 f1 Sep 21 07:38:48.530641: | 8f 1a 25 52 31 bb 58 a5 3f 77 3c 2b 1a 98 09 a2 Sep 21 07:38:48.530643: | 38 84 db 9b aa 92 96 d9 c4 e1 d0 5b 47 ee 1f c9 Sep 21 07:38:48.530646: | 2c 13 8d 58 26 60 8a 09 6a 9d 87 fb f6 a3 74 f3 Sep 21 07:38:48.530648: | 07 0d b1 87 97 12 0c ba ea d9 75 72 a8 2c ca c2 Sep 21 07:38:48.530650: | bf ca 5f 1d f6 df 6a 1b 9f 80 6c 84 96 94 cc dc Sep 21 07:38:48.530652: | 80 08 f7 33 c5 60 45 6f 65 84 00 0b 85 05 da 73 Sep 21 07:38:48.530656: | 41 1c 65 3e 69 a7 4c 83 c5 09 dd 54 fa 5c 6d 38 Sep 21 07:38:48.530658: | 4d ec fe 59 b8 75 9a bc 2e 9f 8f 77 dd ed 10 ae Sep 21 07:38:48.530660: | c5 c3 7d 8a e2 f5 d3 2b 71 4b d6 a9 0f 34 c6 40 Sep 21 07:38:48.530663: | 00 e1 69 aa f6 9a 85 1d 49 41 90 ff 6a a8 3f 84 Sep 21 07:38:48.530665: | eb b0 32 a0 8e 63 2a 9f 2a 51 bd 3c ef ce 70 03 Sep 21 07:38:48.530667: | ca 4e d9 ae 16 8f ac 5c c8 f9 61 fd 52 cb 9c 88 Sep 21 07:38:48.530669: | 47 53 93 59 d6 6b e7 c1 2e 74 c0 6c 70 b6 d5 f0 Sep 21 07:38:48.530672: | cf 52 27 69 16 ef 1e 89 ac 89 35 ae a9 72 e9 df Sep 21 07:38:48.530674: | 24 8a 2e 65 4c 6e ed f8 69 f4 7b f2 55 Sep 21 07:38:48.530707: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:38:48.530711: | event_schedule: new EVENT_RETRANSMIT-pe@0x563b6ea67ec0 Sep 21 07:38:48.530715: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Sep 21 07:38:48.530718: | libevent_malloc: new ptr-libevent@0x563b6ea67fa0 size 128 Sep 21 07:38:48.530722: | #2 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 50174.898975 Sep 21 07:38:48.530725: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:38:48.530730: | #1 spent 0.768 milliseconds in resume sending helper answer Sep 21 07:38:48.530736: | stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:38:48.530740: | libevent_free: release ptr-libevent@0x7fa6e8006b90 Sep 21 07:38:48.723715: | spent 0.00256 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:38:48.723736: | *received 257 bytes from 192.1.2.23:500 on eth0 (192.1.3.209:500) Sep 21 07:38:48.723739: | f2 5c 15 dd 35 85 91 5e fe 60 0c d8 30 87 30 93 Sep 21 07:38:48.723741: | 2e 20 23 20 00 00 00 01 00 00 01 01 29 00 00 e5 Sep 21 07:38:48.723744: | 7b 9c 5d 11 66 9d cc e7 e0 c3 24 54 2c 93 04 fc Sep 21 07:38:48.723746: | 09 d6 7e 5c 7d 16 d3 de d9 31 68 81 91 8d 1c 80 Sep 21 07:38:48.723748: | 54 82 21 dc 30 3b be 23 1e 30 20 82 93 53 a8 5c Sep 21 07:38:48.723750: | b8 17 c1 30 9c 48 5f 54 c8 ac d7 88 31 90 eb 32 Sep 21 07:38:48.723752: | 7f 50 fc c9 32 b0 2a ce aa 37 62 fd 59 4f ff 69 Sep 21 07:38:48.723755: | dc 46 0a 37 67 95 38 73 db f4 d9 f6 93 34 fc 3f Sep 21 07:38:48.723757: | 7d 31 25 14 d8 1b a0 2b b6 3e 79 e8 ab b8 3b 69 Sep 21 07:38:48.723759: | e7 3f 2a 50 8c 33 31 bc 5c 08 32 54 ce 6b 40 b9 Sep 21 07:38:48.723761: | 4a 04 80 ab d7 cd 47 3c 8d 1c f0 ef 28 31 e4 7f Sep 21 07:38:48.723764: | cf 83 50 8c 74 01 98 93 26 e8 1e b8 1f 7a c4 15 Sep 21 07:38:48.723766: | 04 05 d7 3d 35 e2 ee 38 48 fd b5 30 16 bb f2 c0 Sep 21 07:38:48.723768: | ea 00 95 6d 09 cd fc ea cc e8 bc 50 07 eb 59 8f Sep 21 07:38:48.723770: | 5d ae 7b 27 a1 04 73 4a 94 6d 18 54 6b 0a a1 73 Sep 21 07:38:48.723773: | 73 73 c3 2b 0b 0c 71 b8 57 66 92 6f 69 42 89 78 Sep 21 07:38:48.723775: | e9 Sep 21 07:38:48.723779: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:38:48.723789: | **parse ISAKMP Message: Sep 21 07:38:48.723793: | initiator cookie: Sep 21 07:38:48.723795: | f2 5c 15 dd 35 85 91 5e Sep 21 07:38:48.723798: | responder cookie: Sep 21 07:38:48.723800: | fe 60 0c d8 30 87 30 93 Sep 21 07:38:48.723803: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:38:48.723805: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:38:48.723808: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:38:48.723810: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:38:48.723813: | Message ID: 1 (0x1) Sep 21 07:38:48.723815: | length: 257 (0x101) Sep 21 07:38:48.723818: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:38:48.723822: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:38:48.723828: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:38:48.723837: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:38:48.723840: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:38:48.723846: | suspend processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:38:48.723851: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:38:48.723854: | #2 is idle Sep 21 07:38:48.723856: | #2 idle Sep 21 07:38:48.723858: | unpacking clear payload Sep 21 07:38:48.723861: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:38:48.723864: | ***parse IKEv2 Encryption Payload: Sep 21 07:38:48.723866: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:38:48.723869: | flags: none (0x0) Sep 21 07:38:48.723871: | length: 229 (0xe5) Sep 21 07:38:48.723873: | processing payload: ISAKMP_NEXT_v2SK (len=225) Sep 21 07:38:48.723876: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:38:48.723892: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:38:48.723895: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:38:48.723898: | **parse IKEv2 Notify Payload: Sep 21 07:38:48.723901: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:38:48.723903: | flags: none (0x0) Sep 21 07:38:48.723905: | length: 8 (0x8) Sep 21 07:38:48.723907: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:48.723909: | SPI size: 0 (0x0) Sep 21 07:38:48.723912: | Notify Message Type: v2N_MOBIKE_SUPPORTED (0x400c) Sep 21 07:38:48.723914: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:38:48.723917: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:38:48.723919: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:38:48.723922: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:38:48.723924: | flags: none (0x0) Sep 21 07:38:48.723926: | length: 12 (0xc) Sep 21 07:38:48.723928: | ID type: ID_IPV4_ADDR (0x1) Sep 21 07:38:48.723931: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Sep 21 07:38:48.723933: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:38:48.723936: | **parse IKEv2 Authentication Payload: Sep 21 07:38:48.723938: | next payload type: ISAKMP_NEXT_v2CP (0x2f) Sep 21 07:38:48.723941: | flags: none (0x0) Sep 21 07:38:48.723943: | length: 72 (0x48) Sep 21 07:38:48.723945: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:38:48.723947: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Sep 21 07:38:48.723949: | Now let's proceed with payload (ISAKMP_NEXT_v2CP) Sep 21 07:38:48.723952: | **parse IKEv2 Configuration Payload: Sep 21 07:38:48.723954: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:38:48.723956: | flags: none (0x0) Sep 21 07:38:48.723958: | length: 16 (0x10) Sep 21 07:38:48.723961: | ikev2_cfg_type: IKEv2_CP_CFG_REPLY (0x2) Sep 21 07:38:48.723963: | processing payload: ISAKMP_NEXT_v2CP (len=8) Sep 21 07:38:48.723965: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:38:48.723968: | **parse IKEv2 Security Association Payload: Sep 21 07:38:48.723970: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:38:48.723972: | flags: none (0x0) Sep 21 07:38:48.723974: | length: 44 (0x2c) Sep 21 07:38:48.723976: | processing payload: ISAKMP_NEXT_v2SA (len=40) Sep 21 07:38:48.723979: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:38:48.723981: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:38:48.723983: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:38:48.723985: | flags: none (0x0) Sep 21 07:38:48.723988: | length: 24 (0x18) Sep 21 07:38:48.723990: | number of TS: 1 (0x1) Sep 21 07:38:48.723993: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:38:48.723995: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:38:48.723999: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:38:48.724001: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:48.724003: | flags: none (0x0) Sep 21 07:38:48.724006: | length: 24 (0x18) Sep 21 07:38:48.724008: | number of TS: 1 (0x1) Sep 21 07:38:48.724010: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:38:48.724013: | selected state microcode Initiator: process IKE_AUTH response Sep 21 07:38:48.724015: | Now let's proceed with state specific processing Sep 21 07:38:48.724017: | calling processor Initiator: process IKE_AUTH response Sep 21 07:38:48.724021: | received v2N_MOBIKE_SUPPORTED and sent Sep 21 07:38:48.724024: | parsing 4 raw bytes of IKEv2 Identification - Responder - Payload into peer ID Sep 21 07:38:48.724026: | peer ID c0 01 02 17 Sep 21 07:38:48.724030: | offered CA: '%none' Sep 21 07:38:48.724035: "road-eastnet"[1] 192.1.2.23 #2: IKEv2 mode peer ID is ID_IPV4_ADDR: '192.1.2.23' Sep 21 07:38:48.724072: | verifying AUTH payload Sep 21 07:38:48.724076: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Sep 21 07:38:48.724081: | started looking for secret for 192.1.3.209->192.1.2.23 of kind PKK_PSK Sep 21 07:38:48.724084: | actually looking for secret for 192.1.3.209->192.1.2.23 of kind PKK_PSK Sep 21 07:38:48.724088: | line 1: key type PKK_PSK(192.1.3.209) to type PKK_PSK Sep 21 07:38:48.724092: | 1: compared key (none) to 192.1.3.209 / 192.1.2.23 -> 002 Sep 21 07:38:48.724096: | 2: compared key (none) to 192.1.3.209 / 192.1.2.23 -> 002 Sep 21 07:38:48.724098: | line 1: match=002 Sep 21 07:38:48.724101: | match 002 beats previous best_match 000 match=0x563b6ea58d40 (line=1) Sep 21 07:38:48.724104: | concluding with best_match=002 best=0x563b6ea58d40 (lineno=1) Sep 21 07:38:48.724164: "road-eastnet"[1] 192.1.2.23 #2: Authenticated using authby=secret Sep 21 07:38:48.724172: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Sep 21 07:38:48.724176: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Sep 21 07:38:48.724179: | state #1 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:38:48.724182: | libevent_free: release ptr-libevent@0x563b6ea68180 Sep 21 07:38:48.724185: | free_event_entry: release EVENT_SA_REPLACE-pe@0x563b6ea68140 Sep 21 07:38:48.724187: | event_schedule: new EVENT_SA_REKEY-pe@0x563b6ea68140 Sep 21 07:38:48.724191: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Sep 21 07:38:48.724193: | libevent_malloc: new ptr-libevent@0x563b6ea68180 size 128 Sep 21 07:38:48.725394: | pstats #1 ikev2.ike established Sep 21 07:38:48.725403: | #2 road-eastnet[1] parsing ISAKMP_NEXT_v2CP payload Sep 21 07:38:48.725407: | ***parse IKEv2 Configuration Payload Attribute: Sep 21 07:38:48.725410: | Attribute Type: IKEv2_INTERNAL_IP4_ADDRESS (0x1) Sep 21 07:38:48.725412: | length/value: 4 (0x4) Sep 21 07:38:48.725415: | parsing 4 raw bytes of IKEv2 Configuration Payload Attribute into INTERNAL_IP_ADDRESS Sep 21 07:38:48.725417: | INTERNAL_IP_ADDRESS c0 00 03 0a Sep 21 07:38:48.725423: "road-eastnet"[1] 192.1.2.23 #2: received INTERNAL_IP4_ADDRESS 192.0.3.10 Sep 21 07:38:48.725432: | setting host source IP address to 192.0.3.10 Sep 21 07:38:48.725435: | TSi: parsing 1 traffic selectors Sep 21 07:38:48.725438: | ***parse IKEv2 Traffic Selector: Sep 21 07:38:48.725440: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:38:48.725442: | IP Protocol ID: 0 (0x0) Sep 21 07:38:48.725445: | length: 16 (0x10) Sep 21 07:38:48.725447: | start port: 0 (0x0) Sep 21 07:38:48.725449: | end port: 65535 (0xffff) Sep 21 07:38:48.725451: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:38:48.725453: | TS low c0 00 03 0a Sep 21 07:38:48.725456: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:38:48.725458: | TS high c0 00 03 0a Sep 21 07:38:48.725460: | TSi: parsed 1 traffic selectors Sep 21 07:38:48.725462: | TSr: parsing 1 traffic selectors Sep 21 07:38:48.725468: | ***parse IKEv2 Traffic Selector: Sep 21 07:38:48.725470: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:38:48.725472: | IP Protocol ID: 0 (0x0) Sep 21 07:38:48.725474: | length: 16 (0x10) Sep 21 07:38:48.725477: | start port: 0 (0x0) Sep 21 07:38:48.725479: | end port: 65535 (0xffff) Sep 21 07:38:48.725481: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:38:48.725483: | TS low c0 00 02 00 Sep 21 07:38:48.725485: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:38:48.725487: | TS high c0 00 02 ff Sep 21 07:38:48.725489: | TSr: parsed 1 traffic selectors Sep 21 07:38:48.725496: | evaluating our conn="road-eastnet"[1] 192.1.2.23 I=192.0.3.10/32:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:38:48.725501: | TSi[0] .net=192.0.3.10-192.0.3.10 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:38:48.725507: | match address end->client=192.0.3.10/32 >= TSi[0]net=192.0.3.10-192.0.3.10: YES fitness 32 Sep 21 07:38:48.725510: | narrow port end=0..65535 >= TSi[0]=0..65535: 0 Sep 21 07:38:48.725512: | TSi[0] port match: YES fitness 65536 Sep 21 07:38:48.725515: | narrow protocol end=*0 >= TSi[0]=*0: 0 Sep 21 07:38:48.725518: | match end->protocol=*0 >= TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:38:48.725522: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:38:48.725528: | match address end->client=192.0.2.0/24 >= TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:38:48.725530: | narrow port end=0..65535 >= TSr[0]=0..65535: 0 Sep 21 07:38:48.725532: | TSr[0] port match: YES fitness 65536 Sep 21 07:38:48.725535: | narrow protocol end=*0 >= TSr[0]=*0: 0 Sep 21 07:38:48.725538: | match end->protocol=*0 >= TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:38:48.725540: | best fit so far: TSi[0] TSr[0] Sep 21 07:38:48.725542: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:38:48.725544: | printing contents struct traffic_selector Sep 21 07:38:48.725546: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:38:48.725548: | ipprotoid: 0 Sep 21 07:38:48.725550: | port range: 0-65535 Sep 21 07:38:48.725554: | ip range: 192.0.3.10-192.0.3.10 Sep 21 07:38:48.725556: | printing contents struct traffic_selector Sep 21 07:38:48.725558: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:38:48.725560: | ipprotoid: 0 Sep 21 07:38:48.725562: | port range: 0-65535 Sep 21 07:38:48.725565: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:38:48.725573: | using existing local ESP/AH proposals for road-eastnet (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:38:48.725576: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals Sep 21 07:38:48.725580: | local proposal 1 type ENCR has 1 transforms Sep 21 07:38:48.725582: | local proposal 1 type PRF has 0 transforms Sep 21 07:38:48.725585: | local proposal 1 type INTEG has 1 transforms Sep 21 07:38:48.725587: | local proposal 1 type DH has 1 transforms Sep 21 07:38:48.725589: | local proposal 1 type ESN has 1 transforms Sep 21 07:38:48.725592: | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:38:48.725595: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:38:48.725597: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:38:48.725599: | length: 40 (0x28) Sep 21 07:38:48.725601: | prop #: 1 (0x1) Sep 21 07:38:48.725604: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:38:48.725606: | spi size: 4 (0x4) Sep 21 07:38:48.725608: | # transforms: 3 (0x3) Sep 21 07:38:48.725611: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:38:48.725613: | remote SPI 68 36 4a c1 Sep 21 07:38:48.725616: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals Sep 21 07:38:48.725618: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:48.725622: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.725624: | length: 12 (0xc) Sep 21 07:38:48.725626: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:38:48.725629: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:38:48.725631: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:38:48.725634: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:38:48.725636: | length/value: 256 (0x100) Sep 21 07:38:48.725640: | remote proposal 1 transform 0 (ENCR=AES_CBC_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:38:48.725642: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:48.725644: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:48.725646: | length: 8 (0x8) Sep 21 07:38:48.725649: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:38:48.725651: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:38:48.725654: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_256_128) matches local proposal 1 type 3 (INTEG) transform 0 Sep 21 07:38:48.725656: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:48.725659: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:38:48.725661: | length: 8 (0x8) Sep 21 07:38:48.725663: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:38:48.725665: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:38:48.725668: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:38:48.725671: | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none Sep 21 07:38:48.725675: | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN Sep 21 07:38:48.725678: | remote proposal 1 matches local proposal 1 Sep 21 07:38:48.725681: | remote accepted the proposal 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED[first-match] Sep 21 07:38:48.725686: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=68364ac1;ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Sep 21 07:38:48.725688: | converting proposal to internal trans attrs Sep 21 07:38:48.725693: | ignored received NOTIFY (16396): v2N_MOBIKE_SUPPORTED Sep 21 07:38:48.725696: | integ=sha2_256: .key_size=32 encrypt=aes: .key_size=32 .salt_size=0 keymat_len=64 Sep 21 07:38:48.725869: | #1 spent 1.02 milliseconds Sep 21 07:38:48.725876: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:38:48.725879: | could_route called for road-eastnet (kind=CK_INSTANCE) Sep 21 07:38:48.725882: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:38:48.725885: | conn road-eastnet mark 0/00000000, 0/00000000 vs Sep 21 07:38:48.725887: | conn road-eastnet mark 0/00000000, 0/00000000 Sep 21 07:38:48.725890: | conn road-eastnet mark 0/00000000, 0/00000000 vs Sep 21 07:38:48.725892: | conn road-eastnet mark 0/00000000, 0/00000000 Sep 21 07:38:48.725899: | route owner of "road-eastnet"[1] 192.1.2.23 unrouted: NULL; eroute owner: NULL Sep 21 07:38:48.725902: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA2_256_128 Sep 21 07:38:48.725906: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12 Sep 21 07:38:48.725908: | st->st_esp.keymat_len=64 is encrypt_keymat_size=32 + integ_keymat_size=32 Sep 21 07:38:48.725912: | setting IPsec SA replay-window to 32 Sep 21 07:38:48.725915: | NIC esp-hw-offload not for connection 'road-eastnet' not available on interface eth0 Sep 21 07:38:48.725918: | netlink: enabling tunnel mode Sep 21 07:38:48.725921: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:38:48.725923: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:38:48.726154: | netlink response for Add SA esp.68364ac1@192.1.2.23 included non-error error Sep 21 07:38:48.726160: | set up outgoing SA, ref=0/0 Sep 21 07:38:48.726163: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA2_256_128 Sep 21 07:38:48.726166: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12 Sep 21 07:38:48.726171: | st->st_esp.keymat_len=64 is encrypt_keymat_size=32 + integ_keymat_size=32 Sep 21 07:38:48.726175: | setting IPsec SA replay-window to 32 Sep 21 07:38:48.726178: | NIC esp-hw-offload not for connection 'road-eastnet' not available on interface eth0 Sep 21 07:38:48.726181: | netlink: enabling tunnel mode Sep 21 07:38:48.726183: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:38:48.726185: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:38:48.726343: | netlink response for Add SA esp.5b01cf2e@192.1.3.209 included non-error error Sep 21 07:38:48.726350: | priority calculation of connection "road-eastnet" is 0xfdfe7 Sep 21 07:38:48.726357: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.10/32:0 => tun.10000@192.1.3.209 (raw_eroute) Sep 21 07:38:48.726361: | IPsec Sa SPD priority set to 1040359 Sep 21 07:38:48.726600: | raw_eroute result=success Sep 21 07:38:48.726605: | set up incoming SA, ref=0/0 Sep 21 07:38:48.726608: | sr for #2: unrouted Sep 21 07:38:48.726611: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:38:48.726613: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:38:48.726616: | conn road-eastnet mark 0/00000000, 0/00000000 vs Sep 21 07:38:48.726619: | conn road-eastnet mark 0/00000000, 0/00000000 Sep 21 07:38:48.726622: | conn road-eastnet mark 0/00000000, 0/00000000 vs Sep 21 07:38:48.726624: | conn road-eastnet mark 0/00000000, 0/00000000 Sep 21 07:38:48.726629: | route owner of "road-eastnet"[1] 192.1.2.23 unrouted: NULL; eroute owner: NULL Sep 21 07:38:48.726632: | route_and_eroute with c: road-eastnet (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:38:48.726636: | priority calculation of connection "road-eastnet" is 0xfdfe7 Sep 21 07:38:48.726643: | eroute_connection add eroute 192.0.3.10/32:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:38:48.726646: | IPsec Sa SPD priority set to 1040359 Sep 21 07:38:48.726761: | raw_eroute result=success Sep 21 07:38:48.726767: | running updown command "ipsec _updown" for verb up Sep 21 07:38:48.726770: | command executing up-client Sep 21 07:38:48.726819: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIG Sep 21 07:38:48.726825: | popen cmd is 1106 chars long Sep 21 07:38:48.726828: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO: Sep 21 07:38:48.726830: | cmd( 80):_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.209' PLUTO_MY_ID: Sep 21 07:38:48.726833: | cmd( 160):='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' : Sep 21 07:38:48.726835: | cmd( 240):PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' P: Sep 21 07:38:48.726838: | cmd( 320):LUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=: Sep 21 07:38:48.726843: | cmd( 400):'192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' : Sep 21 07:38:48.726848: | cmd( 480):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Sep 21 07:38:48.726855: | cmd( 560):0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PS: Sep 21 07:38:48.726860: | cmd( 640):K+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_A: Sep 21 07:38:48.726864: | cmd( 720):LLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' X: Sep 21 07:38:48.726866: | cmd( 800):AUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: Sep 21 07:38:48.726869: | cmd( 880):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : Sep 21 07:38:48.726871: | cmd( 960):PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: Sep 21 07:38:48.726874: | cmd(1040):HARED='no' SPI_IN=0x68364ac1 SPI_OUT=0x5b01cf2e ipsec _updown 2>&1: Sep 21 07:38:48.859465: | route_and_eroute: firewall_notified: true Sep 21 07:38:48.859479: | running updown command "ipsec _updown" for verb prepare Sep 21 07:38:48.859482: | command executing prepare-client Sep 21 07:38:48.859516: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO Sep 21 07:38:48.859519: | popen cmd is 1111 chars long Sep 21 07:38:48.859522: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' : Sep 21 07:38:48.859525: | cmd( 80):PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.209' PLUTO_: Sep 21 07:38:48.859527: | cmd( 160):MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3: Sep 21 07:38:48.859530: | cmd( 240):.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL=: Sep 21 07:38:48.859532: | cmd( 320):'0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEE: Sep 21 07:38:48.859535: | cmd( 400):R_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Sep 21 07:38:48.859537: | cmd( 480):2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Sep 21 07:38:48.859540: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC: Sep 21 07:38:48.859542: | cmd( 640):Y='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_F: Sep 21 07:38:48.859545: | cmd( 720):RAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ip: Sep 21 07:38:48.859547: | cmd( 800):v4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_: Sep 21 07:38:48.859550: | cmd( 880):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: Sep 21 07:38:48.859552: | cmd( 960):='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' : Sep 21 07:38:48.859555: | cmd(1040):VTI_SHARED='no' SPI_IN=0x68364ac1 SPI_OUT=0x5b01cf2e ipsec _updown 2>&1: Sep 21 07:38:48.875913: | running updown command "ipsec _updown" for verb route Sep 21 07:38:48.875928: | command executing route-client Sep 21 07:38:48.875961: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_ Sep 21 07:38:48.875968: | popen cmd is 1109 chars long Sep 21 07:38:48.875971: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PL: Sep 21 07:38:48.875974: | cmd( 80):UTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.209' PLUTO_MY: Sep 21 07:38:48.875977: | cmd( 160):_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.1: Sep 21 07:38:48.875979: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Sep 21 07:38:48.875982: | cmd( 320):' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_: Sep 21 07:38:48.875984: | cmd( 400):ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.: Sep 21 07:38:48.875987: | cmd( 480):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Sep 21 07:38:48.875989: | cmd( 560):L='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=: Sep 21 07:38:48.875992: | cmd( 640):'PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRA: Sep 21 07:38:48.875994: | cmd( 720):G_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4: Sep 21 07:38:48.875997: | cmd( 800):' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PE: Sep 21 07:38:48.875999: | cmd( 880):ER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER=': Sep 21 07:38:48.876002: | cmd( 960):0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VT: Sep 21 07:38:48.876004: | cmd(1040):I_SHARED='no' SPI_IN=0x68364ac1 SPI_OUT=0x5b01cf2e ipsec _updown 2>&1: Sep 21 07:38:48.914576: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:48.914597: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:48.914602: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:48.914608: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:48.914645: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:48.914688: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:48.914726: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:48.914760: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:48.914799: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:48.914880: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:48.914891: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:48.914896: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:48.914901: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:48.914910: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:48.914915: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:48.914919: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:48.914925: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:48.914932: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:48.914946: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:48.914957: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:48.914970: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:48.914984: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:48.914997: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:48.915448: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:48.915459: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:48.915484: "road-eastnet"[1] 192.1.2.23 #2: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:48.951383: | route_and_eroute: instance "road-eastnet"[1] 192.1.2.23, setting eroute_owner {spd=0x563b6ea65590,sr=0x563b6ea65590} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:38:48.951751: | #1 spent 1.3 milliseconds in install_ipsec_sa() Sep 21 07:38:48.951760: | inR2: instance road-eastnet[1], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:38:48.951763: | state #2 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:38:48.951766: | #2 STATE_PARENT_I2: retransmits: cleared Sep 21 07:38:48.951772: | libevent_free: release ptr-libevent@0x563b6ea67fa0 Sep 21 07:38:48.951775: | free_event_entry: release EVENT_RETRANSMIT-pe@0x563b6ea67ec0 Sep 21 07:38:48.951781: | #2 spent 2.06 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Sep 21 07:38:48.951794: | [RE]START processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:38:48.951800: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Sep 21 07:38:48.951804: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Sep 21 07:38:48.951808: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:38:48.951811: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:38:48.951817: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Sep 21 07:38:48.951822: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:38:48.951825: | pstats #2 ikev2.child established Sep 21 07:38:48.951834: "road-eastnet"[1] 192.1.2.23 #2: negotiated connection [192.0.3.10-192.0.3.10:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Sep 21 07:38:48.951847: | NAT-T: encaps is 'auto' Sep 21 07:38:48.951852: "road-eastnet"[1] 192.1.2.23 #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x68364ac1 <0x5b01cf2e xfrm=AES_CBC_256-HMAC_SHA2_256_128 NATOA=none NATD=none DPD=passive} Sep 21 07:38:48.951856: | releasing whack for #2 (sock=fd@25) Sep 21 07:38:48.951861: | close_any(fd@25) (in release_whack() at state.c:654) Sep 21 07:38:48.951863: | releasing whack and unpending for parent #1 Sep 21 07:38:48.951867: | unpending state #1 connection "road-eastnet"[1] 192.1.2.23 Sep 21 07:38:48.951877: | delete from pending Child SA with 192.1.2.23 "road-eastnet"[1] 192.1.2.23 Sep 21 07:38:48.951880: | removing pending policy for no connection {0x563b6ea157b0} Sep 21 07:38:48.951888: | close_any(fd@24) (in release_whack() at state.c:654) Sep 21 07:38:48.951892: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Sep 21 07:38:48.951896: | event_schedule: new EVENT_SA_REKEY-pe@0x563b6ea67ec0 Sep 21 07:38:48.951899: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Sep 21 07:38:48.951903: | libevent_malloc: new ptr-libevent@0x563b6ea67fa0 size 128 Sep 21 07:38:48.951910: | stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:38:48.951915: | #1 spent 2.48 milliseconds in ikev2_process_packet() Sep 21 07:38:48.951920: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:38:48.951923: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:38:48.951926: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:38:48.951930: | spent 2.49 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:38:48.951939: | kernel_process_msg_cb process netlink message Sep 21 07:38:48.951946: | netlink_get: XFRM_MSG_DELPOLICY message Sep 21 07:38:48.951948: | xfrm netlink address change RTM_NEWADDR msg len 76 Sep 21 07:38:48.951952: | XFRM RTM_NEWADDR 192.0.3.10 IFA_LOCAL Sep 21 07:38:48.951955: | FOR_EACH_STATE_... in record_newaddr (for_each_state) Sep 21 07:38:48.951961: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1572) Sep 21 07:38:48.951967: | stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1574) Sep 21 07:38:48.951972: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1572) Sep 21 07:38:48.951978: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1574) Sep 21 07:38:48.951981: | IKEv2 received address RTM_NEWADDR type 3 Sep 21 07:38:48.951983: | IKEv2 received address RTM_NEWADDR type 8 Sep 21 07:38:48.951985: | IKEv2 received address RTM_NEWADDR type 6 Sep 21 07:38:48.951989: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:38:48.951993: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:38:48.951998: | spent 0.0542 milliseconds in kernel message Sep 21 07:38:48.952004: | processing signal PLUTO_SIGCHLD Sep 21 07:38:48.952009: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:48.952013: | spent 0.00486 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:38:48.952016: | processing signal PLUTO_SIGCHLD Sep 21 07:38:48.952019: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:48.952022: | spent 0.00327 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:38:48.952024: | processing signal PLUTO_SIGCHLD Sep 21 07:38:48.952028: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:48.952031: | spent 0.00336 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:38:50.224180: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:38:50.224206: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:38:50.224210: | FOR_EACH_STATE_... in sort_states Sep 21 07:38:50.224220: | get_sa_info esp.5b01cf2e@192.1.3.209 Sep 21 07:38:50.224234: | get_sa_info esp.68364ac1@192.1.2.23 Sep 21 07:38:50.224254: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:38:50.224261: | spent 0.089 milliseconds in whack Sep 21 07:38:55.582120: | kernel_process_msg_cb process netlink message Sep 21 07:38:55.582136: | netlink_get: XFRM_MSG_UPDPOLICY message Sep 21 07:38:55.582141: | spent 0.00729 milliseconds in kernel message Sep 21 07:38:55.637217: | kernel_process_msg_cb process netlink message Sep 21 07:38:55.637255: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:38:55.637264: | spent 0.00986 milliseconds in kernel message Sep 21 07:38:55.690014: | kernel_process_msg_cb process netlink message Sep 21 07:38:55.690039: | netlink_get: XFRM_MSG_GETPOLICY message Sep 21 07:38:55.690043: | xfrm netlink address change RTM_DELADDR msg len 80 Sep 21 07:38:55.690049: | XFRM RTM_DELADDR 192.1.3.209 IFA_LOCAL Sep 21 07:38:55.690052: | FOR_EACH_STATE_... in record_deladdr (for_each_state) Sep 21 07:38:55.690061: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1572) Sep 21 07:38:55.690068: | stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1574) Sep 21 07:38:55.690074: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1572) Sep 21 07:38:55.690078: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:38:55.690081: | conn road-eastnet mark 0/00000000, 0/00000000 vs Sep 21 07:38:55.690084: | conn road-eastnet mark 0/00000000, 0/00000000 Sep 21 07:38:55.690087: | conn road-eastnet mark 0/00000000, 0/00000000 vs Sep 21 07:38:55.690090: | conn road-eastnet mark 0/00000000, 0/00000000 Sep 21 07:38:55.690095: | route owner of "road-eastnet"[1] 192.1.2.23 unrouted: NULL Sep 21 07:38:55.690098: | running updown command "ipsec _updown" for verb down Sep 21 07:38:55.690102: | command executing down-client Sep 21 07:38:55.690133: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051528' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PL Sep 21 07:38:55.690137: | popen cmd is 1117 chars long Sep 21 07:38:55.690140: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLU: Sep 21 07:38:55.690143: | cmd( 80):TO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.209' PLUTO_MY_: Sep 21 07:38:55.690146: | cmd( 160):ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10: Sep 21 07:38:55.690149: | cmd( 240):' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0': Sep 21 07:38:55.690151: | cmd( 320): PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_I: Sep 21 07:38:55.690154: | cmd( 400):D='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0: Sep 21 07:38:55.690157: | cmd( 480):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Sep 21 07:38:55.690159: | cmd( 560):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051528' PLUTO_CONN: Sep 21 07:38:55.690162: | cmd( 640):_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK: Sep 21 07:38:55.690165: | cmd( 720):+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMI: Sep 21 07:38:55.690167: | cmd( 800):LY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' : Sep 21 07:38:55.690170: | cmd( 880):PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_: Sep 21 07:38:55.690172: | cmd( 960):SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING: Sep 21 07:38:55.690178: | cmd(1040):='no' VTI_SHARED='no' SPI_IN=0x68364ac1 SPI_OUT=0x5b01cf2e ipsec _updown 2>&1: Sep 21 07:38:55.725003: "road-eastnet"[1] 192.1.2.23 #1: down-client output: restoring resolvconf Sep 21 07:38:55.725019: "road-eastnet"[1] 192.1.2.23 #1: down-client output: Problem in restoring the resolv.conf, as there is no backup file Sep 21 07:38:55.725353: | running updown command "ipsec _updown" for verb unroute Sep 21 07:38:55.725361: | command executing unroute-client Sep 21 07:38:55.725395: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051528' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT= Sep 21 07:38:55.725398: | popen cmd is 1120 chars long Sep 21 07:38:55.725402: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' : Sep 21 07:38:55.725405: | cmd( 80):PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.209' PLUTO_: Sep 21 07:38:55.725408: | cmd( 160):MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3: Sep 21 07:38:55.725410: | cmd( 240):.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL=: Sep 21 07:38:55.725413: | cmd( 320):'0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEE: Sep 21 07:38:55.725416: | cmd( 400):R_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Sep 21 07:38:55.725418: | cmd( 480):2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Sep 21 07:38:55.725421: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051528' PLUTO_C: Sep 21 07:38:55.725424: | cmd( 640):ONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TR: Sep 21 07:38:55.725427: | cmd( 720):ACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRF: Sep 21 07:38:55.725430: | cmd( 800):AMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO=': Sep 21 07:38:55.725432: | cmd( 880):0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_C: Sep 21 07:38:55.725435: | cmd( 960):FG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUT: Sep 21 07:38:55.725438: | cmd(1040):ING='no' VTI_SHARED='no' SPI_IN=0x68364ac1 SPI_OUT=0x5b01cf2e ipsec _updown 2>&1: Sep 21 07:38:55.737947: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.737964: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.737970: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.737982: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.737999: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.738009: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.738026: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.738037: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.738052: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.738066: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.738079: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.738094: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.738108: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.738122: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.738172: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.738178: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.738183: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.738188: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.738202: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.738233: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.738635: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.738649: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.738662: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.751171: | event_schedule: new EVENT_v2_ADDR_CHANGE-pe@0x7fa6f0002b20 Sep 21 07:38:55.751183: | inserting event EVENT_v2_ADDR_CHANGE, timeout in 0 seconds for #1 Sep 21 07:38:55.751186: | libevent_malloc: new ptr-libevent@0x563b6ea6d1c0 size 128 Sep 21 07:38:55.751195: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1574) Sep 21 07:38:55.751198: | IKEv2 received address RTM_DELADDR type 3 Sep 21 07:38:55.751199: | IKEv2 received address RTM_DELADDR type 8 Sep 21 07:38:55.751201: | IKEv2 received address RTM_DELADDR type 6 Sep 21 07:38:55.751207: | netlink_get: XFRM_MSG_UPDPOLICY message Sep 21 07:38:55.751209: | netlink_get: XFRM_MSG_UPDPOLICY message Sep 21 07:38:55.751211: | netlink_get: XFRM_MSG_UPDPOLICY message Sep 21 07:38:55.751214: | netlink_get: XFRM_MSG_UPDPOLICY message Sep 21 07:38:55.751216: | netlink_get: XFRM_MSG_UPDPOLICY message Sep 21 07:38:55.751219: | netlink_get: XFRM_MSG_GETPOLICY message Sep 21 07:38:55.751220: | xfrm netlink address change RTM_DELADDR msg len 76 Sep 21 07:38:55.751223: | XFRM RTM_DELADDR 192.0.3.10 IFA_LOCAL Sep 21 07:38:55.751225: | FOR_EACH_STATE_... in record_deladdr (for_each_state) Sep 21 07:38:55.751229: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1572) Sep 21 07:38:55.751232: | stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1574) Sep 21 07:38:55.751235: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1572) Sep 21 07:38:55.751238: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1574) Sep 21 07:38:55.751240: | IKEv2 received address RTM_DELADDR type 3 Sep 21 07:38:55.751241: | IKEv2 received address RTM_DELADDR type 8 Sep 21 07:38:55.751243: | IKEv2 received address RTM_DELADDR type 6 Sep 21 07:38:55.751245: | netlink_get: XFRM_MSG_UPDPOLICY message Sep 21 07:38:55.751251: | spent 0.729 milliseconds in kernel message Sep 21 07:38:55.751263: | timer_event_cb: processing event@0x7fa6f0002b20 Sep 21 07:38:55.751265: | handling event EVENT_v2_ADDR_CHANGE for parent state #1 Sep 21 07:38:55.751269: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:38:55.751271: | #1 IKEv2 local address change Sep 21 07:38:55.751473: | #1 MOBIKE new source address 192.1.33.222 remote 192.1.2.23:500 and gateway 192.1.33.254 Sep 21 07:38:55.751479: | Opening output PBS mobike informational request Sep 21 07:38:55.751482: | **emit ISAKMP Message: Sep 21 07:38:55.751485: | initiator cookie: Sep 21 07:38:55.751487: | f2 5c 15 dd 35 85 91 5e Sep 21 07:38:55.751488: | responder cookie: Sep 21 07:38:55.751490: | fe 60 0c d8 30 87 30 93 Sep 21 07:38:55.751492: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:38:55.751494: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:38:55.751496: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:38:55.751497: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:38:55.751499: | Message ID: 2 (0x2) Sep 21 07:38:55.751501: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:38:55.751503: | ***emit IKEv2 Encryption Payload: Sep 21 07:38:55.751505: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:55.751507: | flags: none (0x0) Sep 21 07:38:55.751509: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:38:55.751511: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'mobike informational request' Sep 21 07:38:55.751513: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:38:55.751520: | Adding a v2N Payload Sep 21 07:38:55.751522: | ****emit IKEv2 Notify Payload: Sep 21 07:38:55.751523: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:55.751525: | flags: none (0x0) Sep 21 07:38:55.751526: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:55.751528: | SPI size: 0 (0x0) Sep 21 07:38:55.751529: | Notify Message Type: v2N_UPDATE_SA_ADDRESSES (0x4010) Sep 21 07:38:55.751531: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:38:55.751533: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Sep 21 07:38:55.751535: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:38:55.751537: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:38:55.751548: | natd_hash: hasher=0x563b6d1147a0(20) Sep 21 07:38:55.751550: | natd_hash: icookie= f2 5c 15 dd 35 85 91 5e Sep 21 07:38:55.751552: | natd_hash: rcookie= fe 60 0c d8 30 87 30 93 Sep 21 07:38:55.751553: | natd_hash: ip= c0 01 21 de Sep 21 07:38:55.751554: | natd_hash: port= 01 f4 Sep 21 07:38:55.751556: | natd_hash: hash= 47 81 bd 4f 23 d2 a8 fd 36 e9 18 b0 b9 83 04 50 Sep 21 07:38:55.751557: | natd_hash: hash= 5b 21 62 de Sep 21 07:38:55.751559: | Adding a v2N Payload Sep 21 07:38:55.751560: | ****emit IKEv2 Notify Payload: Sep 21 07:38:55.751562: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:55.751563: | flags: none (0x0) Sep 21 07:38:55.751565: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:55.751566: | SPI size: 0 (0x0) Sep 21 07:38:55.751567: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:38:55.751569: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:38:55.751571: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Sep 21 07:38:55.751573: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:38:55.751574: | Notify data 47 81 bd 4f 23 d2 a8 fd 36 e9 18 b0 b9 83 04 50 Sep 21 07:38:55.751579: | Notify data 5b 21 62 de Sep 21 07:38:55.751581: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:38:55.751585: | natd_hash: hasher=0x563b6d1147a0(20) Sep 21 07:38:55.751586: | natd_hash: icookie= f2 5c 15 dd 35 85 91 5e Sep 21 07:38:55.751587: | natd_hash: rcookie= fe 60 0c d8 30 87 30 93 Sep 21 07:38:55.751589: | natd_hash: ip= c0 01 02 17 Sep 21 07:38:55.751590: | natd_hash: port= 01 f4 Sep 21 07:38:55.751592: | natd_hash: hash= 3b e1 f8 77 11 a9 4e 53 c6 d4 c3 38 94 20 a9 75 Sep 21 07:38:55.751593: | natd_hash: hash= a9 86 3e 15 Sep 21 07:38:55.751594: | Adding a v2N Payload Sep 21 07:38:55.751596: | ****emit IKEv2 Notify Payload: Sep 21 07:38:55.751597: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:55.751598: | flags: none (0x0) Sep 21 07:38:55.751600: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:55.751601: | SPI size: 0 (0x0) Sep 21 07:38:55.751603: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:38:55.751605: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:38:55.751606: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Sep 21 07:38:55.751608: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:38:55.751609: | Notify data 3b e1 f8 77 11 a9 4e 53 c6 d4 c3 38 94 20 a9 75 Sep 21 07:38:55.751611: | Notify data a9 86 3e 15 Sep 21 07:38:55.751612: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:38:55.751614: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:38:55.751616: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:38:55.751618: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:38:55.751620: | emitting length of IKEv2 Encryption Payload: 93 Sep 21 07:38:55.751621: | emitting length of ISAKMP Message: 121 Sep 21 07:38:55.751632: | sending 121 bytes for mobike informational request through eth0 from 192.1.33.222:500 to 192.1.2.23:500 (using #1) Sep 21 07:38:55.751634: | f2 5c 15 dd 35 85 91 5e fe 60 0c d8 30 87 30 93 Sep 21 07:38:55.751635: | 2e 20 25 08 00 00 00 02 00 00 00 79 29 00 00 5d Sep 21 07:38:55.751637: | ce f6 6f 96 3c f3 ad 5c 66 0f c3 85 5d 4d 9d 73 Sep 21 07:38:55.751638: | 1d 5e f8 17 ca ec d3 97 c4 ec cb 7b 5f 92 aa 12 Sep 21 07:38:55.751639: | 60 1e fe 1e 9a 96 52 21 cb f7 41 98 39 00 c0 ea Sep 21 07:38:55.751641: | 0a 82 d7 13 b3 99 e4 e9 d9 bf 5a bb 8e f3 b0 22 Sep 21 07:38:55.751642: | c0 36 fb 73 f8 93 f5 0f ff e0 d9 ba 54 12 ae b3 Sep 21 07:38:55.751643: | 64 e6 49 b8 ed 04 19 37 89 Sep 21 07:38:55.751713: | Message ID: #1 XXX: in initiate_mobike_probe() hacking around record'n'send bypassing send queue; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:38:55.751719: | Message ID: sent #1 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->2 wip.responder=-1 Sep 21 07:38:55.751724: | libevent_free: release ptr-libevent@0x563b6ea6d1c0 Sep 21 07:38:55.751726: | free_event_entry: release EVENT_v2_ADDR_CHANGE-pe@0x7fa6f0002b20 Sep 21 07:38:55.751731: | #1 spent 0.42 milliseconds in timer_event_cb() EVENT_v2_ADDR_CHANGE Sep 21 07:38:55.751737: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:38:55.751740: | processing signal PLUTO_SIGCHLD Sep 21 07:38:55.751746: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:55.751750: | spent 0.00523 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:38:55.751752: | processing signal PLUTO_SIGCHLD Sep 21 07:38:55.751755: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:55.751759: | spent 0.00336 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:38:55.752248: | spent 0.00217 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:38:55.752272: | *received 113 bytes from 192.1.2.23:500 on eth0 (192.1.33.222:500) Sep 21 07:38:55.752276: | f2 5c 15 dd 35 85 91 5e fe 60 0c d8 30 87 30 93 Sep 21 07:38:55.752278: | 2e 20 25 20 00 00 00 02 00 00 00 71 29 00 00 55 Sep 21 07:38:55.752280: | 7e 42 ef 53 08 f4 0d b4 b7 9c 17 c7 40 d7 b2 f2 Sep 21 07:38:55.752283: | 75 d3 ad f3 59 ce cd 31 fc f1 15 00 68 2d b6 9d Sep 21 07:38:55.752285: | 1e cf 17 73 75 dc 9a 00 b8 29 d2 16 d9 1d 90 42 Sep 21 07:38:55.752287: | 28 66 8c c2 9b a2 8e a3 7f 08 75 9e da 46 5f 41 Sep 21 07:38:55.752289: | eb 94 9a 7a 5a f3 e8 32 7f 97 e4 b4 ec e8 cb 3a Sep 21 07:38:55.752291: | c5 Sep 21 07:38:55.752296: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:38:55.752299: | **parse ISAKMP Message: Sep 21 07:38:55.752301: | initiator cookie: Sep 21 07:38:55.752303: | f2 5c 15 dd 35 85 91 5e Sep 21 07:38:55.752306: | responder cookie: Sep 21 07:38:55.752308: | fe 60 0c d8 30 87 30 93 Sep 21 07:38:55.752310: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:38:55.752326: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:38:55.752328: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:38:55.752331: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:38:55.752333: | Message ID: 2 (0x2) Sep 21 07:38:55.752335: | length: 113 (0x71) Sep 21 07:38:55.752338: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:38:55.752341: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response Sep 21 07:38:55.752345: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:38:55.752352: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:38:55.752358: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:38:55.752360: | #1 is idle Sep 21 07:38:55.752362: | #1 idle Sep 21 07:38:55.752364: | unpacking clear payload Sep 21 07:38:55.752366: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:38:55.752369: | ***parse IKEv2 Encryption Payload: Sep 21 07:38:55.752371: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:38:55.752374: | flags: none (0x0) Sep 21 07:38:55.752376: | length: 85 (0x55) Sep 21 07:38:55.752378: | processing payload: ISAKMP_NEXT_v2SK (len=81) Sep 21 07:38:55.752381: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:38:55.752392: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:38:55.752395: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:38:55.752398: | **parse IKEv2 Notify Payload: Sep 21 07:38:55.752400: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:38:55.752402: | flags: none (0x0) Sep 21 07:38:55.752404: | length: 28 (0x1c) Sep 21 07:38:55.752407: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:55.752409: | SPI size: 0 (0x0) Sep 21 07:38:55.752411: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:38:55.752414: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:38:55.752416: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:38:55.752418: | **parse IKEv2 Notify Payload: Sep 21 07:38:55.752421: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:55.752423: | flags: none (0x0) Sep 21 07:38:55.752425: | length: 28 (0x1c) Sep 21 07:38:55.752427: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:55.752429: | SPI size: 0 (0x0) Sep 21 07:38:55.752432: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:38:55.752434: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:38:55.752436: | selected state microcode I3: Informational Request Sep 21 07:38:55.752439: | Now let's proceed with state specific processing Sep 21 07:38:55.752441: | calling processor I3: Informational Request Sep 21 07:38:55.752446: | an informational response Sep 21 07:38:55.752449: | TODO: process v2N_NAT_DETECTION_SOURCE_IP in MOBIKE response Sep 21 07:38:55.752451: | TODO: process v2N_NAT_DETECTION_DESTINATION_IP in MOBIKE response Sep 21 07:38:55.752456: | #2 pst=#1 MOBIKE update local address 192.1.3.209:500 -> 192.1.33.222:500 Sep 21 07:38:55.752462: | initiator migrate kernel SA esp.68364ac1@192.1.3.209:500 to 192.1.33.222:500 reqid=16393 XFRM_OUT Sep 21 07:38:55.752505: | initiator migrate kernel SA esp.5b01cf2e@192.1.3.209:500 to 192.1.33.222:500 reqid=16393 XFRM_IN Sep 21 07:38:55.752549: | initiator migrate kernel SA esp.5b01cf2e@192.1.3.209:500 to 192.1.33.222:500 reqid=16393 XFRM_FWD Sep 21 07:38:55.752564: "road-eastnet"[1] 192.1.2.23 #1: success MOBIKE update local address 192.1.3.209:500 -> 192.1.33.222:500 Sep 21 07:38:55.752570: | connect_to_host_pair: 192.1.33.222:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:38:55.752572: | new hp@0x563b6ea682d0 Sep 21 07:38:55.752579: | running updown command "ipsec _updown" for verb up Sep 21 07:38:55.752582: | command executing up-client Sep 21 07:38:55.752612: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.33.254' PLUTO_ME='192.1.33.222' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051528' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLU Sep 21 07:38:55.752615: | popen cmd is 1118 chars long Sep 21 07:38:55.752618: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO: Sep 21 07:38:55.752621: | cmd( 80):_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.33.254' PLUTO_ME='192.1.33.222' PLUTO_MY: Sep 21 07:38:55.752623: | cmd( 160):_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.1: Sep 21 07:38:55.752626: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Sep 21 07:38:55.752628: | cmd( 320):' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_: Sep 21 07:38:55.752630: | cmd( 400):ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.: Sep 21 07:38:55.752633: | cmd( 480):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Sep 21 07:38:55.752636: | cmd( 560):L='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051528' PLUTO_CON: Sep 21 07:38:55.752638: | cmd( 640):N_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRAC: Sep 21 07:38:55.752640: | cmd( 720):K+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAM: Sep 21 07:38:55.752643: | cmd( 800):ILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0': Sep 21 07:38:55.752645: | cmd( 880): PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG: Sep 21 07:38:55.752648: | cmd( 960):_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTIN: Sep 21 07:38:55.752650: | cmd(1040):G='no' VTI_SHARED='no' SPI_IN=0x68364ac1 SPI_OUT=0x5b01cf2e ipsec _updown 2>&1: Sep 21 07:38:55.781418: | running updown command "ipsec _updown" for verb route Sep 21 07:38:55.781444: | command executing route-client Sep 21 07:38:55.781465: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.33.254' PLUTO_ME='192.1.33.222' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051528' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=' Sep 21 07:38:55.781470: | popen cmd is 1121 chars long Sep 21 07:38:55.781472: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PL: Sep 21 07:38:55.781474: | cmd( 80):UTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.33.254' PLUTO_ME='192.1.33.222' PLUTO: Sep 21 07:38:55.781475: | cmd( 160):_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.: Sep 21 07:38:55.781477: | cmd( 240):3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL: Sep 21 07:38:55.781478: | cmd( 320):='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PE: Sep 21 07:38:55.781480: | cmd( 400):ER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0: Sep 21 07:38:55.781481: | cmd( 480):.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROT: Sep 21 07:38:55.781483: | cmd( 560):OCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051528' PLUTO_: Sep 21 07:38:55.781484: | cmd( 640):CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_T: Sep 21 07:38:55.781486: | cmd( 720):RACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDR: Sep 21 07:38:55.781487: | cmd( 800):FAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO=: Sep 21 07:38:55.781489: | cmd( 880):'0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_: Sep 21 07:38:55.781490: | cmd( 960):CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROU: Sep 21 07:38:55.781492: | cmd(1040):TING='no' VTI_SHARED='no' SPI_IN=0x68364ac1 SPI_OUT=0x5b01cf2e ipsec _updown 2>&: Sep 21 07:38:55.781493: | cmd(1120):1: Sep 21 07:38:55.790817: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.790830: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.790833: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.790836: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.790838: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.790840: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.790842: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.790866: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.790931: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.790938: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.790941: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.790944: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.790949: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.790971: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.790979: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.790992: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.790997: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.791006: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.791015: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.791024: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.791287: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.791298: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.791306: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:55.796194: | #1 updating local interface from 192.1.33.222:500 to 192.1.33.222:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:38:55.796205: "road-eastnet"[1] 192.1.2.23 #1: MOBIKE response: updating IPsec SA Sep 21 07:38:55.796207: | Received an INFORMATIONAL non-delete request; updating liveness, no longer pending. Sep 21 07:38:55.796215: | #1 spent 0.634 milliseconds in processing: I3: Informational Request in ikev2_process_state_packet() Sep 21 07:38:55.796219: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:38:55.796222: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:38:55.796224: | Message ID: updating counters for #1 to 2 after switching state Sep 21 07:38:55.796227: | Message ID: recv #1 response 2; ike: initiator.sent=2 initiator.recv=1->2 responder.sent=-1 responder.recv=-1 wip.initiator=2->-1 wip.responder=-1 Sep 21 07:38:55.796230: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:38:55.796232: | STATE_PARENT_I3: PARENT SA established Sep 21 07:38:55.796235: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:38:55.796238: | #1 spent 0.842 milliseconds in ikev2_process_packet() Sep 21 07:38:55.796241: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:38:55.796243: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:38:55.796245: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:38:55.796248: | spent 0.852 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:38:55.796256: | kernel_process_msg_cb process netlink message Sep 21 07:38:55.796262: | netlink_get: XFRM_MSG_DELPOLICY message Sep 21 07:38:55.796263: | xfrm netlink address change RTM_NEWADDR msg len 76 Sep 21 07:38:55.796266: | XFRM RTM_NEWADDR 192.0.3.10 IFA_LOCAL Sep 21 07:38:55.796268: | FOR_EACH_STATE_... in record_newaddr (for_each_state) Sep 21 07:38:55.796271: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1572) Sep 21 07:38:55.796274: | stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1574) Sep 21 07:38:55.796277: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1572) Sep 21 07:38:55.796280: | event_schedule: new EVENT_v2_ADDR_CHANGE-pe@0x7fa6f0002b20 Sep 21 07:38:55.796285: | inserting event EVENT_v2_ADDR_CHANGE, timeout in 3 seconds for #1 Sep 21 07:38:55.796288: | libevent_malloc: new ptr-libevent@0x563b6ea6d1c0 size 128 Sep 21 07:38:55.796291: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1574) Sep 21 07:38:55.796293: | IKEv2 received address RTM_NEWADDR type 3 Sep 21 07:38:55.796294: | IKEv2 received address RTM_NEWADDR type 8 Sep 21 07:38:55.796296: | IKEv2 received address RTM_NEWADDR type 6 Sep 21 07:38:55.796299: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:38:55.796301: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:38:55.796304: | spent 0.045 milliseconds in kernel message Sep 21 07:38:55.796308: | processing signal PLUTO_SIGCHLD Sep 21 07:38:55.796312: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:55.796314: | spent 0.00363 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:38:55.796316: | processing signal PLUTO_SIGCHLD Sep 21 07:38:55.796318: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:55.796320: | spent 0.00219 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:38:58.798815: | timer_event_cb: processing event@0x7fa6f0002b20 Sep 21 07:38:58.798829: | handling event EVENT_v2_ADDR_CHANGE for parent state #1 Sep 21 07:38:58.798851: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:38:58.798869: | #1 IKEv2 local address change Sep 21 07:38:58.799082: | #1 MOBIKE new source address 192.1.33.222 remote 192.1.2.23:500 and gateway 192.1.33.254 Sep 21 07:38:58.799087: | Opening output PBS mobike informational request Sep 21 07:38:58.799090: | **emit ISAKMP Message: Sep 21 07:38:58.799094: | initiator cookie: Sep 21 07:38:58.799096: | f2 5c 15 dd 35 85 91 5e Sep 21 07:38:58.799099: | responder cookie: Sep 21 07:38:58.799101: | fe 60 0c d8 30 87 30 93 Sep 21 07:38:58.799104: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:38:58.799107: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:38:58.799110: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:38:58.799113: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:38:58.799116: | Message ID: 3 (0x3) Sep 21 07:38:58.799119: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:38:58.799122: | ***emit IKEv2 Encryption Payload: Sep 21 07:38:58.799125: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:58.799128: | flags: none (0x0) Sep 21 07:38:58.799131: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:38:58.799134: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'mobike informational request' Sep 21 07:38:58.799137: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:38:58.799145: | Adding a v2N Payload Sep 21 07:38:58.799148: | ****emit IKEv2 Notify Payload: Sep 21 07:38:58.799151: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:58.799153: | flags: none (0x0) Sep 21 07:38:58.799156: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:58.799158: | SPI size: 0 (0x0) Sep 21 07:38:58.799161: | Notify Message Type: v2N_UPDATE_SA_ADDRESSES (0x4010) Sep 21 07:38:58.799164: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:38:58.799167: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Sep 21 07:38:58.799170: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:38:58.799173: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:38:58.799187: | natd_hash: hasher=0x563b6d1147a0(20) Sep 21 07:38:58.799190: | natd_hash: icookie= f2 5c 15 dd 35 85 91 5e Sep 21 07:38:58.799193: | natd_hash: rcookie= fe 60 0c d8 30 87 30 93 Sep 21 07:38:58.799195: | natd_hash: ip= c0 01 21 de Sep 21 07:38:58.799200: | natd_hash: port= 01 f4 Sep 21 07:38:58.799203: | natd_hash: hash= 47 81 bd 4f 23 d2 a8 fd 36 e9 18 b0 b9 83 04 50 Sep 21 07:38:58.799205: | natd_hash: hash= 5b 21 62 de Sep 21 07:38:58.799207: | Adding a v2N Payload Sep 21 07:38:58.799210: | ****emit IKEv2 Notify Payload: Sep 21 07:38:58.799213: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:58.799215: | flags: none (0x0) Sep 21 07:38:58.799218: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:58.799220: | SPI size: 0 (0x0) Sep 21 07:38:58.799223: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:38:58.799226: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:38:58.799229: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Sep 21 07:38:58.799232: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:38:58.799235: | Notify data 47 81 bd 4f 23 d2 a8 fd 36 e9 18 b0 b9 83 04 50 Sep 21 07:38:58.799237: | Notify data 5b 21 62 de Sep 21 07:38:58.799239: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:38:58.799245: | natd_hash: hasher=0x563b6d1147a0(20) Sep 21 07:38:58.799248: | natd_hash: icookie= f2 5c 15 dd 35 85 91 5e Sep 21 07:38:58.799251: | natd_hash: rcookie= fe 60 0c d8 30 87 30 93 Sep 21 07:38:58.799253: | natd_hash: ip= c0 01 02 17 Sep 21 07:38:58.799255: | natd_hash: port= 01 f4 Sep 21 07:38:58.799258: | natd_hash: hash= 3b e1 f8 77 11 a9 4e 53 c6 d4 c3 38 94 20 a9 75 Sep 21 07:38:58.799260: | natd_hash: hash= a9 86 3e 15 Sep 21 07:38:58.799263: | Adding a v2N Payload Sep 21 07:38:58.799265: | ****emit IKEv2 Notify Payload: Sep 21 07:38:58.799268: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:58.799270: | flags: none (0x0) Sep 21 07:38:58.799273: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:58.799275: | SPI size: 0 (0x0) Sep 21 07:38:58.799278: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:38:58.799281: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:38:58.799284: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'mobike informational request' Sep 21 07:38:58.799287: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:38:58.799289: | Notify data 3b e1 f8 77 11 a9 4e 53 c6 d4 c3 38 94 20 a9 75 Sep 21 07:38:58.799292: | Notify data a9 86 3e 15 Sep 21 07:38:58.799294: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:38:58.799297: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:38:58.799301: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:38:58.799304: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:38:58.799307: | emitting length of IKEv2 Encryption Payload: 93 Sep 21 07:38:58.799309: | emitting length of ISAKMP Message: 121 Sep 21 07:38:58.799327: | sending 121 bytes for mobike informational request through eth0 from 192.1.33.222:500 to 192.1.2.23:500 (using #1) Sep 21 07:38:58.799330: | f2 5c 15 dd 35 85 91 5e fe 60 0c d8 30 87 30 93 Sep 21 07:38:58.799332: | 2e 20 25 08 00 00 00 03 00 00 00 79 29 00 00 5d Sep 21 07:38:58.799334: | 10 11 de e2 37 6b ab 23 3f 17 1f 2f 64 83 08 c4 Sep 21 07:38:58.799337: | 59 4a ef 54 c7 7d 16 06 71 84 80 6f 87 c0 20 8f Sep 21 07:38:58.799339: | ee ac 59 11 92 78 61 be d0 10 8f aa 37 1e 26 95 Sep 21 07:38:58.799342: | 98 a4 0c 49 e4 12 4f d5 d1 2f a9 2d 94 46 6d bb Sep 21 07:38:58.799344: | 37 64 3e 38 f2 6f 3f d3 ba 6e d4 b9 3e 00 3b 37 Sep 21 07:38:58.799346: | 87 63 fd 42 a5 c0 67 8a f0 Sep 21 07:38:58.799412: | Message ID: #1 XXX: in initiate_mobike_probe() hacking around record'n'send bypassing send queue; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:38:58.799420: | Message ID: sent #1 request 3; ike: initiator.sent=2->3 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1->3 wip.responder=-1 Sep 21 07:38:58.799424: | libevent_free: release ptr-libevent@0x563b6ea6d1c0 Sep 21 07:38:58.799428: | free_event_entry: release EVENT_v2_ADDR_CHANGE-pe@0x7fa6f0002b20 Sep 21 07:38:58.799435: | #1 spent 0.593 milliseconds in timer_event_cb() EVENT_v2_ADDR_CHANGE Sep 21 07:38:58.799441: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:38:58.799775: | spent 0.00193 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:38:58.799790: | *received 113 bytes from 192.1.2.23:500 on eth0 (192.1.33.222:500) Sep 21 07:38:58.799795: | f2 5c 15 dd 35 85 91 5e fe 60 0c d8 30 87 30 93 Sep 21 07:38:58.799798: | 2e 20 25 20 00 00 00 03 00 00 00 71 29 00 00 55 Sep 21 07:38:58.799800: | b0 11 13 d2 73 ee 3d ca 80 5f 9b 17 42 d2 d5 99 Sep 21 07:38:58.799802: | c0 0d e7 3a 06 f8 f8 fc eb cb 10 97 8e 0e ab 6c Sep 21 07:38:58.799805: | c1 98 df 92 de 22 f0 a9 00 60 86 3f 6e d4 fe 0c Sep 21 07:38:58.799807: | 45 8c eb ea ff cb 9d 02 48 b6 97 86 18 48 ed 7f Sep 21 07:38:58.799809: | 4a 3d 72 6d c4 86 a9 d6 d9 73 eb c9 33 d4 9a 36 Sep 21 07:38:58.799811: | ea Sep 21 07:38:58.799815: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:38:58.799818: | **parse ISAKMP Message: Sep 21 07:38:58.799821: | initiator cookie: Sep 21 07:38:58.799823: | f2 5c 15 dd 35 85 91 5e Sep 21 07:38:58.799825: | responder cookie: Sep 21 07:38:58.799827: | fe 60 0c d8 30 87 30 93 Sep 21 07:38:58.799830: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:38:58.799832: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:38:58.799835: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:38:58.799837: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:38:58.799840: | Message ID: 3 (0x3) Sep 21 07:38:58.799855: | length: 113 (0x71) Sep 21 07:38:58.799858: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:38:58.799861: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL response Sep 21 07:38:58.799864: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:38:58.799871: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:38:58.799876: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:38:58.799878: | #1 is idle Sep 21 07:38:58.799880: | #1 idle Sep 21 07:38:58.799883: | unpacking clear payload Sep 21 07:38:58.799885: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:38:58.799887: | ***parse IKEv2 Encryption Payload: Sep 21 07:38:58.799890: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:38:58.799892: | flags: none (0x0) Sep 21 07:38:58.799894: | length: 85 (0x55) Sep 21 07:38:58.799897: | processing payload: ISAKMP_NEXT_v2SK (len=81) Sep 21 07:38:58.799899: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:38:58.799908: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:38:58.799911: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:38:58.799913: | **parse IKEv2 Notify Payload: Sep 21 07:38:58.799915: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:38:58.799918: | flags: none (0x0) Sep 21 07:38:58.799920: | length: 28 (0x1c) Sep 21 07:38:58.799922: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:58.799924: | SPI size: 0 (0x0) Sep 21 07:38:58.799927: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:38:58.799929: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:38:58.799931: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:38:58.799936: | **parse IKEv2 Notify Payload: Sep 21 07:38:58.799938: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:58.799941: | flags: none (0x0) Sep 21 07:38:58.799943: | length: 28 (0x1c) Sep 21 07:38:58.799945: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:58.799947: | SPI size: 0 (0x0) Sep 21 07:38:58.799949: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:38:58.799952: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:38:58.799954: | selected state microcode I3: Informational Request Sep 21 07:38:58.799956: | Now let's proceed with state specific processing Sep 21 07:38:58.799958: | calling processor I3: Informational Request Sep 21 07:38:58.799961: | an informational response Sep 21 07:38:58.799964: | TODO: process v2N_NAT_DETECTION_SOURCE_IP in MOBIKE response Sep 21 07:38:58.799966: | TODO: process v2N_NAT_DETECTION_DESTINATION_IP in MOBIKE response Sep 21 07:38:58.799972: | #2 pst=#1 MOBIKE update local address 192.1.33.222:500 -> 192.1.33.222:500 Sep 21 07:38:58.799978: | initiator migrate kernel SA esp.68364ac1@192.1.33.222:500 to 192.1.33.222:500 reqid=16393 XFRM_OUT Sep 21 07:38:58.800051: | initiator migrate kernel SA esp.5b01cf2e@192.1.33.222:500 to 192.1.33.222:500 reqid=16393 XFRM_IN Sep 21 07:38:58.800081: | initiator migrate kernel SA esp.5b01cf2e@192.1.33.222:500 to 192.1.33.222:500 reqid=16393 XFRM_FWD Sep 21 07:38:58.800106: "road-eastnet"[1] 192.1.2.23 #1: success MOBIKE update local address 192.1.33.222:500 -> 192.1.33.222:500 Sep 21 07:38:58.800110: | free hp@0x563b6ea682d0 Sep 21 07:38:58.800115: | connect_to_host_pair: 192.1.33.222:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:38:58.800117: | new hp@0x563b6e9a92b0 Sep 21 07:38:58.800120: | running updown command "ipsec _updown" for verb up Sep 21 07:38:58.800123: | command executing up-client Sep 21 07:38:58.800151: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.33.254' PLUTO_ME='192.1.33.222' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051528' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLU Sep 21 07:38:58.800155: | popen cmd is 1118 chars long Sep 21 07:38:58.800157: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO: Sep 21 07:38:58.800160: | cmd( 80):_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.33.254' PLUTO_ME='192.1.33.222' PLUTO_MY: Sep 21 07:38:58.800162: | cmd( 160):_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.1: Sep 21 07:38:58.800165: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0: Sep 21 07:38:58.800167: | cmd( 320):' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_: Sep 21 07:38:58.800170: | cmd( 400):ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.: Sep 21 07:38:58.800172: | cmd( 480):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Sep 21 07:38:58.800175: | cmd( 560):L='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051528' PLUTO_CON: Sep 21 07:38:58.800177: | cmd( 640):N_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRAC: Sep 21 07:38:58.800179: | cmd( 720):K+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAM: Sep 21 07:38:58.800184: | cmd( 800):ILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0': Sep 21 07:38:58.800186: | cmd( 880): PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG: Sep 21 07:38:58.800189: | cmd( 960):_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTIN: Sep 21 07:38:58.800191: | cmd(1040):G='no' VTI_SHARED='no' SPI_IN=0x68364ac1 SPI_OUT=0x5b01cf2e ipsec _updown 2>&1: Sep 21 07:38:58.826966: | running updown command "ipsec _updown" for verb route Sep 21 07:38:58.826981: | command executing route-client Sep 21 07:38:58.827002: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.33.254' PLUTO_ME='192.1.33.222' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051528' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=' Sep 21 07:38:58.827005: | popen cmd is 1121 chars long Sep 21 07:38:58.827007: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PL: Sep 21 07:38:58.827009: | cmd( 80):UTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.33.254' PLUTO_ME='192.1.33.222' PLUTO: Sep 21 07:38:58.827011: | cmd( 160):_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.: Sep 21 07:38:58.827013: | cmd( 240):3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL: Sep 21 07:38:58.827014: | cmd( 320):='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PE: Sep 21 07:38:58.827016: | cmd( 400):ER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0: Sep 21 07:38:58.827018: | cmd( 480):.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROT: Sep 21 07:38:58.827019: | cmd( 560):OCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051528' PLUTO_: Sep 21 07:38:58.827021: | cmd( 640):CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_T: Sep 21 07:38:58.827023: | cmd( 720):RACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDR: Sep 21 07:38:58.827024: | cmd( 800):FAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO=: Sep 21 07:38:58.827026: | cmd( 880):'0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_: Sep 21 07:38:58.827027: | cmd( 960):CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROU: Sep 21 07:38:58.827029: | cmd(1040):TING='no' VTI_SHARED='no' SPI_IN=0x68364ac1 SPI_OUT=0x5b01cf2e ipsec _updown 2>&: Sep 21 07:38:58.827031: | cmd(1120):1: Sep 21 07:38:58.841365: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:58.841381: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:58.841387: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:58.841398: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:58.841413: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:58.841425: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:58.841441: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:58.841454: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:58.841468: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:58.841480: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:58.841494: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:58.841508: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:58.841524: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:58.841537: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:58.841549: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:58.841562: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:58.841577: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:58.841590: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:58.841602: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:58.841616: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:58.841877: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:58.841888: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:58.841903: "road-eastnet"[1] 192.1.2.23 #1: route-client output: Error: Peer netns reference is invalid. Sep 21 07:38:58.847595: | #1 updating local interface from 192.1.33.222:500 to 192.1.33.222:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:38:58.847606: "road-eastnet"[1] 192.1.2.23 #1: MOBIKE response: updating IPsec SA Sep 21 07:38:58.847609: | Received an INFORMATIONAL non-delete request; updating liveness, no longer pending. Sep 21 07:38:58.847615: | #1 spent 0.672 milliseconds in processing: I3: Informational Request in ikev2_process_state_packet() Sep 21 07:38:58.847620: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:38:58.847622: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:38:58.847624: | Message ID: updating counters for #1 to 3 after switching state Sep 21 07:38:58.847628: | Message ID: recv #1 response 3; ike: initiator.sent=3 initiator.recv=2->3 responder.sent=-1 responder.recv=-1 wip.initiator=3->-1 wip.responder=-1 Sep 21 07:38:58.847631: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=3 initiator.recv=3 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:38:58.847633: | STATE_PARENT_I3: PARENT SA established Sep 21 07:38:58.847636: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:38:58.847639: | #1 spent 0.877 milliseconds in ikev2_process_packet() Sep 21 07:38:58.847642: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:38:58.847645: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:38:58.847646: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:38:58.847649: | spent 0.886 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:38:58.847658: | processing signal PLUTO_SIGCHLD Sep 21 07:38:58.847662: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:58.847667: | spent 0.00576 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:38:58.847668: | processing signal PLUTO_SIGCHLD Sep 21 07:38:58.847670: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:58.847673: | spent 0.00227 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:39:08.191053: | processing global timer EVENT_SHUNT_SCAN Sep 21 07:39:08.191099: | expiring aged bare shunts from shunt table Sep 21 07:39:08.191115: | spent 0.0133 milliseconds in global timer EVENT_SHUNT_SCAN Sep 21 07:39:10.709604: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:39:10.709672: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:39:10.709685: | FOR_EACH_STATE_... in sort_states Sep 21 07:39:10.709710: | get_sa_info esp.5b01cf2e@192.1.33.222 Sep 21 07:39:10.709756: | get_sa_info esp.68364ac1@192.1.2.23 Sep 21 07:39:10.709854: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:39:10.709884: | spent 0.29 milliseconds in whack Sep 21 07:39:11.093412: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:39:11.093895: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:39:11.093912: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:39:11.094189: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:39:11.094199: | FOR_EACH_STATE_... in sort_states Sep 21 07:39:11.094234: | get_sa_info esp.5b01cf2e@192.1.33.222 Sep 21 07:39:11.094272: | get_sa_info esp.68364ac1@192.1.2.23 Sep 21 07:39:11.094325: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:39:11.094341: | spent 0.931 milliseconds in whack Sep 21 07:39:11.220759: | kernel_process_msg_cb process netlink message Sep 21 07:39:11.220842: | netlink_get: XFRM_MSG_GETPOLICY message Sep 21 07:39:11.220859: | xfrm netlink address change RTM_DELADDR msg len 80 Sep 21 07:39:11.220874: | XFRM RTM_DELADDR 192.1.33.222 IFA_LOCAL Sep 21 07:39:11.220882: | FOR_EACH_STATE_... in record_deladdr (for_each_state) Sep 21 07:39:11.220904: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1572) Sep 21 07:39:11.220922: | stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1574) Sep 21 07:39:11.220939: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1572) Sep 21 07:39:11.220948: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:39:11.220958: | conn road-eastnet mark 0/00000000, 0/00000000 vs Sep 21 07:39:11.220966: | conn road-eastnet mark 0/00000000, 0/00000000 Sep 21 07:39:11.220974: | conn road-eastnet mark 0/00000000, 0/00000000 vs Sep 21 07:39:11.220981: | conn road-eastnet mark 0/00000000, 0/00000000 Sep 21 07:39:11.220994: | route owner of "road-eastnet"[1] 192.1.2.23 unrouted: NULL Sep 21 07:39:11.221003: | running updown command "ipsec _updown" for verb down Sep 21 07:39:11.221011: | command executing down-client Sep 21 07:39:11.221094: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.33.254' PLUTO_ME='192.1.33.222' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051528' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' Sep 21 07:39:11.221115: | popen cmd is 1120 chars long Sep 21 07:39:11.221125: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLU: Sep 21 07:39:11.221133: | cmd( 80):TO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.33.254' PLUTO_ME='192.1.33.222' PLUTO_: Sep 21 07:39:11.221141: | cmd( 160):MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3: Sep 21 07:39:11.221149: | cmd( 240):.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL=: Sep 21 07:39:11.221156: | cmd( 320):'0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEE: Sep 21 07:39:11.221163: | cmd( 400):R_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Sep 21 07:39:11.221171: | cmd( 480):2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Sep 21 07:39:11.221178: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051528' PLUTO_C: Sep 21 07:39:11.221186: | cmd( 640):ONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TR: Sep 21 07:39:11.221193: | cmd( 720):ACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRF: Sep 21 07:39:11.221201: | cmd( 800):AMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO=': Sep 21 07:39:11.221208: | cmd( 880):0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_C: Sep 21 07:39:11.221216: | cmd( 960):FG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUT: Sep 21 07:39:11.221223: | cmd(1040):ING='no' VTI_SHARED='no' SPI_IN=0x68364ac1 SPI_OUT=0x5b01cf2e ipsec _updown 2>&1: Sep 21 07:39:11.282322: "road-eastnet"[1] 192.1.2.23 #1: down-client output: restoring resolvconf Sep 21 07:39:11.282342: "road-eastnet"[1] 192.1.2.23 #1: down-client output: Problem in restoring the resolv.conf, as there is no backup file Sep 21 07:39:11.282704: | running updown command "ipsec _updown" for verb unroute Sep 21 07:39:11.282715: | command executing unroute-client Sep 21 07:39:11.282746: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.33.254' PLUTO_ME='192.1.33.222' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051528' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIE Sep 21 07:39:11.282750: | popen cmd is 1123 chars long Sep 21 07:39:11.282754: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' : Sep 21 07:39:11.282756: | cmd( 80):PLUTO_INTERFACE='eth0' PLUTO_NEXT_HOP='192.1.33.254' PLUTO_ME='192.1.33.222' PLU: Sep 21 07:39:11.282759: | cmd( 160):TO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32' PLUTO_MY_CLIENT_NET='192.: Sep 21 07:39:11.282762: | cmd( 240):0.3.10' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOC: Sep 21 07:39:11.282764: | cmd( 320):OL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_: Sep 21 07:39:11.282767: | cmd( 400):PEER_ID='192.1.2.23' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192: Sep 21 07:39:11.282769: | cmd( 480):.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PR: Sep 21 07:39:11.282776: | cmd( 560):OTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051528' PLUT: Sep 21 07:39:11.282779: | cmd( 640):O_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF: Sep 21 07:39:11.282781: | cmd( 720):_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_AD: Sep 21 07:39:11.282793: | cmd( 800):DRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISC: Sep 21 07:39:11.282799: | cmd( 880):O='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUT: Sep 21 07:39:11.282801: | cmd( 960):O_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_R: Sep 21 07:39:11.282804: | cmd(1040):OUTING='no' VTI_SHARED='no' SPI_IN=0x68364ac1 SPI_OUT=0x5b01cf2e ipsec _updown 2: Sep 21 07:39:11.282806: | cmd(1120):>&1: Sep 21 07:39:11.292135: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:11.292155: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:11.292164: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:11.292182: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:11.292199: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:11.292215: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:11.292234: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:11.292251: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:11.292266: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:11.292281: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:11.292297: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:11.292314: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:11.292330: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:11.292347: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:11.292363: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:11.292378: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:11.292595: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:11.292610: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:11.292627: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:11.293901: "road-eastnet"[1] 192.1.2.23 #1: unroute-client output: RTNETLINK answers: Network is unreachable Sep 21 07:39:11.300042: | event_schedule: new EVENT_v2_ADDR_CHANGE-pe@0x7fa6f0002b20 Sep 21 07:39:11.300056: | inserting event EVENT_v2_ADDR_CHANGE, timeout in 0 seconds for #1 Sep 21 07:39:11.300060: | libevent_malloc: new ptr-libevent@0x563b6ea6d1c0 size 128 Sep 21 07:39:11.300069: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1574) Sep 21 07:39:11.300073: | IKEv2 received address RTM_DELADDR type 3 Sep 21 07:39:11.300075: | IKEv2 received address RTM_DELADDR type 8 Sep 21 07:39:11.300076: | IKEv2 received address RTM_DELADDR type 6 Sep 21 07:39:11.300082: | netlink_get: XFRM_MSG_UPDPOLICY message Sep 21 07:39:11.300085: | netlink_get: XFRM_MSG_UPDPOLICY message Sep 21 07:39:11.300087: | netlink_get: XFRM_MSG_UPDPOLICY message Sep 21 07:39:11.300094: | netlink_get: XFRM_MSG_UPDPOLICY message Sep 21 07:39:11.300097: | netlink_get: XFRM_MSG_DELPOLICY message Sep 21 07:39:11.300099: | xfrm netlink address change RTM_NEWADDR msg len 80 Sep 21 07:39:11.300102: | XFRM RTM_NEWADDR 192.1.3.209 IFA_LOCAL Sep 21 07:39:11.300104: | FOR_EACH_STATE_... in record_newaddr (for_each_state) Sep 21 07:39:11.300108: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1572) Sep 21 07:39:11.300112: | stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1574) Sep 21 07:39:11.300116: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1572) Sep 21 07:39:11.300119: | #1 MOBIKE ignore address 192.1.3.209 change pending previous Sep 21 07:39:11.300123: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1574) Sep 21 07:39:11.300125: | IKEv2 received address RTM_NEWADDR type 3 Sep 21 07:39:11.300126: | IKEv2 received address RTM_NEWADDR type 8 Sep 21 07:39:11.300128: | IKEv2 received address RTM_NEWADDR type 6 Sep 21 07:39:11.300131: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:39:11.300134: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:39:11.300137: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:39:11.300139: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:39:11.300142: | netlink_get: XFRM_MSG_GETPOLICY message Sep 21 07:39:11.300144: | xfrm netlink address change RTM_DELADDR msg len 76 Sep 21 07:39:11.300146: | XFRM RTM_DELADDR 192.0.3.10 IFA_LOCAL Sep 21 07:39:11.300148: | FOR_EACH_STATE_... in record_deladdr (for_each_state) Sep 21 07:39:11.300151: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1572) Sep 21 07:39:11.300155: | stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1574) Sep 21 07:39:11.300159: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1572) Sep 21 07:39:11.300163: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in for_each_state() at state.c:1574) Sep 21 07:39:11.300165: | IKEv2 received address RTM_DELADDR type 3 Sep 21 07:39:11.300166: | IKEv2 received address RTM_DELADDR type 8 Sep 21 07:39:11.300168: | IKEv2 received address RTM_DELADDR type 6 Sep 21 07:39:11.300171: | netlink_get: XFRM_MSG_UPDPOLICY message Sep 21 07:39:11.300177: | spent 1.4 milliseconds in kernel message Sep 21 07:39:11.300189: | timer_event_cb: processing event@0x7fa6f0002b20 Sep 21 07:39:11.300191: | handling event EVENT_v2_ADDR_CHANGE for parent state #1 Sep 21 07:39:11.300195: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:39:11.300198: | #1 IKEv2 local address change Sep 21 07:39:11.300397: "road-eastnet"[1] 192.1.2.23 #1: unexpected TRY AGAIN from second resolve_defaultroute_one Sep 21 07:39:11.300402: "road-eastnet"[1] 192.1.2.23 #1: no local source address to reach remote 192.1.2.23, local gateway Sep 21 07:39:11.300405: | libevent_free: release ptr-libevent@0x563b6ea6d1c0 Sep 21 07:39:11.300407: | free_event_entry: release EVENT_v2_ADDR_CHANGE-pe@0x7fa6f0002b20 Sep 21 07:39:11.300412: | #1 spent 0.222 milliseconds in timer_event_cb() EVENT_v2_ADDR_CHANGE Sep 21 07:39:11.300416: | stop processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:39:11.300418: | processing signal PLUTO_SIGCHLD Sep 21 07:39:11.300423: | waitpid returned ECHILD (no child processes left) Sep 21 07:39:11.300426: | spent 0.00435 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:39:11.300428: | processing signal PLUTO_SIGCHLD Sep 21 07:39:11.300431: | waitpid returned ECHILD (no child processes left) Sep 21 07:39:11.300435: | spent 0.00454 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:39:12.235534: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:39:12.235552: shutting down Sep 21 07:39:12.235572: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:39:12.235575: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:39:12.235580: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:39:12.235582: forgetting secrets Sep 21 07:39:12.235584: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:39:12.235589: | start processing: connection "road-eastnet"[1] 192.1.2.23 (in delete_connection() at connections.c:189) Sep 21 07:39:12.235593: "road-eastnet"[1] 192.1.2.23: deleting connection "road-eastnet"[1] 192.1.2.23 instance with peer 192.1.2.23 {isakmp=#1/ipsec=#2} Sep 21 07:39:12.235595: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:39:12.235596: | pass 0 Sep 21 07:39:12.235598: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:39:12.235600: | state #2 Sep 21 07:39:12.235603: | suspend processing: connection "road-eastnet"[1] 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:39:12.235606: | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:39:12.235608: | pstats #2 ikev2.child deleted completed Sep 21 07:39:12.235612: | #2 spent 2.06 milliseconds in total Sep 21 07:39:12.235615: | [RE]START processing: state #2 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:39:12.235619: "road-eastnet"[1] 192.1.2.23 #2: deleting state (STATE_V2_IPSEC_I) aged 23.705s and sending notification Sep 21 07:39:12.235621: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Sep 21 07:39:12.235624: | get_sa_info esp.68364ac1@192.1.2.23 Sep 21 07:39:12.235637: | get_sa_info esp.5b01cf2e@192.1.33.222 Sep 21 07:39:12.235643: "road-eastnet"[1] 192.1.2.23 #2: ESP traffic information: in=336B out=336B Sep 21 07:39:12.235645: | #2 send IKEv2 delete notification for STATE_V2_IPSEC_I Sep 21 07:39:12.235647: | Opening output PBS informational exchange delete request Sep 21 07:39:12.235649: | **emit ISAKMP Message: Sep 21 07:39:12.235651: | initiator cookie: Sep 21 07:39:12.235652: | f2 5c 15 dd 35 85 91 5e Sep 21 07:39:12.235654: | responder cookie: Sep 21 07:39:12.235655: | fe 60 0c d8 30 87 30 93 Sep 21 07:39:12.235657: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:39:12.235659: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:39:12.235661: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:39:12.235663: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:39:12.235664: | Message ID: 4 (0x4) Sep 21 07:39:12.235666: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:39:12.235668: | ***emit IKEv2 Encryption Payload: Sep 21 07:39:12.235670: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:39:12.235671: | flags: none (0x0) Sep 21 07:39:12.235673: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:39:12.235675: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:39:12.235677: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:39:12.235686: | ****emit IKEv2 Delete Payload: Sep 21 07:39:12.235688: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:39:12.235689: | flags: none (0x0) Sep 21 07:39:12.235691: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:39:12.235693: | SPI size: 4 (0x4) Sep 21 07:39:12.235694: | number of SPIs: 1 (0x1) Sep 21 07:39:12.235696: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:39:12.235701: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:39:12.235703: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Sep 21 07:39:12.235705: | local spis 5b 01 cf 2e Sep 21 07:39:12.235706: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:39:12.235708: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:39:12.235710: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:39:12.235712: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:39:12.235713: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:39:12.235715: | emitting length of ISAKMP Message: 69 Sep 21 07:39:12.235734: | sending 69 bytes for delete notification through eth0 from 192.1.33.222:500 to 192.1.2.23:500 (using #2) Sep 21 07:39:12.235736: | f2 5c 15 dd 35 85 91 5e fe 60 0c d8 30 87 30 93 Sep 21 07:39:12.235738: | 2e 20 25 08 00 00 00 04 00 00 00 45 2a 00 00 29 Sep 21 07:39:12.235739: | 15 84 3a 2b 41 f9 5e 0e 1e 93 9d bf 4b 37 10 6d Sep 21 07:39:12.235741: | e5 8a 64 c6 2b 3a 80 1b d1 fa 2b c4 eb 40 e9 ef Sep 21 07:39:12.235742: | b9 a4 8d f4 8d Sep 21 07:39:12.235752: ERROR: "road-eastnet"[1] 192.1.2.23 #2: sendto on eth0 to 192.1.2.23:500 failed in delete notification. Errno 22: Invalid argument Sep 21 07:39:12.235755: | Message ID: IKE #1 sender #2 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 Sep 21 07:39:12.235757: | Message ID: IKE #1 sender #2 in send_delete hacking around record ' send Sep 21 07:39:12.235760: | Message ID: sent #1 request 4; ike: initiator.sent=3->4 initiator.recv=3 responder.sent=-1 responder.recv=-1 wip.initiator=-1->4 wip.responder=-1 Sep 21 07:39:12.235762: | state #2 requesting EVENT_SA_REKEY to be deleted Sep 21 07:39:12.235765: | libevent_free: release ptr-libevent@0x563b6ea67fa0 Sep 21 07:39:12.235767: | free_event_entry: release EVENT_SA_REKEY-pe@0x563b6ea67ec0 Sep 21 07:39:12.235867: | delete esp.68364ac1@192.1.2.23 Sep 21 07:39:12.235931: | netlink response for Del SA esp.68364ac1@192.1.2.23 included non-error error Sep 21 07:39:12.235934: | delete esp.5b01cf2e@192.1.33.222 Sep 21 07:39:12.235954: | netlink response for Del SA esp.5b01cf2e@192.1.33.222 included non-error error Sep 21 07:39:12.235959: | stop processing: connection "road-eastnet"[1] 192.1.2.23 (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:39:12.235961: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:39:12.235963: | in connection_discard for connection road-eastnet Sep 21 07:39:12.235964: | State DB: deleting IKEv2 state #2 in V2_IPSEC_I Sep 21 07:39:12.235967: | child state #2: V2_IPSEC_I(established CHILD SA) => UNDEFINED(ignore) Sep 21 07:39:12.235971: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:39:12.235974: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:39:12.235976: | state #1 Sep 21 07:39:12.235977: | pass 1 Sep 21 07:39:12.235978: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:39:12.235980: | state #1 Sep 21 07:39:12.235983: | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:39:12.235985: | pstats #1 ikev2.ike deleted completed Sep 21 07:39:12.235988: | #1 spent 11 milliseconds in total Sep 21 07:39:12.235991: | [RE]START processing: state #1 connection "road-eastnet"[1] 192.1.2.23 from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:39:12.235993: "road-eastnet"[1] 192.1.2.23 #1: deleting state (STATE_PARENT_I3) aged 23.714s and sending notification Sep 21 07:39:12.235995: | parent state #1: PARENT_I3(established IKE SA) => delete Sep 21 07:39:12.236035: | #1 send IKEv2 delete notification for STATE_PARENT_I3 Sep 21 07:39:12.236038: | Opening output PBS informational exchange delete request Sep 21 07:39:12.236040: | **emit ISAKMP Message: Sep 21 07:39:12.236041: | initiator cookie: Sep 21 07:39:12.236043: | f2 5c 15 dd 35 85 91 5e Sep 21 07:39:12.236044: | responder cookie: Sep 21 07:39:12.236046: | fe 60 0c d8 30 87 30 93 Sep 21 07:39:12.236048: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:39:12.236049: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:39:12.236051: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:39:12.236053: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:39:12.236054: | Message ID: 5 (0x5) Sep 21 07:39:12.236056: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:39:12.236058: | ***emit IKEv2 Encryption Payload: Sep 21 07:39:12.236059: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:39:12.236061: | flags: none (0x0) Sep 21 07:39:12.236063: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:39:12.236064: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:39:12.236066: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:39:12.236072: | ****emit IKEv2 Delete Payload: Sep 21 07:39:12.236074: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:39:12.236075: | flags: none (0x0) Sep 21 07:39:12.236077: | protocol ID: PROTO_v2_IKE (0x1) Sep 21 07:39:12.236078: | SPI size: 0 (0x0) Sep 21 07:39:12.236079: | number of SPIs: 0 (0x0) Sep 21 07:39:12.236081: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:39:12.236083: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:39:12.236085: | emitting length of IKEv2 Delete Payload: 8 Sep 21 07:39:12.236086: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:39:12.236088: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:39:12.236090: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:39:12.236092: | emitting length of IKEv2 Encryption Payload: 37 Sep 21 07:39:12.236093: | emitting length of ISAKMP Message: 65 Sep 21 07:39:12.236102: | sending 65 bytes for delete notification through eth0 from 192.1.33.222:500 to 192.1.2.23:500 (using #1) Sep 21 07:39:12.236104: | f2 5c 15 dd 35 85 91 5e fe 60 0c d8 30 87 30 93 Sep 21 07:39:12.236105: | 2e 20 25 08 00 00 00 05 00 00 00 41 2a 00 00 25 Sep 21 07:39:12.236106: | 2e f9 0a ed 59 85 f7 e7 b8 71 14 99 c2 e5 72 38 Sep 21 07:39:12.236108: | af f6 32 8b 38 76 36 72 73 bd 93 16 45 fb 76 b1 Sep 21 07:39:12.236109: | 87 Sep 21 07:39:12.236115: ERROR: "road-eastnet"[1] 192.1.2.23 #1: sendto on eth0 to 192.1.2.23:500 failed in delete notification. Errno 22: Invalid argument Sep 21 07:39:12.236118: | Message ID: IKE #1 sender #1 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 Sep 21 07:39:12.236119: | Message ID: IKE #1 sender #1 in send_delete hacking around record ' send Sep 21 07:39:12.236122: | Message ID: #1 XXX: expecting sender.wip.initiator 4 == -1 - suspect record'n'send out-of-order?); initiator.sent=5 initiator.recv=3 responder.sent=-1 responder.recv=-1 wip.initiator=5 wip.responder=-1 Sep 21 07:39:12.236125: | Message ID: sent #1 request 5; ike: initiator.sent=4->5 initiator.recv=3 responder.sent=-1 responder.recv=-1 wip.initiator=4->5 wip.responder=-1 Sep 21 07:39:12.236127: | state #1 requesting EVENT_SA_REKEY to be deleted Sep 21 07:39:12.236129: | libevent_free: release ptr-libevent@0x563b6ea68180 Sep 21 07:39:12.236132: | free_event_entry: release EVENT_SA_REKEY-pe@0x563b6ea68140 Sep 21 07:39:12.236134: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:39:12.236136: | picked newest_isakmp_sa #0 for #1 Sep 21 07:39:12.236138: "road-eastnet"[1] 192.1.2.23 #1: deleting IKE SA for connection 'road-eastnet' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:39:12.236140: | add revival: connection 'road-eastnet' added to the list and scheduled for 0 seconds Sep 21 07:39:12.236142: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Sep 21 07:39:12.236145: | in connection_discard for connection road-eastnet Sep 21 07:39:12.236147: | State DB: deleting IKEv2 state #1 in PARENT_I3 Sep 21 07:39:12.236149: | parent state #1: PARENT_I3(established IKE SA) => UNDEFINED(ignore) Sep 21 07:39:12.236160: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:39:12.236171: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:39:12.236173: ABORT: ASSERTION FAILED: sr->eroute_owner == SOS_NOBODY (in delete_states_by_connection() at state.c:1384)