Sep 21 07:38:47.695679: FIPS Product: YES Sep 21 07:38:47.695723: FIPS Kernel: NO Sep 21 07:38:47.695727: FIPS Mode: NO Sep 21 07:38:47.695730: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:38:47.695930: Initializing NSS Sep 21 07:38:47.695938: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:38:47.797127: NSS initialized Sep 21 07:38:47.797144: NSS crypto library initialized Sep 21 07:38:47.797147: FIPS HMAC integrity support [enabled] Sep 21 07:38:47.797149: FIPS mode disabled for pluto daemon Sep 21 07:38:47.901822: FIPS HMAC integrity verification self-test FAILED Sep 21 07:38:47.901918: libcap-ng support [enabled] Sep 21 07:38:47.901929: Linux audit support [enabled] Sep 21 07:38:47.901955: Linux audit activated Sep 21 07:38:47.901962: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:28898 Sep 21 07:38:47.901966: core dump dir: /tmp Sep 21 07:38:47.901968: secrets file: /etc/ipsec.secrets Sep 21 07:38:47.901971: leak-detective disabled Sep 21 07:38:47.901972: NSS crypto [enabled] Sep 21 07:38:47.901974: XAUTH PAM support [enabled] Sep 21 07:38:47.902045: | libevent is using pluto's memory allocator Sep 21 07:38:47.902053: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:38:47.902068: | libevent_malloc: new ptr-libevent@0x55d9553ebf50 size 40 Sep 21 07:38:47.902071: | libevent_malloc: new ptr-libevent@0x55d9553ed200 size 40 Sep 21 07:38:47.902074: | libevent_malloc: new ptr-libevent@0x55d9553ed230 size 40 Sep 21 07:38:47.902077: | creating event base Sep 21 07:38:47.902080: | libevent_malloc: new ptr-libevent@0x55d9553ed1c0 size 56 Sep 21 07:38:47.902083: | libevent_malloc: new ptr-libevent@0x55d9553ed260 size 664 Sep 21 07:38:47.902093: | libevent_malloc: new ptr-libevent@0x55d9553ed500 size 24 Sep 21 07:38:47.902097: | libevent_malloc: new ptr-libevent@0x55d9553debb0 size 384 Sep 21 07:38:47.902106: | libevent_malloc: new ptr-libevent@0x55d9553ed520 size 16 Sep 21 07:38:47.902109: | libevent_malloc: new ptr-libevent@0x55d9553ed540 size 40 Sep 21 07:38:47.902112: | libevent_malloc: new ptr-libevent@0x55d9553ed570 size 48 Sep 21 07:38:47.902118: | libevent_realloc: new ptr-libevent@0x55d955371370 size 256 Sep 21 07:38:47.902121: | libevent_malloc: new ptr-libevent@0x55d9553ed5b0 size 16 Sep 21 07:38:47.902127: | libevent_free: release ptr-libevent@0x55d9553ed1c0 Sep 21 07:38:47.902131: | libevent initialized Sep 21 07:38:47.902134: | libevent_realloc: new ptr-libevent@0x55d9553ed5d0 size 64 Sep 21 07:38:47.902138: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:38:47.902154: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:38:47.902157: NAT-Traversal support [enabled] Sep 21 07:38:47.902159: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:38:47.902165: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:38:47.902168: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:38:47.902205: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:38:47.902209: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:38:47.902212: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:38:47.902264: Encryption algorithms: Sep 21 07:38:47.902274: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:38:47.902278: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:38:47.902282: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:38:47.902285: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:38:47.902288: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:38:47.902298: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:38:47.902302: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:38:47.902305: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:38:47.902309: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:38:47.902313: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:38:47.902316: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:38:47.902320: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:38:47.902323: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:38:47.902327: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:38:47.902331: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:38:47.902333: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:38:47.902337: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:38:47.902343: Hash algorithms: Sep 21 07:38:47.902346: MD5 IKEv1: IKE IKEv2: Sep 21 07:38:47.902349: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:38:47.902353: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:38:47.902356: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:38:47.902358: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:38:47.902371: PRF algorithms: Sep 21 07:38:47.902374: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:38:47.902378: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:38:47.902381: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:38:47.902384: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:38:47.902387: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:38:47.902390: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:38:47.902415: Integrity algorithms: Sep 21 07:38:47.902418: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:38:47.902422: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:38:47.902426: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:38:47.902430: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:38:47.902434: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:38:47.902437: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:38:47.902440: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:38:47.902443: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:38:47.902446: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:38:47.902458: DH algorithms: Sep 21 07:38:47.902461: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:38:47.902464: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:38:47.902467: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:38:47.902472: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:38:47.902475: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:38:47.902478: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:38:47.902481: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:38:47.902484: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:38:47.902487: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:38:47.902490: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:38:47.902493: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:38:47.902495: testing CAMELLIA_CBC: Sep 21 07:38:47.902498: Camellia: 16 bytes with 128-bit key Sep 21 07:38:47.902613: Camellia: 16 bytes with 128-bit key Sep 21 07:38:47.902642: Camellia: 16 bytes with 256-bit key Sep 21 07:38:47.902671: Camellia: 16 bytes with 256-bit key Sep 21 07:38:47.902697: testing AES_GCM_16: Sep 21 07:38:47.902700: empty string Sep 21 07:38:47.902727: one block Sep 21 07:38:47.902752: two blocks Sep 21 07:38:47.902779: two blocks with associated data Sep 21 07:38:47.902809: testing AES_CTR: Sep 21 07:38:47.902814: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:38:47.902841: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:38:47.902868: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:38:47.902896: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:38:47.902921: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:38:47.902947: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:38:47.902974: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:38:47.903000: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:38:47.903027: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:38:47.903054: testing AES_CBC: Sep 21 07:38:47.903057: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:38:47.903083: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:38:47.903112: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:38:47.903141: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:38:47.903175: testing AES_XCBC: Sep 21 07:38:47.903177: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:38:47.903296: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:38:47.903424: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:38:47.903551: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:38:47.903676: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:38:47.903817: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:38:47.903951: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:38:47.904247: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:38:47.904376: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:38:47.904514: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:38:47.904751: testing HMAC_MD5: Sep 21 07:38:47.904755: RFC 2104: MD5_HMAC test 1 Sep 21 07:38:47.905928: RFC 2104: MD5_HMAC test 2 Sep 21 07:38:47.906123: RFC 2104: MD5_HMAC test 3 Sep 21 07:38:47.906330: 8 CPU cores online Sep 21 07:38:47.906336: starting up 7 crypto helpers Sep 21 07:38:47.906376: started thread for crypto helper 0 Sep 21 07:38:47.906397: started thread for crypto helper 1 Sep 21 07:38:47.906538: started thread for crypto helper 2 Sep 21 07:38:47.906569: started thread for crypto helper 3 Sep 21 07:38:47.906592: started thread for crypto helper 4 Sep 21 07:38:47.906618: started thread for crypto helper 5 Sep 21 07:38:47.906645: started thread for crypto helper 6 Sep 21 07:38:47.906651: | checking IKEv1 state table Sep 21 07:38:47.906660: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:38:47.906662: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:38:47.906665: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:38:47.906667: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:38:47.906670: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:38:47.906672: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:38:47.906675: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:38:47.906677: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:38:47.906680: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:38:47.906682: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:38:47.906684: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:38:47.906686: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:38:47.906689: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:38:47.906692: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:38:47.906695: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:38:47.906697: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:38:47.906700: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:38:47.906703: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:38:47.906706: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:38:47.906708: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:38:47.906712: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:38:47.906715: | -> UNDEFINED EVENT_NULL Sep 21 07:38:47.906718: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:38:47.906721: | -> UNDEFINED EVENT_NULL Sep 21 07:38:47.906724: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:38:47.906727: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:38:47.906730: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:38:47.906732: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:38:47.906735: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:38:47.906738: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:38:47.906740: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:38:47.906742: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:38:47.906745: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:38:47.906747: | -> UNDEFINED EVENT_NULL Sep 21 07:38:47.906750: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:38:47.906752: | -> UNDEFINED EVENT_NULL Sep 21 07:38:47.906755: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:38:47.906757: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:38:47.906760: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:38:47.906762: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:38:47.906766: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:38:47.906768: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:38:47.906772: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:38:47.906775: | -> UNDEFINED EVENT_NULL Sep 21 07:38:47.906778: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:38:47.906780: | -> UNDEFINED EVENT_NULL Sep 21 07:38:47.906788: | INFO: category: informational flags: 0: Sep 21 07:38:47.906795: | -> UNDEFINED EVENT_NULL Sep 21 07:38:47.906798: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:38:47.906801: | -> UNDEFINED EVENT_NULL Sep 21 07:38:47.906804: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:38:47.906807: | -> XAUTH_R1 EVENT_NULL Sep 21 07:38:47.906810: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:38:47.906813: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:38:47.906816: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:38:47.906818: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:38:47.906821: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:38:47.906823: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:38:47.906826: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:38:47.906828: | -> UNDEFINED EVENT_NULL Sep 21 07:38:47.906831: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:38:47.906836: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:38:47.906840: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:38:47.906843: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:38:47.906846: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:38:47.906849: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:38:47.906857: | checking IKEv2 state table Sep 21 07:38:47.906865: | PARENT_I0: category: ignore flags: 0: Sep 21 07:38:47.906868: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:38:47.906872: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:38:47.906875: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:38:47.906878: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:38:47.906882: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:38:47.906885: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:38:47.906887: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:38:47.906890: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:38:47.906893: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:38:47.906895: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:38:47.906898: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:38:47.906901: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:38:47.906903: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:38:47.906906: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:38:47.906909: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:38:47.906912: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:38:47.906915: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:38:47.906919: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:38:47.906922: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:38:47.906925: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:38:47.906928: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:38:47.906932: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:38:47.906935: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:38:47.906938: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:38:47.906941: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:38:47.906944: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:38:47.906947: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:38:47.906950: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:38:47.906953: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:38:47.906956: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:38:47.906959: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:38:47.906962: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:38:47.906964: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:38:47.906967: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:38:47.906970: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:38:47.906973: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:38:47.906977: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:38:47.906980: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:38:47.906986: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:38:47.906989: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:38:47.906993: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:38:47.906996: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:38:47.907000: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:38:47.907003: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:38:47.907006: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:38:47.907010: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:38:47.907063: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:38:47.907125: | Hard-wiring algorithms Sep 21 07:38:47.907131: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:38:47.907136: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:38:47.907139: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:38:47.907142: | adding 3DES_CBC to kernel algorithm db Sep 21 07:38:47.907145: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:38:47.907148: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:38:47.907151: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:38:47.907153: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:38:47.907155: | adding AES_CTR to kernel algorithm db Sep 21 07:38:47.907158: | adding AES_CBC to kernel algorithm db Sep 21 07:38:47.907160: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:38:47.907163: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:38:47.907165: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:38:47.907167: | adding NULL to kernel algorithm db Sep 21 07:38:47.907170: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:38:47.907173: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:38:47.907176: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:38:47.907178: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:38:47.907181: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:38:47.907185: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:38:47.907188: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:38:47.907190: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:38:47.907193: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:38:47.907196: | adding NONE to kernel algorithm db Sep 21 07:38:47.907204: | starting up helper thread 6 Sep 21 07:38:47.907215: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:38:47.907218: | crypto helper 6 waiting (nothing to do) Sep 21 07:38:47.907221: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:38:47.907225: | starting up helper thread 4 Sep 21 07:38:47.907229: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:38:47.907230: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:38:47.907237: | starting up helper thread 5 Sep 21 07:38:47.907251: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:38:47.907261: | starting up helper thread 3 Sep 21 07:38:47.907267: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:38:47.907273: | starting up helper thread 1 Sep 21 07:38:47.907279: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:38:47.907241: | crypto helper 4 waiting (nothing to do) Sep 21 07:38:47.907232: | setup kernel fd callback Sep 21 07:38:47.907384: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55d9553f7980 Sep 21 07:38:47.907388: | libevent_malloc: new ptr-libevent@0x55d9553fee50 size 128 Sep 21 07:38:47.907392: | libevent_malloc: new ptr-libevent@0x55d9553ed710 size 16 Sep 21 07:38:47.907397: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55d9553f2220 Sep 21 07:38:47.907400: | libevent_malloc: new ptr-libevent@0x55d9553feee0 size 128 Sep 21 07:38:47.907408: | libevent_malloc: new ptr-libevent@0x55d9553f2170 size 16 Sep 21 07:38:47.907642: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:38:47.907650: selinux support is enabled. Sep 21 07:38:47.907723: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:38:47.907900: | starting up helper thread 0 Sep 21 07:38:47.907913: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:38:47.907915: | unbound context created - setting debug level to 5 Sep 21 07:38:47.907948: | /etc/hosts lookups activated Sep 21 07:38:47.907964: | /etc/resolv.conf usage activated Sep 21 07:38:47.908029: | outgoing-port-avoid set 0-65535 Sep 21 07:38:47.908059: | outgoing-port-permit set 32768-60999 Sep 21 07:38:47.908062: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:38:47.908065: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:38:47.908069: | Setting up events, loop start Sep 21 07:38:47.908072: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55d9553f1f70 Sep 21 07:38:47.908075: | libevent_malloc: new ptr-libevent@0x55d955409450 size 128 Sep 21 07:38:47.908078: | libevent_malloc: new ptr-libevent@0x55d9554094e0 size 16 Sep 21 07:38:47.908085: | libevent_realloc: new ptr-libevent@0x55d95536f5b0 size 256 Sep 21 07:38:47.908088: | libevent_malloc: new ptr-libevent@0x55d955409500 size 8 Sep 21 07:38:47.908091: | libevent_realloc: new ptr-libevent@0x55d9553fe150 size 144 Sep 21 07:38:47.908094: | libevent_malloc: new ptr-libevent@0x55d955409520 size 152 Sep 21 07:38:47.908097: | libevent_malloc: new ptr-libevent@0x55d9554095c0 size 16 Sep 21 07:38:47.908101: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:38:47.908104: | libevent_malloc: new ptr-libevent@0x55d9554095e0 size 8 Sep 21 07:38:47.908106: | libevent_malloc: new ptr-libevent@0x55d955409600 size 152 Sep 21 07:38:47.908109: | signal event handler PLUTO_SIGTERM installed Sep 21 07:38:47.908112: | libevent_malloc: new ptr-libevent@0x55d9554096a0 size 8 Sep 21 07:38:47.908114: | libevent_malloc: new ptr-libevent@0x55d9554096c0 size 152 Sep 21 07:38:47.908117: | signal event handler PLUTO_SIGHUP installed Sep 21 07:38:47.908120: | libevent_malloc: new ptr-libevent@0x55d955409760 size 8 Sep 21 07:38:47.908122: | libevent_realloc: release ptr-libevent@0x55d9553fe150 Sep 21 07:38:47.908125: | libevent_realloc: new ptr-libevent@0x55d955409780 size 256 Sep 21 07:38:47.908127: | libevent_malloc: new ptr-libevent@0x55d9553fe150 size 152 Sep 21 07:38:47.908130: | signal event handler PLUTO_SIGSYS installed Sep 21 07:38:47.908479: | created addconn helper (pid:29100) using fork+execve Sep 21 07:38:47.908494: | forked child 29100 Sep 21 07:38:47.908530: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:38:47.908548: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:38:47.908554: listening for IKE messages Sep 21 07:38:47.908592: | Inspecting interface lo Sep 21 07:38:47.908598: | found lo with address 127.0.0.1 Sep 21 07:38:47.908601: | Inspecting interface eth0 Sep 21 07:38:47.908605: | found eth0 with address 192.0.2.254 Sep 21 07:38:47.908607: | Inspecting interface eth1 Sep 21 07:38:47.908611: | found eth1 with address 192.1.2.23 Sep 21 07:38:47.908655: Kernel supports NIC esp-hw-offload Sep 21 07:38:47.908666: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Sep 21 07:38:47.908688: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:38:47.908693: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:38:47.908697: adding interface eth1/eth1 192.1.2.23:4500 Sep 21 07:38:47.908722: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Sep 21 07:38:47.908742: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:38:47.908746: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:38:47.908750: adding interface eth0/eth0 192.0.2.254:4500 Sep 21 07:38:47.908778: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:38:47.908804: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:38:47.908811: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:38:47.908815: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:38:47.908878: | no interfaces to sort Sep 21 07:38:47.908883: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:38:47.908891: | add_fd_read_event_handler: new ethX-pe@0x55d9553f2cf0 Sep 21 07:38:47.908894: | libevent_malloc: new ptr-libevent@0x55d955409af0 size 128 Sep 21 07:38:47.908897: | libevent_malloc: new ptr-libevent@0x55d955409b80 size 16 Sep 21 07:38:47.908905: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:38:47.908907: | add_fd_read_event_handler: new ethX-pe@0x55d955409ba0 Sep 21 07:38:47.908910: | libevent_malloc: new ptr-libevent@0x55d955409be0 size 128 Sep 21 07:38:47.908913: | libevent_malloc: new ptr-libevent@0x55d955409c70 size 16 Sep 21 07:38:47.908917: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:38:47.908920: | add_fd_read_event_handler: new ethX-pe@0x55d955409c90 Sep 21 07:38:47.908922: | libevent_malloc: new ptr-libevent@0x55d955409cd0 size 128 Sep 21 07:38:47.908925: | libevent_malloc: new ptr-libevent@0x55d955409d60 size 16 Sep 21 07:38:47.908929: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Sep 21 07:38:47.908932: | add_fd_read_event_handler: new ethX-pe@0x55d955409d80 Sep 21 07:38:47.908935: | libevent_malloc: new ptr-libevent@0x55d955409dc0 size 128 Sep 21 07:38:47.908937: | libevent_malloc: new ptr-libevent@0x55d955409e50 size 16 Sep 21 07:38:47.908942: | setup callback for interface eth0 192.0.2.254:500 fd 19 Sep 21 07:38:47.908944: | add_fd_read_event_handler: new ethX-pe@0x55d955409e70 Sep 21 07:38:47.908947: | libevent_malloc: new ptr-libevent@0x55d955409eb0 size 128 Sep 21 07:38:47.908950: | libevent_malloc: new ptr-libevent@0x55d955409f40 size 16 Sep 21 07:38:47.908954: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:38:47.908956: | add_fd_read_event_handler: new ethX-pe@0x55d955409f60 Sep 21 07:38:47.908959: | libevent_malloc: new ptr-libevent@0x55d955409fa0 size 128 Sep 21 07:38:47.908961: | libevent_malloc: new ptr-libevent@0x55d95540a030 size 16 Sep 21 07:38:47.908966: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:38:47.908971: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:38:47.908973: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:38:47.908993: loading secrets from "/etc/ipsec.secrets" Sep 21 07:38:47.909005: | Processing PSK at line 1: passed Sep 21 07:38:47.909008: | certs and keys locked by 'process_secret' Sep 21 07:38:47.909012: | certs and keys unlocked by 'process_secret' Sep 21 07:38:47.909017: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:38:47.909026: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:38:47.909032: | spent 0.506 milliseconds in whack Sep 21 07:38:47.909055: | crypto helper 5 waiting (nothing to do) Sep 21 07:38:47.909074: | crypto helper 3 waiting (nothing to do) Sep 21 07:38:47.909087: | crypto helper 1 waiting (nothing to do) Sep 21 07:38:47.909099: | crypto helper 0 waiting (nothing to do) Sep 21 07:38:47.916056: | starting up helper thread 2 Sep 21 07:38:47.916078: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:38:47.916085: | crypto helper 2 waiting (nothing to do) Sep 21 07:38:47.992094: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:38:47.992125: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:38:47.992129: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:38:47.992131: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:38:47.992133: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:38:47.992137: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:38:47.992146: Failed to add connection "clear": shunt connection cannot have authentication method other then authby=never Sep 21 07:38:47.992153: | flush revival: connection 'clear' wasn't on the list Sep 21 07:38:47.992156: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:38:47.992164: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:38:47.992170: | spent 0.0793 milliseconds in whack Sep 21 07:38:47.992206: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:38:47.992218: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:38:47.992222: listening for IKE messages Sep 21 07:38:47.992251: | Inspecting interface lo Sep 21 07:38:47.992257: | found lo with address 127.0.0.1 Sep 21 07:38:47.992260: | Inspecting interface eth0 Sep 21 07:38:47.992264: | found eth0 with address 192.0.2.254 Sep 21 07:38:47.992266: | Inspecting interface eth1 Sep 21 07:38:47.992269: | found eth1 with address 192.1.2.23 Sep 21 07:38:47.992328: | no interfaces to sort Sep 21 07:38:47.992337: | libevent_free: release ptr-libevent@0x55d955409af0 Sep 21 07:38:47.992340: | free_event_entry: release EVENT_NULL-pe@0x55d9553f2cf0 Sep 21 07:38:47.992343: | add_fd_read_event_handler: new ethX-pe@0x55d9553f2cf0 Sep 21 07:38:47.992346: | libevent_malloc: new ptr-libevent@0x55d955409af0 size 128 Sep 21 07:38:47.992353: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:38:47.992357: | libevent_free: release ptr-libevent@0x55d955409be0 Sep 21 07:38:47.992359: | free_event_entry: release EVENT_NULL-pe@0x55d955409ba0 Sep 21 07:38:47.992362: | add_fd_read_event_handler: new ethX-pe@0x55d955409ba0 Sep 21 07:38:47.992364: | libevent_malloc: new ptr-libevent@0x55d955409be0 size 128 Sep 21 07:38:47.992368: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:38:47.992372: | libevent_free: release ptr-libevent@0x55d955409cd0 Sep 21 07:38:47.992374: | free_event_entry: release EVENT_NULL-pe@0x55d955409c90 Sep 21 07:38:47.992377: | add_fd_read_event_handler: new ethX-pe@0x55d955409c90 Sep 21 07:38:47.992379: | libevent_malloc: new ptr-libevent@0x55d955409cd0 size 128 Sep 21 07:38:47.992384: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Sep 21 07:38:47.992387: | libevent_free: release ptr-libevent@0x55d955409dc0 Sep 21 07:38:47.992389: | free_event_entry: release EVENT_NULL-pe@0x55d955409d80 Sep 21 07:38:47.992392: | add_fd_read_event_handler: new ethX-pe@0x55d955409d80 Sep 21 07:38:47.992394: | libevent_malloc: new ptr-libevent@0x55d955409dc0 size 128 Sep 21 07:38:47.992399: | setup callback for interface eth0 192.0.2.254:500 fd 19 Sep 21 07:38:47.992402: | libevent_free: release ptr-libevent@0x55d955409eb0 Sep 21 07:38:47.992405: | free_event_entry: release EVENT_NULL-pe@0x55d955409e70 Sep 21 07:38:47.992407: | add_fd_read_event_handler: new ethX-pe@0x55d955409e70 Sep 21 07:38:47.992409: | libevent_malloc: new ptr-libevent@0x55d955409eb0 size 128 Sep 21 07:38:47.992414: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:38:47.992417: | libevent_free: release ptr-libevent@0x55d955409fa0 Sep 21 07:38:47.992419: | free_event_entry: release EVENT_NULL-pe@0x55d955409f60 Sep 21 07:38:47.992422: | add_fd_read_event_handler: new ethX-pe@0x55d955409f60 Sep 21 07:38:47.992424: | libevent_malloc: new ptr-libevent@0x55d955409fa0 size 128 Sep 21 07:38:47.992428: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:38:47.992431: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:38:47.992434: forgetting secrets Sep 21 07:38:47.992439: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:38:47.992451: loading secrets from "/etc/ipsec.secrets" Sep 21 07:38:47.992457: | Processing PSK at line 1: passed Sep 21 07:38:47.992460: | certs and keys locked by 'process_secret' Sep 21 07:38:47.992462: | certs and keys unlocked by 'process_secret' Sep 21 07:38:47.992467: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:38:47.992475: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:38:47.992479: | spent 0.272 milliseconds in whack Sep 21 07:38:47.992519: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:38:47.992531: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:38:47.992534: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:38:47.992541: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:38:47.992545: | spent 0.0252 milliseconds in whack Sep 21 07:38:47.992994: | processing signal PLUTO_SIGCHLD Sep 21 07:38:47.993009: | waitpid returned pid 29100 (exited with status 0) Sep 21 07:38:47.993013: | reaped addconn helper child (status 0) Sep 21 07:38:47.993017: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:47.993021: | spent 0.0185 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:38:48.068471: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:38:48.068497: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:38:48.068501: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:38:48.068503: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:38:48.068506: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:38:48.068510: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:38:48.068542: | Added new connection east-any with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO Sep 21 07:38:48.068596: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:38:48.068602: | from whack: got --esp=aes256-sha2 Sep 21 07:38:48.068616: | ESP/AH string values: AES_CBC_256-HMAC_SHA2_256_128 Sep 21 07:38:48.068620: | counting wild cards for (none) is 15 Sep 21 07:38:48.068625: | counting wild cards for 192.1.2.23 is 0 Sep 21 07:38:48.068631: | add new addresspool to global pools 192.0.3.10-192.0.3.19 size 10 ptr 0x55d95539cca0 Sep 21 07:38:48.068637: | based upon policy, the connection is a template. Sep 21 07:38:48.068640: | reference addresspool of conn east-any[0] kind CK_TEMPLATE refcnt 0 Sep 21 07:38:48.068646: | connect_to_host_pair: 192.1.2.23:500 0.0.0.0:500 -> hp@(nil): none Sep 21 07:38:48.068650: | new hp@0x55d9553d6290 Sep 21 07:38:48.068654: added connection description "east-any" Sep 21 07:38:48.068662: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO Sep 21 07:38:48.068671: | 0.0.0.0/0===192.1.2.23<192.1.2.23>[MS+S=C]...%any[+MC+S=C] Sep 21 07:38:48.068676: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:38:48.068682: | spent 0.212 milliseconds in whack Sep 21 07:38:50.268787: | spent 0.0032 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:38:50.268820: | *received 828 bytes from 191.1.2.254:11696 on eth1 (192.1.2.23:500) Sep 21 07:38:50.268824: | 67 c8 93 60 03 6f 31 84 00 00 00 00 00 00 00 00 Sep 21 07:38:50.268826: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:38:50.268829: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:38:50.268831: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:38:50.268833: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:38:50.268836: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:38:50.268838: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:38:50.268840: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:38:50.268843: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:38:50.268848: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:38:50.268851: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:38:50.268853: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:38:50.268855: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:38:50.268858: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:38:50.268860: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:38:50.268862: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:38:50.268865: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:38:50.268867: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:38:50.268869: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:38:50.268871: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:38:50.268874: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:38:50.268876: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:38:50.268878: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:38:50.268881: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:38:50.268883: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:38:50.268885: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:38:50.268888: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:38:50.268890: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:38:50.268892: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:38:50.268894: | 28 00 01 08 00 0e 00 00 98 41 aa 44 24 f7 d9 5b Sep 21 07:38:50.268897: | 3b 39 b0 c7 fd 07 ca 77 f4 81 e6 4e a6 b2 fb d9 Sep 21 07:38:50.268899: | 02 c5 7b 2f 82 7e 01 2d 0d e2 aa d6 a7 8a f7 e2 Sep 21 07:38:50.268902: | 3b ed 0f 32 b3 5e 9b 9f 21 dc a4 ae 5f 18 1a 47 Sep 21 07:38:50.268904: | 29 03 14 c1 ec fa 06 4f fa 9f 91 90 4b d9 b0 ee Sep 21 07:38:50.268906: | 3a 56 f3 f7 08 64 99 ba 1c fe c8 7a 02 b4 ce f5 Sep 21 07:38:50.268908: | 40 66 fc 7b c6 10 3a 3e fd e4 6d 6f d3 02 fd f5 Sep 21 07:38:50.268911: | 01 b9 ac 1e 96 37 3b 79 da d8 90 5e 3c 17 61 a5 Sep 21 07:38:50.268913: | 93 a9 12 5c 74 95 27 19 8e 49 08 72 2c 37 08 72 Sep 21 07:38:50.268915: | 6a 31 45 1a 21 8f 3e a8 91 53 48 f9 b7 9f be 72 Sep 21 07:38:50.268918: | 45 d0 a5 2c 37 32 ae e1 45 f8 54 35 54 c1 61 9b Sep 21 07:38:50.268920: | 22 a2 a6 1c a7 78 18 f4 9b 56 0e 82 24 60 58 9e Sep 21 07:38:50.268922: | c9 fe f9 1d 40 e8 b7 c0 e2 30 13 f5 08 52 ce a0 Sep 21 07:38:50.268924: | 9d 0e b9 a0 2f 46 fa 11 ee 11 62 ed 20 2f aa 02 Sep 21 07:38:50.268927: | 3e ed 64 0d 2a d3 6d 29 9d 6d ba 82 74 d6 46 00 Sep 21 07:38:50.268929: | 43 18 9f 2e 9f a1 60 dd 9b be 13 06 0a d6 d8 33 Sep 21 07:38:50.268931: | 71 02 2b b2 0b 32 23 3c 29 00 00 24 ee 53 7b 7d Sep 21 07:38:50.268934: | a1 6b 4f 29 98 a1 a3 97 16 8e 61 51 eb 82 0d e6 Sep 21 07:38:50.268936: | 77 66 50 fd 59 5c e4 b6 8d fd 37 c1 29 00 00 08 Sep 21 07:38:50.268938: | 00 00 40 2e 29 00 00 1c 00 00 40 04 55 d5 e1 39 Sep 21 07:38:50.268941: | 48 29 fb 1c bb 86 21 b4 40 9e 43 71 9f fb cf 90 Sep 21 07:38:50.268943: | 00 00 00 1c 00 00 40 05 88 68 ac 16 73 c0 0e 6c Sep 21 07:38:50.268945: | 16 a2 d0 a9 45 33 e0 79 3b b5 22 5f Sep 21 07:38:50.268952: | start processing: from 191.1.2.254:11696 (in process_md() at demux.c:378) Sep 21 07:38:50.268955: | **parse ISAKMP Message: Sep 21 07:38:50.268958: | initiator cookie: Sep 21 07:38:50.268960: | 67 c8 93 60 03 6f 31 84 Sep 21 07:38:50.268963: | responder cookie: Sep 21 07:38:50.268965: | 00 00 00 00 00 00 00 00 Sep 21 07:38:50.268967: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:38:50.268970: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:38:50.268973: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:38:50.268976: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:38:50.268980: | Message ID: 0 (0x0) Sep 21 07:38:50.268983: | length: 828 (0x33c) Sep 21 07:38:50.268986: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:38:50.268989: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Sep 21 07:38:50.268993: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Sep 21 07:38:50.268996: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:38:50.268999: | ***parse IKEv2 Security Association Payload: Sep 21 07:38:50.269002: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:38:50.269004: | flags: none (0x0) Sep 21 07:38:50.269007: | length: 436 (0x1b4) Sep 21 07:38:50.269009: | processing payload: ISAKMP_NEXT_v2SA (len=432) Sep 21 07:38:50.269012: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:38:50.269014: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:38:50.269017: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:38:50.269019: | flags: none (0x0) Sep 21 07:38:50.269021: | length: 264 (0x108) Sep 21 07:38:50.269024: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:38:50.269027: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:38:50.269029: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:38:50.269031: | ***parse IKEv2 Nonce Payload: Sep 21 07:38:50.269034: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:38:50.269036: | flags: none (0x0) Sep 21 07:38:50.269039: | length: 36 (0x24) Sep 21 07:38:50.269041: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:38:50.269043: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:38:50.269046: | ***parse IKEv2 Notify Payload: Sep 21 07:38:50.269048: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:38:50.269051: | flags: none (0x0) Sep 21 07:38:50.269053: | length: 8 (0x8) Sep 21 07:38:50.269056: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:50.269058: | SPI size: 0 (0x0) Sep 21 07:38:50.269061: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:38:50.269063: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:38:50.269066: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:38:50.269068: | ***parse IKEv2 Notify Payload: Sep 21 07:38:50.269071: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:38:50.269073: | flags: none (0x0) Sep 21 07:38:50.269075: | length: 28 (0x1c) Sep 21 07:38:50.269078: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:50.269080: | SPI size: 0 (0x0) Sep 21 07:38:50.269082: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:38:50.269085: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:38:50.269088: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:38:50.269090: | ***parse IKEv2 Notify Payload: Sep 21 07:38:50.269093: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:50.269095: | flags: none (0x0) Sep 21 07:38:50.269097: | length: 28 (0x1c) Sep 21 07:38:50.269100: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:50.269102: | SPI size: 0 (0x0) Sep 21 07:38:50.269104: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:38:50.269107: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:38:50.269110: | DDOS disabled and no cookie sent, continuing Sep 21 07:38:50.269115: | find_host_connection local=192.1.2.23:500 remote=191.1.2.254:11696 policy=ECDSA+IKEV2_ALLOW but ignoring ports Sep 21 07:38:50.269119: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Sep 21 07:38:50.269121: | find_next_host_connection returns empty Sep 21 07:38:50.269125: | find_host_connection local=192.1.2.23:500 remote= policy=ECDSA+IKEV2_ALLOW but ignoring ports Sep 21 07:38:50.269130: | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports Sep 21 07:38:50.269133: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Sep 21 07:38:50.269137: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO (east-any) Sep 21 07:38:50.269141: | find_next_host_connection returns empty Sep 21 07:38:50.269145: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW Sep 21 07:38:50.269150: | find_host_connection local=192.1.2.23:500 remote=191.1.2.254:11696 policy=RSASIG+IKEV2_ALLOW but ignoring ports Sep 21 07:38:50.269153: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:38:50.269155: | find_next_host_connection returns empty Sep 21 07:38:50.269159: | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV2_ALLOW but ignoring ports Sep 21 07:38:50.269164: | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports Sep 21 07:38:50.269166: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW Sep 21 07:38:50.269169: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO (east-any) Sep 21 07:38:50.269171: | find_next_host_connection returns empty Sep 21 07:38:50.269175: | initial parent SA message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW Sep 21 07:38:50.269180: | find_host_connection local=192.1.2.23:500 remote=191.1.2.254:11696 policy=PSK+IKEV2_ALLOW but ignoring ports Sep 21 07:38:50.269183: | find_next_host_connection policy=PSK+IKEV2_ALLOW Sep 21 07:38:50.269185: | find_next_host_connection returns empty Sep 21 07:38:50.269189: | find_host_connection local=192.1.2.23:500 remote= policy=PSK+IKEV2_ALLOW but ignoring ports Sep 21 07:38:50.269193: | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports Sep 21 07:38:50.269196: | find_next_host_connection policy=PSK+IKEV2_ALLOW Sep 21 07:38:50.269199: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO (east-any) Sep 21 07:38:50.269201: | find_next_host_connection returns east-any Sep 21 07:38:50.269204: | find_next_host_connection policy=PSK+IKEV2_ALLOW Sep 21 07:38:50.269206: | find_next_host_connection returns empty Sep 21 07:38:50.269208: | rw_instantiate Sep 21 07:38:50.269215: | reference addresspool of conn east-any[1] kind CK_TEMPLATE refcnt 1 Sep 21 07:38:50.269222: | connect_to_host_pair: 192.1.2.23:500 191.1.2.254:500 -> hp@(nil): none Sep 21 07:38:50.269224: | new hp@0x55d95539cbf0 Sep 21 07:38:50.269229: | rw_instantiate() instantiated "east-any"[1] 191.1.2.254 for 191.1.2.254 Sep 21 07:38:50.269233: | found connection: east-any[1] 191.1.2.254 with policy PSK+IKEV2_ALLOW Sep 21 07:38:50.269238: | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports Sep 21 07:38:50.269262: | creating state object #1 at 0x55d95540d560 Sep 21 07:38:50.269265: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:38:50.269272: | pstats #1 ikev2.ike started Sep 21 07:38:50.269276: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:38:50.269279: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Sep 21 07:38:50.269284: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:38:50.269294: | start processing: state #1 connection "east-any"[1] 191.1.2.254 from 191.1.2.254:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:38:50.269297: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:38:50.269303: | [RE]START processing: state #1 connection "east-any"[1] 191.1.2.254 from 191.1.2.254:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:38:50.269306: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:38:50.269314: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 Sep 21 07:38:50.269319: | Message ID: start-responder #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:38:50.269321: | #1 in state PARENT_R0: processing SA_INIT request Sep 21 07:38:50.269329: | selected state microcode Respond to IKE_SA_INIT Sep 21 07:38:50.269332: | Now let's proceed with state specific processing Sep 21 07:38:50.269334: | calling processor Respond to IKE_SA_INIT Sep 21 07:38:50.269340: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:38:50.269344: | constructing local IKE proposals for east-any (IKE SA responder matching remote proposals) Sep 21 07:38:50.269351: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:38:50.269358: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:38:50.269362: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:38:50.269367: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:38:50.269371: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:38:50.269376: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:38:50.269380: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:38:50.269385: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:38:50.269398: "east-any"[1] 191.1.2.254: constructed local IKE proposals for east-any (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:38:50.269402: | Comparing remote proposals against IKE responder 4 local proposals Sep 21 07:38:50.269405: | local proposal 1 type ENCR has 1 transforms Sep 21 07:38:50.269407: | local proposal 1 type PRF has 2 transforms Sep 21 07:38:50.269410: | local proposal 1 type INTEG has 1 transforms Sep 21 07:38:50.269412: | local proposal 1 type DH has 8 transforms Sep 21 07:38:50.269415: | local proposal 1 type ESN has 0 transforms Sep 21 07:38:50.269418: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:38:50.269420: | local proposal 2 type ENCR has 1 transforms Sep 21 07:38:50.269423: | local proposal 2 type PRF has 2 transforms Sep 21 07:38:50.269425: | local proposal 2 type INTEG has 1 transforms Sep 21 07:38:50.269427: | local proposal 2 type DH has 8 transforms Sep 21 07:38:50.269430: | local proposal 2 type ESN has 0 transforms Sep 21 07:38:50.269433: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:38:50.269435: | local proposal 3 type ENCR has 1 transforms Sep 21 07:38:50.269437: | local proposal 3 type PRF has 2 transforms Sep 21 07:38:50.269440: | local proposal 3 type INTEG has 2 transforms Sep 21 07:38:50.269442: | local proposal 3 type DH has 8 transforms Sep 21 07:38:50.269445: | local proposal 3 type ESN has 0 transforms Sep 21 07:38:50.269448: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:38:50.269452: | local proposal 4 type ENCR has 1 transforms Sep 21 07:38:50.269455: | local proposal 4 type PRF has 2 transforms Sep 21 07:38:50.269457: | local proposal 4 type INTEG has 2 transforms Sep 21 07:38:50.269460: | local proposal 4 type DH has 8 transforms Sep 21 07:38:50.269462: | local proposal 4 type ESN has 0 transforms Sep 21 07:38:50.269465: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:38:50.269468: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:38:50.269470: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:38:50.269473: | length: 100 (0x64) Sep 21 07:38:50.269475: | prop #: 1 (0x1) Sep 21 07:38:50.269478: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:38:50.269480: | spi size: 0 (0x0) Sep 21 07:38:50.269482: | # transforms: 11 (0xb) Sep 21 07:38:50.269486: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals Sep 21 07:38:50.269489: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269491: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269493: | length: 12 (0xc) Sep 21 07:38:50.269496: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:38:50.269498: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:38:50.269501: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:38:50.269503: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:38:50.269506: | length/value: 256 (0x100) Sep 21 07:38:50.269510: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:38:50.269513: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269515: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269517: | length: 8 (0x8) Sep 21 07:38:50.269520: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:50.269523: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:38:50.269526: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:38:50.269529: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0 Sep 21 07:38:50.269532: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0 Sep 21 07:38:50.269535: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0 Sep 21 07:38:50.269538: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269540: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269543: | length: 8 (0x8) Sep 21 07:38:50.269545: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:50.269547: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:38:50.269550: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269552: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269555: | length: 8 (0x8) Sep 21 07:38:50.269557: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.269559: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:38:50.269563: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:38:50.269566: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Sep 21 07:38:50.269569: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Sep 21 07:38:50.269572: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Sep 21 07:38:50.269574: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269577: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269579: | length: 8 (0x8) Sep 21 07:38:50.269581: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.269584: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:38:50.269587: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269589: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269593: | length: 8 (0x8) Sep 21 07:38:50.269595: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.269598: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:38:50.269600: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269603: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269605: | length: 8 (0x8) Sep 21 07:38:50.269607: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.269610: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:38:50.269612: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269615: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269617: | length: 8 (0x8) Sep 21 07:38:50.269619: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.269622: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:38:50.269625: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269627: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269629: | length: 8 (0x8) Sep 21 07:38:50.269631: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.269634: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:38:50.269637: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269639: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269641: | length: 8 (0x8) Sep 21 07:38:50.269643: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.269646: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:38:50.269649: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269651: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:38:50.269653: | length: 8 (0x8) Sep 21 07:38:50.269656: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.269658: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:38:50.269662: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:38:50.269666: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:38:50.269669: | remote proposal 1 matches local proposal 1 Sep 21 07:38:50.269672: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:38:50.269674: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:38:50.269676: | length: 100 (0x64) Sep 21 07:38:50.269679: | prop #: 2 (0x2) Sep 21 07:38:50.269681: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:38:50.269683: | spi size: 0 (0x0) Sep 21 07:38:50.269685: | # transforms: 11 (0xb) Sep 21 07:38:50.269689: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:38:50.269691: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269694: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269696: | length: 12 (0xc) Sep 21 07:38:50.269698: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:38:50.269701: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:38:50.269703: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:38:50.269706: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:38:50.269708: | length/value: 128 (0x80) Sep 21 07:38:50.269711: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269713: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269716: | length: 8 (0x8) Sep 21 07:38:50.269718: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:50.269721: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:38:50.269723: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269726: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269728: | length: 8 (0x8) Sep 21 07:38:50.269730: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:50.269733: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:38:50.269735: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269741: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269743: | length: 8 (0x8) Sep 21 07:38:50.269746: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.269748: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:38:50.269751: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269753: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269755: | length: 8 (0x8) Sep 21 07:38:50.269758: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.269760: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:38:50.269763: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269765: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269768: | length: 8 (0x8) Sep 21 07:38:50.269770: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.269772: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:38:50.269775: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269777: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269780: | length: 8 (0x8) Sep 21 07:38:50.269787: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.269793: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:38:50.269795: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269798: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269800: | length: 8 (0x8) Sep 21 07:38:50.269802: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.269805: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:38:50.269808: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269810: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269812: | length: 8 (0x8) Sep 21 07:38:50.269815: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.269817: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:38:50.269820: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269822: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269824: | length: 8 (0x8) Sep 21 07:38:50.269827: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.269829: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:38:50.269832: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269834: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:38:50.269836: | length: 8 (0x8) Sep 21 07:38:50.269838: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.269841: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:38:50.269845: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH Sep 21 07:38:50.269847: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH Sep 21 07:38:50.269850: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:38:50.269852: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:38:50.269855: | length: 116 (0x74) Sep 21 07:38:50.269857: | prop #: 3 (0x3) Sep 21 07:38:50.269859: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:38:50.269862: | spi size: 0 (0x0) Sep 21 07:38:50.269864: | # transforms: 13 (0xd) Sep 21 07:38:50.269867: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:38:50.269870: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269872: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269874: | length: 12 (0xc) Sep 21 07:38:50.269877: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:38:50.269879: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:38:50.269881: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:38:50.269884: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:38:50.269886: | length/value: 256 (0x100) Sep 21 07:38:50.269889: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269892: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269895: | length: 8 (0x8) Sep 21 07:38:50.269898: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:50.269900: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:38:50.269903: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269905: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269907: | length: 8 (0x8) Sep 21 07:38:50.269910: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:50.269912: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:38:50.269915: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269917: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269920: | length: 8 (0x8) Sep 21 07:38:50.269922: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:38:50.269924: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:38:50.269927: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269929: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269932: | length: 8 (0x8) Sep 21 07:38:50.269934: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:38:50.269937: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:38:50.269939: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269942: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269944: | length: 8 (0x8) Sep 21 07:38:50.269946: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.269949: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:38:50.269951: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269954: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269956: | length: 8 (0x8) Sep 21 07:38:50.269958: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.269961: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:38:50.269963: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269966: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269968: | length: 8 (0x8) Sep 21 07:38:50.269970: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.269973: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:38:50.269975: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269978: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269980: | length: 8 (0x8) Sep 21 07:38:50.269982: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.269985: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:38:50.269987: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.269990: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.269992: | length: 8 (0x8) Sep 21 07:38:50.269995: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.269997: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:38:50.270000: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.270002: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.270004: | length: 8 (0x8) Sep 21 07:38:50.270007: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.270009: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:38:50.270012: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.270014: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.270016: | length: 8 (0x8) Sep 21 07:38:50.270019: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.270021: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:38:50.270024: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.270026: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:38:50.270028: | length: 8 (0x8) Sep 21 07:38:50.270031: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.270033: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:38:50.270037: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Sep 21 07:38:50.270040: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Sep 21 07:38:50.270044: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:38:50.270046: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:38:50.270049: | length: 116 (0x74) Sep 21 07:38:50.270051: | prop #: 4 (0x4) Sep 21 07:38:50.270053: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:38:50.270055: | spi size: 0 (0x0) Sep 21 07:38:50.270058: | # transforms: 13 (0xd) Sep 21 07:38:50.270061: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals Sep 21 07:38:50.270063: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.270066: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.270068: | length: 12 (0xc) Sep 21 07:38:50.270070: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:38:50.270073: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:38:50.270075: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:38:50.270078: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:38:50.270080: | length/value: 128 (0x80) Sep 21 07:38:50.270083: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.270085: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.270087: | length: 8 (0x8) Sep 21 07:38:50.270090: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:50.270092: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:38:50.270095: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.270097: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.270099: | length: 8 (0x8) Sep 21 07:38:50.270102: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:50.270104: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:38:50.270107: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.270109: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.270111: | length: 8 (0x8) Sep 21 07:38:50.270114: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:38:50.270116: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:38:50.270119: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.270122: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.270124: | length: 8 (0x8) Sep 21 07:38:50.270126: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:38:50.270129: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:38:50.270131: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.270134: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.270136: | length: 8 (0x8) Sep 21 07:38:50.270138: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.270141: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:38:50.270143: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.270146: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.270148: | length: 8 (0x8) Sep 21 07:38:50.270150: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.270153: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:38:50.270155: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.270158: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.270160: | length: 8 (0x8) Sep 21 07:38:50.270163: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.270165: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:38:50.270168: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.270170: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.270172: | length: 8 (0x8) Sep 21 07:38:50.270175: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.270177: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:38:50.270180: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.270182: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.270185: | length: 8 (0x8) Sep 21 07:38:50.270187: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.270191: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:38:50.270193: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.270196: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.270198: | length: 8 (0x8) Sep 21 07:38:50.270200: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.270203: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:38:50.270206: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.270208: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.270210: | length: 8 (0x8) Sep 21 07:38:50.270213: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.270215: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:38:50.270218: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.270220: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:38:50.270223: | length: 8 (0x8) Sep 21 07:38:50.270225: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.270228: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:38:50.270231: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Sep 21 07:38:50.270234: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Sep 21 07:38:50.270240: "east-any"[1] 191.1.2.254 #1: proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 Sep 21 07:38:50.270245: | accepted IKE proposal ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048 Sep 21 07:38:50.270248: | converting proposal to internal trans attrs Sep 21 07:38:50.270252: | natd_hash: rcookie is zero Sep 21 07:38:50.270268: | natd_hash: hasher=0x55d95436d7a0(20) Sep 21 07:38:50.270271: | natd_hash: icookie= 67 c8 93 60 03 6f 31 84 Sep 21 07:38:50.270274: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:38:50.270276: | natd_hash: ip= c0 01 02 17 Sep 21 07:38:50.270278: | natd_hash: port= 01 f4 Sep 21 07:38:50.270281: | natd_hash: hash= 88 68 ac 16 73 c0 0e 6c 16 a2 d0 a9 45 33 e0 79 Sep 21 07:38:50.270283: | natd_hash: hash= 3b b5 22 5f Sep 21 07:38:50.270285: | natd_hash: rcookie is zero Sep 21 07:38:50.270291: | natd_hash: hasher=0x55d95436d7a0(20) Sep 21 07:38:50.270293: | natd_hash: icookie= 67 c8 93 60 03 6f 31 84 Sep 21 07:38:50.270296: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:38:50.270298: | natd_hash: ip= bf 01 02 fe Sep 21 07:38:50.270300: | natd_hash: port= 2d b0 Sep 21 07:38:50.270303: | natd_hash: hash= 6b 91 d6 67 ca bd e0 b9 f8 70 96 6b 02 45 be 43 Sep 21 07:38:50.270305: | natd_hash: hash= 99 c0 6b 93 Sep 21 07:38:50.270307: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:38:50.270310: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:38:50.270313: | NAT_TRAVERSAL that end is behind NAT 191.1.2.254 Sep 21 07:38:50.270316: | NAT_TRAVERSAL nat-keepalive enabled 191.1.2.254 Sep 21 07:38:50.270321: | adding ikev2_inI1outR1 KE work-order 1 for state #1 Sep 21 07:38:50.270324: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55d95540f6d0 Sep 21 07:38:50.270328: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:38:50.270332: | libevent_malloc: new ptr-libevent@0x55d95540f710 size 128 Sep 21 07:38:50.270343: | #1 spent 1 milliseconds in processing: Respond to IKE_SA_INIT in ikev2_process_state_packet() Sep 21 07:38:50.270352: | [RE]START processing: state #1 connection "east-any"[1] 191.1.2.254 from 191.1.2.254:11696 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:38:50.270356: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Sep 21 07:38:50.270359: | suspending state #1 and saving MD Sep 21 07:38:50.270361: | #1 is busy; has a suspended MD Sep 21 07:38:50.270367: | [RE]START processing: state #1 connection "east-any"[1] 191.1.2.254 from 191.1.2.254:11696 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:38:50.270371: | "east-any"[1] 191.1.2.254 #1 complete v2 state STATE_PARENT_R0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:38:50.270376: | stop processing: state #1 connection "east-any"[1] 191.1.2.254 from 191.1.2.254:11696 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:38:50.270380: | #1 spent 1.58 milliseconds in ikev2_process_packet() Sep 21 07:38:50.270385: | stop processing: from 191.1.2.254:11696 (in process_md() at demux.c:380) Sep 21 07:38:50.270387: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:38:50.270390: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:38:50.270394: | spent 1.59 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:38:50.270406: | crypto helper 6 resuming Sep 21 07:38:50.270410: | crypto helper 6 starting work-order 1 for state #1 Sep 21 07:38:50.270414: | crypto helper 6 doing build KE and nonce (ikev2_inI1outR1 KE); request ID 1 Sep 21 07:38:50.271477: | crypto helper 6 finished build KE and nonce (ikev2_inI1outR1 KE); request ID 1 time elapsed 0.001062 seconds Sep 21 07:38:50.271488: | (#1) spent 1.05 milliseconds in crypto helper computing work-order 1: ikev2_inI1outR1 KE (pcr) Sep 21 07:38:50.271491: | crypto helper 6 sending results from work-order 1 for state #1 to event queue Sep 21 07:38:50.271494: | scheduling resume sending helper answer for #1 Sep 21 07:38:50.271497: | libevent_malloc: new ptr-libevent@0x7fb55c006900 size 128 Sep 21 07:38:50.271506: | crypto helper 6 waiting (nothing to do) Sep 21 07:38:50.271519: | processing resume sending helper answer for #1 Sep 21 07:38:50.271532: | start processing: state #1 connection "east-any"[1] 191.1.2.254 from 191.1.2.254:11696 (in resume_handler() at server.c:797) Sep 21 07:38:50.271537: | crypto helper 6 replies to request ID 1 Sep 21 07:38:50.271540: | calling continuation function 0x55d954297630 Sep 21 07:38:50.271543: | ikev2_parent_inI1outR1_continue for #1: calculated ke+nonce, sending R1 Sep 21 07:38:50.271574: | **emit ISAKMP Message: Sep 21 07:38:50.271578: | initiator cookie: Sep 21 07:38:50.271580: | 67 c8 93 60 03 6f 31 84 Sep 21 07:38:50.271582: | responder cookie: Sep 21 07:38:50.271584: | 83 e4 69 1f 9d e7 5c 92 Sep 21 07:38:50.271587: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:38:50.271590: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:38:50.271593: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:38:50.271596: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:38:50.271598: | Message ID: 0 (0x0) Sep 21 07:38:50.271601: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:38:50.271604: | Emitting ikev2_proposal ... Sep 21 07:38:50.271606: | ***emit IKEv2 Security Association Payload: Sep 21 07:38:50.271609: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:50.271611: | flags: none (0x0) Sep 21 07:38:50.271614: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:38:50.271617: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:38:50.271620: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:38:50.271622: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:38:50.271627: | prop #: 1 (0x1) Sep 21 07:38:50.271630: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:38:50.271632: | spi size: 0 (0x0) Sep 21 07:38:50.271634: | # transforms: 3 (0x3) Sep 21 07:38:50.271637: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:38:50.271640: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:50.271642: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.271645: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:38:50.271648: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:38:50.271651: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:50.271653: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:38:50.271656: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:38:50.271658: | length/value: 256 (0x100) Sep 21 07:38:50.271661: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:38:50.271664: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:50.271666: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.271669: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:38:50.271671: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:38:50.271674: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.271677: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:50.271680: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:50.271682: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:38:50.271684: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:38:50.271687: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:38:50.271689: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:38:50.271692: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.271695: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:50.271697: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:50.271700: | emitting length of IKEv2 Proposal Substructure Payload: 36 Sep 21 07:38:50.271703: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:38:50.271705: | emitting length of IKEv2 Security Association Payload: 40 Sep 21 07:38:50.271708: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:38:50.271711: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:38:50.271714: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:50.271716: | flags: none (0x0) Sep 21 07:38:50.271718: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:38:50.271721: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:38:50.271724: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:38:50.271727: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:38:50.271730: | ikev2 g^x f4 13 90 36 37 b8 51 6c d8 5b ab c9 42 e0 50 51 Sep 21 07:38:50.271732: | ikev2 g^x b1 63 95 24 61 8e 1a 7c 45 fc c8 d6 0c 0f a9 18 Sep 21 07:38:50.271735: | ikev2 g^x 1c bb 00 83 de e1 0b dd 4c e0 bd 7a 36 1d db bb Sep 21 07:38:50.271737: | ikev2 g^x eb 56 9f d2 3f 98 e7 a9 85 ab 5f 2e d0 51 9c 72 Sep 21 07:38:50.271739: | ikev2 g^x da 9f 70 96 a4 5b 6e 68 f3 76 66 77 c1 7d e4 4c Sep 21 07:38:50.271741: | ikev2 g^x 97 ca e3 42 c3 dd 9d 20 3c 6f f9 24 32 09 4e b6 Sep 21 07:38:50.271745: | ikev2 g^x d1 54 41 fb 5f f7 24 a2 b9 e5 e7 af 13 7d 7e 93 Sep 21 07:38:50.271747: | ikev2 g^x 79 a3 30 26 05 2b 2d 02 c0 fc 8f 59 77 a4 16 ff Sep 21 07:38:50.271750: | ikev2 g^x ce 20 58 a9 5a 9d 10 0b 5d 08 cf 22 1a 0e 58 eb Sep 21 07:38:50.271752: | ikev2 g^x 53 9e 36 48 46 11 17 7e 0c 80 3b 92 53 3e 02 73 Sep 21 07:38:50.271754: | ikev2 g^x 4e 61 e7 e0 36 ac ad a3 01 74 d2 24 68 59 63 b8 Sep 21 07:38:50.271756: | ikev2 g^x 54 13 35 dc 88 36 c6 79 e8 e7 f4 b2 d1 66 43 0c Sep 21 07:38:50.271759: | ikev2 g^x 24 54 b1 d4 0d 66 47 90 88 59 17 81 5e 81 5b c8 Sep 21 07:38:50.271761: | ikev2 g^x 6b b6 15 5a 93 78 db 0a 9b 45 bc 7b 32 bb 4e 51 Sep 21 07:38:50.271763: | ikev2 g^x 06 fc 65 21 f2 95 c1 04 07 eb f4 ea 4c 26 ea 4e Sep 21 07:38:50.271765: | ikev2 g^x a1 9c 5a 39 81 15 a0 3c 27 7c be 1b 2e a9 c8 f0 Sep 21 07:38:50.271768: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:38:50.271771: | ***emit IKEv2 Nonce Payload: Sep 21 07:38:50.271773: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:38:50.271775: | flags: none (0x0) Sep 21 07:38:50.271778: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:38:50.271781: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:38:50.271792: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:38:50.271795: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:38:50.271798: | IKEv2 nonce f1 ea 90 ca 3e a9 2a 66 86 d8 d5 02 d7 c5 be 9b Sep 21 07:38:50.271800: | IKEv2 nonce 73 c4 78 ae fc 27 72 72 d7 91 78 cd 5b 25 b1 4c Sep 21 07:38:50.271802: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:38:50.271805: | Adding a v2N Payload Sep 21 07:38:50.271807: | ***emit IKEv2 Notify Payload: Sep 21 07:38:50.271810: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:50.271812: | flags: none (0x0) Sep 21 07:38:50.271815: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:50.271817: | SPI size: 0 (0x0) Sep 21 07:38:50.271820: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:38:50.271823: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:38:50.271825: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:38:50.271828: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:38:50.271831: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:38:50.271843: | natd_hash: hasher=0x55d95436d7a0(20) Sep 21 07:38:50.271846: | natd_hash: icookie= 67 c8 93 60 03 6f 31 84 Sep 21 07:38:50.271848: | natd_hash: rcookie= 83 e4 69 1f 9d e7 5c 92 Sep 21 07:38:50.271850: | natd_hash: ip= c0 01 02 17 Sep 21 07:38:50.271852: | natd_hash: port= 01 f4 Sep 21 07:38:50.271855: | natd_hash: hash= 33 fb 32 c0 f2 fb 06 e0 e2 ce 0b dd 8f 9f 28 7a Sep 21 07:38:50.271857: | natd_hash: hash= 1b e1 29 69 Sep 21 07:38:50.271859: | Adding a v2N Payload Sep 21 07:38:50.271861: | ***emit IKEv2 Notify Payload: Sep 21 07:38:50.271864: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:50.271866: | flags: none (0x0) Sep 21 07:38:50.271869: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:50.271871: | SPI size: 0 (0x0) Sep 21 07:38:50.271873: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:38:50.271876: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:38:50.271879: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:38:50.271882: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:38:50.271884: | Notify data 33 fb 32 c0 f2 fb 06 e0 e2 ce 0b dd 8f 9f 28 7a Sep 21 07:38:50.271888: | Notify data 1b e1 29 69 Sep 21 07:38:50.271890: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:38:50.271896: | natd_hash: hasher=0x55d95436d7a0(20) Sep 21 07:38:50.271899: | natd_hash: icookie= 67 c8 93 60 03 6f 31 84 Sep 21 07:38:50.271901: | natd_hash: rcookie= 83 e4 69 1f 9d e7 5c 92 Sep 21 07:38:50.271903: | natd_hash: ip= bf 01 02 fe Sep 21 07:38:50.271905: | natd_hash: port= 2d b0 Sep 21 07:38:50.271908: | natd_hash: hash= 5d e4 36 27 e1 4e e4 1a c7 50 71 52 65 15 9f b7 Sep 21 07:38:50.271910: | natd_hash: hash= 34 34 35 52 Sep 21 07:38:50.271912: | Adding a v2N Payload Sep 21 07:38:50.271914: | ***emit IKEv2 Notify Payload: Sep 21 07:38:50.271916: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:50.271919: | flags: none (0x0) Sep 21 07:38:50.271921: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:50.271923: | SPI size: 0 (0x0) Sep 21 07:38:50.271926: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:38:50.271929: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:38:50.271931: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:38:50.271934: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:38:50.271936: | Notify data 5d e4 36 27 e1 4e e4 1a c7 50 71 52 65 15 9f b7 Sep 21 07:38:50.271939: | Notify data 34 34 35 52 Sep 21 07:38:50.271941: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:38:50.271943: | emitting length of ISAKMP Message: 432 Sep 21 07:38:50.271951: | [RE]START processing: state #1 connection "east-any"[1] 191.1.2.254 from 191.1.2.254:11696 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:38:50.271954: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Sep 21 07:38:50.271957: | IKEv2: transition from state STATE_PARENT_R0 to state STATE_PARENT_R1 Sep 21 07:38:50.271961: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Sep 21 07:38:50.271964: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:38:50.271969: | Message ID: recv #1 request 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:38:50.271973: | Message ID: sent #1 response 0; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=-1->0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:38:50.271979: "east-any"[1] 191.1.2.254 #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:38:50.271984: | sending V2 new request packet to 191.1.2.254:11696 (from 192.1.2.23:500) Sep 21 07:38:50.271990: | sending 432 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 191.1.2.254:11696 (using #1) Sep 21 07:38:50.271992: | 67 c8 93 60 03 6f 31 84 83 e4 69 1f 9d e7 5c 92 Sep 21 07:38:50.271995: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Sep 21 07:38:50.271997: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:38:50.271999: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:38:50.272001: | 04 00 00 0e 28 00 01 08 00 0e 00 00 f4 13 90 36 Sep 21 07:38:50.272004: | 37 b8 51 6c d8 5b ab c9 42 e0 50 51 b1 63 95 24 Sep 21 07:38:50.272006: | 61 8e 1a 7c 45 fc c8 d6 0c 0f a9 18 1c bb 00 83 Sep 21 07:38:50.272008: | de e1 0b dd 4c e0 bd 7a 36 1d db bb eb 56 9f d2 Sep 21 07:38:50.272010: | 3f 98 e7 a9 85 ab 5f 2e d0 51 9c 72 da 9f 70 96 Sep 21 07:38:50.272013: | a4 5b 6e 68 f3 76 66 77 c1 7d e4 4c 97 ca e3 42 Sep 21 07:38:50.272015: | c3 dd 9d 20 3c 6f f9 24 32 09 4e b6 d1 54 41 fb Sep 21 07:38:50.272017: | 5f f7 24 a2 b9 e5 e7 af 13 7d 7e 93 79 a3 30 26 Sep 21 07:38:50.272019: | 05 2b 2d 02 c0 fc 8f 59 77 a4 16 ff ce 20 58 a9 Sep 21 07:38:50.272022: | 5a 9d 10 0b 5d 08 cf 22 1a 0e 58 eb 53 9e 36 48 Sep 21 07:38:50.272026: | 46 11 17 7e 0c 80 3b 92 53 3e 02 73 4e 61 e7 e0 Sep 21 07:38:50.272028: | 36 ac ad a3 01 74 d2 24 68 59 63 b8 54 13 35 dc Sep 21 07:38:50.272030: | 88 36 c6 79 e8 e7 f4 b2 d1 66 43 0c 24 54 b1 d4 Sep 21 07:38:50.272033: | 0d 66 47 90 88 59 17 81 5e 81 5b c8 6b b6 15 5a Sep 21 07:38:50.272035: | 93 78 db 0a 9b 45 bc 7b 32 bb 4e 51 06 fc 65 21 Sep 21 07:38:50.272037: | f2 95 c1 04 07 eb f4 ea 4c 26 ea 4e a1 9c 5a 39 Sep 21 07:38:50.272039: | 81 15 a0 3c 27 7c be 1b 2e a9 c8 f0 29 00 00 24 Sep 21 07:38:50.272042: | f1 ea 90 ca 3e a9 2a 66 86 d8 d5 02 d7 c5 be 9b Sep 21 07:38:50.272044: | 73 c4 78 ae fc 27 72 72 d7 91 78 cd 5b 25 b1 4c Sep 21 07:38:50.272046: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:38:50.272048: | 33 fb 32 c0 f2 fb 06 e0 e2 ce 0b dd 8f 9f 28 7a Sep 21 07:38:50.272050: | 1b e1 29 69 00 00 00 1c 00 00 40 05 5d e4 36 27 Sep 21 07:38:50.272053: | e1 4e e4 1a c7 50 71 52 65 15 9f b7 34 34 35 52 Sep 21 07:38:50.272115: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:38:50.272120: | libevent_free: release ptr-libevent@0x55d95540f710 Sep 21 07:38:50.272123: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55d95540f6d0 Sep 21 07:38:50.272126: | event_schedule: new EVENT_SO_DISCARD-pe@0x55d95540f6d0 Sep 21 07:38:50.272130: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Sep 21 07:38:50.272132: | libevent_malloc: new ptr-libevent@0x55d95540f710 size 128 Sep 21 07:38:50.272136: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:38:50.272142: | #1 spent 0.562 milliseconds in resume sending helper answer Sep 21 07:38:50.272148: | stop processing: state #1 connection "east-any"[1] 191.1.2.254 from 191.1.2.254:11696 (in resume_handler() at server.c:833) Sep 21 07:38:50.272151: | libevent_free: release ptr-libevent@0x7fb55c006900 Sep 21 07:38:50.275457: | spent 0.00208 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:38:50.275479: | *received 269 bytes from 191.1.2.254:11738 on eth1 (192.1.2.23:4500) Sep 21 07:38:50.275483: | 67 c8 93 60 03 6f 31 84 83 e4 69 1f 9d e7 5c 92 Sep 21 07:38:50.275485: | 2e 20 23 08 00 00 00 01 00 00 01 0d 23 00 00 f1 Sep 21 07:38:50.275487: | a2 57 f5 3a 12 f1 b2 20 96 7e 51 04 1c 71 48 9f Sep 21 07:38:50.275490: | aa d3 60 ac dd 80 53 0a 04 c6 1c db 48 e0 10 98 Sep 21 07:38:50.275492: | b3 db 2c ee e6 14 92 69 bf 17 57 80 72 21 1e f0 Sep 21 07:38:50.275494: | fa ff e3 cb a9 4f d1 7c b6 ca ab 92 b6 c8 34 d7 Sep 21 07:38:50.275496: | f4 0e ad 96 9b 85 2c 06 e1 7c 52 dd 8e fd d8 e0 Sep 21 07:38:50.275499: | f0 51 cf eb 7c b1 44 bc 74 4a f3 59 47 6f 1b 22 Sep 21 07:38:50.275501: | a8 80 3f 10 75 9f be 15 14 7b 6f c0 29 79 16 2e Sep 21 07:38:50.275503: | 78 5c 00 8e f0 f5 0a 5a bd ec 6b 8b 93 fe ac 28 Sep 21 07:38:50.275505: | 12 bf fe c1 50 5b 12 b1 cb 6b ce f6 80 0d 80 8a Sep 21 07:38:50.275508: | eb 7f 81 9d 3b 59 9c 7a 74 d9 16 85 a7 1e e6 26 Sep 21 07:38:50.275510: | 0d 7c 10 33 87 8a 54 1c 5c 27 aa 60 4a ac c3 3a Sep 21 07:38:50.275512: | ee 29 b8 70 0b f1 9c 70 36 66 84 02 72 87 9d fe Sep 21 07:38:50.275515: | 03 5c 76 e9 4d f5 0a 70 c5 6e e3 9b 41 82 17 f1 Sep 21 07:38:50.275517: | 73 32 70 aa 3e c3 b4 13 d1 57 9e ad a4 4a 22 e6 Sep 21 07:38:50.275519: | 68 f2 76 1d 87 0f f6 1f 01 8f 7c 5d f7 Sep 21 07:38:50.275524: | start processing: from 191.1.2.254:11738 (in process_md() at demux.c:378) Sep 21 07:38:50.275527: | **parse ISAKMP Message: Sep 21 07:38:50.275530: | initiator cookie: Sep 21 07:38:50.275532: | 67 c8 93 60 03 6f 31 84 Sep 21 07:38:50.275534: | responder cookie: Sep 21 07:38:50.275536: | 83 e4 69 1f 9d e7 5c 92 Sep 21 07:38:50.275539: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:38:50.275542: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:38:50.275544: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:38:50.275550: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:38:50.275552: | Message ID: 1 (0x1) Sep 21 07:38:50.275555: | length: 269 (0x10d) Sep 21 07:38:50.275558: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:38:50.275561: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Sep 21 07:38:50.275565: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Sep 21 07:38:50.275572: | start processing: state #1 connection "east-any"[1] 191.1.2.254 from 191.1.2.254:11696 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:38:50.275575: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:38:50.275581: | [RE]START processing: state #1 connection "east-any"[1] 191.1.2.254 from 191.1.2.254:11696 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:38:50.275584: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:38:50.275588: | Message ID: #1 not a duplicate - message is new; initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 Sep 21 07:38:50.275590: | unpacking clear payload Sep 21 07:38:50.275596: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:38:50.275599: | ***parse IKEv2 Encryption Payload: Sep 21 07:38:50.275602: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:38:50.275604: | flags: none (0x0) Sep 21 07:38:50.275607: | length: 241 (0xf1) Sep 21 07:38:50.275609: | processing payload: ISAKMP_NEXT_v2SK (len=237) Sep 21 07:38:50.275614: | Message ID: start-responder #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:38:50.275616: | #1 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:38:50.275619: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Sep 21 07:38:50.275621: | Now let's proceed with state specific processing Sep 21 07:38:50.275624: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Sep 21 07:38:50.275627: | ikev2 parent inI2outR2: calculating g^{xy} in order to decrypt I2 Sep 21 07:38:50.275631: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:38:50.275634: | adding ikev2_inI2outR2 KE work-order 2 for state #1 Sep 21 07:38:50.275637: | state #1 requesting EVENT_SO_DISCARD to be deleted Sep 21 07:38:50.275640: | libevent_free: release ptr-libevent@0x55d95540f710 Sep 21 07:38:50.275643: | free_event_entry: release EVENT_SO_DISCARD-pe@0x55d95540f6d0 Sep 21 07:38:50.275646: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55d95540f6d0 Sep 21 07:38:50.275649: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:38:50.275652: | libevent_malloc: new ptr-libevent@0x55d95540f710 size 128 Sep 21 07:38:50.275662: | #1 spent 0.0338 milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in ikev2_process_state_packet() Sep 21 07:38:50.275664: | crypto helper 4 resuming Sep 21 07:38:50.275675: | crypto helper 4 starting work-order 2 for state #1 Sep 21 07:38:50.275680: | crypto helper 4 doing compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 Sep 21 07:38:50.275668: | [RE]START processing: state #1 connection "east-any"[1] 191.1.2.254 from 191.1.2.254:11696 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:38:50.275711: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND Sep 21 07:38:50.275714: | suspending state #1 and saving MD Sep 21 07:38:50.275717: | #1 is busy; has a suspended MD Sep 21 07:38:50.275723: | [RE]START processing: state #1 connection "east-any"[1] 191.1.2.254 from 191.1.2.254:11696 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:38:50.275727: | "east-any"[1] 191.1.2.254 #1 complete v2 state STATE_PARENT_R1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:38:50.275733: | stop processing: state #1 connection "east-any"[1] 191.1.2.254 from 191.1.2.254:11696 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:38:50.275737: | #1 spent 0.232 milliseconds in ikev2_process_packet() Sep 21 07:38:50.275743: | stop processing: from 191.1.2.254:11738 (in process_md() at demux.c:380) Sep 21 07:38:50.275746: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:38:50.275749: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:38:50.275753: | spent 0.248 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:38:50.276647: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:38:50.277083: | crypto helper 4 finished compute dh (V2) (ikev2_inI2outR2 KE); request ID 2 time elapsed 0.001403 seconds Sep 21 07:38:50.277092: | (#1) spent 1.4 milliseconds in crypto helper computing work-order 2: ikev2_inI2outR2 KE (pcr) Sep 21 07:38:50.277095: | crypto helper 4 sending results from work-order 2 for state #1 to event queue Sep 21 07:38:50.277098: | scheduling resume sending helper answer for #1 Sep 21 07:38:50.277101: | libevent_malloc: new ptr-libevent@0x7fb554006b90 size 128 Sep 21 07:38:50.277109: | crypto helper 4 waiting (nothing to do) Sep 21 07:38:50.277117: | processing resume sending helper answer for #1 Sep 21 07:38:50.277128: | start processing: state #1 connection "east-any"[1] 191.1.2.254 from 191.1.2.254:11696 (in resume_handler() at server.c:797) Sep 21 07:38:50.277137: | crypto helper 4 replies to request ID 2 Sep 21 07:38:50.277139: | calling continuation function 0x55d954297630 Sep 21 07:38:50.277142: | ikev2_parent_inI2outR2_continue for #1: calculating g^{xy}, sending R2 Sep 21 07:38:50.277145: | #1 in state PARENT_R1: received v2I1, sent v2R1 Sep 21 07:38:50.277157: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:38:50.277160: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Sep 21 07:38:50.277163: | **parse IKEv2 Identification - Initiator - Payload: Sep 21 07:38:50.277166: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:38:50.277168: | flags: none (0x0) Sep 21 07:38:50.277171: | length: 12 (0xc) Sep 21 07:38:50.277173: | ID type: ID_IPV4_ADDR (0x1) Sep 21 07:38:50.277176: | processing payload: ISAKMP_NEXT_v2IDi (len=4) Sep 21 07:38:50.277178: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:38:50.277181: | **parse IKEv2 Authentication Payload: Sep 21 07:38:50.277183: | next payload type: ISAKMP_NEXT_v2CP (0x2f) Sep 21 07:38:50.277186: | flags: none (0x0) Sep 21 07:38:50.277188: | length: 72 (0x48) Sep 21 07:38:50.277191: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:38:50.277193: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Sep 21 07:38:50.277196: | Now let's proceed with payload (ISAKMP_NEXT_v2CP) Sep 21 07:38:50.277198: | **parse IKEv2 Configuration Payload: Sep 21 07:38:50.277201: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:38:50.277203: | flags: none (0x0) Sep 21 07:38:50.277205: | length: 28 (0x1c) Sep 21 07:38:50.277208: | ikev2_cfg_type: IKEv2_CP_CFG_REQUEST (0x1) Sep 21 07:38:50.277210: | processing payload: ISAKMP_NEXT_v2CP (len=20) Sep 21 07:38:50.277212: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:38:50.277215: | **parse IKEv2 Security Association Payload: Sep 21 07:38:50.277217: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:38:50.277220: | flags: none (0x0) Sep 21 07:38:50.277222: | length: 44 (0x2c) Sep 21 07:38:50.277224: | processing payload: ISAKMP_NEXT_v2SA (len=40) Sep 21 07:38:50.277227: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:38:50.277229: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:38:50.277232: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:38:50.277234: | flags: none (0x0) Sep 21 07:38:50.277236: | length: 24 (0x18) Sep 21 07:38:50.277238: | number of TS: 1 (0x1) Sep 21 07:38:50.277241: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:38:50.277243: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:38:50.277246: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:38:50.277248: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:38:50.277254: | flags: none (0x0) Sep 21 07:38:50.277256: | length: 24 (0x18) Sep 21 07:38:50.277258: | number of TS: 1 (0x1) Sep 21 07:38:50.277261: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:38:50.277263: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:38:50.277266: | **parse IKEv2 Notify Payload: Sep 21 07:38:50.277268: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:50.277271: | flags: none (0x0) Sep 21 07:38:50.277273: | length: 8 (0x8) Sep 21 07:38:50.277275: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:50.277278: | SPI size: 0 (0x0) Sep 21 07:38:50.277281: | Notify Message Type: v2N_MOBIKE_SUPPORTED (0x400c) Sep 21 07:38:50.277283: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:38:50.277286: | selected state microcode Responder: process IKE_AUTH request Sep 21 07:38:50.277288: | Now let's proceed with state specific processing Sep 21 07:38:50.277290: | calling processor Responder: process IKE_AUTH request Sep 21 07:38:50.277297: "east-any"[1] 191.1.2.254 #1: processing decrypted IKE_AUTH request: SK{IDi,AUTH,CP,SA,TSi,TSr,N} Sep 21 07:38:50.277304: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:4500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:38:50.277307: | parsing 4 raw bytes of IKEv2 Identification - Initiator - Payload into peer ID Sep 21 07:38:50.277310: | peer ID c0 01 03 d1 Sep 21 07:38:50.277314: | refine_host_connection for IKEv2: starting with "east-any"[1] 191.1.2.254 Sep 21 07:38:50.277319: | match_id a=192.1.3.209 Sep 21 07:38:50.277322: | b=191.1.2.254 Sep 21 07:38:50.277325: | results fail Sep 21 07:38:50.277331: | refine_host_connection: checking "east-any"[1] 191.1.2.254 against "east-any"[1] 191.1.2.254, best=(none) with match=0(id=0(0)/ca=1(0)/reqca=1(0)) Sep 21 07:38:50.277333: | Warning: not switching back to template of current instance Sep 21 07:38:50.277335: | No IDr payload received from peer Sep 21 07:38:50.277337: | skipping because peer_id does not match Sep 21 07:38:50.277340: | refine going into 2nd loop allowing instantiated conns as well Sep 21 07:38:50.277345: | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports Sep 21 07:38:50.277348: | match_id a=192.1.3.209 Sep 21 07:38:50.277351: | b=(none) Sep 21 07:38:50.277353: | results matched Sep 21 07:38:50.277358: | refine_host_connection: checking "east-any"[1] 191.1.2.254 against "east-any", best=(none) with match=1(id=1(15)/ca=1(0)/reqca=1(0)) Sep 21 07:38:50.277360: | Warning: not switching back to template of current instance Sep 21 07:38:50.277362: | No IDr payload received from peer Sep 21 07:38:50.277366: | refine_host_connection: checked east-any[1] 191.1.2.254 against east-any, now for see if best Sep 21 07:38:50.277370: | started looking for secret for 192.1.2.23->(none) of kind PKK_PSK Sep 21 07:38:50.277372: | instantiating him to %ANYADDR Sep 21 07:38:50.277375: | actually looking for secret for 192.1.2.23->%any of kind PKK_PSK Sep 21 07:38:50.277379: | line 1: key type PKK_PSK(192.1.2.23) to type PKK_PSK Sep 21 07:38:50.277383: | 1: compared key (none) to 192.1.2.23 / %any -> 002 Sep 21 07:38:50.277387: | 2: compared key (none) to 192.1.2.23 / %any -> 002 Sep 21 07:38:50.277390: | line 1: match=002 Sep 21 07:38:50.277393: | match 002 beats previous best_match 000 match=0x55d9553ff030 (line=1) Sep 21 07:38:50.277395: | concluding with best_match=002 best=0x55d9553ff030 (lineno=1) Sep 21 07:38:50.277398: | refine_host_connection: picking new best "east-any" (wild=15, peer_pathlen=0/our=0) Sep 21 07:38:50.277401: | returning since no better match than original best_found Sep 21 07:38:50.277405: "east-any"[1] 191.1.2.254 #1: switched from "east-any"[1] 191.1.2.254 to "east-any" Sep 21 07:38:50.277409: | match_id a=192.1.3.209 Sep 21 07:38:50.277412: | b=(none) Sep 21 07:38:50.277414: | results matched Sep 21 07:38:50.277418: | reference addresspool of conn east-any[2] kind CK_TEMPLATE refcnt 2 Sep 21 07:38:50.277425: | find_host_pair: comparing 192.1.2.23:500 to 191.1.2.254:500 but ignoring ports Sep 21 07:38:50.277430: | connect_to_host_pair: 192.1.2.23:500 191.1.2.254:500 -> hp@0x55d95539cbf0: east-any Sep 21 07:38:50.277434: | rw_instantiate() instantiated "east-any"[2] 191.1.2.254 for 191.1.2.254 Sep 21 07:38:50.277439: | in connection_discard for connection east-any Sep 21 07:38:50.277442: | connection is instance Sep 21 07:38:50.277444: | not in pending use Sep 21 07:38:50.277447: | State DB: state not found (connection_discard) Sep 21 07:38:50.277449: | no states use this connection instance, deleting Sep 21 07:38:50.277453: | start processing: connection "east-any"[1] 191.1.2.254 (BACKGROUND) (in delete_connection() at connections.c:189) Sep 21 07:38:50.277459: "east-any"[2] 191.1.2.254 #1: deleting connection "east-any"[1] 191.1.2.254 instance with peer 191.1.2.254 {isakmp=#0/ipsec=#0} Sep 21 07:38:50.277462: | Deleting states for connection - not including other IPsec SA's Sep 21 07:38:50.277464: | pass 0 Sep 21 07:38:50.277467: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:38:50.277469: | state #1 Sep 21 07:38:50.277471: | pass 1 Sep 21 07:38:50.277473: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:38:50.277476: | state #1 Sep 21 07:38:50.277479: | unreference addresspool of conn east-any[1] kind CK_GOING_AWAY refcnt 3 Sep 21 07:38:50.277482: | flush revival: connection 'east-any' wasn't on the list Sep 21 07:38:50.277486: | stop processing: connection "east-any"[1] 191.1.2.254 (BACKGROUND) (in discard_connection() at connections.c:249) Sep 21 07:38:50.277489: | retrying ikev2_decode_peer_id_and_certs() with new conn Sep 21 07:38:50.277492: | parsing 4 raw bytes of IKEv2 Identification - Initiator - Payload into peer ID Sep 21 07:38:50.277494: | peer ID c0 01 03 d1 Sep 21 07:38:50.277498: | refine_host_connection for IKEv2: starting with "east-any"[2] 191.1.2.254 Sep 21 07:38:50.277501: | match_id a=192.1.3.209 Sep 21 07:38:50.277504: | b=192.1.3.209 Sep 21 07:38:50.277506: | results matched Sep 21 07:38:50.277512: | refine_host_connection: checking "east-any"[2] 191.1.2.254 against "east-any"[2] 191.1.2.254, best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) Sep 21 07:38:50.277514: | Warning: not switching back to template of current instance Sep 21 07:38:50.277516: | No IDr payload received from peer Sep 21 07:38:50.277521: | refine_host_connection: checked east-any[2] 191.1.2.254 against east-any[2] 191.1.2.254, now for see if best Sep 21 07:38:50.277526: | started looking for secret for 192.1.2.23->192.1.3.209 of kind PKK_PSK Sep 21 07:38:50.277529: | actually looking for secret for 192.1.2.23->192.1.3.209 of kind PKK_PSK Sep 21 07:38:50.277533: | line 1: key type PKK_PSK(192.1.2.23) to type PKK_PSK Sep 21 07:38:50.277537: | 1: compared key (none) to 192.1.2.23 / 192.1.3.209 -> 002 Sep 21 07:38:50.277542: | 2: compared key (none) to 192.1.2.23 / 192.1.3.209 -> 002 Sep 21 07:38:50.277544: | line 1: match=002 Sep 21 07:38:50.277546: | match 002 beats previous best_match 000 match=0x55d9553ff030 (line=1) Sep 21 07:38:50.277549: | concluding with best_match=002 best=0x55d9553ff030 (lineno=1) Sep 21 07:38:50.277551: | returning because exact peer id match Sep 21 07:38:50.277554: | offered CA: '%none' Sep 21 07:38:50.277558: "east-any"[2] 191.1.2.254 #1: IKEv2 mode peer ID is ID_IPV4_ADDR: '192.1.3.209' Sep 21 07:38:50.277561: | received v2N_MOBIKE_SUPPORTED while it did not sent Sep 21 07:38:50.277581: | verifying AUTH payload Sep 21 07:38:50.277585: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret Sep 21 07:38:50.277589: | started looking for secret for 192.1.2.23->192.1.3.209 of kind PKK_PSK Sep 21 07:38:50.277593: | actually looking for secret for 192.1.2.23->192.1.3.209 of kind PKK_PSK Sep 21 07:38:50.277596: | line 1: key type PKK_PSK(192.1.2.23) to type PKK_PSK Sep 21 07:38:50.277601: | 1: compared key (none) to 192.1.2.23 / 192.1.3.209 -> 002 Sep 21 07:38:50.277605: | 2: compared key (none) to 192.1.2.23 / 192.1.3.209 -> 002 Sep 21 07:38:50.277609: | line 1: match=002 Sep 21 07:38:50.277612: | match 002 beats previous best_match 000 match=0x55d9553ff030 (line=1) Sep 21 07:38:50.277614: | concluding with best_match=002 best=0x55d9553ff030 (lineno=1) Sep 21 07:38:50.277679: "east-any"[2] 191.1.2.254 #1: Authenticated using authby=secret Sep 21 07:38:50.277684: | parent state #1: PARENT_R1(half-open IKE SA) => PARENT_R2(established IKE SA) Sep 21 07:38:50.277688: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Sep 21 07:38:50.277691: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:38:50.277695: | libevent_free: release ptr-libevent@0x55d95540f710 Sep 21 07:38:50.277697: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55d95540f6d0 Sep 21 07:38:50.277700: | event_schedule: new EVENT_SA_REKEY-pe@0x55d95540f6d0 Sep 21 07:38:50.277703: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 Sep 21 07:38:50.277706: | libevent_malloc: new ptr-libevent@0x55d95540f710 size 128 Sep 21 07:38:50.277856: | pstats #1 ikev2.ike established Sep 21 07:38:50.277866: | **emit ISAKMP Message: Sep 21 07:38:50.277869: | initiator cookie: Sep 21 07:38:50.277871: | 67 c8 93 60 03 6f 31 84 Sep 21 07:38:50.277873: | responder cookie: Sep 21 07:38:50.277875: | 83 e4 69 1f 9d e7 5c 92 Sep 21 07:38:50.277877: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:38:50.277879: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:38:50.277881: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:38:50.277884: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:38:50.277886: | Message ID: 1 (0x1) Sep 21 07:38:50.277888: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:38:50.277890: | IKEv2 CERT: send a certificate? Sep 21 07:38:50.277893: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Sep 21 07:38:50.277895: | ***emit IKEv2 Encryption Payload: Sep 21 07:38:50.277897: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:50.277899: | flags: none (0x0) Sep 21 07:38:50.277902: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:38:50.277904: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:38:50.277907: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:38:50.277916: | Adding a v2N Payload Sep 21 07:38:50.277918: | ****emit IKEv2 Notify Payload: Sep 21 07:38:50.277920: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:50.277922: | flags: none (0x0) Sep 21 07:38:50.277924: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:38:50.277926: | SPI size: 0 (0x0) Sep 21 07:38:50.277928: | Notify Message Type: v2N_MOBIKE_SUPPORTED (0x400c) Sep 21 07:38:50.277930: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:38:50.277932: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:38:50.277934: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:38:50.277937: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:38:50.277950: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:38:50.277952: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:50.277954: | flags: none (0x0) Sep 21 07:38:50.277956: | ID type: ID_IPV4_ADDR (0x1) Sep 21 07:38:50.277959: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:38:50.277961: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:38:50.277963: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload Sep 21 07:38:50.277968: | my identity c0 01 02 17 Sep 21 07:38:50.277970: | emitting length of IKEv2 Identification - Responder - Payload: 12 Sep 21 07:38:50.277977: | assembled IDr payload Sep 21 07:38:50.277979: | CHILD SA proposals received Sep 21 07:38:50.277981: | going to assemble AUTH payload Sep 21 07:38:50.277984: | ****emit IKEv2 Authentication Payload: Sep 21 07:38:50.277986: | next payload type: ISAKMP_NEXT_v2CP (0x2f) Sep 21 07:38:50.277988: | flags: none (0x0) Sep 21 07:38:50.277990: | auth method: IKEv2_AUTH_SHARED (0x2) Sep 21 07:38:50.277993: | next payload chain: ignoring supplied 'IKEv2 Authentication Payload'.'next payload type' value 47:ISAKMP_NEXT_v2CP Sep 21 07:38:50.277996: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:38:50.277998: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:38:50.278001: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R2 to create PSK with authby=secret Sep 21 07:38:50.278005: | started looking for secret for 192.1.2.23->192.1.3.209 of kind PKK_PSK Sep 21 07:38:50.278008: | actually looking for secret for 192.1.2.23->192.1.3.209 of kind PKK_PSK Sep 21 07:38:50.278011: | line 1: key type PKK_PSK(192.1.2.23) to type PKK_PSK Sep 21 07:38:50.278015: | 1: compared key (none) to 192.1.2.23 / 192.1.3.209 -> 002 Sep 21 07:38:50.278019: | 2: compared key (none) to 192.1.2.23 / 192.1.3.209 -> 002 Sep 21 07:38:50.278021: | line 1: match=002 Sep 21 07:38:50.278024: | match 002 beats previous best_match 000 match=0x55d9553ff030 (line=1) Sep 21 07:38:50.278026: | concluding with best_match=002 best=0x55d9553ff030 (lineno=1) Sep 21 07:38:50.278076: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Sep 21 07:38:50.278079: | PSK auth 90 86 72 ee 5e 16 04 8a d0 ed ec af 01 c8 2f 4c Sep 21 07:38:50.278081: | PSK auth a6 62 f5 c2 88 16 c6 e6 22 1c 7c f1 3b 9b a7 d7 Sep 21 07:38:50.278083: | PSK auth 10 8b 18 7a aa bc 1a 2d ad e5 a1 f5 5b 5a 94 d5 Sep 21 07:38:50.278085: | PSK auth 8d 9e a0 6c 70 66 67 be 1d 7c 68 18 d0 af e8 4e Sep 21 07:38:50.278088: | emitting length of IKEv2 Authentication Payload: 72 Sep 21 07:38:50.278094: | request lease from addresspool 192.0.3.10-192.0.3.19 reference count 2 thatid '' that.client 191.1.2.254/32:0 Sep 21 07:38:50.278097: | cannot share a lease, find a new lease IP Sep 21 07:38:50.278099: | New lease from addresspool index 0 Sep 21 07:38:50.278106: | new lease 192.0.3.10 from addresspool 192.0.3.10-192.0.3.19 to that.client 191.1.2.254/32:0 thatid '192.1.3.209' Sep 21 07:38:50.278111: | creating state object #2 at 0x55d95540e020 Sep 21 07:38:50.278113: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:38:50.278117: | pstats #2 ikev2.child started Sep 21 07:38:50.278121: | duplicating state object #1 "east-any"[2] 191.1.2.254 as #2 for IPSEC SA Sep 21 07:38:50.278125: | #2 setting local endpoint to 192.1.2.23:4500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:38:50.278131: | Message ID: init_child #1.#2; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:38:50.278136: | Message ID: switch-from #1 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1->-1 Sep 21 07:38:50.278141: | Message ID: switch-to #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0; child: wip.initiator=-1 wip.responder=-1->1 Sep 21 07:38:50.278144: | Send Configuration Payload reply Sep 21 07:38:50.278146: | ****emit IKEv2 Configuration Payload: Sep 21 07:38:50.278149: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:38:50.278151: | flags: none (0x0) Sep 21 07:38:50.278153: | ikev2_cfg_type: IKEv2_CP_CFG_REPLY (0x2) Sep 21 07:38:50.278157: | next payload chain: ignoring supplied 'IKEv2 Configuration Payload'.'next payload type' value 33:ISAKMP_NEXT_v2SA Sep 21 07:38:50.278162: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Configuration Payload (47:ISAKMP_NEXT_v2CP) Sep 21 07:38:50.278164: | next payload chain: saving location 'IKEv2 Configuration Payload'.'next payload type' in 'reply packet' Sep 21 07:38:50.278167: | *****emit IKEv2 Configuration Payload Attribute: Sep 21 07:38:50.278169: | Attribute Type: IKEv2_INTERNAL_IP4_ADDRESS (0x1) Sep 21 07:38:50.278172: | emitting 4 raw bytes of Internal IP Address into IKEv2 Configuration Payload Attribute Sep 21 07:38:50.278175: | Internal IP Address c0 00 03 0a Sep 21 07:38:50.278177: | emitting length of IKEv2 Configuration Payload Attribute: 4 Sep 21 07:38:50.278180: | emitting length of IKEv2 Configuration Payload: 16 Sep 21 07:38:50.278184: | constructing ESP/AH proposals with all DH removed for east-any (IKE_AUTH responder matching remote ESP/AH proposals) Sep 21 07:38:50.278191: | converting proposal AES_CBC_256-HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:38:50.278197: | ... ikev2_proposal: 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:38:50.278202: "east-any"[2] 191.1.2.254: constructed local ESP/AH proposals for east-any (IKE_AUTH responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:38:50.278206: | Comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 1 local proposals Sep 21 07:38:50.278209: | local proposal 1 type ENCR has 1 transforms Sep 21 07:38:50.278211: | local proposal 1 type PRF has 0 transforms Sep 21 07:38:50.278213: | local proposal 1 type INTEG has 1 transforms Sep 21 07:38:50.278216: | local proposal 1 type DH has 1 transforms Sep 21 07:38:50.278218: | local proposal 1 type ESN has 1 transforms Sep 21 07:38:50.278222: | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:38:50.278225: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:38:50.278228: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:38:50.278230: | length: 40 (0x28) Sep 21 07:38:50.278232: | prop #: 1 (0x1) Sep 21 07:38:50.278235: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:38:50.278237: | spi size: 4 (0x4) Sep 21 07:38:50.278239: | # transforms: 3 (0x3) Sep 21 07:38:50.278243: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:38:50.278246: | remote SPI 13 b6 25 6e Sep 21 07:38:50.278249: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals Sep 21 07:38:50.278252: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.278254: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.278257: | length: 12 (0xc) Sep 21 07:38:50.278260: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:38:50.278262: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:38:50.278265: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:38:50.278268: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:38:50.278270: | length/value: 256 (0x100) Sep 21 07:38:50.278275: | remote proposal 1 transform 0 (ENCR=AES_CBC_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:38:50.278277: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.278280: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.278282: | length: 8 (0x8) Sep 21 07:38:50.278284: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:38:50.278287: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:38:50.278291: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_256_128) matches local proposal 1 type 3 (INTEG) transform 0 Sep 21 07:38:50.278294: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:38:50.278296: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:38:50.278299: | length: 8 (0x8) Sep 21 07:38:50.278301: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:38:50.278303: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:38:50.278310: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:38:50.278314: | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none Sep 21 07:38:50.278318: | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN Sep 21 07:38:50.278321: | remote proposal 1 matches local proposal 1 Sep 21 07:38:50.278328: "east-any"[2] 191.1.2.254 #1: proposal 1:ESP:SPI=13b6256e;ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED[first-match] Sep 21 07:38:50.278333: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP:SPI=13b6256e;ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Sep 21 07:38:50.278336: | converting proposal to internal trans attrs Sep 21 07:38:50.278356: | netlink_get_spi: allocated 0x359ffaae for esp.0@192.1.2.23 Sep 21 07:38:50.278360: | Emitting ikev2_proposal ... Sep 21 07:38:50.278363: | ****emit IKEv2 Security Association Payload: Sep 21 07:38:50.278365: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:50.278368: | flags: none (0x0) Sep 21 07:38:50.278371: | next payload chain: setting previous 'IKEv2 Configuration Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:38:50.278374: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:38:50.278377: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:38:50.278380: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:38:50.278382: | prop #: 1 (0x1) Sep 21 07:38:50.278384: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:38:50.278386: | spi size: 4 (0x4) Sep 21 07:38:50.278388: | # transforms: 3 (0x3) Sep 21 07:38:50.278391: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:38:50.278394: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:38:50.278396: | our spi 35 9f fa ae Sep 21 07:38:50.278398: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:38:50.278400: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.278403: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:38:50.278406: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:38:50.278409: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:50.278411: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:38:50.278414: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:38:50.278416: | length/value: 256 (0x100) Sep 21 07:38:50.278419: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:38:50.278421: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:38:50.278423: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.278426: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:38:50.278428: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:38:50.278431: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.278434: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:50.278437: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:50.278439: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:38:50.278441: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:38:50.278444: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:38:50.278446: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:38:50.278449: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:38:50.278453: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:38:50.278456: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:38:50.278458: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:38:50.278461: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:38:50.278464: | emitting length of IKEv2 Security Association Payload: 44 Sep 21 07:38:50.278466: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:38:50.278469: | received v2N_MOBIKE_SUPPORTED Sep 21 07:38:50.278472: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:38:50.278474: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:50.278477: | flags: none (0x0) Sep 21 07:38:50.278479: | number of TS: 1 (0x1) Sep 21 07:38:50.278482: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:38:50.278485: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:38:50.278488: | *****emit IKEv2 Traffic Selector: Sep 21 07:38:50.278490: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:38:50.278493: | IP Protocol ID: 0 (0x0) Sep 21 07:38:50.278496: | start port: 0 (0x0) Sep 21 07:38:50.278498: | end port: 65535 (0xffff) Sep 21 07:38:50.278501: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:38:50.278503: | IP start c0 00 03 0a Sep 21 07:38:50.278506: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:38:50.278508: | IP end c0 00 03 0a Sep 21 07:38:50.278511: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:38:50.278513: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:38:50.278515: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:38:50.278518: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:38:50.278520: | flags: none (0x0) Sep 21 07:38:50.278522: | number of TS: 1 (0x1) Sep 21 07:38:50.278525: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:38:50.278528: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:38:50.278531: | *****emit IKEv2 Traffic Selector: Sep 21 07:38:50.278533: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:38:50.278536: | IP Protocol ID: 0 (0x0) Sep 21 07:38:50.278538: | start port: 0 (0x0) Sep 21 07:38:50.278540: | end port: 65535 (0xffff) Sep 21 07:38:50.278543: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:38:50.278545: | IP start 00 00 00 00 Sep 21 07:38:50.278548: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:38:50.278550: | IP end ff ff ff ff Sep 21 07:38:50.278552: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:38:50.278554: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:38:50.278557: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:38:50.278561: | integ=sha2_256: .key_size=32 encrypt=aes: .key_size=32 .salt_size=0 keymat_len=64 Sep 21 07:38:50.278724: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Sep 21 07:38:50.278733: | #1 spent 1.39 milliseconds Sep 21 07:38:50.278736: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:38:50.278739: | could_route called for east-any (kind=CK_INSTANCE) Sep 21 07:38:50.278742: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:38:50.278745: | conn east-any mark 0/00000000, 0/00000000 vs Sep 21 07:38:50.278750: | conn east-any mark 0/00000000, 0/00000000 Sep 21 07:38:50.278753: | conn east-any mark 0/00000000, 0/00000000 vs Sep 21 07:38:50.278756: | conn east-any mark 0/00000000, 0/00000000 Sep 21 07:38:50.278763: | route owner of "east-any"[2] 191.1.2.254 unrouted: NULL; eroute owner: NULL Sep 21 07:38:50.278767: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA2_256_128 Sep 21 07:38:50.278771: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12 Sep 21 07:38:50.278774: | st->st_esp.keymat_len=64 is encrypt_keymat_size=32 + integ_keymat_size=32 Sep 21 07:38:50.278778: | setting IPsec SA replay-window to 32 Sep 21 07:38:50.278968: | NIC esp-hw-offload not for connection 'east-any' not available on interface eth1 Sep 21 07:38:50.278980: | netlink: enabling tunnel mode Sep 21 07:38:50.278983: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:38:50.278986: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:38:50.279084: | netlink response for Add SA esp.13b6256e@191.1.2.254 included non-error error Sep 21 07:38:50.279089: | set up outgoing SA, ref=0/0 Sep 21 07:38:50.279092: | looking for alg with encrypt: AES_CBC keylen: 256 integ: HMAC_SHA2_256_128 Sep 21 07:38:50.279096: | encrypt AES_CBC keylen=256 transid=12, key_size=32, encryptalg=12 Sep 21 07:38:50.279099: | st->st_esp.keymat_len=64 is encrypt_keymat_size=32 + integ_keymat_size=32 Sep 21 07:38:50.279103: | setting IPsec SA replay-window to 32 Sep 21 07:38:50.279106: | NIC esp-hw-offload not for connection 'east-any' not available on interface eth1 Sep 21 07:38:50.279108: | netlink: enabling tunnel mode Sep 21 07:38:50.279111: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:38:50.279118: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:38:50.279533: | netlink response for Add SA esp.359ffaae@192.1.2.23 included non-error error Sep 21 07:38:50.279540: | priority calculation of connection "east-any" is 0xfffdf Sep 21 07:38:50.279549: | add inbound eroute 192.0.3.10/32:0 --0-> 0.0.0.0/0:0 => tun.10000@192.1.2.23 (raw_eroute) Sep 21 07:38:50.279553: | IPsec Sa SPD priority set to 1048543 Sep 21 07:38:50.279608: | raw_eroute result=success Sep 21 07:38:50.279612: | set up incoming SA, ref=0/0 Sep 21 07:38:50.279615: | sr for #2: unrouted Sep 21 07:38:50.279618: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:38:50.279621: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:38:50.279624: | conn east-any mark 0/00000000, 0/00000000 vs Sep 21 07:38:50.279627: | conn east-any mark 0/00000000, 0/00000000 Sep 21 07:38:50.279629: | conn east-any mark 0/00000000, 0/00000000 vs Sep 21 07:38:50.279632: | conn east-any mark 0/00000000, 0/00000000 Sep 21 07:38:50.279637: | route owner of "east-any"[2] 191.1.2.254 unrouted: NULL; eroute owner: NULL Sep 21 07:38:50.279641: | route_and_eroute with c: east-any (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:38:50.279645: | priority calculation of connection "east-any" is 0xfffdf Sep 21 07:38:50.279652: | eroute_connection add eroute 0.0.0.0/0:0 --0-> 192.0.3.10/32:0 => tun.0@191.1.2.254 (raw_eroute) Sep 21 07:38:50.279655: | IPsec Sa SPD priority set to 1048543 Sep 21 07:38:50.279697: | raw_eroute result=success Sep 21 07:38:50.279701: | running updown command "ipsec _updown" for verb up Sep 21 07:38:50.279704: | command executing up-client Sep 21 07:38:50.279732: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='191.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='192.1.2.23' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16396' PLUTO_SA_TYPE='ESP' PLUTO_PEER='191.1.2.254' PLUTO_PEER_ID='192.1.3.209' PLUTO_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3.10' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x13b625 Sep 21 07:38:50.279738: | popen cmd is 1036 chars long Sep 21 07:38:50.279742: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUTO_INT: Sep 21 07:38:50.279745: | cmd( 80):ERFACE='eth1' PLUTO_NEXT_HOP='191.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='19: Sep 21 07:38:50.279747: | cmd( 160):2.1.2.23' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLI: Sep 21 07:38:50.279750: | cmd( 240):ENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16396: Sep 21 07:38:50.279752: | cmd( 320):' PLUTO_SA_TYPE='ESP' PLUTO_PEER='191.1.2.254' PLUTO_PEER_ID='192.1.3.209' PLUTO: Sep 21 07:38:50.279755: | cmd( 400):_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3.10' PLUTO_PEER_CLIEN: Sep 21 07:38:50.279757: | cmd( 480):T_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_: Sep 21 07:38:50.279760: | cmd( 560):CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNN: Sep 21 07:38:50.279762: | cmd( 640):EL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK: Sep 21 07:38:50.279765: | cmd( 720):_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' P: Sep 21 07:38:50.279768: | cmd( 800):LUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_S: Sep 21 07:38:50.279770: | cmd( 880):ERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING=: Sep 21 07:38:50.279773: | cmd( 960):'no' VTI_SHARED='no' SPI_IN=0x13b6256e SPI_OUT=0x359ffaae ipsec _updown 2>&1: Sep 21 07:38:50.302082: | route_and_eroute: firewall_notified: true Sep 21 07:38:50.302096: | running updown command "ipsec _updown" for verb prepare Sep 21 07:38:50.302099: | command executing prepare-client Sep 21 07:38:50.302132: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='191.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='192.1.2.23' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16396' PLUTO_SA_TYPE='ESP' PLUTO_PEER='191.1.2.254' PLUTO_PEER_ID='192.1.3.209' PLUTO_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3.10' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_I Sep 21 07:38:50.302137: | popen cmd is 1041 chars long Sep 21 07:38:50.302140: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUT: Sep 21 07:38:50.302143: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='191.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_I: Sep 21 07:38:50.302146: | cmd( 160):D='192.1.2.23' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_M: Sep 21 07:38:50.302149: | cmd( 240):Y_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=': Sep 21 07:38:50.302152: | cmd( 320):16396' PLUTO_SA_TYPE='ESP' PLUTO_PEER='191.1.2.254' PLUTO_PEER_ID='192.1.3.209' : Sep 21 07:38:50.302155: | cmd( 400):PLUTO_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3.10' PLUTO_PEER_: Sep 21 07:38:50.302157: | cmd( 480):CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_: Sep 21 07:38:50.302164: | cmd( 560):PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT: Sep 21 07:38:50.302167: | cmd( 640):+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIN: Sep 21 07:38:50.302169: | cmd( 720):D='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO=: Sep 21 07:38:50.302172: | cmd( 800):'0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_: Sep 21 07:38:50.302174: | cmd( 880):CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROU: Sep 21 07:38:50.302177: | cmd( 960):TING='no' VTI_SHARED='no' SPI_IN=0x13b6256e SPI_OUT=0x359ffaae ipsec _updown 2>&: Sep 21 07:38:50.302179: | cmd(1040):1: Sep 21 07:38:50.320353: | running updown command "ipsec _updown" for verb route Sep 21 07:38:50.320371: | command executing route-client Sep 21 07:38:50.320402: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='191.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='192.1.2.23' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16396' PLUTO_SA_TYPE='ESP' PLUTO_PEER='191.1.2.254' PLUTO_PEER_ID='192.1.3.209' PLUTO_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3.10' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x Sep 21 07:38:50.320406: | popen cmd is 1039 chars long Sep 21 07:38:50.320409: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUTO_: Sep 21 07:38:50.320412: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='191.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID=: Sep 21 07:38:50.320414: | cmd( 160):'192.1.2.23' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_: Sep 21 07:38:50.320416: | cmd( 240):CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: Sep 21 07:38:50.320419: | cmd( 320):396' PLUTO_SA_TYPE='ESP' PLUTO_PEER='191.1.2.254' PLUTO_PEER_ID='192.1.3.209' PL: Sep 21 07:38:50.320421: | cmd( 400):UTO_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3.10' PLUTO_PEER_CL: Sep 21 07:38:50.320423: | cmd( 480):IENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PE: Sep 21 07:38:50.320425: | cmd( 560):ER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+T: Sep 21 07:38:50.320428: | cmd( 640):UNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND=: Sep 21 07:38:50.320430: | cmd( 720):'CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0: Sep 21 07:38:50.320432: | cmd( 800):' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CF: Sep 21 07:38:50.320435: | cmd( 880):G_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTI: Sep 21 07:38:50.320437: | cmd( 960):NG='no' VTI_SHARED='no' SPI_IN=0x13b6256e SPI_OUT=0x359ffaae ipsec _updown 2>&1: Sep 21 07:38:50.402465: | route_and_eroute: instance "east-any"[2] 191.1.2.254, setting eroute_owner {spd=0x55d955410a60,sr=0x55d955410a60} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:38:50.402547: | #1 spent 0.955 milliseconds in install_ipsec_sa() Sep 21 07:38:50.402553: | ISAKMP_v2_IKE_AUTH: instance east-any[2], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:38:50.402556: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:38:50.402560: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:38:50.402566: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:38:50.402569: | emitting length of IKEv2 Encryption Payload: 229 Sep 21 07:38:50.402571: | emitting length of ISAKMP Message: 257 Sep 21 07:38:50.402590: | ikev2_parent_inI2outR2_continue_tail returned STF_OK Sep 21 07:38:50.402596: | #1 spent 2.4 milliseconds in processing: Responder: process IKE_AUTH request in ikev2_process_state_packet() Sep 21 07:38:50.402603: | suspend processing: state #1 connection "east-any"[2] 191.1.2.254 from 191.1.2.254:11738 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:38:50.402610: | start processing: state #2 connection "east-any"[2] 191.1.2.254 from 191.1.2.254:11738 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:38:50.402614: | #2 complete_v2_state_transition() md.from_state=PARENT_R1 md.svm.state[from]=PARENT_R1 UNDEFINED->V2_IPSEC_R with status STF_OK Sep 21 07:38:50.402617: | IKEv2: transition from state STATE_PARENT_R1 to state STATE_V2_IPSEC_R Sep 21 07:38:50.402620: | child state #2: UNDEFINED(ignore) => V2_IPSEC_R(established CHILD SA) Sep 21 07:38:50.402623: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:38:50.402629: | Message ID: recv #1.#2 request 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0 responder.recv=0->1; child: wip.initiator=-1 wip.responder=1->-1 Sep 21 07:38:50.402634: | Message ID: sent #1.#2 response 1; ike: initiator.sent=-1 initiator.recv=-1 responder.sent=0->1 responder.recv=1; child: wip.initiator=-1 wip.responder=-1 Sep 21 07:38:50.402637: | pstats #2 ikev2.child established Sep 21 07:38:50.402647: "east-any"[2] 191.1.2.254 #2: negotiated connection [0.0.0.0-255.255.255.255:0-65535 0] -> [192.0.3.10-192.0.3.10:0-65535 0] Sep 21 07:38:50.402652: | NAT-T: NAT Traversal detected - their IKE port is '500' Sep 21 07:38:50.402655: | NAT-T: encaps is 'auto' Sep 21 07:38:50.402661: "east-any"[2] 191.1.2.254 #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP/NAT=>0x13b6256e <0x359ffaae xfrm=AES_CBC_256-HMAC_SHA2_256_128 NATOA=none NATD=191.1.2.254:11738 DPD=passive} Sep 21 07:38:50.402667: | sending V2 new request packet to 191.1.2.254:11738 (from 192.1.2.23:4500) Sep 21 07:38:50.402676: | sending 261 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:4500 to 191.1.2.254:11738 (using #1) Sep 21 07:38:50.402680: | 00 00 00 00 67 c8 93 60 03 6f 31 84 83 e4 69 1f Sep 21 07:38:50.402682: | 9d e7 5c 92 2e 20 23 20 00 00 00 01 00 00 01 01 Sep 21 07:38:50.402685: | 29 00 00 e5 22 4c 7c a9 ae 6d 60 27 12 94 a6 23 Sep 21 07:38:50.402687: | 2c 13 84 8c 47 1a ea 7e 8e 6c b7 15 d8 41 39 f3 Sep 21 07:38:50.402689: | ac 87 55 ef 09 f8 84 bc 26 84 8f 7c 50 e2 54 a0 Sep 21 07:38:50.402692: | a6 62 1b 16 6c 58 8c d8 77 e2 d0 b2 ca 4f 88 1c Sep 21 07:38:50.402694: | 66 83 98 72 d4 b2 1a c9 17 82 21 38 7c c4 60 3d Sep 21 07:38:50.402696: | de 74 66 f5 63 77 97 92 2e dc 09 86 d1 6e 71 7f Sep 21 07:38:50.402698: | 39 06 8a f5 ea 58 6f 72 46 98 25 cb 9c 67 8a d1 Sep 21 07:38:50.402701: | 7b 07 5d 82 22 8e a2 c3 3b 35 1d 62 c6 92 1d 5d Sep 21 07:38:50.402703: | 36 bf 14 fa 0c db cf 96 62 e2 6b 07 59 5c 6b 9c Sep 21 07:38:50.402705: | 5d 12 9b a8 9a 2a 0e 0d d4 0f 92 93 23 c8 c7 5e Sep 21 07:38:50.402708: | d1 7a ec 30 11 1e 29 54 39 1a e7 a3 fd ee 3b 90 Sep 21 07:38:50.402710: | 13 72 19 de 24 f0 a5 a6 cf 5f c6 58 65 a1 f2 73 Sep 21 07:38:50.402713: | 90 bc 43 f7 eb c3 e0 f5 fa a6 92 c9 13 df f6 91 Sep 21 07:38:50.402715: | 4c c9 bd ba e5 c6 0e 63 cb ff 04 aa 66 4c fc 6f Sep 21 07:38:50.402717: | e9 be df 47 74 Sep 21 07:38:50.402781: | releasing whack for #2 (sock=fd@-1) Sep 21 07:38:50.402833: | releasing whack and unpending for parent #1 Sep 21 07:38:50.402838: | unpending state #1 connection "east-any"[2] 191.1.2.254 Sep 21 07:38:50.402843: | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Sep 21 07:38:50.402849: | event_schedule: new EVENT_SA_REKEY-pe@0x7fb55c002b20 Sep 21 07:38:50.402853: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 Sep 21 07:38:50.402857: | libevent_malloc: new ptr-libevent@0x55d955412e10 size 128 Sep 21 07:38:50.402863: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:38:50.402869: | #1 spent 2.76 milliseconds in resume sending helper answer Sep 21 07:38:50.402875: | stop processing: state #2 connection "east-any"[2] 191.1.2.254 from 191.1.2.254:11738 (in resume_handler() at server.c:833) Sep 21 07:38:50.402880: | libevent_free: release ptr-libevent@0x7fb554006b90 Sep 21 07:38:50.402891: | processing signal PLUTO_SIGCHLD Sep 21 07:38:50.402897: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:50.402901: | spent 0.00559 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:38:50.402904: | processing signal PLUTO_SIGCHLD Sep 21 07:38:50.402908: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:50.402912: | spent 0.0036 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:38:50.402914: | processing signal PLUTO_SIGCHLD Sep 21 07:38:50.402918: | waitpid returned ECHILD (no child processes left) Sep 21 07:38:50.402921: | spent 0.00361 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:39:07.911897: | processing global timer EVENT_SHUNT_SCAN Sep 21 07:39:07.911949: | expiring aged bare shunts from shunt table Sep 21 07:39:07.911970: | spent 0.0172 milliseconds in global timer EVENT_SHUNT_SCAN Sep 21 07:39:17.840896: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:39:17.840964: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:39:17.840978: | FOR_EACH_STATE_... in sort_states Sep 21 07:39:17.841002: | get_sa_info esp.359ffaae@192.1.2.23 Sep 21 07:39:17.841048: | get_sa_info esp.13b6256e@191.1.2.254 Sep 21 07:39:17.841117: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:39:17.841139: | spent 0.27 milliseconds in whack Sep 21 07:39:17.954253: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:39:17.954451: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:39:17.954456: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:39:17.954563: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:39:17.954566: | FOR_EACH_STATE_... in sort_states Sep 21 07:39:17.954581: | get_sa_info esp.359ffaae@192.1.2.23 Sep 21 07:39:17.954598: | get_sa_info esp.13b6256e@191.1.2.254 Sep 21 07:39:17.954621: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:39:17.954629: | spent 0.382 milliseconds in whack Sep 21 07:39:19.298896: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:39:19.298916: shutting down Sep 21 07:39:19.298922: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:39:19.298924: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:39:19.298930: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:39:19.298931: forgetting secrets Sep 21 07:39:19.298933: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:39:19.298938: | start processing: connection "east-any"[2] 191.1.2.254 (in delete_connection() at connections.c:189) Sep 21 07:39:19.298941: "east-any"[2] 191.1.2.254: deleting connection "east-any"[2] 191.1.2.254 instance with peer 191.1.2.254 {isakmp=#1/ipsec=#2} Sep 21 07:39:19.298943: | addresspool free lease entry ptr 0x55d95536b890 refcnt 0 Sep 21 07:39:19.298948: | freed lease refcnt 0 192.0.3.10/32:0 from addresspool 192.0.3.10-192.0.3.19 index=0. pool size 10 used 0 lingering=0 address Sep 21 07:39:19.298950: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:39:19.298951: | pass 0 Sep 21 07:39:19.298952: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:39:19.298957: | state #2 Sep 21 07:39:19.298960: | suspend processing: connection "east-any"[2] 191.1.2.254 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:39:19.298963: | start processing: state #2 connection "east-any"[2] 191.1.2.254 from 191.1.2.254:11738 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:39:19.298965: | pstats #2 ikev2.child deleted completed Sep 21 07:39:19.298968: | [RE]START processing: state #2 connection "east-any"[2] 191.1.2.254 from 191.1.2.254:11738 (in delete_state() at state.c:879) Sep 21 07:39:19.298972: "east-any"[2] 191.1.2.254 #2: deleting state (STATE_V2_IPSEC_R) aged 29.020s and sending notification Sep 21 07:39:19.298974: | child state #2: V2_IPSEC_R(established CHILD SA) => delete Sep 21 07:39:19.298977: | get_sa_info esp.13b6256e@191.1.2.254 Sep 21 07:39:19.298988: | get_sa_info esp.359ffaae@192.1.2.23 Sep 21 07:39:19.298993: "east-any"[2] 191.1.2.254 #2: ESP traffic information: in=840B out=840B Sep 21 07:39:19.298996: | #2 send IKEv2 delete notification for STATE_V2_IPSEC_R Sep 21 07:39:19.298998: | Opening output PBS informational exchange delete request Sep 21 07:39:19.299000: | **emit ISAKMP Message: Sep 21 07:39:19.299001: | initiator cookie: Sep 21 07:39:19.299003: | 67 c8 93 60 03 6f 31 84 Sep 21 07:39:19.299004: | responder cookie: Sep 21 07:39:19.299006: | 83 e4 69 1f 9d e7 5c 92 Sep 21 07:39:19.299008: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:39:19.299009: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:39:19.299011: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:39:19.299013: | flags: none (0x0) Sep 21 07:39:19.299014: | Message ID: 0 (0x0) Sep 21 07:39:19.299016: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:39:19.299018: | ***emit IKEv2 Encryption Payload: Sep 21 07:39:19.299020: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:39:19.299021: | flags: none (0x0) Sep 21 07:39:19.299023: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:39:19.299025: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:39:19.299027: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:39:19.299035: | ****emit IKEv2 Delete Payload: Sep 21 07:39:19.299037: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:39:19.299038: | flags: none (0x0) Sep 21 07:39:19.299040: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:39:19.299042: | SPI size: 4 (0x4) Sep 21 07:39:19.299043: | number of SPIs: 1 (0x1) Sep 21 07:39:19.299045: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:39:19.299047: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:39:19.299048: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Sep 21 07:39:19.299050: | local spis 35 9f fa ae Sep 21 07:39:19.299051: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:39:19.299053: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:39:19.299055: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:39:19.299057: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:39:19.299059: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:39:19.299060: | emitting length of ISAKMP Message: 69 Sep 21 07:39:19.299078: | sending 73 bytes for delete notification through eth1 from 192.1.2.23:4500 to 191.1.2.254:11738 (using #2) Sep 21 07:39:19.299080: | 00 00 00 00 67 c8 93 60 03 6f 31 84 83 e4 69 1f Sep 21 07:39:19.299082: | 9d e7 5c 92 2e 20 25 00 00 00 00 00 00 00 00 45 Sep 21 07:39:19.299083: | 2a 00 00 29 c9 e4 69 cb a3 1b 28 4b 3b 93 62 ad Sep 21 07:39:19.299086: | fd e6 6b c4 bc 48 bd 08 90 1a 0d 96 6e f8 69 2a Sep 21 07:39:19.299087: | e5 b7 b9 da 09 a9 51 43 e7 Sep 21 07:39:19.299389: | Message ID: IKE #1 sender #2 in send_delete record 'n' sending delete request so forcing IKE nextuse=0->1 and sender msgid=0->0 Sep 21 07:39:19.299392: | Message ID: IKE #1 sender #2 in send_delete hacking around record ' send Sep 21 07:39:19.299396: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:39:19.299398: | state #2 requesting EVENT_SA_REKEY to be deleted Sep 21 07:39:19.299401: | libevent_free: release ptr-libevent@0x55d955412e10 Sep 21 07:39:19.299403: | free_event_entry: release EVENT_SA_REKEY-pe@0x7fb55c002b20 Sep 21 07:39:19.299451: | running updown command "ipsec _updown" for verb down Sep 21 07:39:19.299454: | command executing down-client Sep 21 07:39:19.299471: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='191.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='192.1.2.23' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16396' PLUTO_SA_TYPE='ESP' PLUTO_PEER='191.1.2.254' PLUTO_PEER_ID='192.1.3.209' PLUTO_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3.10' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051530' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' Sep 21 07:39:19.299473: | popen cmd is 1049 chars long Sep 21 07:39:19.299475: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUTO_I: Sep 21 07:39:19.299477: | cmd( 80):NTERFACE='eth1' PLUTO_NEXT_HOP='191.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID=': Sep 21 07:39:19.299478: | cmd( 160):192.1.2.23' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_C: Sep 21 07:39:19.299480: | cmd( 240):LIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='163: Sep 21 07:39:19.299481: | cmd( 320):96' PLUTO_SA_TYPE='ESP' PLUTO_PEER='191.1.2.254' PLUTO_PEER_ID='192.1.3.209' PLU: Sep 21 07:39:19.299483: | cmd( 400):TO_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3.10' PLUTO_PEER_CLI: Sep 21 07:39:19.299484: | cmd( 480):ENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEE: Sep 21 07:39:19.299486: | cmd( 560):R_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051530' PLUTO_CONN_POLICY='PSK+E: Sep 21 07:39:19.299503: | cmd( 640):NCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CO: Sep 21 07:39:19.299504: | cmd( 720):NN_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEE: Sep 21 07:39:19.299506: | cmd( 800):R_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=': Sep 21 07:39:19.299507: | cmd( 880):' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='': Sep 21 07:39:19.299509: | cmd( 960): VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x13b6256e SPI_OUT=0x359ffaae ipsec _up: Sep 21 07:39:19.299510: | cmd(1040):down 2>&1: Sep 21 07:39:19.309507: | shunt_eroute() called for connection 'east-any' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0.0.0.0/0:0 --0->- 192.0.3.10/32:0 Sep 21 07:39:19.309519: | netlink_shunt_eroute for proto 0, and source 0.0.0.0/0:0 dest 192.0.3.10/32:0 Sep 21 07:39:19.309522: | priority calculation of connection "east-any" is 0xfffdf Sep 21 07:39:19.309524: | IPsec Sa SPD priority set to 1048543 Sep 21 07:39:19.309557: | delete esp.13b6256e@191.1.2.254 Sep 21 07:39:19.309587: | netlink response for Del SA esp.13b6256e@191.1.2.254 included non-error error Sep 21 07:39:19.309612: | priority calculation of connection "east-any" is 0xfffdf Sep 21 07:39:19.309617: | delete inbound eroute 192.0.3.10/32:0 --0-> 0.0.0.0/0:0 => unk255.10000@192.1.2.23 (raw_eroute) Sep 21 07:39:19.309651: | raw_eroute result=success Sep 21 07:39:19.309654: | delete esp.359ffaae@192.1.2.23 Sep 21 07:39:19.309675: | netlink response for Del SA esp.359ffaae@192.1.2.23 included non-error error Sep 21 07:39:19.309681: | stop processing: connection "east-any"[2] 191.1.2.254 (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:39:19.309683: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:39:19.309685: | in connection_discard for connection east-any Sep 21 07:39:19.309687: | State DB: deleting IKEv2 state #2 in V2_IPSEC_R Sep 21 07:39:19.309690: | child state #2: V2_IPSEC_R(established CHILD SA) => UNDEFINED(ignore) Sep 21 07:39:19.309694: | stop processing: state #2 from 191.1.2.254:11738 (in delete_state() at state.c:1143) Sep 21 07:39:19.309698: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:39:19.309699: | state #1 Sep 21 07:39:19.309701: | pass 1 Sep 21 07:39:19.309703: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:39:19.309704: | state #1 Sep 21 07:39:19.309708: | start processing: state #1 connection "east-any"[2] 191.1.2.254 from 191.1.2.254:11738 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:39:19.309710: | pstats #1 ikev2.ike deleted completed Sep 21 07:39:19.309712: | #1 spent 7.59 milliseconds in total Sep 21 07:39:19.309716: | [RE]START processing: state #1 connection "east-any"[2] 191.1.2.254 from 191.1.2.254:11738 (in delete_state() at state.c:879) Sep 21 07:39:19.309719: "east-any"[2] 191.1.2.254 #1: deleting state (STATE_PARENT_R2) aged 29.040s and sending notification Sep 21 07:39:19.309721: | parent state #1: PARENT_R2(established IKE SA) => delete Sep 21 07:39:19.309771: | #1 send IKEv2 delete notification for STATE_PARENT_R2 Sep 21 07:39:19.309775: | Opening output PBS informational exchange delete request Sep 21 07:39:19.309777: | **emit ISAKMP Message: Sep 21 07:39:19.309778: | initiator cookie: Sep 21 07:39:19.309780: | 67 c8 93 60 03 6f 31 84 Sep 21 07:39:19.309781: | responder cookie: Sep 21 07:39:19.309789: | 83 e4 69 1f 9d e7 5c 92 Sep 21 07:39:19.309793: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:39:19.309795: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:39:19.309797: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:39:19.309798: | flags: none (0x0) Sep 21 07:39:19.309800: | Message ID: 1 (0x1) Sep 21 07:39:19.309802: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:39:19.309817: | ***emit IKEv2 Encryption Payload: Sep 21 07:39:19.309819: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:39:19.309820: | flags: none (0x0) Sep 21 07:39:19.309822: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:39:19.309824: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:39:19.309826: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:39:19.309832: | ****emit IKEv2 Delete Payload: Sep 21 07:39:19.309834: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:39:19.309835: | flags: none (0x0) Sep 21 07:39:19.309837: | protocol ID: PROTO_v2_IKE (0x1) Sep 21 07:39:19.309838: | SPI size: 0 (0x0) Sep 21 07:39:19.309840: | number of SPIs: 0 (0x0) Sep 21 07:39:19.309842: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:39:19.309843: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Sep 21 07:39:19.309847: | emitting length of IKEv2 Delete Payload: 8 Sep 21 07:39:19.309849: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:39:19.309851: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:39:19.309853: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:39:19.309854: | emitting length of IKEv2 Encryption Payload: 37 Sep 21 07:39:19.309856: | emitting length of ISAKMP Message: 65 Sep 21 07:39:19.309869: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:4500 to 191.1.2.254:11738 (using #1) Sep 21 07:39:19.309871: | 00 00 00 00 67 c8 93 60 03 6f 31 84 83 e4 69 1f Sep 21 07:39:19.309873: | 9d e7 5c 92 2e 20 25 00 00 00 00 01 00 00 00 41 Sep 21 07:39:19.309874: | 2a 00 00 25 8b 55 ce 49 fc 93 8a 7b 69 b1 5a ff Sep 21 07:39:19.309876: | 81 ca df f8 30 a2 48 3d 2b ab 07 9b 68 2b 91 fb Sep 21 07:39:19.309877: | 1d 34 38 49 70 Sep 21 07:39:19.309916: | Message ID: IKE #1 sender #1 in send_delete record 'n' sending delete request so forcing IKE nextuse=1->2 and sender msgid=0->1 Sep 21 07:39:19.309918: | Message ID: IKE #1 sender #1 in send_delete hacking around record ' send Sep 21 07:39:19.309922: | Message ID: #1 XXX: expecting sender.wip.initiator 0 == -1 - suspect record'n'send out-of-order?); initiator.sent=1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=1 wip.responder=-1 Sep 21 07:39:19.309925: | Message ID: sent #1 request 1; ike: initiator.sent=0->1 initiator.recv=-1 responder.sent=1 responder.recv=1 wip.initiator=0->1 wip.responder=-1 Sep 21 07:39:19.309926: | state #1 requesting EVENT_SA_REKEY to be deleted Sep 21 07:39:19.309930: | libevent_free: release ptr-libevent@0x55d95540f710 Sep 21 07:39:19.309932: | free_event_entry: release EVENT_SA_REKEY-pe@0x55d95540f6d0 Sep 21 07:39:19.309934: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:39:19.309936: | in connection_discard for connection east-any Sep 21 07:39:19.309937: | State DB: deleting IKEv2 state #1 in PARENT_R2 Sep 21 07:39:19.309939: | parent state #1: PARENT_R2(established IKE SA) => UNDEFINED(ignore) Sep 21 07:39:19.309952: | stop processing: state #1 from 191.1.2.254:11738 (in delete_state() at state.c:1143) Sep 21 07:39:19.309962: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:39:19.309966: | shunt_eroute() called for connection 'east-any' to 'delete' for rt_kind 'unrouted' using protoports 0.0.0.0/0:0 --0->- 192.0.3.10/32:0 Sep 21 07:39:19.309969: | netlink_shunt_eroute for proto 0, and source 0.0.0.0/0:0 dest 192.0.3.10/32:0 Sep 21 07:39:19.309971: | priority calculation of connection "east-any" is 0xfffdf Sep 21 07:39:19.310000: | priority calculation of connection "east-any" is 0xfffdf Sep 21 07:39:19.310007: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:39:19.310010: | conn east-any mark 0/00000000, 0/00000000 vs Sep 21 07:39:19.310011: | conn east-any mark 0/00000000, 0/00000000 Sep 21 07:39:19.310013: | conn east-any mark 0/00000000, 0/00000000 vs Sep 21 07:39:19.310015: | conn east-any mark 0/00000000, 0/00000000 Sep 21 07:39:19.310017: | route owner of "east-any" unrouted: NULL Sep 21 07:39:19.310019: | running updown command "ipsec _updown" for verb unroute Sep 21 07:39:19.310020: | command executing unroute-client Sep 21 07:39:19.310052: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='191.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='192.1.2.23' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16396' PLUTO_SA_TYPE='none' PLUTO_PEER='191.1.2.254' PLUTO_PEER_ID='192.1.3.209' PLUTO_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3.10' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP Sep 21 07:39:19.310056: | popen cmd is 1030 chars long Sep 21 07:39:19.310058: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUT: Sep 21 07:39:19.310060: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='191.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_I: Sep 21 07:39:19.310075: | cmd( 160):D='192.1.2.23' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_M: Sep 21 07:39:19.310076: | cmd( 240):Y_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=': Sep 21 07:39:19.310078: | cmd( 320):16396' PLUTO_SA_TYPE='none' PLUTO_PEER='191.1.2.254' PLUTO_PEER_ID='192.1.3.209': Sep 21 07:39:19.310079: | cmd( 400): PLUTO_PEER_CLIENT='192.0.3.10/32' PLUTO_PEER_CLIENT_NET='192.0.3.10' PLUTO_PEER: Sep 21 07:39:19.310081: | cmd( 480):_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO: Sep 21 07:39:19.310082: | cmd( 560):_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYP: Sep 21 07:39:19.310084: | cmd( 640):T+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO' PLUTO_CONN_KI: Sep 21 07:39:19.310085: | cmd( 720):ND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CIS: Sep 21 07:39:19.310087: | cmd( 800):CO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLU: Sep 21 07:39:19.310088: | cmd( 880):TO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_: Sep 21 07:39:19.310090: | cmd( 960):ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:39:19.317093: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:19.317103: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:19.317105: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:19.317106: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:19.317109: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:19.317110: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:19.317114: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:19.317270: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:19.317276: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:19.317278: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:39:19.322043: | unreference addresspool of conn east-any[2] kind CK_GOING_AWAY refcnt 2 Sep 21 07:39:19.322058: | free hp@0x55d95539cbf0 Sep 21 07:39:19.322061: | flush revival: connection 'east-any' wasn't on the list Sep 21 07:39:19.322063: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:39:19.322068: | start processing: connection "east-any" (in delete_connection() at connections.c:189) Sep 21 07:39:19.322070: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:39:19.322072: | pass 0 Sep 21 07:39:19.322073: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:39:19.322075: | pass 1 Sep 21 07:39:19.322076: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:39:19.322078: | unreference addresspool of conn east-any[2] kind CK_TEMPLATE refcnt 1 Sep 21 07:39:19.322079: | freeing memory for addresspool ptr 0x55d95539cca0 Sep 21 07:39:19.322081: | free_lease_list: addresspool free the lease list ptr (nil) Sep 21 07:39:19.322083: | free hp@0x55d9553d6290 Sep 21 07:39:19.322084: | flush revival: connection 'east-any' wasn't on the list Sep 21 07:39:19.322089: | stop processing: connection "east-any" (in discard_connection() at connections.c:249) Sep 21 07:39:19.322093: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:39:19.322095: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:39:19.322104: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:39:19.322106: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:39:19.322108: shutting down interface eth0/eth0 192.0.2.254:4500 Sep 21 07:39:19.322110: shutting down interface eth0/eth0 192.0.2.254:500 Sep 21 07:39:19.322112: shutting down interface eth1/eth1 192.1.2.23:4500 Sep 21 07:39:19.322114: shutting down interface eth1/eth1 192.1.2.23:500 Sep 21 07:39:19.322117: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:39:19.322124: | libevent_free: release ptr-libevent@0x55d955409af0 Sep 21 07:39:19.322126: | free_event_entry: release EVENT_NULL-pe@0x55d9553f2cf0 Sep 21 07:39:19.322137: | libevent_free: release ptr-libevent@0x55d955409be0 Sep 21 07:39:19.322139: | free_event_entry: release EVENT_NULL-pe@0x55d955409ba0 Sep 21 07:39:19.322144: | libevent_free: release ptr-libevent@0x55d955409cd0 Sep 21 07:39:19.322146: | free_event_entry: release EVENT_NULL-pe@0x55d955409c90 Sep 21 07:39:19.322150: | libevent_free: release ptr-libevent@0x55d955409dc0 Sep 21 07:39:19.322152: | free_event_entry: release EVENT_NULL-pe@0x55d955409d80 Sep 21 07:39:19.322156: | libevent_free: release ptr-libevent@0x55d955409eb0 Sep 21 07:39:19.322157: | free_event_entry: release EVENT_NULL-pe@0x55d955409e70 Sep 21 07:39:19.322161: | libevent_free: release ptr-libevent@0x55d955409fa0 Sep 21 07:39:19.322163: | free_event_entry: release EVENT_NULL-pe@0x55d955409f60 Sep 21 07:39:19.322167: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:39:19.322552: | libevent_free: release ptr-libevent@0x55d955409450 Sep 21 07:39:19.322558: | free_event_entry: release EVENT_NULL-pe@0x55d9553f1f70 Sep 21 07:39:19.322562: | libevent_free: release ptr-libevent@0x55d9553feee0 Sep 21 07:39:19.322563: | free_event_entry: release EVENT_NULL-pe@0x55d9553f2220 Sep 21 07:39:19.322566: | libevent_free: release ptr-libevent@0x55d9553fee50 Sep 21 07:39:19.322567: | free_event_entry: release EVENT_NULL-pe@0x55d9553f7980 Sep 21 07:39:19.322569: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:39:19.322571: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:39:19.322572: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:39:19.322574: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:39:19.322575: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:39:19.322577: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:39:19.322578: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:39:19.322580: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:39:19.322581: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:39:19.322585: | libevent_free: release ptr-libevent@0x55d955409520 Sep 21 07:39:19.322587: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:39:19.322589: | libevent_free: release ptr-libevent@0x55d955409600 Sep 21 07:39:19.322590: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:39:19.322592: | libevent_free: release ptr-libevent@0x55d9554096c0 Sep 21 07:39:19.322593: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:39:19.322595: | libevent_free: release ptr-libevent@0x55d9553fe150 Sep 21 07:39:19.322597: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:39:19.322598: | releasing event base Sep 21 07:39:19.322608: | libevent_free: release ptr-libevent@0x55d955409780 Sep 21 07:39:19.322610: | libevent_free: release ptr-libevent@0x55d9553debb0 Sep 21 07:39:19.322612: | libevent_free: release ptr-libevent@0x55d9553ed500 Sep 21 07:39:19.322614: | libevent_free: release ptr-libevent@0x55d9553ed5d0 Sep 21 07:39:19.322615: | libevent_free: release ptr-libevent@0x55d9553ed520 Sep 21 07:39:19.322617: | libevent_free: release ptr-libevent@0x55d9554094e0 Sep 21 07:39:19.322618: | libevent_free: release ptr-libevent@0x55d9554095c0 Sep 21 07:39:19.322622: | libevent_free: release ptr-libevent@0x55d9553ed5b0 Sep 21 07:39:19.322623: | libevent_free: release ptr-libevent@0x55d9553ed710 Sep 21 07:39:19.322625: | libevent_free: release ptr-libevent@0x55d9553f2170 Sep 21 07:39:19.322626: | libevent_free: release ptr-libevent@0x55d95540a030 Sep 21 07:39:19.322628: | libevent_free: release ptr-libevent@0x55d955409f40 Sep 21 07:39:19.322629: | libevent_free: release ptr-libevent@0x55d955409e50 Sep 21 07:39:19.322631: | libevent_free: release ptr-libevent@0x55d955409d60 Sep 21 07:39:19.322632: | libevent_free: release ptr-libevent@0x55d955409c70 Sep 21 07:39:19.322633: | libevent_free: release ptr-libevent@0x55d955409b80 Sep 21 07:39:19.322635: | libevent_free: release ptr-libevent@0x55d955371370 Sep 21 07:39:19.322636: | libevent_free: release ptr-libevent@0x55d9554096a0 Sep 21 07:39:19.322638: | libevent_free: release ptr-libevent@0x55d9554095e0 Sep 21 07:39:19.322639: | libevent_free: release ptr-libevent@0x55d955409500 Sep 21 07:39:19.322641: | libevent_free: release ptr-libevent@0x55d955409760 Sep 21 07:39:19.322642: | libevent_free: release ptr-libevent@0x55d95536f5b0 Sep 21 07:39:19.322644: | libevent_free: release ptr-libevent@0x55d9553ed540 Sep 21 07:39:19.322645: | libevent_free: release ptr-libevent@0x55d9553ed570 Sep 21 07:39:19.322647: | libevent_free: release ptr-libevent@0x55d9553ed260 Sep 21 07:39:19.322648: | releasing global libevent data Sep 21 07:39:19.322650: | libevent_free: release ptr-libevent@0x55d9553ebf50 Sep 21 07:39:19.322652: | libevent_free: release ptr-libevent@0x55d9553ed200 Sep 21 07:39:19.322653: | libevent_free: release ptr-libevent@0x55d9553ed230