Sep 21 07:29:21.423178: FIPS Product: YES Sep 21 07:29:21.423222: FIPS Kernel: NO Sep 21 07:29:21.423225: FIPS Mode: NO Sep 21 07:29:21.423228: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:29:21.423413: Initializing NSS Sep 21 07:29:21.423417: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:29:21.500610: NSS initialized Sep 21 07:29:21.500624: NSS crypto library initialized Sep 21 07:29:21.500627: FIPS HMAC integrity support [enabled] Sep 21 07:29:21.500629: FIPS mode disabled for pluto daemon Sep 21 07:29:21.581172: FIPS HMAC integrity verification self-test FAILED Sep 21 07:29:21.581277: libcap-ng support [enabled] Sep 21 07:29:21.581286: Linux audit support [enabled] Sep 21 07:29:21.581312: Linux audit activated Sep 21 07:29:21.581317: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:30809 Sep 21 07:29:21.581319: core dump dir: /tmp Sep 21 07:29:21.581321: secrets file: /etc/ipsec.secrets Sep 21 07:29:21.581323: leak-detective disabled Sep 21 07:29:21.581325: NSS crypto [enabled] Sep 21 07:29:21.581327: XAUTH PAM support [enabled] Sep 21 07:29:21.581402: | libevent is using pluto's memory allocator Sep 21 07:29:21.581408: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:29:21.581421: | libevent_malloc: new ptr-libevent@0x55d0f566dff0 size 40 Sep 21 07:29:21.581427: | libevent_malloc: new ptr-libevent@0x55d0f566e020 size 40 Sep 21 07:29:21.581430: | libevent_malloc: new ptr-libevent@0x55d0f566f310 size 40 Sep 21 07:29:21.581433: | creating event base Sep 21 07:29:21.581435: | libevent_malloc: new ptr-libevent@0x55d0f566f2d0 size 56 Sep 21 07:29:21.581438: | libevent_malloc: new ptr-libevent@0x55d0f566f340 size 664 Sep 21 07:29:21.581448: | libevent_malloc: new ptr-libevent@0x55d0f566f5e0 size 24 Sep 21 07:29:21.581453: | libevent_malloc: new ptr-libevent@0x55d0f5661ea0 size 384 Sep 21 07:29:21.581462: | libevent_malloc: new ptr-libevent@0x55d0f566f600 size 16 Sep 21 07:29:21.581465: | libevent_malloc: new ptr-libevent@0x55d0f566f620 size 40 Sep 21 07:29:21.581468: | libevent_malloc: new ptr-libevent@0x55d0f566f650 size 48 Sep 21 07:29:21.581474: | libevent_realloc: new ptr-libevent@0x55d0f55f1370 size 256 Sep 21 07:29:21.581477: | libevent_malloc: new ptr-libevent@0x55d0f566f690 size 16 Sep 21 07:29:21.581483: | libevent_free: release ptr-libevent@0x55d0f566f2d0 Sep 21 07:29:21.581486: | libevent initialized Sep 21 07:29:21.581490: | libevent_realloc: new ptr-libevent@0x55d0f566f6b0 size 64 Sep 21 07:29:21.581493: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:29:21.581507: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:29:21.581510: NAT-Traversal support [enabled] Sep 21 07:29:21.581512: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:29:21.581518: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:29:21.581525: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:29:21.581561: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:29:21.581564: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:29:21.581567: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:29:21.581616: Encryption algorithms: Sep 21 07:29:21.581624: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:29:21.581628: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:29:21.581632: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:29:21.581635: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:29:21.581638: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:29:21.581649: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:29:21.581653: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:29:21.581657: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:29:21.581660: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:29:21.581664: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:29:21.581667: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:29:21.581671: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:29:21.581675: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:29:21.581678: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:29:21.581682: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:29:21.581685: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:29:21.581688: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:29:21.581695: Hash algorithms: Sep 21 07:29:21.581698: MD5 IKEv1: IKE IKEv2: Sep 21 07:29:21.581701: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:29:21.581704: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:29:21.581707: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:29:21.581710: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:29:21.581722: PRF algorithms: Sep 21 07:29:21.581725: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:29:21.581728: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:29:21.581732: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:29:21.581735: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:29:21.581738: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:29:21.581741: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:29:21.581765: Integrity algorithms: Sep 21 07:29:21.581769: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:29:21.581772: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:29:21.581776: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:29:21.581780: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:29:21.581790: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:29:21.581796: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:29:21.581799: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:29:21.581802: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:29:21.581805: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:29:21.581818: DH algorithms: Sep 21 07:29:21.581821: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:29:21.581824: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:29:21.581827: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:29:21.581832: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:29:21.581835: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:29:21.581838: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:29:21.581841: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:29:21.581844: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:29:21.581847: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:29:21.581850: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:29:21.581853: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:29:21.581855: testing CAMELLIA_CBC: Sep 21 07:29:21.581858: Camellia: 16 bytes with 128-bit key Sep 21 07:29:21.581974: Camellia: 16 bytes with 128-bit key Sep 21 07:29:21.582003: Camellia: 16 bytes with 256-bit key Sep 21 07:29:21.582032: Camellia: 16 bytes with 256-bit key Sep 21 07:29:21.582059: testing AES_GCM_16: Sep 21 07:29:21.582063: empty string Sep 21 07:29:21.582092: one block Sep 21 07:29:21.582117: two blocks Sep 21 07:29:21.582142: two blocks with associated data Sep 21 07:29:21.582168: testing AES_CTR: Sep 21 07:29:21.582171: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:29:21.582197: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:29:21.582224: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:29:21.582251: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:29:21.582276: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:29:21.582303: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:29:21.582330: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:29:21.582357: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:29:21.582384: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:29:21.582412: testing AES_CBC: Sep 21 07:29:21.582415: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:29:21.582441: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:29:21.582469: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:29:21.582498: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:29:21.582532: testing AES_XCBC: Sep 21 07:29:21.582534: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:29:21.582656: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:29:21.582793: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:29:21.582922: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:29:21.583050: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:29:21.583180: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:29:21.583311: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:29:21.583609: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:29:21.583739: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:29:21.583881: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:29:21.584126: testing HMAC_MD5: Sep 21 07:29:21.584129: RFC 2104: MD5_HMAC test 1 Sep 21 07:29:21.584303: RFC 2104: MD5_HMAC test 2 Sep 21 07:29:21.584459: RFC 2104: MD5_HMAC test 3 Sep 21 07:29:21.584642: 8 CPU cores online Sep 21 07:29:21.584646: starting up 7 crypto helpers Sep 21 07:29:21.584685: started thread for crypto helper 0 Sep 21 07:29:21.584707: started thread for crypto helper 1 Sep 21 07:29:21.584725: started thread for crypto helper 2 Sep 21 07:29:21.584743: started thread for crypto helper 3 Sep 21 07:29:21.584768: started thread for crypto helper 4 Sep 21 07:29:21.584788: started thread for crypto helper 5 Sep 21 07:29:21.584812: started thread for crypto helper 6 Sep 21 07:29:21.584816: | checking IKEv1 state table Sep 21 07:29:21.584824: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:29:21.584826: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:29:21.584829: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:29:21.584831: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:29:21.584834: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:29:21.584836: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:29:21.584838: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:29:21.584841: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:29:21.584843: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:29:21.584846: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:29:21.584848: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:29:21.584847: | starting up helper thread 5 Sep 21 07:29:21.584851: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:29:21.584866: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:29:21.584867: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:29:21.584868: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:29:21.584878: | starting up helper thread 6 Sep 21 07:29:21.584885: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:29:21.584879: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:29:21.584893: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:29:21.584896: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:29:21.584898: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:29:21.584901: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:29:21.584903: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:29:21.584905: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:29:21.584908: | -> UNDEFINED EVENT_NULL Sep 21 07:29:21.584910: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:29:21.584912: | -> UNDEFINED EVENT_NULL Sep 21 07:29:21.584915: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:29:21.584917: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:29:21.584920: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:29:21.584922: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:29:21.584924: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:29:21.584927: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:29:21.584929: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:29:21.584931: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:29:21.584934: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:29:21.584936: | -> UNDEFINED EVENT_NULL Sep 21 07:29:21.584939: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:29:21.584941: | -> UNDEFINED EVENT_NULL Sep 21 07:29:21.584943: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:29:21.584946: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:29:21.584948: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:29:21.584950: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:29:21.584953: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:29:21.584955: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:29:21.584958: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:29:21.584960: | -> UNDEFINED EVENT_NULL Sep 21 07:29:21.584963: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:29:21.584965: | -> UNDEFINED EVENT_NULL Sep 21 07:29:21.584967: | INFO: category: informational flags: 0: Sep 21 07:29:21.584970: | -> UNDEFINED EVENT_NULL Sep 21 07:29:21.584972: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:29:21.584974: | -> UNDEFINED EVENT_NULL Sep 21 07:29:21.584977: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:29:21.584979: | -> XAUTH_R1 EVENT_NULL Sep 21 07:29:21.584982: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:29:21.584984: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:29:21.584986: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:29:21.584989: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:29:21.584991: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:29:21.584996: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:29:21.584999: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:29:21.585001: | -> UNDEFINED EVENT_NULL Sep 21 07:29:21.585004: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:29:21.585006: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:29:21.585009: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:29:21.585011: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:29:21.585014: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:29:21.585016: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:29:21.585022: | checking IKEv2 state table Sep 21 07:29:21.585027: | PARENT_I0: category: ignore flags: 0: Sep 21 07:29:21.585030: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:29:21.585033: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:29:21.585036: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:29:21.585038: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:29:21.585041: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:29:21.585044: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:29:21.585047: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:29:21.585049: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:29:21.585052: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:29:21.585054: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:29:21.585057: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:29:21.585060: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:29:21.585062: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:29:21.585065: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:29:21.585067: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:29:21.585070: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:29:21.585072: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:29:21.585075: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:29:21.585078: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:29:21.585080: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:29:21.585083: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:29:21.585086: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:29:21.585088: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:29:21.585090: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:29:21.585093: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:29:21.585096: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:29:21.585098: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:29:21.585101: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:29:21.585103: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:29:21.585106: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:29:21.585109: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:29:21.585112: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:29:21.585114: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:29:21.585117: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:29:21.585120: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:29:21.585124: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:29:21.585127: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:29:21.585129: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:29:21.585132: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:29:21.585135: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:29:21.585138: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:29:21.585141: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:29:21.585144: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:29:21.585146: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:29:21.585149: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:29:21.585152: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:29:21.585197: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:29:21.585255: | Hard-wiring algorithms Sep 21 07:29:21.585259: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:29:21.585263: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:29:21.585265: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:29:21.585267: | adding 3DES_CBC to kernel algorithm db Sep 21 07:29:21.585270: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:29:21.585272: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:29:21.585274: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:29:21.585276: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:29:21.585279: | adding AES_CTR to kernel algorithm db Sep 21 07:29:21.585281: | adding AES_CBC to kernel algorithm db Sep 21 07:29:21.585283: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:29:21.585286: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:29:21.585288: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:29:21.585290: | adding NULL to kernel algorithm db Sep 21 07:29:21.585293: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:29:21.585295: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:29:21.585298: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:29:21.585300: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:29:21.585303: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:29:21.585305: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:29:21.585308: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:29:21.585310: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:29:21.585312: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:29:21.585314: | adding NONE to kernel algorithm db Sep 21 07:29:21.585335: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:29:21.585340: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:29:21.585343: | setup kernel fd callback Sep 21 07:29:21.585345: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55d0f5674d40 Sep 21 07:29:21.585348: | libevent_malloc: new ptr-libevent@0x55d0f5680ee0 size 128 Sep 21 07:29:21.585351: | libevent_malloc: new ptr-libevent@0x55d0f566f970 size 16 Sep 21 07:29:21.585357: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55d0f5674d00 Sep 21 07:29:21.585360: | libevent_malloc: new ptr-libevent@0x55d0f5680f70 size 128 Sep 21 07:29:21.585363: | libevent_malloc: new ptr-libevent@0x55d0f5674040 size 16 Sep 21 07:29:21.585592: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:29:21.585600: selinux support is enabled. Sep 21 07:29:21.585678: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:29:21.585848: | unbound context created - setting debug level to 5 Sep 21 07:29:21.585884: | /etc/hosts lookups activated Sep 21 07:29:21.585897: | /etc/resolv.conf usage activated Sep 21 07:29:21.585959: | outgoing-port-avoid set 0-65535 Sep 21 07:29:21.585988: | outgoing-port-permit set 32768-60999 Sep 21 07:29:21.585994: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:29:21.585997: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:29:21.586000: | Setting up events, loop start Sep 21 07:29:21.586003: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55d0f566f2d0 Sep 21 07:29:21.586006: | libevent_malloc: new ptr-libevent@0x55d0f568b4e0 size 128 Sep 21 07:29:21.586009: | libevent_malloc: new ptr-libevent@0x55d0f568b570 size 16 Sep 21 07:29:21.586015: | libevent_realloc: new ptr-libevent@0x55d0f55ef5b0 size 256 Sep 21 07:29:21.586018: | libevent_malloc: new ptr-libevent@0x55d0f568b590 size 8 Sep 21 07:29:21.586021: | libevent_realloc: new ptr-libevent@0x55d0f5680260 size 144 Sep 21 07:29:21.586023: | libevent_malloc: new ptr-libevent@0x55d0f568b5b0 size 152 Sep 21 07:29:21.586027: | libevent_malloc: new ptr-libevent@0x55d0f568b650 size 16 Sep 21 07:29:21.586031: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:29:21.586033: | libevent_malloc: new ptr-libevent@0x55d0f568b670 size 8 Sep 21 07:29:21.586036: | libevent_malloc: new ptr-libevent@0x55d0f568b690 size 152 Sep 21 07:29:21.586039: | signal event handler PLUTO_SIGTERM installed Sep 21 07:29:21.586041: | libevent_malloc: new ptr-libevent@0x55d0f568b730 size 8 Sep 21 07:29:21.586044: | libevent_malloc: new ptr-libevent@0x55d0f568b750 size 152 Sep 21 07:29:21.586046: | signal event handler PLUTO_SIGHUP installed Sep 21 07:29:21.586049: | libevent_malloc: new ptr-libevent@0x55d0f568b7f0 size 8 Sep 21 07:29:21.586051: | libevent_realloc: release ptr-libevent@0x55d0f5680260 Sep 21 07:29:21.586054: | libevent_realloc: new ptr-libevent@0x55d0f568b810 size 256 Sep 21 07:29:21.586057: | libevent_malloc: new ptr-libevent@0x55d0f5680260 size 152 Sep 21 07:29:21.586059: | signal event handler PLUTO_SIGSYS installed Sep 21 07:29:21.586415: | created addconn helper (pid:30955) using fork+execve Sep 21 07:29:21.586427: | forked child 30955 Sep 21 07:29:21.586465: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:29:21.586479: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:29:21.586485: listening for IKE messages Sep 21 07:29:21.586525: | Inspecting interface lo Sep 21 07:29:21.586531: | found lo with address 127.0.0.1 Sep 21 07:29:21.586534: | Inspecting interface eth1 Sep 21 07:29:21.586538: | found eth1 with address 192.1.2.45 Sep 21 07:29:21.586584: Kernel supports NIC esp-hw-offload Sep 21 07:29:21.586594: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 Sep 21 07:29:21.586617: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:29:21.586622: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:29:21.586625: adding interface eth1/eth1 192.1.2.45:4500 Sep 21 07:29:21.586650: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:29:21.586676: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:29:21.586679: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:29:21.586683: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:29:21.586744: | no interfaces to sort Sep 21 07:29:21.586748: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:29:21.586755: | add_fd_read_event_handler: new ethX-pe@0x55d0f5674890 Sep 21 07:29:21.586758: | libevent_malloc: new ptr-libevent@0x55d0f568ba40 size 128 Sep 21 07:29:21.586761: | libevent_malloc: new ptr-libevent@0x55d0f568bad0 size 16 Sep 21 07:29:21.586769: | setup callback for interface lo 127.0.0.1:4500 fd 20 Sep 21 07:29:21.586772: | add_fd_read_event_handler: new ethX-pe@0x55d0f568baf0 Sep 21 07:29:21.586774: | libevent_malloc: new ptr-libevent@0x55d0f568bb30 size 128 Sep 21 07:29:21.586777: | libevent_malloc: new ptr-libevent@0x55d0f568bbc0 size 16 Sep 21 07:29:21.586782: | setup callback for interface lo 127.0.0.1:500 fd 19 Sep 21 07:29:21.586791: | add_fd_read_event_handler: new ethX-pe@0x55d0f568bbe0 Sep 21 07:29:21.586797: | libevent_malloc: new ptr-libevent@0x55d0f568bc20 size 128 Sep 21 07:29:21.586799: | libevent_malloc: new ptr-libevent@0x55d0f568bcb0 size 16 Sep 21 07:29:21.586804: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Sep 21 07:29:21.586807: | add_fd_read_event_handler: new ethX-pe@0x55d0f568bcd0 Sep 21 07:29:21.586809: | libevent_malloc: new ptr-libevent@0x55d0f568bd10 size 128 Sep 21 07:29:21.586812: | libevent_malloc: new ptr-libevent@0x55d0f568bda0 size 16 Sep 21 07:29:21.586816: | setup callback for interface eth1 192.1.2.45:500 fd 17 Sep 21 07:29:21.586821: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:29:21.586824: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:29:21.586846: loading secrets from "/etc/ipsec.secrets" Sep 21 07:29:21.586865: | saving Modulus Sep 21 07:29:21.586870: | saving PublicExponent Sep 21 07:29:21.586874: | ignoring PrivateExponent Sep 21 07:29:21.586877: | ignoring Prime1 Sep 21 07:29:21.586880: | ignoring Prime2 Sep 21 07:29:21.586883: | ignoring Exponent1 Sep 21 07:29:21.586886: | ignoring Exponent2 Sep 21 07:29:21.586889: | ignoring Coefficient Sep 21 07:29:21.586892: | ignoring CKAIDNSS Sep 21 07:29:21.586928: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:29:21.586931: | computed rsa CKAID 7f 0f 03 50 Sep 21 07:29:21.586934: loaded private key for keyid: PKK_RSA:AQOm9dY/4 Sep 21 07:29:21.586940: | certs and keys locked by 'process_secret' Sep 21 07:29:21.586945: | certs and keys unlocked by 'process_secret' Sep 21 07:29:21.586950: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:29:21.586958: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:29:21.586963: | spent 0.506 milliseconds in whack Sep 21 07:29:21.588797: | starting up helper thread 0 Sep 21 07:29:21.588811: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:29:21.588826: | starting up helper thread 1 Sep 21 07:29:21.588831: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:29:21.588842: | starting up helper thread 2 Sep 21 07:29:21.588848: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:29:21.584874: | crypto helper 5 waiting (nothing to do) Sep 21 07:29:21.591815: | crypto helper 6 waiting (nothing to do) Sep 21 07:29:21.591828: | crypto helper 0 waiting (nothing to do) Sep 21 07:29:21.591838: | crypto helper 1 waiting (nothing to do) Sep 21 07:29:21.591846: | starting up helper thread 4 Sep 21 07:29:21.591852: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:29:21.591852: | crypto helper 2 waiting (nothing to do) Sep 21 07:29:21.591864: | crypto helper 4 waiting (nothing to do) Sep 21 07:29:21.591874: | starting up helper thread 3 Sep 21 07:29:21.591879: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:29:21.591882: | crypto helper 3 waiting (nothing to do) Sep 21 07:29:21.645344: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:29:21.645373: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:29:21.645378: listening for IKE messages Sep 21 07:29:21.645410: | Inspecting interface lo Sep 21 07:29:21.645416: | found lo with address 127.0.0.1 Sep 21 07:29:21.645419: | Inspecting interface eth1 Sep 21 07:29:21.645423: | found eth1 with address 192.1.2.45 Sep 21 07:29:21.645484: | no interfaces to sort Sep 21 07:29:21.645492: | libevent_free: release ptr-libevent@0x55d0f568ba40 Sep 21 07:29:21.645495: | free_event_entry: release EVENT_NULL-pe@0x55d0f5674890 Sep 21 07:29:21.645498: | add_fd_read_event_handler: new ethX-pe@0x55d0f5674890 Sep 21 07:29:21.645501: | libevent_malloc: new ptr-libevent@0x55d0f568ba40 size 128 Sep 21 07:29:21.645508: | setup callback for interface lo 127.0.0.1:4500 fd 20 Sep 21 07:29:21.645512: | libevent_free: release ptr-libevent@0x55d0f568bb30 Sep 21 07:29:21.645519: | free_event_entry: release EVENT_NULL-pe@0x55d0f568baf0 Sep 21 07:29:21.645522: | add_fd_read_event_handler: new ethX-pe@0x55d0f568baf0 Sep 21 07:29:21.645884: | libevent_malloc: new ptr-libevent@0x55d0f568bb30 size 128 Sep 21 07:29:21.645895: | setup callback for interface lo 127.0.0.1:500 fd 19 Sep 21 07:29:21.645900: | libevent_free: release ptr-libevent@0x55d0f568bc20 Sep 21 07:29:21.645902: | free_event_entry: release EVENT_NULL-pe@0x55d0f568bbe0 Sep 21 07:29:21.645905: | add_fd_read_event_handler: new ethX-pe@0x55d0f568bbe0 Sep 21 07:29:21.645908: | libevent_malloc: new ptr-libevent@0x55d0f568bc20 size 128 Sep 21 07:29:21.645912: | setup callback for interface eth1 192.1.2.45:4500 fd 18 Sep 21 07:29:21.645916: | libevent_free: release ptr-libevent@0x55d0f568bd10 Sep 21 07:29:21.645918: | free_event_entry: release EVENT_NULL-pe@0x55d0f568bcd0 Sep 21 07:29:21.645920: | add_fd_read_event_handler: new ethX-pe@0x55d0f568bcd0 Sep 21 07:29:21.645923: | libevent_malloc: new ptr-libevent@0x55d0f568bd10 size 128 Sep 21 07:29:21.645927: | setup callback for interface eth1 192.1.2.45:500 fd 17 Sep 21 07:29:21.645930: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:29:21.645933: forgetting secrets Sep 21 07:29:21.645940: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:29:21.645954: loading secrets from "/etc/ipsec.secrets" Sep 21 07:29:21.645967: | saving Modulus Sep 21 07:29:21.645970: | saving PublicExponent Sep 21 07:29:21.645974: | ignoring PrivateExponent Sep 21 07:29:21.645977: | ignoring Prime1 Sep 21 07:29:21.645980: | ignoring Prime2 Sep 21 07:29:21.645983: | ignoring Exponent1 Sep 21 07:29:21.645986: | ignoring Exponent2 Sep 21 07:29:21.645989: | ignoring Coefficient Sep 21 07:29:21.645992: | ignoring CKAIDNSS Sep 21 07:29:21.646012: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:29:21.646015: | computed rsa CKAID 7f 0f 03 50 Sep 21 07:29:21.646018: loaded private key for keyid: PKK_RSA:AQOm9dY/4 Sep 21 07:29:21.646022: | certs and keys locked by 'process_secret' Sep 21 07:29:21.646025: | certs and keys unlocked by 'process_secret' Sep 21 07:29:21.646030: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:29:21.646036: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:29:21.646042: | spent 0.341 milliseconds in whack Sep 21 07:29:21.646594: | processing signal PLUTO_SIGCHLD Sep 21 07:29:21.646605: | waitpid returned pid 30955 (exited with status 0) Sep 21 07:29:21.646608: | reaped addconn helper child (status 0) Sep 21 07:29:21.646612: | waitpid returned ECHILD (no child processes left) Sep 21 07:29:21.646617: | spent 0.0159 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:29:21.746735: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:29:21.746758: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:29:21.746761: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:29:21.746764: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:29:21.746766: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:29:21.746770: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:29:21.746777: | Added new connection westnet-eastnet-vti-01 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:29:21.746780: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:29:21.746840: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:29:21.746845: | from whack: got --esp= Sep 21 07:29:21.746882: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:29:21.746892: | counting wild cards for @west is 0 Sep 21 07:29:21.746896: | counting wild cards for @east is 0 Sep 21 07:29:21.746906: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:29:21.746910: | new hp@0x55d0f5658450 Sep 21 07:29:21.746914: added connection description "westnet-eastnet-vti-01" Sep 21 07:29:21.746926: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:29:21.746937: | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Sep 21 07:29:21.746946: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:29:21.746952: | spent 0.22 milliseconds in whack Sep 21 07:29:21.746990: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:29:21.746998: add keyid @west Sep 21 07:29:21.747002: | add pubkey 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 Sep 21 07:29:21.747004: | add pubkey 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e Sep 21 07:29:21.747007: | add pubkey b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 Sep 21 07:29:21.747009: | add pubkey 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 Sep 21 07:29:21.747011: | add pubkey 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 Sep 21 07:29:21.747014: | add pubkey f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c Sep 21 07:29:21.747016: | add pubkey ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a Sep 21 07:29:21.747018: | add pubkey 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 Sep 21 07:29:21.747020: | add pubkey b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 Sep 21 07:29:21.747023: | add pubkey 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a Sep 21 07:29:21.747025: | add pubkey 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 Sep 21 07:29:21.747027: | add pubkey ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc Sep 21 07:29:21.747029: | add pubkey 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e Sep 21 07:29:21.747032: | add pubkey d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 Sep 21 07:29:21.747034: | add pubkey 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d Sep 21 07:29:21.747036: | add pubkey 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f Sep 21 07:29:21.747038: | add pubkey c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 Sep 21 07:29:21.747041: | add pubkey 15 04 37 f9 Sep 21 07:29:21.747064: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:29:21.747067: | computed rsa CKAID 7f 0f 03 50 Sep 21 07:29:21.747072: | keyid: *AQOm9dY/4 Sep 21 07:29:21.747075: | n a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 8b 49 Sep 21 07:29:21.747077: | n 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e b3 96 Sep 21 07:29:21.747079: | n 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 09 f0 Sep 21 07:29:21.747082: | n c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 8f 95 Sep 21 07:29:21.747084: | n 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 f5 99 Sep 21 07:29:21.747086: | n f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c ac 34 Sep 21 07:29:21.747088: | n ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a 94 d3 Sep 21 07:29:21.747091: | n d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 b2 2b Sep 21 07:29:21.747093: | n 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 7d 7a Sep 21 07:29:21.747095: | n 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a 8f 52 Sep 21 07:29:21.747097: | n a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 ca 80 Sep 21 07:29:21.747100: | n db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc 2a b3 Sep 21 07:29:21.747102: | n 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e d3 3a Sep 21 07:29:21.747104: | n 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 87 33 Sep 21 07:29:21.747106: | n 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d 6e e8 Sep 21 07:29:21.747108: | n 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f c9 20 Sep 21 07:29:21.747113: | n 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 15 04 Sep 21 07:29:21.747116: | n 37 f9 Sep 21 07:29:21.747118: | e 03 Sep 21 07:29:21.747120: | CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:29:21.747122: | CKAID 7f 0f 03 50 Sep 21 07:29:21.747129: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:29:21.747134: | spent 0.148 milliseconds in whack Sep 21 07:29:21.747213: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:29:21.747221: add keyid @east Sep 21 07:29:21.747224: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Sep 21 07:29:21.747227: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Sep 21 07:29:21.747229: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Sep 21 07:29:21.747231: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Sep 21 07:29:21.747234: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Sep 21 07:29:21.747236: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Sep 21 07:29:21.747238: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Sep 21 07:29:21.747240: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Sep 21 07:29:21.747243: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Sep 21 07:29:21.747245: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Sep 21 07:29:21.747247: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Sep 21 07:29:21.747249: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Sep 21 07:29:21.747252: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Sep 21 07:29:21.747254: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Sep 21 07:29:21.747256: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Sep 21 07:29:21.747259: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Sep 21 07:29:21.747261: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Sep 21 07:29:21.747263: | add pubkey 51 51 48 ef Sep 21 07:29:21.747272: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:29:21.747275: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:29:21.747279: | keyid: *AQO9bJbr3 Sep 21 07:29:21.747281: | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Sep 21 07:29:21.747283: | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Sep 21 07:29:21.747286: | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Sep 21 07:29:21.747288: | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Sep 21 07:29:21.747290: | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Sep 21 07:29:21.747292: | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Sep 21 07:29:21.747295: | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Sep 21 07:29:21.747297: | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Sep 21 07:29:21.747299: | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Sep 21 07:29:21.747301: | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Sep 21 07:29:21.747303: | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Sep 21 07:29:21.747306: | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Sep 21 07:29:21.747308: | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Sep 21 07:29:21.747310: | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Sep 21 07:29:21.747312: | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Sep 21 07:29:21.747315: | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Sep 21 07:29:21.747317: | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Sep 21 07:29:21.747319: | n 48 ef Sep 21 07:29:21.747321: | e 03 Sep 21 07:29:21.747323: | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:29:21.747326: | CKAID 8a 82 25 f1 Sep 21 07:29:21.747332: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:29:21.747336: | spent 0.126 milliseconds in whack Sep 21 07:29:21.929681: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:29:21.934587: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:29:21.934599: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:29:21.934603: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:29:21.934605: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:29:21.934609: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:29:21.934616: | Added new connection westnet-eastnet-vti-02 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:29:21.934620: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:29:21.934678: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Sep 21 07:29:21.934682: | from whack: got --esp= Sep 21 07:29:21.934720: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Sep 21 07:29:21.934727: | counting wild cards for @west is 0 Sep 21 07:29:21.934730: | counting wild cards for @east is 0 Sep 21 07:29:21.934739: | find_host_pair: comparing 192.1.2.45:500 to 192.1.2.23:500 but ignoring ports Sep 21 07:29:21.934745: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@0x55d0f5658450: westnet-eastnet-vti-01 Sep 21 07:29:21.934747: added connection description "westnet-eastnet-vti-02" Sep 21 07:29:21.934757: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:29:21.934769: | 10.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===10.0.2.0/24 Sep 21 07:29:21.934777: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:29:21.934788: | spent 0.233 milliseconds in whack Sep 21 07:29:21.934863: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:29:21.934878: add keyid @west Sep 21 07:29:21.934884: | unreference key: 0x55d0f56148c0 @west cnt 1-- Sep 21 07:29:21.934890: | add pubkey 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 Sep 21 07:29:21.934892: | add pubkey 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e Sep 21 07:29:21.934894: | add pubkey b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 Sep 21 07:29:21.934897: | add pubkey 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 Sep 21 07:29:21.934899: | add pubkey 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 Sep 21 07:29:21.934902: | add pubkey f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c Sep 21 07:29:21.934904: | add pubkey ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a Sep 21 07:29:21.934906: | add pubkey 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 Sep 21 07:29:21.934908: | add pubkey b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 Sep 21 07:29:21.934911: | add pubkey 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a Sep 21 07:29:21.934913: | add pubkey 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 Sep 21 07:29:21.934916: | add pubkey ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc Sep 21 07:29:21.934918: | add pubkey 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e Sep 21 07:29:21.934921: | add pubkey d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 Sep 21 07:29:21.934923: | add pubkey 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d Sep 21 07:29:21.934926: | add pubkey 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f Sep 21 07:29:21.934928: | add pubkey c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 Sep 21 07:29:21.934936: | add pubkey 15 04 37 f9 Sep 21 07:29:21.934958: | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:29:21.934961: | computed rsa CKAID 7f 0f 03 50 Sep 21 07:29:21.934965: | keyid: *AQOm9dY/4 Sep 21 07:29:21.934967: | n a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 8b 49 Sep 21 07:29:21.934970: | n 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e b3 96 Sep 21 07:29:21.934972: | n 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 09 f0 Sep 21 07:29:21.934975: | n c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 8f 95 Sep 21 07:29:21.934978: | n 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 f5 99 Sep 21 07:29:21.934980: | n f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c ac 34 Sep 21 07:29:21.934982: | n ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a 94 d3 Sep 21 07:29:21.934984: | n d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 b2 2b Sep 21 07:29:21.934986: | n 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 7d 7a Sep 21 07:29:21.934989: | n 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a 8f 52 Sep 21 07:29:21.934991: | n a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 ca 80 Sep 21 07:29:21.934993: | n db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc 2a b3 Sep 21 07:29:21.934995: | n 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e d3 3a Sep 21 07:29:21.934998: | n 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 87 33 Sep 21 07:29:21.935000: | n 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d 6e e8 Sep 21 07:29:21.935002: | n 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f c9 20 Sep 21 07:29:21.935004: | n 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 15 04 Sep 21 07:29:21.935006: | n 37 f9 Sep 21 07:29:21.935008: | e 03 Sep 21 07:29:21.935010: | CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Sep 21 07:29:21.935012: | CKAID 7f 0f 03 50 Sep 21 07:29:21.935019: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:29:21.935024: | spent 0.161 milliseconds in whack Sep 21 07:29:21.935070: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:29:21.935083: add keyid @east Sep 21 07:29:21.935087: | unreference key: 0x55d0f5616520 @east cnt 1-- Sep 21 07:29:21.935091: | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Sep 21 07:29:21.935093: | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Sep 21 07:29:21.935095: | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Sep 21 07:29:21.935097: | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Sep 21 07:29:21.935100: | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Sep 21 07:29:21.935102: | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Sep 21 07:29:21.935104: | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Sep 21 07:29:21.935106: | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Sep 21 07:29:21.935109: | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Sep 21 07:29:21.935111: | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Sep 21 07:29:21.935113: | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Sep 21 07:29:21.935116: | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Sep 21 07:29:21.935118: | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Sep 21 07:29:21.935120: | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Sep 21 07:29:21.935122: | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Sep 21 07:29:21.935125: | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Sep 21 07:29:21.935127: | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Sep 21 07:29:21.935129: | add pubkey 51 51 48 ef Sep 21 07:29:21.935138: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:29:21.935140: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:29:21.935144: | keyid: *AQO9bJbr3 Sep 21 07:29:21.935147: | n bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Sep 21 07:29:21.935152: | n c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Sep 21 07:29:21.935154: | n e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Sep 21 07:29:21.935156: | n 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Sep 21 07:29:21.935158: | n f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Sep 21 07:29:21.935160: | n 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Sep 21 07:29:21.935163: | n 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Sep 21 07:29:21.935165: | n af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Sep 21 07:29:21.935168: | n 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Sep 21 07:29:21.935170: | n f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Sep 21 07:29:21.935172: | n 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Sep 21 07:29:21.935174: | n 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Sep 21 07:29:21.935177: | n 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Sep 21 07:29:21.935179: | n 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Sep 21 07:29:21.935181: | n 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Sep 21 07:29:21.935183: | n 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Sep 21 07:29:21.935185: | n 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Sep 21 07:29:21.935187: | n 48 ef Sep 21 07:29:21.935189: | e 03 Sep 21 07:29:21.935192: | CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:29:21.935194: | CKAID 8a 82 25 f1 Sep 21 07:29:21.935199: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:29:21.935204: | spent 0.134 milliseconds in whack Sep 21 07:29:22.081558: | kernel_process_msg_cb process netlink message Sep 21 07:29:22.081580: | netlink_get: XFRM_MSG_UPDPOLICY message Sep 21 07:29:22.081589: | spent 0.00825 milliseconds in kernel message Sep 21 07:29:22.247958: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:29:22.247981: | dup_any(fd@16) -> fd@21 (in whack_process() at rcv_whack.c:590) Sep 21 07:29:22.247984: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:29:22.247990: | start processing: connection "westnet-eastnet-vti-01" (in initiate_a_connection() at initiate.c:186) Sep 21 07:29:22.247993: | connection 'westnet-eastnet-vti-01' +POLICY_UP Sep 21 07:29:22.247997: | dup_any(fd@21) -> fd@22 (in initiate_a_connection() at initiate.c:342) Sep 21 07:29:22.247999: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:29:22.248022: | creating state object #1 at 0x55d0f568e900 Sep 21 07:29:22.248026: | State DB: adding IKEv2 state #1 in UNDEFINED Sep 21 07:29:22.248034: | pstats #1 ikev2.ike started Sep 21 07:29:22.248037: | Message ID: init #1: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:29:22.248041: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:29:22.248046: | Message ID: init_ike #1; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:29:22.248054: | suspend processing: connection "westnet-eastnet-vti-01" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:29:22.248060: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:29:22.248063: | dup_any(fd@22) -> fd@23 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:29:22.248068: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-vti-01" IKE SA #1 "westnet-eastnet-vti-01" Sep 21 07:29:22.248073: "westnet-eastnet-vti-01" #1: initiating v2 parent SA Sep 21 07:29:22.248082: | constructing local IKE proposals for westnet-eastnet-vti-01 (IKE SA initiator selecting KE) Sep 21 07:29:22.248090: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:29:22.248098: | ... ikev2_proposal: 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:29:22.248108: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:29:22.248113: | ... ikev2_proposal: 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:29:22.248117: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:29:22.248123: | ... ikev2_proposal: 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:29:22.248126: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Sep 21 07:29:22.248132: | ... ikev2_proposal: 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:29:22.248143: "westnet-eastnet-vti-01": constructed local IKE proposals for westnet-eastnet-vti-01 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:29:22.248149: | adding ikev2_outI1 KE work-order 1 for state #1 Sep 21 07:29:22.248153: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55d0f5690fb0 Sep 21 07:29:22.248156: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:29:22.248161: | libevent_malloc: new ptr-libevent@0x55d0f5690ff0 size 128 Sep 21 07:29:22.248174: | #1 spent 0.182 milliseconds in ikev2_parent_outI1() Sep 21 07:29:22.248177: | processing: RESET whack log_fd (was fd@16) (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:29:22.248182: | RESET processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:29:22.248185: | RESET processing: connection "westnet-eastnet-vti-01" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:29:22.248188: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:29:22.248191: | close_any(fd@21) (in initiate_connection() at initiate.c:372) Sep 21 07:29:22.248195: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:29:22.248199: | spent 0.25 milliseconds in whack Sep 21 07:29:22.248208: | crypto helper 6 resuming Sep 21 07:29:22.248211: | crypto helper 6 starting work-order 1 for state #1 Sep 21 07:29:22.248215: | crypto helper 6 doing build KE and nonce (ikev2_outI1 KE); request ID 1 Sep 21 07:29:22.249251: | crypto helper 6 finished build KE and nonce (ikev2_outI1 KE); request ID 1 time elapsed 0.001035 seconds Sep 21 07:29:22.249262: | (#1) spent 1.04 milliseconds in crypto helper computing work-order 1: ikev2_outI1 KE (pcr) Sep 21 07:29:22.249265: | crypto helper 6 sending results from work-order 1 for state #1 to event queue Sep 21 07:29:22.249268: | scheduling resume sending helper answer for #1 Sep 21 07:29:22.249271: | libevent_malloc: new ptr-libevent@0x7f9ca0006900 size 128 Sep 21 07:29:22.249279: | crypto helper 6 waiting (nothing to do) Sep 21 07:29:22.249807: | processing resume sending helper answer for #1 Sep 21 07:29:22.249820: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:29:22.249828: | crypto helper 6 replies to request ID 1 Sep 21 07:29:22.249831: | calling continuation function 0x55d0f3d2a630 Sep 21 07:29:22.249833: | ikev2_parent_outI1_continue for #1 Sep 21 07:29:22.249862: | **emit ISAKMP Message: Sep 21 07:29:22.249865: | initiator cookie: Sep 21 07:29:22.249867: | fc 0f a2 c4 c7 27 e0 04 Sep 21 07:29:22.249870: | responder cookie: Sep 21 07:29:22.249872: | 00 00 00 00 00 00 00 00 Sep 21 07:29:22.249875: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:29:22.249878: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:29:22.249881: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:29:22.249884: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:29:22.249886: | Message ID: 0 (0x0) Sep 21 07:29:22.249889: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:29:22.249905: | using existing local IKE proposals for connection westnet-eastnet-vti-01 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:29:22.249908: | Emitting ikev2_proposals ... Sep 21 07:29:22.249911: | ***emit IKEv2 Security Association Payload: Sep 21 07:29:22.249914: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:22.249916: | flags: none (0x0) Sep 21 07:29:22.249919: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:29:22.249922: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:29:22.249925: | discarding INTEG=NONE Sep 21 07:29:22.249928: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:29:22.249930: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:22.249932: | prop #: 1 (0x1) Sep 21 07:29:22.249935: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:29:22.249937: | spi size: 0 (0x0) Sep 21 07:29:22.249939: | # transforms: 11 (0xb) Sep 21 07:29:22.249943: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:29:22.249946: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.249948: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.249951: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:29:22.249953: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:29:22.249956: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.249959: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:29:22.249961: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:29:22.249964: | length/value: 256 (0x100) Sep 21 07:29:22.249967: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:29:22.249969: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.249972: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.249974: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:29:22.249976: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:29:22.249980: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.249982: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.249989: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.249991: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.249994: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.249996: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:29:22.249998: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:29:22.250001: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250004: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250006: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250009: | discarding INTEG=NONE Sep 21 07:29:22.250011: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250013: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250016: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250018: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:29:22.250021: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250024: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250026: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250028: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250031: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250033: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250035: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:29:22.250038: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250041: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250043: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250046: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250048: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250050: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250053: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:29:22.250056: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250058: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250061: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250063: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250065: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250068: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250070: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:29:22.250073: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250076: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250078: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250081: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250083: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250085: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250088: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:29:22.250091: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250094: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250097: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250099: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250101: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250104: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250106: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:29:22.250108: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250110: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250113: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250115: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250117: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250120: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250122: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:29:22.250124: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250127: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250129: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250131: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250133: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:29:22.250135: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250138: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:29:22.250140: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250142: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250145: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250147: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:29:22.250150: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:29:22.250152: | discarding INTEG=NONE Sep 21 07:29:22.250155: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:29:22.250157: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:22.250159: | prop #: 2 (0x2) Sep 21 07:29:22.250162: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:29:22.250164: | spi size: 0 (0x0) Sep 21 07:29:22.250166: | # transforms: 11 (0xb) Sep 21 07:29:22.250169: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:22.250172: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:29:22.250174: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250177: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250179: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:29:22.250182: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:29:22.250184: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250187: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:29:22.250190: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:29:22.250192: | length/value: 128 (0x80) Sep 21 07:29:22.250197: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:29:22.250199: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250202: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250204: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:29:22.250207: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:29:22.250210: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250212: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250215: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250217: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250220: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250222: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:29:22.250225: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:29:22.250228: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250231: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250234: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250237: | discarding INTEG=NONE Sep 21 07:29:22.250239: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250242: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250244: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250247: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:29:22.250250: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250253: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250256: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250258: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250260: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250263: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250265: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:29:22.250268: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250270: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250273: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250275: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250277: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250280: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250282: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:29:22.250285: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250288: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250291: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250294: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250296: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250299: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250301: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:29:22.250305: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250309: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250312: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250314: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250316: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250318: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250321: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:29:22.250323: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250326: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250329: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250331: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250333: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250336: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250338: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:29:22.250341: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250344: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250346: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250349: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250351: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250353: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250356: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:29:22.250358: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250361: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250363: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250365: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250368: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:29:22.250370: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250372: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:29:22.250375: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250377: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250380: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250382: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:29:22.250385: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:29:22.250388: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:29:22.250390: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:22.250392: | prop #: 3 (0x3) Sep 21 07:29:22.250394: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:29:22.250397: | spi size: 0 (0x0) Sep 21 07:29:22.250399: | # transforms: 13 (0xd) Sep 21 07:29:22.250402: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:22.250404: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:29:22.250408: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250410: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250412: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:29:22.250414: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:29:22.250416: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250419: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:29:22.250421: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:29:22.250423: | length/value: 256 (0x100) Sep 21 07:29:22.250426: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:29:22.250428: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250431: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250433: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:29:22.250435: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:29:22.250438: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250441: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250443: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250445: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250447: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250450: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:29:22.250452: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:29:22.250455: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250457: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250460: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250462: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250464: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250467: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:29:22.250469: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:29:22.250472: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250474: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250477: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250479: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250481: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250483: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:29:22.250485: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:29:22.250487: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250489: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250491: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250493: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250495: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250497: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250499: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:29:22.250501: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250504: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250507: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250510: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250512: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250514: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250516: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:29:22.250519: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250522: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250524: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250527: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250529: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250531: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250534: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:29:22.250536: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250539: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250541: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250544: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250545: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250547: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250550: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:29:22.250552: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250555: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250557: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250559: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250561: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250563: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250566: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:29:22.250568: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250571: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250573: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250575: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250578: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250580: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250582: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:29:22.250584: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250587: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250589: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250591: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250593: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250595: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250597: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:29:22.250600: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250604: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250606: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250608: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250610: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:29:22.250612: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250614: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:29:22.250617: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250620: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250622: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250624: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:29:22.250627: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:29:22.250629: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:29:22.250631: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:29:22.250633: | prop #: 4 (0x4) Sep 21 07:29:22.250635: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:29:22.250637: | spi size: 0 (0x0) Sep 21 07:29:22.250639: | # transforms: 13 (0xd) Sep 21 07:29:22.250642: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:22.250645: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:29:22.250647: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250649: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250652: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:29:22.250654: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:29:22.250656: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250659: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:29:22.250661: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:29:22.250664: | length/value: 128 (0x80) Sep 21 07:29:22.250666: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:29:22.250668: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250671: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250673: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:29:22.250675: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:29:22.250678: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250680: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250682: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250685: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250687: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250689: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:29:22.250691: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:29:22.250694: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250696: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250698: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250703: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250706: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250708: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:29:22.250710: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:29:22.250713: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250715: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250718: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250720: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250722: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250724: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:29:22.250726: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:29:22.250728: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250731: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250733: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250735: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250738: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250740: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250742: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:29:22.250745: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250747: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250750: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250752: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250754: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250756: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250758: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:29:22.250761: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250763: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250765: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250767: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250769: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250772: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250774: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:29:22.250776: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250779: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250781: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250787: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250792: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250795: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250797: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:29:22.250799: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250804: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250806: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250808: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250810: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250813: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250815: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:29:22.250817: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250820: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250822: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250825: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250827: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250829: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250831: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:29:22.250833: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250836: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250838: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250840: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250842: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250844: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250846: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:29:22.250849: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250852: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250854: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250856: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.250858: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:29:22.250860: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.250863: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:29:22.250865: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.250868: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.250871: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.250873: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:29:22.250876: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:29:22.250878: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:29:22.250881: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:29:22.250883: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:29:22.250886: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:22.250889: | flags: none (0x0) Sep 21 07:29:22.250891: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:29:22.250894: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:29:22.250897: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:29:22.250902: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:29:22.250905: | ikev2 g^x a8 67 bd 61 c7 b2 4e 4c 4b 5a 90 f4 8f cf 3c 0c Sep 21 07:29:22.250907: | ikev2 g^x 29 43 e1 9a e8 31 fb 70 e7 e5 b1 ee 3b f4 cd 1e Sep 21 07:29:22.250909: | ikev2 g^x c9 a4 8f 89 f4 79 9a 24 e8 09 ac d4 49 0a 7f 07 Sep 21 07:29:22.250912: | ikev2 g^x 7a c0 ba 5a 03 a6 1f 8f c0 dd 5d d7 17 e4 98 85 Sep 21 07:29:22.250914: | ikev2 g^x 9c 22 93 e9 82 9e d8 10 b4 f5 31 ff b4 47 e1 9d Sep 21 07:29:22.250916: | ikev2 g^x cf e2 c7 32 56 b8 48 62 18 c2 a7 38 2c 65 ab aa Sep 21 07:29:22.250918: | ikev2 g^x 61 1f c2 cf c3 74 f5 31 f5 ee 68 b2 55 8e 03 9d Sep 21 07:29:22.250920: | ikev2 g^x 17 c4 cf c0 57 5a db 9c 14 21 36 93 e0 5e d3 63 Sep 21 07:29:22.250923: | ikev2 g^x b9 66 9a d3 94 08 a6 8f 21 8c db 9f d5 a8 36 49 Sep 21 07:29:22.250925: | ikev2 g^x d1 11 f2 a2 d1 07 34 7b 03 4a 98 44 01 93 f4 e6 Sep 21 07:29:22.250927: | ikev2 g^x f5 ef e2 49 9a 98 71 c1 82 91 8b b6 87 0a 28 13 Sep 21 07:29:22.250930: | ikev2 g^x 75 f1 0d 90 d7 e7 ba ad d3 ea 84 c8 44 a7 62 3c Sep 21 07:29:22.250932: | ikev2 g^x 69 61 87 37 51 37 78 53 65 ce e1 af f0 aa 75 a3 Sep 21 07:29:22.250934: | ikev2 g^x 1f c3 3f bf a4 e5 57 d9 f6 c8 7b 05 4d 42 6f 0c Sep 21 07:29:22.250936: | ikev2 g^x af 1d 9b ff 7a 6b a4 97 c6 5d 24 ed 43 1d 1c a0 Sep 21 07:29:22.250938: | ikev2 g^x b3 62 b1 ba 03 2f d5 77 44 ea a1 3e 7a 8b 5e 72 Sep 21 07:29:22.250940: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:29:22.250943: | ***emit IKEv2 Nonce Payload: Sep 21 07:29:22.250945: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:29:22.250947: | flags: none (0x0) Sep 21 07:29:22.250950: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:29:22.250953: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:29:22.250956: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:29:22.250958: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:29:22.250961: | IKEv2 nonce 6d de b1 f3 0f 58 7e d1 2a 7b 54 97 2d 6f d5 0a Sep 21 07:29:22.250963: | IKEv2 nonce 91 77 1a 2f 3d 0b 37 c4 1d 17 ad 95 74 ac 7d 5c Sep 21 07:29:22.250965: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:29:22.250967: | Adding a v2N Payload Sep 21 07:29:22.250968: | ***emit IKEv2 Notify Payload: Sep 21 07:29:22.250971: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:22.250972: | flags: none (0x0) Sep 21 07:29:22.250974: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:29:22.250976: | SPI size: 0 (0x0) Sep 21 07:29:22.250978: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:29:22.250981: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:29:22.250983: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:29:22.250985: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:29:22.250988: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:29:22.250990: | natd_hash: rcookie is zero Sep 21 07:29:22.251003: | natd_hash: hasher=0x55d0f3e007a0(20) Sep 21 07:29:22.251005: | natd_hash: icookie= fc 0f a2 c4 c7 27 e0 04 Sep 21 07:29:22.251007: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:29:22.251009: | natd_hash: ip= c0 01 02 2d Sep 21 07:29:22.251011: | natd_hash: port= 01 f4 Sep 21 07:29:22.251013: | natd_hash: hash= c5 d6 4f 26 cb 94 e0 f1 dd 1b 4a c2 62 64 2a 80 Sep 21 07:29:22.251015: | natd_hash: hash= 75 9e 6d 81 Sep 21 07:29:22.251017: | Adding a v2N Payload Sep 21 07:29:22.251020: | ***emit IKEv2 Notify Payload: Sep 21 07:29:22.251022: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:22.251026: | flags: none (0x0) Sep 21 07:29:22.251028: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:29:22.251030: | SPI size: 0 (0x0) Sep 21 07:29:22.251032: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:29:22.251035: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:29:22.251037: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:29:22.251040: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:29:22.251042: | Notify data c5 d6 4f 26 cb 94 e0 f1 dd 1b 4a c2 62 64 2a 80 Sep 21 07:29:22.251043: | Notify data 75 9e 6d 81 Sep 21 07:29:22.251046: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:29:22.251048: | natd_hash: rcookie is zero Sep 21 07:29:22.251054: | natd_hash: hasher=0x55d0f3e007a0(20) Sep 21 07:29:22.251056: | natd_hash: icookie= fc 0f a2 c4 c7 27 e0 04 Sep 21 07:29:22.251058: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:29:22.251060: | natd_hash: ip= c0 01 02 17 Sep 21 07:29:22.251062: | natd_hash: port= 01 f4 Sep 21 07:29:22.251064: | natd_hash: hash= c4 fd 40 8b 74 1c cf 4b 47 a1 0e 80 7a a1 08 e4 Sep 21 07:29:22.251066: | natd_hash: hash= d3 cd 6b 8b Sep 21 07:29:22.251068: | Adding a v2N Payload Sep 21 07:29:22.251070: | ***emit IKEv2 Notify Payload: Sep 21 07:29:22.251073: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:22.251075: | flags: none (0x0) Sep 21 07:29:22.251077: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:29:22.251079: | SPI size: 0 (0x0) Sep 21 07:29:22.251081: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:29:22.251084: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:29:22.251087: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:29:22.251089: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:29:22.251092: | Notify data c4 fd 40 8b 74 1c cf 4b 47 a1 0e 80 7a a1 08 e4 Sep 21 07:29:22.251094: | Notify data d3 cd 6b 8b Sep 21 07:29:22.251096: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:29:22.251098: | emitting length of ISAKMP Message: 828 Sep 21 07:29:22.251105: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:29:22.251114: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:29:22.251118: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:29:22.251121: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:29:22.251124: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:29:22.251126: | Message ID: updating counters for #1 to 4294967295 after switching state Sep 21 07:29:22.251129: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:29:22.251134: | Message ID: sent #1 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:29:22.251137: "westnet-eastnet-vti-01" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:29:22.251149: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Sep 21 07:29:22.251160: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:29:22.251163: | fc 0f a2 c4 c7 27 e0 04 00 00 00 00 00 00 00 00 Sep 21 07:29:22.251165: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:29:22.251167: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:29:22.251169: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:29:22.251172: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:29:22.251176: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:29:22.251178: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:29:22.251180: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:29:22.251183: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:29:22.251185: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:29:22.251187: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:29:22.251189: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:29:22.251191: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:29:22.251193: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:29:22.251195: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:29:22.251197: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:29:22.251199: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:29:22.251202: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:29:22.251204: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:29:22.251206: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:29:22.251208: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:29:22.251210: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:29:22.251212: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:29:22.251214: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:29:22.251216: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:29:22.251218: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:29:22.251220: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:29:22.251222: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:29:22.251224: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:29:22.251226: | 28 00 01 08 00 0e 00 00 a8 67 bd 61 c7 b2 4e 4c Sep 21 07:29:22.251228: | 4b 5a 90 f4 8f cf 3c 0c 29 43 e1 9a e8 31 fb 70 Sep 21 07:29:22.251230: | e7 e5 b1 ee 3b f4 cd 1e c9 a4 8f 89 f4 79 9a 24 Sep 21 07:29:22.251231: | e8 09 ac d4 49 0a 7f 07 7a c0 ba 5a 03 a6 1f 8f Sep 21 07:29:22.251234: | c0 dd 5d d7 17 e4 98 85 9c 22 93 e9 82 9e d8 10 Sep 21 07:29:22.251236: | b4 f5 31 ff b4 47 e1 9d cf e2 c7 32 56 b8 48 62 Sep 21 07:29:22.251238: | 18 c2 a7 38 2c 65 ab aa 61 1f c2 cf c3 74 f5 31 Sep 21 07:29:22.251240: | f5 ee 68 b2 55 8e 03 9d 17 c4 cf c0 57 5a db 9c Sep 21 07:29:22.251242: | 14 21 36 93 e0 5e d3 63 b9 66 9a d3 94 08 a6 8f Sep 21 07:29:22.251244: | 21 8c db 9f d5 a8 36 49 d1 11 f2 a2 d1 07 34 7b Sep 21 07:29:22.251246: | 03 4a 98 44 01 93 f4 e6 f5 ef e2 49 9a 98 71 c1 Sep 21 07:29:22.251248: | 82 91 8b b6 87 0a 28 13 75 f1 0d 90 d7 e7 ba ad Sep 21 07:29:22.251250: | d3 ea 84 c8 44 a7 62 3c 69 61 87 37 51 37 78 53 Sep 21 07:29:22.251252: | 65 ce e1 af f0 aa 75 a3 1f c3 3f bf a4 e5 57 d9 Sep 21 07:29:22.251254: | f6 c8 7b 05 4d 42 6f 0c af 1d 9b ff 7a 6b a4 97 Sep 21 07:29:22.251256: | c6 5d 24 ed 43 1d 1c a0 b3 62 b1 ba 03 2f d5 77 Sep 21 07:29:22.251258: | 44 ea a1 3e 7a 8b 5e 72 29 00 00 24 6d de b1 f3 Sep 21 07:29:22.251260: | 0f 58 7e d1 2a 7b 54 97 2d 6f d5 0a 91 77 1a 2f Sep 21 07:29:22.251262: | 3d 0b 37 c4 1d 17 ad 95 74 ac 7d 5c 29 00 00 08 Sep 21 07:29:22.251264: | 00 00 40 2e 29 00 00 1c 00 00 40 04 c5 d6 4f 26 Sep 21 07:29:22.251266: | cb 94 e0 f1 dd 1b 4a c2 62 64 2a 80 75 9e 6d 81 Sep 21 07:29:22.251268: | 00 00 00 1c 00 00 40 05 c4 fd 40 8b 74 1c cf 4b Sep 21 07:29:22.251270: | 47 a1 0e 80 7a a1 08 e4 d3 cd 6b 8b Sep 21 07:29:22.251317: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:29:22.251324: | libevent_free: release ptr-libevent@0x55d0f5690ff0 Sep 21 07:29:22.251327: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55d0f5690fb0 Sep 21 07:29:22.251330: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:29:22.251333: | event_schedule: new EVENT_RETRANSMIT-pe@0x55d0f5690fb0 Sep 21 07:29:22.251340: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Sep 21 07:29:22.251343: | libevent_malloc: new ptr-libevent@0x55d0f5690ff0 size 128 Sep 21 07:29:22.251348: | #1 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49608.619597 Sep 21 07:29:22.251352: | resume sending helper answer for #1 suppresed complete_v2_state_transition() and stole MD Sep 21 07:29:22.251357: | #1 spent 1.5 milliseconds in resume sending helper answer Sep 21 07:29:22.251362: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:29:22.251366: | libevent_free: release ptr-libevent@0x7f9ca0006900 Sep 21 07:29:22.254028: | spent 0 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:29:22.254053: | *received 432 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:29:22.254057: | fc 0f a2 c4 c7 27 e0 04 a6 e8 ae 6b 63 e8 b3 16 Sep 21 07:29:22.254060: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Sep 21 07:29:22.254062: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Sep 21 07:29:22.254063: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Sep 21 07:29:22.254065: | 04 00 00 0e 28 00 01 08 00 0e 00 00 e5 b9 35 d4 Sep 21 07:29:22.254067: | e9 47 b0 fe b8 96 85 4d e1 85 5b 08 88 28 20 cb Sep 21 07:29:22.254069: | d4 44 0e af 37 5d d4 73 07 0f 24 37 1d b9 27 d7 Sep 21 07:29:22.254071: | 45 44 66 82 a8 6e 9d 80 87 1d 05 63 59 a8 12 26 Sep 21 07:29:22.254073: | c8 61 9a 08 b0 9d 71 46 7c 36 eb b5 ec 65 5e 39 Sep 21 07:29:22.254076: | d3 43 b7 2f 0e 90 17 de 82 4c 31 c4 f0 59 83 dc Sep 21 07:29:22.254078: | 29 86 8f fd 27 f5 41 93 dd 49 2f 18 aa c6 6d f2 Sep 21 07:29:22.254080: | b3 5a ff 29 75 89 97 a7 2f 51 13 50 8f 62 bc 16 Sep 21 07:29:22.254082: | c3 a7 e5 e3 8f 6d 4c 03 2c 2a 22 b3 1b 89 80 df Sep 21 07:29:22.254084: | 9c 3f 69 e4 ce 30 f4 d5 3a ea 54 ed 7a 14 2f 8f Sep 21 07:29:22.254087: | 65 23 1d 37 7d 2c 43 9c 28 cc 50 94 f6 a1 a8 fa Sep 21 07:29:22.254089: | a5 d1 48 59 93 9b c1 c5 13 59 c6 b3 7a ca 17 68 Sep 21 07:29:22.254091: | 10 6b 6c 17 40 ba 79 4c a2 c4 7b 91 4a f7 46 52 Sep 21 07:29:22.254093: | 37 90 04 c4 1b a4 d8 8d a5 b2 39 8b f8 60 e7 2b Sep 21 07:29:22.254095: | 4f 41 8b 63 02 a6 61 81 63 34 27 bb b3 14 81 32 Sep 21 07:29:22.254097: | 82 02 99 7a 97 05 7c df 3c 7e 7d bc a5 52 ba 90 Sep 21 07:29:22.254099: | d9 45 c9 f4 0e 77 76 f4 5d db 32 a5 29 00 00 24 Sep 21 07:29:22.254102: | e4 9c df ce 41 a0 e9 fd 70 84 a5 f6 db dc 64 a4 Sep 21 07:29:22.254104: | ef 76 fc 4c 70 23 a1 0c 46 bb 44 ca 4a 69 33 55 Sep 21 07:29:22.254106: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Sep 21 07:29:22.254108: | f6 fe 2a aa 54 7f 43 21 6f 93 e7 98 b7 d5 86 e4 Sep 21 07:29:22.254110: | cd 16 32 37 00 00 00 1c 00 00 40 05 c2 7e 65 ac Sep 21 07:29:22.254112: | c9 10 cb 9b c7 84 e4 29 bb 71 2d 49 dd b7 3f 6e Sep 21 07:29:22.254117: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:29:22.254120: | **parse ISAKMP Message: Sep 21 07:29:22.254123: | initiator cookie: Sep 21 07:29:22.254125: | fc 0f a2 c4 c7 27 e0 04 Sep 21 07:29:22.254128: | responder cookie: Sep 21 07:29:22.254130: | a6 e8 ae 6b 63 e8 b3 16 Sep 21 07:29:22.254132: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:29:22.254135: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:29:22.254137: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:29:22.254140: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:29:22.254142: | Message ID: 0 (0x0) Sep 21 07:29:22.254145: | length: 432 (0x1b0) Sep 21 07:29:22.254147: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Sep 21 07:29:22.254151: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Sep 21 07:29:22.254156: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Sep 21 07:29:22.254163: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:29:22.254168: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:29:22.254170: | #1 is idle Sep 21 07:29:22.254172: | #1 idle Sep 21 07:29:22.254174: | unpacking clear payload Sep 21 07:29:22.254177: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:29:22.254180: | ***parse IKEv2 Security Association Payload: Sep 21 07:29:22.254182: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:29:22.254184: | flags: none (0x0) Sep 21 07:29:22.254187: | length: 40 (0x28) Sep 21 07:29:22.254189: | processing payload: ISAKMP_NEXT_v2SA (len=36) Sep 21 07:29:22.254191: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:29:22.254194: | ***parse IKEv2 Key Exchange Payload: Sep 21 07:29:22.254196: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:29:22.254198: | flags: none (0x0) Sep 21 07:29:22.254200: | length: 264 (0x108) Sep 21 07:29:22.254202: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:29:22.254205: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:29:22.254207: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:29:22.254209: | ***parse IKEv2 Nonce Payload: Sep 21 07:29:22.254212: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:29:22.254214: | flags: none (0x0) Sep 21 07:29:22.254216: | length: 36 (0x24) Sep 21 07:29:22.254218: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:29:22.254220: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:29:22.254222: | ***parse IKEv2 Notify Payload: Sep 21 07:29:22.254225: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:29:22.254227: | flags: none (0x0) Sep 21 07:29:22.254229: | length: 8 (0x8) Sep 21 07:29:22.254231: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:29:22.254233: | SPI size: 0 (0x0) Sep 21 07:29:22.254237: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:29:22.254239: | processing payload: ISAKMP_NEXT_v2N (len=0) Sep 21 07:29:22.254241: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:29:22.254244: | ***parse IKEv2 Notify Payload: Sep 21 07:29:22.254246: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:29:22.254248: | flags: none (0x0) Sep 21 07:29:22.254251: | length: 28 (0x1c) Sep 21 07:29:22.254253: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:29:22.254256: | SPI size: 0 (0x0) Sep 21 07:29:22.254258: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:29:22.254261: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:29:22.254263: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Sep 21 07:29:22.254265: | ***parse IKEv2 Notify Payload: Sep 21 07:29:22.254268: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:22.254270: | flags: none (0x0) Sep 21 07:29:22.254273: | length: 28 (0x1c) Sep 21 07:29:22.254275: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:29:22.254278: | SPI size: 0 (0x0) Sep 21 07:29:22.254281: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:29:22.254284: | processing payload: ISAKMP_NEXT_v2N (len=20) Sep 21 07:29:22.254287: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Sep 21 07:29:22.254294: | #1 in state PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:29:22.254297: | selected state microcode Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:29:22.254299: | Now let's proceed with state specific processing Sep 21 07:29:22.254302: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH Sep 21 07:29:22.254305: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Sep 21 07:29:22.254321: | using existing local IKE proposals for connection westnet-eastnet-vti-01 (IKE SA initiator accepting remote proposal): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:29:22.254328: | Comparing remote proposals against IKE initiator (accepting) 4 local proposals Sep 21 07:29:22.254331: | local proposal 1 type ENCR has 1 transforms Sep 21 07:29:22.254334: | local proposal 1 type PRF has 2 transforms Sep 21 07:29:22.254336: | local proposal 1 type INTEG has 1 transforms Sep 21 07:29:22.254339: | local proposal 1 type DH has 8 transforms Sep 21 07:29:22.254341: | local proposal 1 type ESN has 0 transforms Sep 21 07:29:22.254344: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:29:22.254347: | local proposal 2 type ENCR has 1 transforms Sep 21 07:29:22.254349: | local proposal 2 type PRF has 2 transforms Sep 21 07:29:22.254352: | local proposal 2 type INTEG has 1 transforms Sep 21 07:29:22.254354: | local proposal 2 type DH has 8 transforms Sep 21 07:29:22.254357: | local proposal 2 type ESN has 0 transforms Sep 21 07:29:22.254359: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Sep 21 07:29:22.254362: | local proposal 3 type ENCR has 1 transforms Sep 21 07:29:22.254365: | local proposal 3 type PRF has 2 transforms Sep 21 07:29:22.254367: | local proposal 3 type INTEG has 2 transforms Sep 21 07:29:22.254370: | local proposal 3 type DH has 8 transforms Sep 21 07:29:22.254372: | local proposal 3 type ESN has 0 transforms Sep 21 07:29:22.254374: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:29:22.254377: | local proposal 4 type ENCR has 1 transforms Sep 21 07:29:22.254379: | local proposal 4 type PRF has 2 transforms Sep 21 07:29:22.254382: | local proposal 4 type INTEG has 2 transforms Sep 21 07:29:22.254384: | local proposal 4 type DH has 8 transforms Sep 21 07:29:22.254386: | local proposal 4 type ESN has 0 transforms Sep 21 07:29:22.254389: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Sep 21 07:29:22.254392: | ****parse IKEv2 Proposal Substructure Payload: Sep 21 07:29:22.254395: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:29:22.254398: | length: 36 (0x24) Sep 21 07:29:22.254400: | prop #: 1 (0x1) Sep 21 07:29:22.254402: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:29:22.254404: | spi size: 0 (0x0) Sep 21 07:29:22.254406: | # transforms: 3 (0x3) Sep 21 07:29:22.254410: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:29:22.254413: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:29:22.254415: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.254418: | length: 12 (0xc) Sep 21 07:29:22.254420: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:29:22.254422: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:29:22.254425: | ******parse IKEv2 Attribute Substructure Payload: Sep 21 07:29:22.254428: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:29:22.254431: | length/value: 256 (0x100) Sep 21 07:29:22.254434: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:29:22.254437: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:29:22.254440: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.254442: | length: 8 (0x8) Sep 21 07:29:22.254444: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:29:22.254447: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:29:22.254450: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Sep 21 07:29:22.254455: | *****parse IKEv2 Transform Substructure Payload: Sep 21 07:29:22.254457: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:29:22.254459: | length: 8 (0x8) Sep 21 07:29:22.254462: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.254464: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:29:22.254468: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:29:22.254471: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Sep 21 07:29:22.254475: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Sep 21 07:29:22.254478: | remote proposal 1 matches local proposal 1 Sep 21 07:29:22.254481: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Sep 21 07:29:22.254483: | converting proposal to internal trans attrs Sep 21 07:29:22.254498: | natd_hash: hasher=0x55d0f3e007a0(20) Sep 21 07:29:22.254502: | natd_hash: icookie= fc 0f a2 c4 c7 27 e0 04 Sep 21 07:29:22.254504: | natd_hash: rcookie= a6 e8 ae 6b 63 e8 b3 16 Sep 21 07:29:22.254506: | natd_hash: ip= c0 01 02 2d Sep 21 07:29:22.254508: | natd_hash: port= 01 f4 Sep 21 07:29:22.254511: | natd_hash: hash= c2 7e 65 ac c9 10 cb 9b c7 84 e4 29 bb 71 2d 49 Sep 21 07:29:22.254513: | natd_hash: hash= dd b7 3f 6e Sep 21 07:29:22.254519: | natd_hash: hasher=0x55d0f3e007a0(20) Sep 21 07:29:22.254521: | natd_hash: icookie= fc 0f a2 c4 c7 27 e0 04 Sep 21 07:29:22.254523: | natd_hash: rcookie= a6 e8 ae 6b 63 e8 b3 16 Sep 21 07:29:22.254525: | natd_hash: ip= c0 01 02 17 Sep 21 07:29:22.254527: | natd_hash: port= 01 f4 Sep 21 07:29:22.254530: | natd_hash: hash= f6 fe 2a aa 54 7f 43 21 6f 93 e7 98 b7 d5 86 e4 Sep 21 07:29:22.254532: | natd_hash: hash= cd 16 32 37 Sep 21 07:29:22.254534: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:29:22.254536: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:29:22.254538: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:29:22.254541: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:29:22.254546: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Sep 21 07:29:22.254550: | adding ikev2_inR1outI2 KE work-order 2 for state #1 Sep 21 07:29:22.254553: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:29:22.254555: | #1 STATE_PARENT_I1: retransmits: cleared Sep 21 07:29:22.254559: | libevent_free: release ptr-libevent@0x55d0f5690ff0 Sep 21 07:29:22.254562: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55d0f5690fb0 Sep 21 07:29:22.254565: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55d0f5690fb0 Sep 21 07:29:22.254569: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:29:22.254572: | libevent_malloc: new ptr-libevent@0x55d0f5690ff0 size 128 Sep 21 07:29:22.254582: | #1 spent 0.275 milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH in ikev2_process_state_packet() Sep 21 07:29:22.254588: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:29:22.254591: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND Sep 21 07:29:22.254593: | suspending state #1 and saving MD Sep 21 07:29:22.254596: | #1 is busy; has a suspended MD Sep 21 07:29:22.254600: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:29:22.254604: | "westnet-eastnet-vti-01" #1 complete v2 state STATE_PARENT_I1 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:29:22.254609: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:29:22.254614: | #1 spent 0.573 milliseconds in ikev2_process_packet() Sep 21 07:29:22.254619: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:29:22.254623: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:29:22.254626: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:29:22.254630: | spent 0.589 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:29:22.254639: | crypto helper 0 resuming Sep 21 07:29:22.254644: | crypto helper 0 starting work-order 2 for state #1 Sep 21 07:29:22.254647: | crypto helper 0 doing compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 Sep 21 07:29:22.255513: | calculating skeyseed using prf=sha2_512 integ=none cipherkey-size=32 salt-size=4 Sep 21 07:29:22.255994: | crypto helper 0 finished compute dh (V2) (ikev2_inR1outI2 KE); request ID 2 time elapsed 0.001344 seconds Sep 21 07:29:22.256007: | (#1) spent 1.34 milliseconds in crypto helper computing work-order 2: ikev2_inR1outI2 KE (pcr) Sep 21 07:29:22.256011: | crypto helper 0 sending results from work-order 2 for state #1 to event queue Sep 21 07:29:22.256014: | scheduling resume sending helper answer for #1 Sep 21 07:29:22.256018: | libevent_malloc: new ptr-libevent@0x7f9c98006b90 size 128 Sep 21 07:29:22.256027: | crypto helper 0 waiting (nothing to do) Sep 21 07:29:22.256244: | processing resume sending helper answer for #1 Sep 21 07:29:22.256252: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:29:22.256256: | crypto helper 0 replies to request ID 2 Sep 21 07:29:22.256259: | calling continuation function 0x55d0f3d2a630 Sep 21 07:29:22.256262: | ikev2_parent_inR1outI2_continue for #1: calculating g^{xy}, sending I2 Sep 21 07:29:22.256270: | creating state object #2 at 0x55d0f5693850 Sep 21 07:29:22.256274: | State DB: adding IKEv2 state #2 in UNDEFINED Sep 21 07:29:22.256278: | pstats #2 ikev2.child started Sep 21 07:29:22.256280: | duplicating state object #1 "westnet-eastnet-vti-01" as #2 for IPSEC SA Sep 21 07:29:22.256285: | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:29:22.256291: | Message ID: init_child #1.#2; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:29:22.256295: | Message ID: switch-from #1 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=0->-1 wip.responder=-1 Sep 21 07:29:22.256298: | Message ID: switch-to #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->0 wip.responder=-1 Sep 21 07:29:22.256301: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:29:22.256304: | libevent_free: release ptr-libevent@0x55d0f5690ff0 Sep 21 07:29:22.256306: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55d0f5690fb0 Sep 21 07:29:22.256309: | event_schedule: new EVENT_SA_REPLACE-pe@0x55d0f5690fb0 Sep 21 07:29:22.256312: | inserting event EVENT_SA_REPLACE, timeout in 60 seconds for #1 Sep 21 07:29:22.256315: | libevent_malloc: new ptr-libevent@0x55d0f5690ff0 size 128 Sep 21 07:29:22.256322: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Sep 21 07:29:22.256328: | **emit ISAKMP Message: Sep 21 07:29:22.256331: | initiator cookie: Sep 21 07:29:22.256333: | fc 0f a2 c4 c7 27 e0 04 Sep 21 07:29:22.256335: | responder cookie: Sep 21 07:29:22.256337: | a6 e8 ae 6b 63 e8 b3 16 Sep 21 07:29:22.256339: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:29:22.256342: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:29:22.256344: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:29:22.256347: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:29:22.256349: | Message ID: 1 (0x1) Sep 21 07:29:22.256352: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:29:22.256355: | ***emit IKEv2 Encryption Payload: Sep 21 07:29:22.256362: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:22.256365: | flags: none (0x0) Sep 21 07:29:22.256368: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:29:22.256371: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:29:22.256374: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:29:22.256384: | IKEv2 CERT: send a certificate? Sep 21 07:29:22.256387: | IKEv2 CERT: no certificate to send Sep 21 07:29:22.256390: | IDr payload will be sent Sep 21 07:29:22.256407: | ****emit IKEv2 Identification - Initiator - Payload: Sep 21 07:29:22.256411: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:22.256413: | flags: none (0x0) Sep 21 07:29:22.256416: | ID type: ID_FQDN (0x2) Sep 21 07:29:22.256419: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Sep 21 07:29:22.256422: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:29:22.256424: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Sep 21 07:29:22.256427: | my identity 77 65 73 74 Sep 21 07:29:22.256430: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Sep 21 07:29:22.256439: | ****emit IKEv2 Identification - Responder - Payload: Sep 21 07:29:22.256442: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:29:22.256444: | flags: none (0x0) Sep 21 07:29:22.256447: | ID type: ID_FQDN (0x2) Sep 21 07:29:22.256450: | next payload chain: ignoring supplied 'IKEv2 Identification - Responder - Payload'.'next payload type' value 39:ISAKMP_NEXT_v2AUTH Sep 21 07:29:22.256453: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Sep 21 07:29:22.256455: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:29:22.256458: | emitting 4 raw bytes of IDr into IKEv2 Identification - Responder - Payload Sep 21 07:29:22.256461: | IDr 65 61 73 74 Sep 21 07:29:22.256464: | emitting length of IKEv2 Identification - Responder - Payload: 12 Sep 21 07:29:22.256466: | not sending INITIAL_CONTACT Sep 21 07:29:22.256469: | ****emit IKEv2 Authentication Payload: Sep 21 07:29:22.256472: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:22.256474: | flags: none (0x0) Sep 21 07:29:22.256477: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:29:22.256480: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Sep 21 07:29:22.256482: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Sep 21 07:29:22.256488: | started looking for secret for @west->@east of kind PKK_RSA Sep 21 07:29:22.256490: | actually looking for secret for @west->@east of kind PKK_RSA Sep 21 07:29:22.256493: | line 1: key type PKK_RSA(@west) to type PKK_RSA Sep 21 07:29:22.256496: | 1: compared key (none) to @west / @east -> 002 Sep 21 07:29:22.256499: | 2: compared key (none) to @west / @east -> 002 Sep 21 07:29:22.256501: | line 1: match=002 Sep 21 07:29:22.256503: | match 002 beats previous best_match 000 match=0x55d0f56810c0 (line=1) Sep 21 07:29:22.256506: | concluding with best_match=002 best=0x55d0f56810c0 (lineno=1) Sep 21 07:29:22.261495: | #1 spent 4.77 milliseconds in ikev2_calculate_rsa_hash() calling sign_hash_RSA() Sep 21 07:29:22.261509: | emitting 274 raw bytes of rsa signature into IKEv2 Authentication Payload Sep 21 07:29:22.261512: | rsa signature 62 9d cc 5e 9d 85 e0 0d e5 b4 18 9e d2 58 f1 2f Sep 21 07:29:22.261515: | rsa signature 0f 6c c0 67 ae 57 e1 a5 ec db 91 de 3e f0 2c 35 Sep 21 07:29:22.261521: | rsa signature 71 d7 9f f2 fa 99 c8 9b 50 cc 3f be a5 2b 48 31 Sep 21 07:29:22.261523: | rsa signature 74 7a 70 23 af 81 fc ff 7a a0 2b ae 42 d9 2e 3f Sep 21 07:29:22.261526: | rsa signature c6 ee 00 81 88 a9 c4 fa 30 6f 25 d3 e3 37 60 ec Sep 21 07:29:22.261528: | rsa signature 57 f8 b6 bc 28 e7 ba b2 de f8 a1 2d 25 ed 03 83 Sep 21 07:29:22.261530: | rsa signature 14 83 29 7e 89 01 25 0e e7 ca 60 92 0f ed a2 a3 Sep 21 07:29:22.261533: | rsa signature 44 15 09 d0 f3 a8 ae 4f 00 13 bd 89 5d 17 6d 6f Sep 21 07:29:22.261535: | rsa signature 94 d4 c1 cc 61 2e d6 69 c0 76 fc 55 95 f6 88 dc Sep 21 07:29:22.261537: | rsa signature fb de fc b4 cf a6 64 35 5b a7 cf 4f 0b 46 0e c0 Sep 21 07:29:22.261540: | rsa signature 9c 9c fd ff 67 19 b5 7c b1 82 80 6e a9 9c e5 9f Sep 21 07:29:22.261542: | rsa signature a1 76 97 77 d6 a6 d8 b5 44 b1 51 72 94 9d c4 cc Sep 21 07:29:22.261544: | rsa signature 43 cd c2 a6 e7 02 b4 6a 53 ab 42 6f 70 31 c5 61 Sep 21 07:29:22.261547: | rsa signature 56 27 32 6c 0d 8f 92 06 24 9e 7d 9d 94 fb 64 ce Sep 21 07:29:22.261549: | rsa signature b8 74 6c 3b 20 2e cb de bd 04 4c 8d 75 67 54 fa Sep 21 07:29:22.261551: | rsa signature 24 02 df d7 15 65 f9 ae 6c 04 27 24 fe 30 1a c3 Sep 21 07:29:22.261554: | rsa signature 95 7b 32 8f cd 61 7a f0 f5 53 78 88 3f 6b a2 85 Sep 21 07:29:22.261556: | rsa signature bd 38 Sep 21 07:29:22.261560: | #1 spent 4.87 milliseconds in ikev2_calculate_rsa_hash() Sep 21 07:29:22.261563: | emitting length of IKEv2 Authentication Payload: 282 Sep 21 07:29:22.261566: | getting first pending from state #1 Sep 21 07:29:22.261586: | netlink_get_spi: allocated 0xeec7c242 for esp.0@192.1.2.45 Sep 21 07:29:22.261590: | constructing ESP/AH proposals with all DH removed for westnet-eastnet-vti-01 (IKE SA initiator emitting ESP/AH proposals) Sep 21 07:29:22.261595: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:29:22.261602: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:29:22.261605: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:29:22.261609: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED Sep 21 07:29:22.261612: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:29:22.261617: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:29:22.261619: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:29:22.261624: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:29:22.261632: "westnet-eastnet-vti-01": constructed local ESP/AH proposals for westnet-eastnet-vti-01 (IKE SA initiator emitting ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:29:22.261663: | Emitting ikev2_proposals ... Sep 21 07:29:22.261667: | ****emit IKEv2 Security Association Payload: Sep 21 07:29:22.261670: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:22.261673: | flags: none (0x0) Sep 21 07:29:22.261677: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:29:22.261680: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:29:22.261683: | discarding INTEG=NONE Sep 21 07:29:22.261685: | discarding DH=NONE Sep 21 07:29:22.261687: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:29:22.261690: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:22.261692: | prop #: 1 (0x1) Sep 21 07:29:22.261695: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:29:22.261699: | spi size: 4 (0x4) Sep 21 07:29:22.261701: | # transforms: 2 (0x2) Sep 21 07:29:22.261704: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:29:22.261707: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:29:22.261710: | our spi ee c7 c2 42 Sep 21 07:29:22.261712: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.261715: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.261717: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:29:22.261719: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:29:22.261722: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.261725: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:29:22.261728: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:29:22.261730: | length/value: 256 (0x100) Sep 21 07:29:22.261733: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:29:22.261735: | discarding INTEG=NONE Sep 21 07:29:22.261737: | discarding DH=NONE Sep 21 07:29:22.261739: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.261742: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:29:22.261744: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:29:22.261746: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:29:22.261749: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.261752: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.261755: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.261757: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:29:22.261760: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:29:22.261762: | discarding INTEG=NONE Sep 21 07:29:22.261764: | discarding DH=NONE Sep 21 07:29:22.261767: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:29:22.261769: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:22.261772: | prop #: 2 (0x2) Sep 21 07:29:22.261774: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:29:22.261776: | spi size: 4 (0x4) Sep 21 07:29:22.261778: | # transforms: 2 (0x2) Sep 21 07:29:22.261781: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:22.261790: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:29:22.261793: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:29:22.261796: | our spi ee c7 c2 42 Sep 21 07:29:22.261798: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.261800: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.261803: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:29:22.261805: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:29:22.261808: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.261810: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:29:22.261813: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:29:22.261815: | length/value: 128 (0x80) Sep 21 07:29:22.261818: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:29:22.261820: | discarding INTEG=NONE Sep 21 07:29:22.261822: | discarding DH=NONE Sep 21 07:29:22.261824: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.261827: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:29:22.261829: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:29:22.261833: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:29:22.261836: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.261839: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.261841: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.261844: | emitting length of IKEv2 Proposal Substructure Payload: 32 Sep 21 07:29:22.261846: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:29:22.261849: | discarding DH=NONE Sep 21 07:29:22.261851: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:29:22.261853: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:22.261856: | prop #: 3 (0x3) Sep 21 07:29:22.261858: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:29:22.261860: | spi size: 4 (0x4) Sep 21 07:29:22.261862: | # transforms: 4 (0x4) Sep 21 07:29:22.261865: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:22.261868: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:29:22.261871: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:29:22.261873: | our spi ee c7 c2 42 Sep 21 07:29:22.261875: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.261877: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.261880: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:29:22.261882: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:29:22.261884: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.261887: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:29:22.261889: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:29:22.261891: | length/value: 256 (0x100) Sep 21 07:29:22.261894: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:29:22.261896: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.261898: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.261900: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:29:22.261902: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:29:22.261905: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.261908: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.261911: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.261913: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.261915: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.261918: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:29:22.261920: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:29:22.261923: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.261926: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.261928: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.261930: | discarding DH=NONE Sep 21 07:29:22.261932: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.261935: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:29:22.261937: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:29:22.261940: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:29:22.261944: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.261947: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.261949: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.261952: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:29:22.261954: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:29:22.261956: | discarding DH=NONE Sep 21 07:29:22.261959: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:29:22.261961: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:29:22.261963: | prop #: 4 (0x4) Sep 21 07:29:22.261966: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:29:22.261968: | spi size: 4 (0x4) Sep 21 07:29:22.261970: | # transforms: 4 (0x4) Sep 21 07:29:22.261973: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:22.261976: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:29:22.261979: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:29:22.261981: | our spi ee c7 c2 42 Sep 21 07:29:22.261983: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.261985: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.261988: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:29:22.261990: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:29:22.261993: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.261995: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:29:22.261998: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:29:22.262000: | length/value: 128 (0x80) Sep 21 07:29:22.262002: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:29:22.262005: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.262007: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.262009: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:29:22.262012: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:29:22.262015: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.262017: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.262020: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.262022: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.262024: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.262027: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:29:22.262029: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:29:22.262032: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.262035: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.262037: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.262039: | discarding DH=NONE Sep 21 07:29:22.262042: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.262044: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:29:22.262046: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:29:22.262049: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:29:22.262052: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.262056: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.262058: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.262061: | emitting length of IKEv2 Proposal Substructure Payload: 48 Sep 21 07:29:22.262063: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:29:22.262066: | emitting length of IKEv2 Security Association Payload: 164 Sep 21 07:29:22.262068: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:29:22.262072: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:29:22.262075: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:22.262077: | flags: none (0x0) Sep 21 07:29:22.262080: | number of TS: 1 (0x1) Sep 21 07:29:22.262083: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:29:22.262086: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:29:22.262088: | *****emit IKEv2 Traffic Selector: Sep 21 07:29:22.262091: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:29:22.262093: | IP Protocol ID: 0 (0x0) Sep 21 07:29:22.262096: | start port: 0 (0x0) Sep 21 07:29:22.262098: | end port: 65535 (0xffff) Sep 21 07:29:22.262101: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:29:22.262103: | IP start c0 00 01 00 Sep 21 07:29:22.262106: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:29:22.262108: | IP end c0 00 01 ff Sep 21 07:29:22.262110: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:29:22.262113: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:29:22.262115: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:29:22.262118: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:22.262120: | flags: none (0x0) Sep 21 07:29:22.262123: | number of TS: 1 (0x1) Sep 21 07:29:22.262126: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:29:22.262129: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:29:22.262131: | *****emit IKEv2 Traffic Selector: Sep 21 07:29:22.262133: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:29:22.262136: | IP Protocol ID: 0 (0x0) Sep 21 07:29:22.262138: | start port: 0 (0x0) Sep 21 07:29:22.262140: | end port: 65535 (0xffff) Sep 21 07:29:22.262143: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:29:22.262145: | IP start c0 00 02 00 Sep 21 07:29:22.262148: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:29:22.262150: | IP end c0 00 02 ff Sep 21 07:29:22.262152: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:29:22.262155: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:29:22.262158: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:29:22.262160: | Initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Sep 21 07:29:22.262163: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:29:22.262167: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:29:22.262170: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:29:22.262172: | emitting length of IKEv2 Encryption Payload: 547 Sep 21 07:29:22.262174: | emitting length of ISAKMP Message: 575 Sep 21 07:29:22.262180: | **parse ISAKMP Message: Sep 21 07:29:22.262183: | initiator cookie: Sep 21 07:29:22.262185: | fc 0f a2 c4 c7 27 e0 04 Sep 21 07:29:22.262187: | responder cookie: Sep 21 07:29:22.262189: | a6 e8 ae 6b 63 e8 b3 16 Sep 21 07:29:22.262192: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:29:22.262195: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:29:22.262197: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:29:22.262200: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:29:22.262202: | Message ID: 1 (0x1) Sep 21 07:29:22.262204: | length: 575 (0x23f) Sep 21 07:29:22.262207: | **parse IKEv2 Encryption Payload: Sep 21 07:29:22.262209: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:29:22.262212: | flags: none (0x0) Sep 21 07:29:22.262214: | length: 547 (0x223) Sep 21 07:29:22.262216: | **emit ISAKMP Message: Sep 21 07:29:22.262219: | initiator cookie: Sep 21 07:29:22.262221: | fc 0f a2 c4 c7 27 e0 04 Sep 21 07:29:22.262223: | responder cookie: Sep 21 07:29:22.262225: | a6 e8 ae 6b 63 e8 b3 16 Sep 21 07:29:22.262227: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:29:22.262230: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:29:22.262232: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:29:22.262235: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:29:22.262237: | Message ID: 1 (0x1) Sep 21 07:29:22.262239: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:29:22.262242: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:29:22.262245: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Sep 21 07:29:22.262247: | flags: none (0x0) Sep 21 07:29:22.262249: | fragment number: 1 (0x1) Sep 21 07:29:22.262252: | total fragments: 2 (0x2) Sep 21 07:29:22.262254: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi Sep 21 07:29:22.262257: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:29:22.262260: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:29:22.262263: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:29:22.262272: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:29:22.262275: | cleartext fragment 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c Sep 21 07:29:22.262277: | cleartext fragment 02 00 00 00 65 61 73 74 21 00 01 1a 01 00 00 00 Sep 21 07:29:22.262279: | cleartext fragment 62 9d cc 5e 9d 85 e0 0d e5 b4 18 9e d2 58 f1 2f Sep 21 07:29:22.262281: | cleartext fragment 0f 6c c0 67 ae 57 e1 a5 ec db 91 de 3e f0 2c 35 Sep 21 07:29:22.262284: | cleartext fragment 71 d7 9f f2 fa 99 c8 9b 50 cc 3f be a5 2b 48 31 Sep 21 07:29:22.262286: | cleartext fragment 74 7a 70 23 af 81 fc ff 7a a0 2b ae 42 d9 2e 3f Sep 21 07:29:22.262288: | cleartext fragment c6 ee 00 81 88 a9 c4 fa 30 6f 25 d3 e3 37 60 ec Sep 21 07:29:22.262290: | cleartext fragment 57 f8 b6 bc 28 e7 ba b2 de f8 a1 2d 25 ed 03 83 Sep 21 07:29:22.262292: | cleartext fragment 14 83 29 7e 89 01 25 0e e7 ca 60 92 0f ed a2 a3 Sep 21 07:29:22.262294: | cleartext fragment 44 15 09 d0 f3 a8 ae 4f 00 13 bd 89 5d 17 6d 6f Sep 21 07:29:22.262296: | cleartext fragment 94 d4 c1 cc 61 2e d6 69 c0 76 fc 55 95 f6 88 dc Sep 21 07:29:22.262298: | cleartext fragment fb de fc b4 cf a6 64 35 5b a7 cf 4f 0b 46 0e c0 Sep 21 07:29:22.262300: | cleartext fragment 9c 9c fd ff 67 19 b5 7c b1 82 80 6e a9 9c e5 9f Sep 21 07:29:22.262302: | cleartext fragment a1 76 97 77 d6 a6 d8 b5 44 b1 51 72 94 9d c4 cc Sep 21 07:29:22.262305: | cleartext fragment 43 cd c2 a6 e7 02 b4 6a 53 ab 42 6f 70 31 c5 61 Sep 21 07:29:22.262307: | cleartext fragment 56 27 32 6c 0d 8f 92 06 24 9e 7d 9d 94 fb 64 ce Sep 21 07:29:22.262309: | cleartext fragment b8 74 6c 3b 20 2e cb de bd 04 4c 8d 75 67 54 fa Sep 21 07:29:22.262313: | cleartext fragment 24 02 df d7 15 65 f9 ae 6c 04 27 24 fe 30 1a c3 Sep 21 07:29:22.262315: | cleartext fragment 95 7b 32 8f cd 61 7a f0 f5 53 78 88 3f 6b a2 85 Sep 21 07:29:22.262317: | cleartext fragment bd 38 2c 00 00 a4 02 00 00 20 01 03 04 02 ee c7 Sep 21 07:29:22.262319: | cleartext fragment c2 42 03 00 00 0c 01 00 00 14 80 0e 01 00 00 00 Sep 21 07:29:22.262322: | cleartext fragment 00 08 05 00 00 00 02 00 00 20 02 03 04 02 ee c7 Sep 21 07:29:22.262324: | cleartext fragment c2 42 03 00 00 0c 01 00 00 14 80 0e 00 80 00 00 Sep 21 07:29:22.262326: | cleartext fragment 00 08 05 00 00 00 02 00 00 30 03 03 04 04 ee c7 Sep 21 07:29:22.262328: | cleartext fragment c2 42 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 Sep 21 07:29:22.262330: | cleartext fragment 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00 00 Sep 21 07:29:22.262332: | cleartext fragment 00 08 05 00 00 00 00 00 00 30 04 03 04 04 ee c7 Sep 21 07:29:22.262334: | cleartext fragment c2 42 03 00 00 0c 01 00 00 0c 80 0e 00 80 03 00 Sep 21 07:29:22.262336: | cleartext fragment 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c 00 00 Sep 21 07:29:22.262338: | cleartext fragment 00 08 05 00 00 00 2d 00 00 18 01 00 00 00 Sep 21 07:29:22.262341: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:29:22.262343: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:29:22.262346: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:29:22.262348: | emitting length of IKEv2 Encrypted Fragment: 511 Sep 21 07:29:22.262350: | emitting length of ISAKMP Message: 539 Sep 21 07:29:22.262365: | **emit ISAKMP Message: Sep 21 07:29:22.262368: | initiator cookie: Sep 21 07:29:22.262370: | fc 0f a2 c4 c7 27 e0 04 Sep 21 07:29:22.262372: | responder cookie: Sep 21 07:29:22.262374: | a6 e8 ae 6b 63 e8 b3 16 Sep 21 07:29:22.262376: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:29:22.262378: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:29:22.262380: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:29:22.262383: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:29:22.262385: | Message ID: 1 (0x1) Sep 21 07:29:22.262387: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:29:22.262390: | ***emit IKEv2 Encrypted Fragment: Sep 21 07:29:22.262393: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:22.262395: | flags: none (0x0) Sep 21 07:29:22.262397: | fragment number: 2 (0x2) Sep 21 07:29:22.262400: | total fragments: 2 (0x2) Sep 21 07:29:22.262403: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Sep 21 07:29:22.262406: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Sep 21 07:29:22.262409: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Sep 21 07:29:22.262412: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Sep 21 07:29:22.262419: | emitting 40 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Sep 21 07:29:22.262422: | cleartext fragment 07 00 00 10 00 00 ff ff c0 00 01 00 c0 00 01 ff Sep 21 07:29:22.262425: | cleartext fragment 00 00 00 18 01 00 00 00 07 00 00 10 00 00 ff ff Sep 21 07:29:22.262427: | cleartext fragment c0 00 02 00 c0 00 02 ff Sep 21 07:29:22.262429: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:29:22.262432: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Sep 21 07:29:22.262434: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Sep 21 07:29:22.262437: | emitting length of IKEv2 Encrypted Fragment: 73 Sep 21 07:29:22.262439: | emitting length of ISAKMP Message: 101 Sep 21 07:29:22.262450: | suspend processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:29:22.262457: | start processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:29:22.262462: | #2 complete_v2_state_transition() md.from_state=PARENT_I1 md.svm.state[from]=PARENT_I1 UNDEFINED->PARENT_I2 with status STF_OK Sep 21 07:29:22.262465: | IKEv2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 Sep 21 07:29:22.262468: | child state #2: UNDEFINED(ignore) => PARENT_I2(open IKE SA) Sep 21 07:29:22.262471: | Message ID: updating counters for #2 to 0 after switching state Sep 21 07:29:22.262476: | Message ID: recv #1.#2 response 0; ike: initiator.sent=0 initiator.recv=-1->0 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=-1 Sep 21 07:29:22.262481: | Message ID: sent #1.#2 request 1; ike: initiator.sent=0->1 initiator.recv=0 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->1 wip.responder=-1 Sep 21 07:29:22.262486: "westnet-eastnet-vti-01" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Sep 21 07:29:22.262511: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Sep 21 07:29:22.262515: | sending fragments ... Sep 21 07:29:22.262521: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:29:22.262524: | fc 0f a2 c4 c7 27 e0 04 a6 e8 ae 6b 63 e8 b3 16 Sep 21 07:29:22.262526: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Sep 21 07:29:22.262529: | 00 01 00 02 40 c3 ad 68 38 f6 94 a8 85 bd 1a e2 Sep 21 07:29:22.262531: | 66 4e 17 7f 00 3b 3a 1b 51 15 08 bc b9 6e 68 f3 Sep 21 07:29:22.262533: | 19 4d ae ce 42 4c 41 4b 2c ee 27 7b 9e 5b c0 36 Sep 21 07:29:22.262535: | 80 2f 1f bb b7 a0 dc dd ff c3 06 96 b2 c5 b8 f3 Sep 21 07:29:22.262537: | 49 be 74 ca c7 b7 14 f1 ca e6 ae 47 c7 1f 2d 65 Sep 21 07:29:22.262540: | 84 1d 69 a8 9d f5 72 5f b1 87 a7 aa 0f 48 b5 cd Sep 21 07:29:22.262542: | 6e 9c b4 6a 41 f2 f1 40 d0 8f 73 d6 0f 82 14 15 Sep 21 07:29:22.262544: | 1a 05 be 0d 53 e5 9f 55 99 07 27 ec 23 37 10 38 Sep 21 07:29:22.262546: | 1a c1 61 5f 26 64 7d b7 e4 15 16 ae 8e da bb 8d Sep 21 07:29:22.262548: | 18 52 fb 51 62 a6 8f 23 8a fa 3c 70 ac 1d 5f 5d Sep 21 07:29:22.262551: | a3 c1 84 2d 7e ec 0f 8a 70 4b 55 f1 82 9d ad 43 Sep 21 07:29:22.262553: | 6d 12 42 58 e3 76 09 1d 1f c0 62 92 15 48 d7 48 Sep 21 07:29:22.262555: | 3a db a8 06 a8 86 57 43 a6 99 e6 f8 e7 f5 8a 5f Sep 21 07:29:22.262558: | bf 9b 8a 74 fb aa 1d ad 90 0f 87 89 3f 2a 1b e1 Sep 21 07:29:22.262560: | 0d bf e7 36 85 1e 15 a6 c4 18 47 e1 d4 3c b0 6d Sep 21 07:29:22.262562: | fa 07 5d 0b c8 3e 89 a8 48 00 08 37 78 39 8c 0b Sep 21 07:29:22.262565: | 3a 92 36 0d a8 51 b2 9e 68 55 8b 7e d2 a2 d5 b2 Sep 21 07:29:22.262567: | ea 19 ee 90 72 ff f4 ea 2d f1 a6 94 e4 3f d5 3f Sep 21 07:29:22.262569: | b4 8a a5 22 c4 8a e6 d5 4e db 52 3a b0 2d 7f 90 Sep 21 07:29:22.262572: | 1c 64 5f 29 0a 9d 97 7e 1c 57 0b 33 98 32 e3 c4 Sep 21 07:29:22.262574: | 93 b6 48 2a 24 10 29 e4 4a 39 fe a0 81 5e f8 ce Sep 21 07:29:22.262577: | 8b 38 c3 22 c6 65 ce 77 d1 d2 7e d0 78 4c 53 1f Sep 21 07:29:22.262579: | ba e6 5b be 86 8f 86 ec 33 83 ee 50 d1 18 39 01 Sep 21 07:29:22.262581: | f6 e4 94 79 61 51 1c f3 11 21 3a 21 21 8f d5 63 Sep 21 07:29:22.262583: | 5b a4 e6 92 40 93 2d e1 83 c7 68 94 7b f6 81 2d Sep 21 07:29:22.262586: | 86 8f 8d 3f 23 f9 c7 45 4c b5 57 1a 0c 02 b6 9f Sep 21 07:29:22.262588: | f1 1f 2e 0e 61 b8 63 67 31 40 83 64 77 74 0d 4a Sep 21 07:29:22.262590: | e8 16 07 2f fa 8a e1 45 51 d7 ee 01 fc aa ec 0c Sep 21 07:29:22.262593: | bb 24 ff d0 d5 36 49 0b a3 30 c7 98 69 e3 ea ff Sep 21 07:29:22.262595: | 14 0b 32 de fd 90 fd 35 34 eb ed da 4f 57 1c 1b Sep 21 07:29:22.262597: | 0c c9 17 c6 12 7d a3 21 a8 b5 7b 4b e7 3a 1b b4 Sep 21 07:29:22.262601: | 62 a7 d5 6a 99 67 30 0a 3a 98 80 Sep 21 07:29:22.262869: | sending 101 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:29:22.262877: | fc 0f a2 c4 c7 27 e0 04 a6 e8 ae 6b 63 e8 b3 16 Sep 21 07:29:22.262879: | 35 20 23 08 00 00 00 01 00 00 00 65 00 00 00 49 Sep 21 07:29:22.262881: | 00 02 00 02 01 a6 91 cd 2e b1 ac df aa 12 e2 01 Sep 21 07:29:22.262884: | 05 8a a0 0e 2d 6f 53 63 c1 f5 3e 6d ea 74 d9 e0 Sep 21 07:29:22.262886: | 82 f9 55 5d 90 77 f8 5b dd 3b 2b 2a bc 57 23 74 Sep 21 07:29:22.262888: | f3 03 96 bd 3e 15 b4 81 aa b7 2a 5d a2 88 4b 00 Sep 21 07:29:22.262890: | ab d0 07 50 cb Sep 21 07:29:22.264484: | sent 2 fragments Sep 21 07:29:22.264494: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:29:22.264499: | event_schedule: new EVENT_RETRANSMIT-pe@0x55d0f56966e0 Sep 21 07:29:22.264503: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Sep 21 07:29:22.264507: | libevent_malloc: new ptr-libevent@0x7f9ca0006900 size 128 Sep 21 07:29:22.264513: | #2 STATE_PARENT_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49608.632762 Sep 21 07:29:22.264517: | resume sending helper answer for #1 suppresed complete_v2_state_transition() Sep 21 07:29:22.264523: | #1 spent 1.14 milliseconds Sep 21 07:29:22.264527: | #1 spent 6.24 milliseconds in resume sending helper answer Sep 21 07:29:22.264532: | stop processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:29:22.264536: | libevent_free: release ptr-libevent@0x7f9c98006b90 Sep 21 07:29:22.377167: | spent 0.00269 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:29:22.377187: | *received 435 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:29:22.377191: | fc 0f a2 c4 c7 27 e0 04 a6 e8 ae 6b 63 e8 b3 16 Sep 21 07:29:22.377194: | 2e 20 23 20 00 00 00 01 00 00 01 b3 24 00 01 97 Sep 21 07:29:22.377196: | c4 07 be 6c 5b 17 e6 69 59 23 3f 2c eb 56 2c e6 Sep 21 07:29:22.377198: | 4c 36 37 b4 f2 3a c7 82 45 fe 35 8c 68 25 87 92 Sep 21 07:29:22.377201: | 51 ab 7d 0b 5f 3a 01 aa ee a0 74 59 26 25 48 72 Sep 21 07:29:22.377203: | e8 88 51 d2 9e a4 f0 b7 22 11 6d 48 41 25 ee 79 Sep 21 07:29:22.377205: | cd c2 cb 6e e0 8e 2e 6f ff 79 3f 43 6a e0 3b 36 Sep 21 07:29:22.377208: | 72 c2 6a 99 b5 1a 3e de 7b b3 52 25 e8 7d 10 33 Sep 21 07:29:22.377210: | 5a 20 90 bb 40 5f 7f bd 52 96 33 cc 29 51 99 3b Sep 21 07:29:22.377212: | fb 99 96 f0 3f b9 ce eb 1f c4 54 8d 86 82 66 25 Sep 21 07:29:22.377214: | 43 a3 c9 e9 b4 41 fd ec 8d 3d c3 fc 2b 08 12 02 Sep 21 07:29:22.377217: | 9d bd f6 c1 c7 a6 80 5d 0d d5 eb a0 ed 56 42 88 Sep 21 07:29:22.377219: | 5e 87 8d 76 ef 0d c3 f1 58 fb 25 f6 78 44 5a 57 Sep 21 07:29:22.377221: | 1f 6e de 4c ca 0a 96 1c 5c 04 c0 a8 2e 16 23 60 Sep 21 07:29:22.377223: | 97 14 5d 0a 37 cc 42 93 35 03 1d 89 9c 58 77 94 Sep 21 07:29:22.377225: | 8c 77 05 45 91 20 48 01 5d 0d 0d 01 bf df ff 1b Sep 21 07:29:22.377228: | d7 27 9a 6e c4 94 fd 41 29 0f a3 77 9a 87 60 b9 Sep 21 07:29:22.377230: | a5 ad 32 04 a3 62 3a 0d a5 23 45 64 3b 7e 29 79 Sep 21 07:29:22.377232: | 4d 1e dc 85 20 23 da b4 bf 5f 9b bd 1e 6b 42 4d Sep 21 07:29:22.377235: | ff e3 62 4c b5 85 8c 05 bb e7 d2 75 a8 75 4a 06 Sep 21 07:29:22.377237: | 5d 0b 9b aa df a1 91 c3 46 c8 45 e7 89 e1 d6 4d Sep 21 07:29:22.377239: | 16 bf f6 ea 20 a8 c9 c4 84 52 fb a7 27 90 f9 84 Sep 21 07:29:22.377242: | 81 e0 44 b9 46 f7 a3 e1 b4 6f 4e 76 83 23 49 fe Sep 21 07:29:22.377244: | ce 98 53 d6 21 14 fe 1d f3 ed 7f 40 a1 26 5a ad Sep 21 07:29:22.377246: | 50 6f af d0 b3 35 86 54 68 1b f8 2b 69 ea 13 9c Sep 21 07:29:22.377249: | 91 48 f2 26 20 2a 9b bb 0f d5 2a 86 e1 84 5a 53 Sep 21 07:29:22.377251: | c7 23 74 f8 49 65 71 fc d5 4e a7 de b9 0d e8 a0 Sep 21 07:29:22.377256: | 0e 21 bd Sep 21 07:29:22.377261: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:29:22.377265: | **parse ISAKMP Message: Sep 21 07:29:22.377268: | initiator cookie: Sep 21 07:29:22.377270: | fc 0f a2 c4 c7 27 e0 04 Sep 21 07:29:22.377272: | responder cookie: Sep 21 07:29:22.377274: | a6 e8 ae 6b 63 e8 b3 16 Sep 21 07:29:22.377277: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:29:22.377280: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:29:22.377283: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Sep 21 07:29:22.377285: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:29:22.377288: | Message ID: 1 (0x1) Sep 21 07:29:22.377290: | length: 435 (0x1b3) Sep 21 07:29:22.377293: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Sep 21 07:29:22.377296: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Sep 21 07:29:22.377300: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Sep 21 07:29:22.377307: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:29:22.377310: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Sep 21 07:29:22.377314: | suspend processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:29:22.377319: | start processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:29:22.377321: | #2 is idle Sep 21 07:29:22.377324: | #2 idle Sep 21 07:29:22.377326: | unpacking clear payload Sep 21 07:29:22.377328: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:29:22.377331: | ***parse IKEv2 Encryption Payload: Sep 21 07:29:22.377334: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Sep 21 07:29:22.377336: | flags: none (0x0) Sep 21 07:29:22.377339: | length: 407 (0x197) Sep 21 07:29:22.377341: | processing payload: ISAKMP_NEXT_v2SK (len=403) Sep 21 07:29:22.377345: | #2 in state PARENT_I2: sent v2I2, expected v2R2 Sep 21 07:29:22.377361: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Sep 21 07:29:22.377364: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Sep 21 07:29:22.377367: | **parse IKEv2 Identification - Responder - Payload: Sep 21 07:29:22.377370: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Sep 21 07:29:22.377372: | flags: none (0x0) Sep 21 07:29:22.377375: | length: 12 (0xc) Sep 21 07:29:22.377377: | ID type: ID_FQDN (0x2) Sep 21 07:29:22.377380: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Sep 21 07:29:22.377382: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Sep 21 07:29:22.377385: | **parse IKEv2 Authentication Payload: Sep 21 07:29:22.377387: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:29:22.377390: | flags: none (0x0) Sep 21 07:29:22.377392: | length: 282 (0x11a) Sep 21 07:29:22.377395: | auth method: IKEv2_AUTH_RSA (0x1) Sep 21 07:29:22.377397: | processing payload: ISAKMP_NEXT_v2AUTH (len=274) Sep 21 07:29:22.377400: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:29:22.377402: | **parse IKEv2 Security Association Payload: Sep 21 07:29:22.377405: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:29:22.377407: | flags: none (0x0) Sep 21 07:29:22.377409: | length: 36 (0x24) Sep 21 07:29:22.377412: | processing payload: ISAKMP_NEXT_v2SA (len=32) Sep 21 07:29:22.377414: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:29:22.377417: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:29:22.377419: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:29:22.377422: | flags: none (0x0) Sep 21 07:29:22.377424: | length: 24 (0x18) Sep 21 07:29:22.377426: | number of TS: 1 (0x1) Sep 21 07:29:22.377429: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:29:22.377431: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:29:22.377436: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:29:22.377438: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:22.377441: | flags: none (0x0) Sep 21 07:29:22.377443: | length: 24 (0x18) Sep 21 07:29:22.377445: | number of TS: 1 (0x1) Sep 21 07:29:22.377448: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:29:22.377450: | selected state microcode Initiator: process IKE_AUTH response Sep 21 07:29:22.377453: | Now let's proceed with state specific processing Sep 21 07:29:22.377455: | calling processor Initiator: process IKE_AUTH response Sep 21 07:29:22.377461: | offered CA: '%none' Sep 21 07:29:22.377465: "westnet-eastnet-vti-01" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Sep 21 07:29:22.377507: | verifying AUTH payload Sep 21 07:29:22.377522: | required RSA CA is '%any' Sep 21 07:29:22.377526: | checking RSA keyid '@east' for match with '@east' Sep 21 07:29:22.377529: | RSA key issuer CA is '%any' Sep 21 07:29:22.377597: | an RSA Sig check passed with *AQO9bJbr3 [preloaded keys] Sep 21 07:29:22.377603: | #1 spent 0.0684 milliseconds in try_all_keys() trying a pubkey Sep 21 07:29:22.377606: "westnet-eastnet-vti-01" #2: Authenticated using RSA Sep 21 07:29:22.377615: | #1 spent 0.102 milliseconds in ikev2_verify_rsa_hash() Sep 21 07:29:22.377619: | parent state #1: PARENT_I2(open IKE SA) => PARENT_I3(established IKE SA) Sep 21 07:29:22.377624: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Sep 21 07:29:22.377627: | state #1 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:29:22.377631: | libevent_free: release ptr-libevent@0x55d0f5690ff0 Sep 21 07:29:22.377634: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55d0f5690fb0 Sep 21 07:29:22.377637: | event_schedule: new EVENT_SA_REKEY-pe@0x55d0f5690fb0 Sep 21 07:29:22.377640: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Sep 21 07:29:22.377643: | libevent_malloc: new ptr-libevent@0x55d0f5690ff0 size 128 Sep 21 07:29:22.377869: | pstats #1 ikev2.ike established Sep 21 07:29:22.377879: | TSi: parsing 1 traffic selectors Sep 21 07:29:22.377883: | ***parse IKEv2 Traffic Selector: Sep 21 07:29:22.377887: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:29:22.377889: | IP Protocol ID: 0 (0x0) Sep 21 07:29:22.377892: | length: 16 (0x10) Sep 21 07:29:22.377894: | start port: 0 (0x0) Sep 21 07:29:22.377896: | end port: 65535 (0xffff) Sep 21 07:29:22.377899: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:29:22.377902: | TS low c0 00 01 00 Sep 21 07:29:22.377904: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:29:22.377907: | TS high c0 00 01 ff Sep 21 07:29:22.377909: | TSi: parsed 1 traffic selectors Sep 21 07:29:22.377912: | TSr: parsing 1 traffic selectors Sep 21 07:29:22.377914: | ***parse IKEv2 Traffic Selector: Sep 21 07:29:22.377917: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:29:22.377919: | IP Protocol ID: 0 (0x0) Sep 21 07:29:22.377921: | length: 16 (0x10) Sep 21 07:29:22.377924: | start port: 0 (0x0) Sep 21 07:29:22.377926: | end port: 65535 (0xffff) Sep 21 07:29:22.377929: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:29:22.377931: | TS low c0 00 02 00 Sep 21 07:29:22.377934: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:29:22.377936: | TS high c0 00 02 ff Sep 21 07:29:22.377938: | TSr: parsed 1 traffic selectors Sep 21 07:29:22.377945: | evaluating our conn="westnet-eastnet-vti-01" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Sep 21 07:29:22.377950: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:29:22.377957: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Sep 21 07:29:22.377960: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:29:22.377963: | TSi[0] port match: YES fitness 65536 Sep 21 07:29:22.377966: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:29:22.377969: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:29:22.377976: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:29:22.377982: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Sep 21 07:29:22.377985: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:29:22.377988: | TSr[0] port match: YES fitness 65536 Sep 21 07:29:22.377990: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:29:22.377993: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:29:22.377996: | best fit so far: TSi[0] TSr[0] Sep 21 07:29:22.377998: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:29:22.378000: | printing contents struct traffic_selector Sep 21 07:29:22.378003: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:29:22.378005: | ipprotoid: 0 Sep 21 07:29:22.378007: | port range: 0-65535 Sep 21 07:29:22.378011: | ip range: 192.0.1.0-192.0.1.255 Sep 21 07:29:22.378013: | printing contents struct traffic_selector Sep 21 07:29:22.378016: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:29:22.378018: | ipprotoid: 0 Sep 21 07:29:22.378020: | port range: 0-65535 Sep 21 07:29:22.378024: | ip range: 192.0.2.0-192.0.2.255 Sep 21 07:29:22.378038: | using existing local ESP/AH proposals for westnet-eastnet-vti-01 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED Sep 21 07:29:22.378041: | Comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Sep 21 07:29:22.378045: | local proposal 1 type ENCR has 1 transforms Sep 21 07:29:22.378048: | local proposal 1 type PRF has 0 transforms Sep 21 07:29:22.378050: | local proposal 1 type INTEG has 1 transforms Sep 21 07:29:22.378053: | local proposal 1 type DH has 1 transforms Sep 21 07:29:22.378055: | local proposal 1 type ESN has 1 transforms Sep 21 07:29:22.378059: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:29:22.378061: | local proposal 2 type ENCR has 1 transforms Sep 21 07:29:22.378064: | local proposal 2 type PRF has 0 transforms Sep 21 07:29:22.378066: | local proposal 2 type INTEG has 1 transforms Sep 21 07:29:22.378069: | local proposal 2 type DH has 1 transforms Sep 21 07:29:22.378071: | local proposal 2 type ESN has 1 transforms Sep 21 07:29:22.378074: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Sep 21 07:29:22.378077: | local proposal 3 type ENCR has 1 transforms Sep 21 07:29:22.378079: | local proposal 3 type PRF has 0 transforms Sep 21 07:29:22.378082: | local proposal 3 type INTEG has 2 transforms Sep 21 07:29:22.378084: | local proposal 3 type DH has 1 transforms Sep 21 07:29:22.378086: | local proposal 3 type ESN has 1 transforms Sep 21 07:29:22.378089: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:29:22.378092: | local proposal 4 type ENCR has 1 transforms Sep 21 07:29:22.378094: | local proposal 4 type PRF has 0 transforms Sep 21 07:29:22.378097: | local proposal 4 type INTEG has 2 transforms Sep 21 07:29:22.378099: | local proposal 4 type DH has 1 transforms Sep 21 07:29:22.378102: | local proposal 4 type ESN has 1 transforms Sep 21 07:29:22.378105: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Sep 21 07:29:22.378108: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:29:22.378110: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:29:22.378113: | length: 32 (0x20) Sep 21 07:29:22.378115: | prop #: 1 (0x1) Sep 21 07:29:22.378117: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:29:22.378120: | spi size: 4 (0x4) Sep 21 07:29:22.378122: | # transforms: 2 (0x2) Sep 21 07:29:22.378125: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:29:22.378129: | remote SPI be 21 e6 a1 Sep 21 07:29:22.378132: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:29:22.378135: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:29:22.378138: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.378140: | length: 12 (0xc) Sep 21 07:29:22.378143: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:29:22.378145: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:29:22.378148: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:29:22.378150: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:29:22.378153: | length/value: 256 (0x100) Sep 21 07:29:22.378157: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:29:22.378160: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:29:22.378162: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:29:22.378165: | length: 8 (0x8) Sep 21 07:29:22.378167: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:29:22.378170: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:29:22.378173: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:29:22.378177: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Sep 21 07:29:22.378181: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Sep 21 07:29:22.378184: | remote proposal 1 matches local proposal 1 Sep 21 07:29:22.378187: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Sep 21 07:29:22.378191: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=be21e6a1;ENCR=AES_GCM_C_256;ESN=DISABLED Sep 21 07:29:22.378194: | converting proposal to internal trans attrs Sep 21 07:29:22.378200: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:29:22.378377: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:29:22.378382: | could_route called for westnet-eastnet-vti-01 (kind=CK_PERMANENT) Sep 21 07:29:22.378385: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:29:22.378388: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff vs Sep 21 07:29:22.378390: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff Sep 21 07:29:22.378393: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff vs Sep 21 07:29:22.378396: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff Sep 21 07:29:22.378403: | route owner of "westnet-eastnet-vti-01" unrouted: NULL; eroute owner: NULL Sep 21 07:29:22.378407: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:29:22.378410: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:29:22.378413: | AES_GCM_16 requires 4 salt bytes Sep 21 07:29:22.378416: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:29:22.378421: | setting IPsec SA replay-window to 32 Sep 21 07:29:22.378423: | NIC esp-hw-offload not for connection 'westnet-eastnet-vti-01' not available on interface eth1 Sep 21 07:29:22.378427: | netlink: enabling tunnel mode Sep 21 07:29:22.378429: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:29:22.378432: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:29:22.378857: | netlink response for Add SA esp.be21e6a1@192.1.2.23 included non-error error Sep 21 07:29:22.378867: | set up outgoing SA, ref=0/0 Sep 21 07:29:22.378871: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:29:22.378874: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:29:22.378876: | AES_GCM_16 requires 4 salt bytes Sep 21 07:29:22.378879: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:29:22.378883: | setting IPsec SA replay-window to 32 Sep 21 07:29:22.378888: | NIC esp-hw-offload not for connection 'westnet-eastnet-vti-01' not available on interface eth1 Sep 21 07:29:22.378891: | netlink: enabling tunnel mode Sep 21 07:29:22.378894: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:29:22.378897: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:29:22.379032: | netlink response for Add SA esp.eec7c242@192.1.2.45 included non-error error Sep 21 07:29:22.379040: | priority calculation of connection "westnet-eastnet-vti-01" is 0xfe7e7 Sep 21 07:29:22.379047: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) Sep 21 07:29:22.379050: | IPsec Sa SPD priority set to 1042407 Sep 21 07:29:22.379938: | raw_eroute result=success Sep 21 07:29:22.379951: | set up incoming SA, ref=0/0 Sep 21 07:29:22.379954: | sr for #2: unrouted Sep 21 07:29:22.379957: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:29:22.379960: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:29:22.379963: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff vs Sep 21 07:29:22.379965: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff Sep 21 07:29:22.379968: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff vs Sep 21 07:29:22.379971: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff Sep 21 07:29:22.379975: | route owner of "westnet-eastnet-vti-01" unrouted: NULL; eroute owner: NULL Sep 21 07:29:22.379979: | route_and_eroute with c: westnet-eastnet-vti-01 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:29:22.379982: | priority calculation of connection "westnet-eastnet-vti-01" is 0xfe7e7 Sep 21 07:29:22.379991: | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:29:22.379994: | IPsec Sa SPD priority set to 1042407 Sep 21 07:29:22.380143: | raw_eroute result=success Sep 21 07:29:22.380150: | running updown command "ipsec _updown" for verb up Sep 21 07:29:22.380153: | command executing up-client Sep 21 07:29:22.380183: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xffffffff CON Sep 21 07:29:22.380187: | popen cmd is 1129 chars long Sep 21 07:29:22.380190: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti: Sep 21 07:29:22.380193: | cmd( 80):-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PL: Sep 21 07:29:22.380196: | cmd( 160):UTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0': Sep 21 07:29:22.380198: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT='0' : Sep 21 07:29:22.380201: | cmd( 320):PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192: Sep 21 07:29:22.380203: | cmd( 400):.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIEN: Sep 21 07:29:22.380206: | cmd( 480):T_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLU: Sep 21 07:29:22.380209: | cmd( 560):TO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLU: Sep 21 07:29:22.380215: | cmd( 640):TO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_AL: Sep 21 07:29:22.380218: | cmd( 720):LOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FA: Sep 21 07:29:22.380220: | cmd( 800):ILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' : Sep 21 07:29:22.380223: | cmd( 880):PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGUR: Sep 21 07:29:22.380225: | cmd( 960):ED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ipsec0' V: Sep 21 07:29:22.380228: | cmd(1040):TI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0xbe21e6a1 SPI_OUT=0xeec7c242 ipsec _up: Sep 21 07:29:22.380230: | cmd(1120):down 2>&1: Sep 21 07:29:22.410773: "westnet-eastnet-vti-01" #2: up-client output: net.ipv4.conf.ipsec0.disable_policy = 1 Sep 21 07:29:22.410937: "westnet-eastnet-vti-01" #2: up-client output: net.ipv4.conf.ipsec0.rp_filter = 0 Sep 21 07:29:22.413014: "westnet-eastnet-vti-01" #2: up-client output: net.ipv4.conf.ipsec0.forwarding = 1 Sep 21 07:29:22.426283: "westnet-eastnet-vti-01" #2: up-client output: done ip route Sep 21 07:29:22.426503: | route_and_eroute: firewall_notified: true Sep 21 07:29:22.426512: | running updown command "ipsec _updown" for verb prepare Sep 21 07:29:22.426515: | command executing prepare-client Sep 21 07:29:22.426552: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xff Sep 21 07:29:22.426557: | popen cmd is 1134 chars long Sep 21 07:29:22.426559: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Sep 21 07:29:22.426561: | cmd( 80):t-vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.4: Sep 21 07:29:22.426567: | cmd( 160):5' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0: Sep 21 07:29:22.426570: | cmd( 240):.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT: Sep 21 07:29:22.426572: | cmd( 320):='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER: Sep 21 07:29:22.426574: | cmd( 400):='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_: Sep 21 07:29:22.426576: | cmd( 480):CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0: Sep 21 07:29:22.426578: | cmd( 560):' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0: Sep 21 07:29:22.426581: | cmd( 640):' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FR: Sep 21 07:29:22.426583: | cmd( 720):AG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAU: Sep 21 07:29:22.426586: | cmd( 800):TH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INF: Sep 21 07:29:22.426588: | cmd( 880):O='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CON: Sep 21 07:29:22.426591: | cmd( 960):FIGURED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ipse: Sep 21 07:29:22.426594: | cmd(1040):c0' VTI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0xbe21e6a1 SPI_OUT=0xeec7c242 ipse: Sep 21 07:29:22.426601: | cmd(1120):c _updown 2>&1: Sep 21 07:29:22.450795: "westnet-eastnet-vti-01" #2: prepare-client output: vti interface "ipsec0" already exists with conflicting setting Sep 21 07:29:22.450819: "westnet-eastnet-vti-01" #2: prepare-client output: existing: ipsec0: ip/ip remote any local 192.1.2.45 ttl inherit ikey 20 okey 21 Sep 21 07:29:22.450825: "westnet-eastnet-vti-01" #2: prepare-client output: wanted : ipsec0: ip/ip remote any local 192.1.2.45 ttl inherit key 21 Sep 21 07:29:22.450950: | running updown command "ipsec _updown" for verb route Sep 21 07:29:22.450958: | command executing route-client Sep 21 07:29:22.450991: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xffffff Sep 21 07:29:22.450994: | popen cmd is 1132 chars long Sep 21 07:29:22.450997: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Sep 21 07:29:22.451000: | cmd( 80):vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45': Sep 21 07:29:22.451003: | cmd( 160): PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1: Sep 21 07:29:22.451005: | cmd( 240):.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT=': Sep 21 07:29:22.451008: | cmd( 320):0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER=': Sep 21 07:29:22.451010: | cmd( 400):192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CL: Sep 21 07:29:22.451013: | cmd( 480):IENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' : Sep 21 07:29:22.451015: | cmd( 560):PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' : Sep 21 07:29:22.451018: | cmd( 640):PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG: Sep 21 07:29:22.451020: | cmd( 720):_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH: Sep 21 07:29:22.451023: | cmd( 800):_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO=: Sep 21 07:29:22.451025: | cmd( 880):'' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFI: Sep 21 07:29:22.451028: | cmd( 960):GURED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ipsec0: Sep 21 07:29:22.451030: | cmd(1040):' VTI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0xbe21e6a1 SPI_OUT=0xeec7c242 ipsec : Sep 21 07:29:22.451033: | cmd(1120):_updown 2>&1: Sep 21 07:29:22.503855: "westnet-eastnet-vti-01" #2: route-client output: done ip route Sep 21 07:29:22.511673: | route_and_eroute: instance "westnet-eastnet-vti-01", setting eroute_owner {spd=0x55d0f568ca50,sr=0x55d0f568ca50} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:29:22.511762: | #1 spent 1.25 milliseconds in install_ipsec_sa() Sep 21 07:29:22.511770: | inR2: instance westnet-eastnet-vti-01[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:29:22.511774: | state #2 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:29:22.511780: | #2 STATE_PARENT_I2: retransmits: cleared Sep 21 07:29:22.511811: | libevent_free: release ptr-libevent@0x7f9ca0006900 Sep 21 07:29:22.511817: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55d0f56966e0 Sep 21 07:29:22.511823: | #2 spent 2.07 milliseconds in processing: Initiator: process IKE_AUTH response in ikev2_process_state_packet() Sep 21 07:29:22.511832: | [RE]START processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:29:22.511837: | #2 complete_v2_state_transition() PARENT_I2->V2_IPSEC_I with status STF_OK Sep 21 07:29:22.511841: | IKEv2: transition from state STATE_PARENT_I2 to state STATE_V2_IPSEC_I Sep 21 07:29:22.511845: | child state #2: PARENT_I2(open IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:29:22.511848: | Message ID: updating counters for #2 to 1 after switching state Sep 21 07:29:22.511855: | Message ID: recv #1.#2 response 1; ike: initiator.sent=1 initiator.recv=0->1 responder.sent=-1 responder.recv=-1; child: wip.initiator=1->-1 wip.responder=-1 Sep 21 07:29:22.511862: | Message ID: #1.#2 skipping update_send as nothing to send; initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:29:22.511865: | pstats #2 ikev2.child established Sep 21 07:29:22.511874: "westnet-eastnet-vti-01" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Sep 21 07:29:22.511886: | NAT-T: encaps is 'auto' Sep 21 07:29:22.511892: "westnet-eastnet-vti-01" #2: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0xbe21e6a1 <0xeec7c242 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Sep 21 07:29:22.511897: | releasing whack for #2 (sock=fd@23) Sep 21 07:29:22.511901: | close_any(fd@23) (in release_whack() at state.c:654) Sep 21 07:29:22.511904: | releasing whack and unpending for parent #1 Sep 21 07:29:22.511907: | unpending state #1 connection "westnet-eastnet-vti-01" Sep 21 07:29:22.511913: | delete from pending Child SA with 192.1.2.23 "westnet-eastnet-vti-01" Sep 21 07:29:22.511916: | removing pending policy for no connection {0x55d0f55eff50} Sep 21 07:29:22.511923: | close_any(fd@22) (in release_whack() at state.c:654) Sep 21 07:29:22.511928: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Sep 21 07:29:22.511932: | event_schedule: new EVENT_SA_REKEY-pe@0x55d0f56966e0 Sep 21 07:29:22.511936: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Sep 21 07:29:22.511940: | libevent_malloc: new ptr-libevent@0x7f9ca0006900 size 128 Sep 21 07:29:22.511948: | stop processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:29:22.511953: | #1 spent 2.48 milliseconds in ikev2_process_packet() Sep 21 07:29:22.511958: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:29:22.511962: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:29:22.511966: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:29:22.511970: | spent 2.5 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:29:22.511979: | kernel_process_msg_cb process netlink message Sep 21 07:29:22.511986: | netlink_get: XFRM_MSG_NEWSA message Sep 21 07:29:22.511990: | netlink_get: XFRM_MSG_NEWSA message Sep 21 07:29:22.511994: | netlink_get: XFRM_MSG_DELPOLICY message Sep 21 07:29:22.511997: | xfrm netlink address change RTM_NEWADDR msg len 80 Sep 21 07:29:22.512001: | XFRM RTM_NEWADDR 192.0.1.254 IFA_LOCAL Sep 21 07:29:22.512005: | FOR_EACH_STATE_... in record_newaddr (for_each_state) Sep 21 07:29:22.512011: | start processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in for_each_state() at state.c:1572) Sep 21 07:29:22.512017: | stop processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in for_each_state() at state.c:1574) Sep 21 07:29:22.512023: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in for_each_state() at state.c:1572) Sep 21 07:29:22.512030: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in for_each_state() at state.c:1574) Sep 21 07:29:22.512034: | IKEv2 received address RTM_NEWADDR type 3 Sep 21 07:29:22.512037: | IKEv2 received address RTM_NEWADDR type 8 Sep 21 07:29:22.512039: | IKEv2 received address RTM_NEWADDR type 6 Sep 21 07:29:22.512044: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:29:22.512048: | netlink_get: XFRM_MSG_NEWSA message Sep 21 07:29:22.512052: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:29:22.512056: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:29:22.512060: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:29:22.512064: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:29:22.512068: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:29:22.512074: | spent 0.0893 milliseconds in kernel message Sep 21 07:29:22.512080: | processing signal PLUTO_SIGCHLD Sep 21 07:29:22.512086: | waitpid returned ECHILD (no child processes left) Sep 21 07:29:22.512090: | spent 0.00533 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:29:22.512093: | processing signal PLUTO_SIGCHLD Sep 21 07:29:22.512096: | waitpid returned ECHILD (no child processes left) Sep 21 07:29:22.512100: | spent 0.0038 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:29:22.512103: | processing signal PLUTO_SIGCHLD Sep 21 07:29:22.512107: | waitpid returned ECHILD (no child processes left) Sep 21 07:29:22.512111: | spent 0.00378 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:29:22.593858: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:29:22.593889: | dup_any(fd@16) -> fd@21 (in whack_process() at rcv_whack.c:590) Sep 21 07:29:22.593894: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:29:22.593901: | start processing: connection "westnet-eastnet-vti-02" (in initiate_a_connection() at initiate.c:186) Sep 21 07:29:22.593905: | connection 'westnet-eastnet-vti-02' +POLICY_UP Sep 21 07:29:22.593909: | dup_any(fd@21) -> fd@22 (in initiate_a_connection() at initiate.c:342) Sep 21 07:29:22.593912: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:29:22.593917: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:29:22.593923: | creating state object #3 at 0x55d0f5692ca0 Sep 21 07:29:22.593927: | State DB: adding IKEv2 state #3 in UNDEFINED Sep 21 07:29:22.593936: | pstats #3 ikev2.child started Sep 21 07:29:22.593940: | duplicating state object #1 "westnet-eastnet-vti-01" as #3 for IPSEC SA Sep 21 07:29:22.593947: | #3 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:29:22.593956: | Message ID: init_child #1.#3; ike: initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:29:22.593960: | in connection_discard for connection westnet-eastnet-vti-01 Sep 21 07:29:22.593964: | suspend processing: connection "westnet-eastnet-vti-02" (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:29:22.593970: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:29:22.593974: | child state #3: UNDEFINED(ignore) => V2_CREATE_I0(established IKE SA) Sep 21 07:29:22.593979: | create child proposal's DH changed from no-PFS to MODP2048, flushing Sep 21 07:29:22.593983: | constructing ESP/AH proposals with default DH MODP2048 for westnet-eastnet-vti-02 (ESP/AH initiator emitting proposals) Sep 21 07:29:22.593988: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:29:22.593996: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:29:22.593999: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:29:22.594004: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:29:22.594008: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:29:22.594017: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:29:22.594021: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:29:22.594025: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:29:22.594033: "westnet-eastnet-vti-02": constructed local ESP/AH proposals for westnet-eastnet-vti-02 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:29:22.594046: | #3 schedule initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO using IKE# 1 pfs=MODP2048 Sep 21 07:29:22.594049: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x55d0f5698a20 Sep 21 07:29:22.594053: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Sep 21 07:29:22.594057: | libevent_malloc: new ptr-libevent@0x55d0f5690dc0 size 128 Sep 21 07:29:22.594061: | processing: RESET whack log_fd (was fd@16) (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:29:22.594066: | RESET processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:29:22.594070: | RESET processing: connection "westnet-eastnet-vti-02" (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:29:22.594073: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:29:22.594077: | close_any(fd@21) (in initiate_connection() at initiate.c:372) Sep 21 07:29:22.594080: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:29:22.594087: | spent 0.239 milliseconds in whack Sep 21 07:29:22.594096: | timer_event_cb: processing event@0x55d0f5698a20 Sep 21 07:29:22.594100: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Sep 21 07:29:22.594105: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:29:22.594111: | adding Child Initiator KE and nonce ni work-order 3 for state #3 Sep 21 07:29:22.594114: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55d0f5696960 Sep 21 07:29:22.594118: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:29:22.594121: | libevent_malloc: new ptr-libevent@0x55d0f5690e50 size 128 Sep 21 07:29:22.594132: | libevent_free: release ptr-libevent@0x55d0f5690dc0 Sep 21 07:29:22.594135: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x55d0f5698a20 Sep 21 07:29:22.594136: | crypto helper 5 resuming Sep 21 07:29:22.594141: | #3 spent 0.0436 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:29:22.594145: | crypto helper 5 starting work-order 3 for state #3 Sep 21 07:29:22.594149: | stop processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:29:22.594150: | crypto helper 5 doing build KE and nonce (Child Initiator KE and nonce ni); request ID 3 Sep 21 07:29:22.594838: | crypto helper 5 finished build KE and nonce (Child Initiator KE and nonce ni); request ID 3 time elapsed 0.000688 seconds Sep 21 07:29:22.594849: | (#3) spent 0.664 milliseconds in crypto helper computing work-order 3: Child Initiator KE and nonce ni (pcr) Sep 21 07:29:22.594852: | crypto helper 5 sending results from work-order 3 for state #3 to event queue Sep 21 07:29:22.594854: | scheduling resume sending helper answer for #3 Sep 21 07:29:22.594856: | libevent_malloc: new ptr-libevent@0x7f9c9c006900 size 128 Sep 21 07:29:22.594859: | libevent_realloc: release ptr-libevent@0x55d0f566f6b0 Sep 21 07:29:22.594861: | libevent_realloc: new ptr-libevent@0x55d0f569a340 size 128 Sep 21 07:29:22.594867: | crypto helper 5 waiting (nothing to do) Sep 21 07:29:22.594875: | processing resume sending helper answer for #3 Sep 21 07:29:22.594883: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:29:22.594887: | crypto helper 5 replies to request ID 3 Sep 21 07:29:22.594889: | calling continuation function 0x55d0f3d2a630 Sep 21 07:29:22.594892: | ikev2_child_outI_continue for #3 STATE_V2_CREATE_I0 Sep 21 07:29:22.594895: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:29:22.594898: | libevent_free: release ptr-libevent@0x55d0f5690e50 Sep 21 07:29:22.594901: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55d0f5696960 Sep 21 07:29:22.594904: | event_schedule: new EVENT_SA_REPLACE-pe@0x55d0f5696960 Sep 21 07:29:22.594907: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #3 Sep 21 07:29:22.594910: | libevent_malloc: new ptr-libevent@0x55d0f5690e50 size 128 Sep 21 07:29:22.594915: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:29:22.594917: | scheduling callback v2_msgid_schedule_next_initiator (#1) Sep 21 07:29:22.594920: | libevent_malloc: new ptr-libevent@0x55d0f5690dc0 size 128 Sep 21 07:29:22.594925: | [RE]START processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:29:22.594929: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_SUSPEND Sep 21 07:29:22.594931: | suspending state #3 and saving MD Sep 21 07:29:22.594933: | #3 is busy; has a suspended MD Sep 21 07:29:22.594937: | [RE]START processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:29:22.594941: | "westnet-eastnet-vti-02" #3 complete v2 state STATE_V2_CREATE_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:29:22.594944: | resume sending helper answer for #3 suppresed complete_v2_state_transition() Sep 21 07:29:22.594948: | #3 spent 0.0606 milliseconds in resume sending helper answer Sep 21 07:29:22.594952: | stop processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:29:22.594955: | libevent_free: release ptr-libevent@0x7f9c9c006900 Sep 21 07:29:22.594960: | processing callback v2_msgid_schedule_next_initiator for #1 Sep 21 07:29:22.594964: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in callback_handler() at server.c:904) Sep 21 07:29:22.594969: | Message ID: #1.#3 resuming SA using IKE SA (unack 0); initiator.sent=1 initiator.recv=1 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:29:22.594973: | suspend processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:29:22.594977: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:29:22.594983: | **emit ISAKMP Message: Sep 21 07:29:22.594986: | initiator cookie: Sep 21 07:29:22.594988: | fc 0f a2 c4 c7 27 e0 04 Sep 21 07:29:22.594990: | responder cookie: Sep 21 07:29:22.594992: | a6 e8 ae 6b 63 e8 b3 16 Sep 21 07:29:22.594995: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:29:22.594997: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:29:22.595000: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:29:22.595003: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:29:22.595005: | Message ID: 2 (0x2) Sep 21 07:29:22.595007: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:29:22.595010: | ***emit IKEv2 Encryption Payload: Sep 21 07:29:22.595013: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:22.595015: | flags: none (0x0) Sep 21 07:29:22.595018: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:29:22.595023: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:29:22.595026: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:29:22.595047: | netlink_get_spi: allocated 0x769070b for esp.0@192.1.2.45 Sep 21 07:29:22.595050: | Emitting ikev2_proposals ... Sep 21 07:29:22.595052: | ****emit IKEv2 Security Association Payload: Sep 21 07:29:22.595054: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:22.595057: | flags: none (0x0) Sep 21 07:29:22.595059: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:29:22.595062: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:29:22.595065: | discarding INTEG=NONE Sep 21 07:29:22.595067: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:29:22.595069: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:22.595071: | prop #: 1 (0x1) Sep 21 07:29:22.595074: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:29:22.595076: | spi size: 4 (0x4) Sep 21 07:29:22.595078: | # transforms: 3 (0x3) Sep 21 07:29:22.595081: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:29:22.595084: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:29:22.595086: | our spi 07 69 07 0b Sep 21 07:29:22.595088: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.595091: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.595093: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:29:22.595096: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:29:22.595098: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.595101: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:29:22.595103: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:29:22.595106: | length/value: 256 (0x100) Sep 21 07:29:22.595108: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:29:22.595110: | discarding INTEG=NONE Sep 21 07:29:22.595113: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.595115: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.595117: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.595119: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:29:22.595122: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.595125: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.595127: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.595129: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.595131: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:29:22.595134: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:29:22.595136: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:29:22.595138: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.595141: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.595143: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.595146: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:29:22.595148: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:29:22.595152: | discarding INTEG=NONE Sep 21 07:29:22.595154: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:29:22.595156: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:22.595159: | prop #: 2 (0x2) Sep 21 07:29:22.595161: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:29:22.595163: | spi size: 4 (0x4) Sep 21 07:29:22.595165: | # transforms: 3 (0x3) Sep 21 07:29:22.595168: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:22.595170: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:29:22.595173: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:29:22.595175: | our spi 07 69 07 0b Sep 21 07:29:22.595177: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.595179: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.595182: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:29:22.595184: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:29:22.595186: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.595189: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:29:22.595191: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:29:22.595193: | length/value: 128 (0x80) Sep 21 07:29:22.595195: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:29:22.595197: | discarding INTEG=NONE Sep 21 07:29:22.595200: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.595202: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.595204: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.595206: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:29:22.595209: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.595211: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.595214: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.595216: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.595218: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:29:22.595220: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:29:22.595223: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:29:22.595225: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.595228: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.595230: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.595232: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:29:22.595235: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:29:22.595237: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:29:22.595239: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:22.595241: | prop #: 3 (0x3) Sep 21 07:29:22.595244: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:29:22.595246: | spi size: 4 (0x4) Sep 21 07:29:22.595248: | # transforms: 5 (0x5) Sep 21 07:29:22.595251: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:22.595253: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:29:22.595256: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:29:22.595259: | our spi 07 69 07 0b Sep 21 07:29:22.595261: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.595263: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.595266: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:29:22.595268: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:29:22.595270: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.595273: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:29:22.595275: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:29:22.595277: | length/value: 256 (0x100) Sep 21 07:29:22.595279: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:29:22.595282: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.595284: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.595286: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:29:22.595288: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:29:22.595291: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.595294: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.595296: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.595298: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.595301: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.595303: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:29:22.595305: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:29:22.595308: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.595310: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.595313: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.595315: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.595317: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.595319: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.595321: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:29:22.595324: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.595327: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.595329: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.595331: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.595333: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:29:22.595335: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:29:22.595338: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:29:22.595340: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.595343: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.595345: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.595347: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:29:22.595350: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:29:22.595352: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:29:22.595354: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:29:22.595356: | prop #: 4 (0x4) Sep 21 07:29:22.595359: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:29:22.595362: | spi size: 4 (0x4) Sep 21 07:29:22.595364: | # transforms: 5 (0x5) Sep 21 07:29:22.595367: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:22.595370: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:29:22.595372: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:29:22.595375: | our spi 07 69 07 0b Sep 21 07:29:22.595377: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.595379: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.595381: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:29:22.595383: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:29:22.595386: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.595388: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:29:22.595391: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:29:22.595393: | length/value: 128 (0x80) Sep 21 07:29:22.595395: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:29:22.595397: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.595399: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.595402: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:29:22.595404: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:29:22.595407: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.595409: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.595412: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.595414: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.595416: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.595418: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:29:22.595420: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:29:22.595423: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.595429: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.595433: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.595436: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.595439: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.595442: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.595445: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:29:22.595449: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.595453: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.595456: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.595459: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:22.595462: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:29:22.595465: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:29:22.595467: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:29:22.595471: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.595475: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:22.595478: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:22.595484: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:29:22.595488: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:29:22.595491: | emitting length of IKEv2 Security Association Payload: 196 Sep 21 07:29:22.595495: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:29:22.595499: | ****emit IKEv2 Nonce Payload: Sep 21 07:29:22.595502: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:22.595505: | flags: none (0x0) Sep 21 07:29:22.595510: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:29:22.595514: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:29:22.595518: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:29:22.595521: | IKEv2 nonce 77 37 ba d5 0e da a2 e2 80 a4 4a 9a de 9d 26 88 Sep 21 07:29:22.595524: | IKEv2 nonce e6 8a 52 c9 ba 80 de b1 84 05 40 f2 8e fa 59 5c Sep 21 07:29:22.595527: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:29:22.595531: | ****emit IKEv2 Key Exchange Payload: Sep 21 07:29:22.595534: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:22.595537: | flags: none (0x0) Sep 21 07:29:22.595540: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:29:22.595544: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:29:22.595548: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:29:22.595552: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:29:22.595555: | ikev2 g^x 5b e0 c8 47 d6 ef 83 2b c9 78 94 7b 90 b1 af 80 Sep 21 07:29:22.595558: | ikev2 g^x ef 1a b1 23 5f bc 8f 43 2c eb d7 c1 4f 91 34 5b Sep 21 07:29:22.595561: | ikev2 g^x 77 08 c0 87 e5 37 36 bc 43 cb 31 f0 f0 19 af d7 Sep 21 07:29:22.595564: | ikev2 g^x f4 0b e0 f0 7b 3d 5d f4 62 10 8f ab 98 0c ac da Sep 21 07:29:22.595567: | ikev2 g^x e4 08 bb 8b 2f ec 0a 43 cc 45 eb 62 e5 18 d9 8d Sep 21 07:29:22.595570: | ikev2 g^x 72 37 50 d1 ba 31 54 68 dd 70 d1 8c ea 18 0d 7d Sep 21 07:29:22.595573: | ikev2 g^x f2 25 a2 0a 2f 9c 20 71 5c aa cc c2 3e 5a b3 e4 Sep 21 07:29:22.595576: | ikev2 g^x ef 47 82 11 ca 6d 36 6b 14 d2 80 c1 09 7e 77 12 Sep 21 07:29:22.595580: | ikev2 g^x 81 c5 ad e3 ec 5b 20 e7 87 7c 43 99 5e 61 a0 0a Sep 21 07:29:22.595583: | ikev2 g^x 9c 02 fa 67 78 84 e4 fb 21 41 e8 66 b4 b1 ba 20 Sep 21 07:29:22.595586: | ikev2 g^x b2 30 82 0a 58 b0 90 09 f6 46 a4 16 6e 1c eb 63 Sep 21 07:29:22.595589: | ikev2 g^x f6 90 3a 5d 61 e7 ab 87 b2 c6 6e 79 4e ac c1 4f Sep 21 07:29:22.595592: | ikev2 g^x 3d b7 ab f9 b1 39 e9 33 6c e9 e8 4c 2a cb 8b 67 Sep 21 07:29:22.595595: | ikev2 g^x a2 86 e0 e9 be 59 90 52 0d 5d 90 9d a3 5f ad 4b Sep 21 07:29:22.595599: | ikev2 g^x 5f 28 ce a9 87 f3 56 34 23 61 09 cf 16 28 47 3e Sep 21 07:29:22.595602: | ikev2 g^x 51 c7 3b da 3a 57 41 98 87 84 b6 55 9a d8 f2 a3 Sep 21 07:29:22.595605: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:29:22.595609: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:29:22.595612: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:22.595615: | flags: none (0x0) Sep 21 07:29:22.595618: | number of TS: 1 (0x1) Sep 21 07:29:22.595623: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Sep 21 07:29:22.595627: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Sep 21 07:29:22.595631: | *****emit IKEv2 Traffic Selector: Sep 21 07:29:22.595636: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:29:22.595639: | IP Protocol ID: 0 (0x0) Sep 21 07:29:22.595642: | start port: 0 (0x0) Sep 21 07:29:22.595645: | end port: 65535 (0xffff) Sep 21 07:29:22.595649: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:29:22.595652: | IP start 0a 00 01 00 Sep 21 07:29:22.595655: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:29:22.595658: | IP end 0a 00 01 ff Sep 21 07:29:22.595661: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:29:22.595664: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Sep 21 07:29:22.595667: | ****emit IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:29:22.595671: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:22.595675: | flags: none (0x0) Sep 21 07:29:22.595680: | number of TS: 1 (0x1) Sep 21 07:29:22.595684: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Sep 21 07:29:22.595687: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Sep 21 07:29:22.595690: | *****emit IKEv2 Traffic Selector: Sep 21 07:29:22.595693: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:29:22.595696: | IP Protocol ID: 0 (0x0) Sep 21 07:29:22.595698: | start port: 0 (0x0) Sep 21 07:29:22.595701: | end port: 65535 (0xffff) Sep 21 07:29:22.595705: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Sep 21 07:29:22.595707: | IP start 0a 00 02 00 Sep 21 07:29:22.595710: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Sep 21 07:29:22.595712: | IP end 0a 00 02 ff Sep 21 07:29:22.595715: | emitting length of IKEv2 Traffic Selector: 16 Sep 21 07:29:22.595718: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Sep 21 07:29:22.595722: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Sep 21 07:29:22.595725: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:29:22.595730: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:29:22.595734: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:29:22.595737: | emitting length of IKEv2 Encryption Payload: 573 Sep 21 07:29:22.595740: | emitting length of ISAKMP Message: 601 Sep 21 07:29:22.595761: | [RE]START processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:29:22.595766: | #3 complete_v2_state_transition() V2_CREATE_I0->V2_CREATE_I with status STF_OK Sep 21 07:29:22.595770: | IKEv2: transition from state STATE_V2_CREATE_I0 to state STATE_V2_CREATE_I Sep 21 07:29:22.595775: | child state #3: V2_CREATE_I0(established IKE SA) => V2_CREATE_I(established IKE SA) Sep 21 07:29:22.595779: | Message ID: updating counters for #3 to 4294967295 after switching state Sep 21 07:29:22.595801: | Message ID: IKE #1 skipping update_recv as MD is fake Sep 21 07:29:22.595813: | Message ID: sent #1.#3 request 2; ike: initiator.sent=1->2 initiator.recv=1 responder.sent=-1 responder.recv=-1; child: wip.initiator=-1->2 wip.responder=-1 Sep 21 07:29:22.595816: "westnet-eastnet-vti-02" #3: STATE_V2_CREATE_I: sent IPsec Child req wait response Sep 21 07:29:22.595828: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Sep 21 07:29:22.595836: | sending 601 bytes for STATE_V2_CREATE_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:29:22.595839: | fc 0f a2 c4 c7 27 e0 04 a6 e8 ae 6b 63 e8 b3 16 Sep 21 07:29:22.595842: | 2e 20 24 08 00 00 00 02 00 00 02 59 21 00 02 3d Sep 21 07:29:22.595845: | db fb 42 ae f6 a6 c7 f8 a7 0a d7 bf 49 bf 8a 09 Sep 21 07:29:22.595848: | 98 4e 4b 32 1a 91 23 f5 37 02 6d f4 c1 6a 98 ff Sep 21 07:29:22.595851: | 74 24 6a af ba d7 86 22 5b 1a c2 80 94 15 29 b2 Sep 21 07:29:22.595856: | db ad 68 9c 8a e4 49 0f 4d 2c 1b 94 29 b1 b2 25 Sep 21 07:29:22.595860: | a1 a5 c3 ce 30 51 58 9d 5e c5 cc ea 9f 1b c2 99 Sep 21 07:29:22.595862: | aa b6 85 3b 03 8f bb e5 b6 49 29 6f 31 91 c0 c6 Sep 21 07:29:22.595865: | cb 4c 56 d9 3d 84 02 5d 47 d1 54 b6 99 94 04 e8 Sep 21 07:29:22.595868: | 3a c0 ca f2 71 f6 02 2f 0e be cc a0 f9 39 d5 b1 Sep 21 07:29:22.595871: | 24 23 2f 6b b6 59 94 08 9b d3 11 de ca 04 55 f1 Sep 21 07:29:22.595874: | d0 d0 03 78 26 be 2f ce 6c b6 52 f5 ac 6b 60 00 Sep 21 07:29:22.595877: | 18 cb 03 be 1c 11 d0 e2 12 de d3 87 cb 33 e8 09 Sep 21 07:29:22.595880: | d5 32 f4 64 d3 e0 17 fe 2a 98 1f df 0d 2f c7 39 Sep 21 07:29:22.595883: | 48 3f 77 5b 7d 39 19 42 78 2f c9 49 87 63 ca 6c Sep 21 07:29:22.595886: | d4 a3 6f c7 51 7e a8 19 db e5 12 4e 42 b9 9c 39 Sep 21 07:29:22.595889: | ef 18 f1 c8 f8 95 17 17 c9 c9 fb a1 b8 b0 1f 47 Sep 21 07:29:22.595892: | 30 01 0e 81 a0 fa bd 30 34 47 d6 b9 43 cf 3a 7f Sep 21 07:29:22.595895: | cc 6f 9e 40 7d 04 dc 16 79 b7 62 ee d4 c1 1b dc Sep 21 07:29:22.595898: | 22 77 da d4 03 b4 b0 fc 89 d2 18 ec c3 e8 03 58 Sep 21 07:29:22.595901: | c9 96 33 80 2d d1 f6 e0 eb 32 9a bc 60 c2 09 29 Sep 21 07:29:22.595904: | 87 99 b4 49 6e 48 1b 73 85 52 44 a3 4d e4 85 62 Sep 21 07:29:22.595907: | 47 7b b0 f5 4b 8e fc 14 92 cd 0d 3a 1d 14 52 b6 Sep 21 07:29:22.595910: | a0 24 1a db df 88 ad 88 58 78 f7 76 3d ad 59 c6 Sep 21 07:29:22.595913: | b2 33 4b b2 5e c2 98 34 99 23 ea 06 af c7 a7 6c Sep 21 07:29:22.595916: | 8d e0 e7 c1 77 51 84 88 82 7a 78 fa 06 a8 40 b2 Sep 21 07:29:22.595919: | 9d e5 5f e9 7a ee 52 ef 31 eb ad 8b 05 1a 1c 16 Sep 21 07:29:22.595922: | c7 ac 6f 73 c1 cd 1a 6d 0e 24 55 0d 28 dc 57 47 Sep 21 07:29:22.595927: | 8e 0d c7 39 2c ad 00 c3 e9 67 48 19 0e 33 dc eb Sep 21 07:29:22.595933: | 3b 41 1c 30 77 4b ec 03 ac 8b 74 3b f7 a9 db e8 Sep 21 07:29:22.595937: | 66 07 fd 46 b6 72 b2 60 0c e8 c7 db 3f 28 cb 01 Sep 21 07:29:22.595939: | 60 15 65 0e ef 07 18 56 24 e2 e7 a7 9a c2 19 e0 Sep 21 07:29:22.595941: | 81 5e cb 25 93 81 a4 25 52 75 c5 14 79 56 21 ef Sep 21 07:29:22.595944: | 50 d9 31 05 fa d9 84 0e 3c cc dc d8 ff d8 41 2c Sep 21 07:29:22.595946: | e9 15 df ab d9 18 19 c8 e6 94 8d 0d c1 37 2b f7 Sep 21 07:29:22.595948: | 6e 7e a7 6c f5 e0 df 3a a5 61 05 84 1d 11 27 ba Sep 21 07:29:22.595950: | ae d0 e4 f0 3a 20 08 ea 2f 6b 05 e8 c6 0f 6e 37 Sep 21 07:29:22.595952: | 61 7c 35 58 16 66 9d 10 04 Sep 21 07:29:22.595991: | state #3 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:29:22.595995: | libevent_free: release ptr-libevent@0x55d0f5690e50 Sep 21 07:29:22.595998: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55d0f5696960 Sep 21 07:29:22.596000: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:29:22.596004: | event_schedule: new EVENT_RETRANSMIT-pe@0x55d0f5696960 Sep 21 07:29:22.596008: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #3 Sep 21 07:29:22.596010: | libevent_malloc: new ptr-libevent@0x55d0f5690e50 size 128 Sep 21 07:29:22.596015: | #3 STATE_V2_CREATE_I: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49608.964268 Sep 21 07:29:22.596021: | stop processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:29:22.596025: | resume processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:29:22.596030: | #1 spent 1.03 milliseconds in callback v2_msgid_schedule_next_initiator Sep 21 07:29:22.596035: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in callback_handler() at server.c:908) Sep 21 07:29:22.596038: | libevent_free: release ptr-libevent@0x55d0f5690dc0 Sep 21 07:29:22.698482: | spent 0.00276 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:29:22.698546: | *received 449 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:29:22.698550: | fc 0f a2 c4 c7 27 e0 04 a6 e8 ae 6b 63 e8 b3 16 Sep 21 07:29:22.698552: | 2e 20 24 20 00 00 00 02 00 00 01 c1 21 00 01 a5 Sep 21 07:29:22.698555: | be c6 cb 3f 6e 50 ba ab 43 c1 39 d1 f3 ec 89 ee Sep 21 07:29:22.698557: | a3 47 f5 10 2f d4 5d 75 17 de d0 66 4e 7e ef b3 Sep 21 07:29:22.698559: | e3 0a d6 15 70 55 a2 94 a4 29 01 4a d1 dd 05 41 Sep 21 07:29:22.698561: | 71 3a 5d 41 44 d1 50 bc b1 76 80 e5 37 5e 6b 1c Sep 21 07:29:22.698564: | 31 e6 24 6f 05 54 a5 70 64 25 28 60 a6 c0 9f ee Sep 21 07:29:22.698566: | c0 f2 bd 7d c7 86 6a 3e 1c 81 f2 c3 73 6d 1f 18 Sep 21 07:29:22.698568: | 96 77 fc 4d 16 9f ae d7 35 73 f5 57 a6 23 e5 08 Sep 21 07:29:22.698571: | 03 b8 26 ad b7 c9 42 fd cf 5d 47 09 8a 2d 39 8d Sep 21 07:29:22.698573: | 47 7c 9f 1f 94 9f 7d a5 42 e1 e4 a7 54 3f 0c f4 Sep 21 07:29:22.698575: | d9 71 a4 36 8c ae e6 fc eb 3d 7f 9b 32 13 ac 2a Sep 21 07:29:22.698578: | 0e f9 4f a7 f1 3f 2e 4d 44 0a 76 20 fa 71 f1 11 Sep 21 07:29:22.698580: | c1 07 d0 9a 9d fe 45 58 7e a7 b1 6f 7b 2f 95 70 Sep 21 07:29:22.698582: | 68 76 f0 e6 73 8d 54 ed 16 87 0e ec 1d 29 68 35 Sep 21 07:29:22.698584: | bc 97 91 c2 cb 04 96 c8 02 0e ed 08 e3 43 b3 cc Sep 21 07:29:22.698587: | 7c 98 45 9b c1 1c 8c cd 51 7d 46 cc 3f 0c 0a ab Sep 21 07:29:22.698589: | 18 80 a5 4c ca 4b f9 c0 5f 2e b6 0b 8a 99 64 b2 Sep 21 07:29:22.698591: | e3 3e 92 f7 fd d3 8c 87 06 ee 2a c5 9e 2a 86 0a Sep 21 07:29:22.698593: | c6 3d 8e 28 b1 41 08 f5 a8 69 14 7f e8 e5 c4 8e Sep 21 07:29:22.698596: | 3d fe 0d da 11 ae 1b 0a 70 7b 60 4b 19 af 3b bb Sep 21 07:29:22.698598: | fe 1d bd d4 de 61 72 86 e7 96 cf cb 6a a4 14 e3 Sep 21 07:29:22.698600: | 8a 6c 6e 8c a2 f0 dd 12 47 7a b6 c7 75 04 30 87 Sep 21 07:29:22.698603: | 28 05 f9 2c 42 d8 dd b4 3d 0a 66 a4 82 53 82 b8 Sep 21 07:29:22.698605: | be af 5a 81 37 03 82 43 f6 4c c5 9b 8c 8e 7f f3 Sep 21 07:29:22.698607: | 94 a9 e7 b7 5b e6 73 ee 8c 6b 41 b5 a2 96 e2 40 Sep 21 07:29:22.698610: | bd 45 9b c2 88 13 75 e9 9d 9e c4 76 32 8e 0e b4 Sep 21 07:29:22.698612: | d3 8f 9a 65 b8 57 53 82 11 f7 9d 08 59 56 39 78 Sep 21 07:29:22.698614: | c6 Sep 21 07:29:22.698619: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:29:22.698623: | **parse ISAKMP Message: Sep 21 07:29:22.698625: | initiator cookie: Sep 21 07:29:22.698627: | fc 0f a2 c4 c7 27 e0 04 Sep 21 07:29:22.698630: | responder cookie: Sep 21 07:29:22.698632: | a6 e8 ae 6b 63 e8 b3 16 Sep 21 07:29:22.698635: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:29:22.698637: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:29:22.698640: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:29:22.698643: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Sep 21 07:29:22.698645: | Message ID: 2 (0x2) Sep 21 07:29:22.698647: | length: 449 (0x1c1) Sep 21 07:29:22.698650: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Sep 21 07:29:22.698653: | I am the IKE SA Original Initiator receiving an IKEv2 CREATE_CHILD_SA response Sep 21 07:29:22.698657: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:29:22.698664: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:29:22.698667: | State DB: found IKEv2 state #3 in V2_CREATE_I (find_v2_sa_by_initiator_wip) Sep 21 07:29:22.698672: | suspend processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:29:22.698676: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2062) Sep 21 07:29:22.698679: | #3 is idle Sep 21 07:29:22.698681: | #3 idle Sep 21 07:29:22.698684: | unpacking clear payload Sep 21 07:29:22.698686: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:29:22.698691: | ***parse IKEv2 Encryption Payload: Sep 21 07:29:22.698693: | next payload type: ISAKMP_NEXT_v2SA (0x21) Sep 21 07:29:22.698696: | flags: none (0x0) Sep 21 07:29:22.698698: | length: 421 (0x1a5) Sep 21 07:29:22.698701: | processing payload: ISAKMP_NEXT_v2SK (len=417) Sep 21 07:29:22.698703: | #3 in state V2_CREATE_I: sent IPsec Child req wait response Sep 21 07:29:22.698718: | #3 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Sep 21 07:29:22.698721: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Sep 21 07:29:22.698724: | **parse IKEv2 Security Association Payload: Sep 21 07:29:22.698726: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Sep 21 07:29:22.698728: | flags: none (0x0) Sep 21 07:29:22.698731: | length: 44 (0x2c) Sep 21 07:29:22.698733: | processing payload: ISAKMP_NEXT_v2SA (len=40) Sep 21 07:29:22.698736: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Sep 21 07:29:22.698738: | **parse IKEv2 Nonce Payload: Sep 21 07:29:22.698740: | next payload type: ISAKMP_NEXT_v2KE (0x22) Sep 21 07:29:22.698743: | flags: none (0x0) Sep 21 07:29:22.698745: | length: 36 (0x24) Sep 21 07:29:22.698747: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Sep 21 07:29:22.698750: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Sep 21 07:29:22.698753: | **parse IKEv2 Key Exchange Payload: Sep 21 07:29:22.698755: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Sep 21 07:29:22.698757: | flags: none (0x0) Sep 21 07:29:22.698760: | length: 264 (0x108) Sep 21 07:29:22.698762: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:29:22.698765: | processing payload: ISAKMP_NEXT_v2KE (len=256) Sep 21 07:29:22.698767: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Sep 21 07:29:22.698769: | **parse IKEv2 Traffic Selector - Initiator - Payload: Sep 21 07:29:22.698772: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Sep 21 07:29:22.698774: | flags: none (0x0) Sep 21 07:29:22.698776: | length: 24 (0x18) Sep 21 07:29:22.698779: | number of TS: 1 (0x1) Sep 21 07:29:22.698781: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Sep 21 07:29:22.698803: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Sep 21 07:29:22.698808: | **parse IKEv2 Traffic Selector - Responder - Payload: Sep 21 07:29:22.698811: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:22.698813: | flags: none (0x0) Sep 21 07:29:22.698815: | length: 24 (0x18) Sep 21 07:29:22.698818: | number of TS: 1 (0x1) Sep 21 07:29:22.698820: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Sep 21 07:29:22.698823: | selected state microcode Process CREATE_CHILD_SA IPsec SA Response Sep 21 07:29:22.698829: | #1 updating local interface from 192.1.2.45:500 to 192.1.2.45:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:29:22.698832: | forcing ST #3 to CHILD #1.#3 in FSM processor Sep 21 07:29:22.698834: | Now let's proceed with state specific processing Sep 21 07:29:22.698836: | calling processor Process CREATE_CHILD_SA IPsec SA Response Sep 21 07:29:22.698851: | using existing local ESP/AH proposals for westnet-eastnet-vti-02 (CREATE_CHILD_SA initiator accepting remote ESP/AH proposal): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:29:22.698854: | Comparing remote proposals against CREATE_CHILD_SA initiator accepting remote ESP/AH proposal 4 local proposals Sep 21 07:29:22.698858: | local proposal 1 type ENCR has 1 transforms Sep 21 07:29:22.698860: | local proposal 1 type PRF has 0 transforms Sep 21 07:29:22.698863: | local proposal 1 type INTEG has 1 transforms Sep 21 07:29:22.698865: | local proposal 1 type DH has 1 transforms Sep 21 07:29:22.698868: | local proposal 1 type ESN has 1 transforms Sep 21 07:29:22.698871: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG Sep 21 07:29:22.698875: | local proposal 2 type ENCR has 1 transforms Sep 21 07:29:22.698877: | local proposal 2 type PRF has 0 transforms Sep 21 07:29:22.698880: | local proposal 2 type INTEG has 1 transforms Sep 21 07:29:22.698882: | local proposal 2 type DH has 1 transforms Sep 21 07:29:22.698885: | local proposal 2 type ESN has 1 transforms Sep 21 07:29:22.698888: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG Sep 21 07:29:22.698890: | local proposal 3 type ENCR has 1 transforms Sep 21 07:29:22.698892: | local proposal 3 type PRF has 0 transforms Sep 21 07:29:22.698895: | local proposal 3 type INTEG has 2 transforms Sep 21 07:29:22.698897: | local proposal 3 type DH has 1 transforms Sep 21 07:29:22.698900: | local proposal 3 type ESN has 1 transforms Sep 21 07:29:22.698903: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none Sep 21 07:29:22.698905: | local proposal 4 type ENCR has 1 transforms Sep 21 07:29:22.698907: | local proposal 4 type PRF has 0 transforms Sep 21 07:29:22.698910: | local proposal 4 type INTEG has 2 transforms Sep 21 07:29:22.698912: | local proposal 4 type DH has 1 transforms Sep 21 07:29:22.698914: | local proposal 4 type ESN has 1 transforms Sep 21 07:29:22.698917: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none Sep 21 07:29:22.698920: | ***parse IKEv2 Proposal Substructure Payload: Sep 21 07:29:22.698923: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:29:22.698925: | length: 40 (0x28) Sep 21 07:29:22.698927: | prop #: 1 (0x1) Sep 21 07:29:22.698930: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:29:22.698932: | spi size: 4 (0x4) Sep 21 07:29:22.698934: | # transforms: 3 (0x3) Sep 21 07:29:22.698937: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Sep 21 07:29:22.698940: | remote SPI 95 b5 68 05 Sep 21 07:29:22.698943: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Sep 21 07:29:22.698945: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:29:22.698948: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.698950: | length: 12 (0xc) Sep 21 07:29:22.698953: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:29:22.698955: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:29:22.698958: | *****parse IKEv2 Attribute Substructure Payload: Sep 21 07:29:22.698960: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:29:22.698963: | length/value: 256 (0x100) Sep 21 07:29:22.698967: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Sep 21 07:29:22.698969: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:29:22.698972: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:22.698974: | length: 8 (0x8) Sep 21 07:29:22.698977: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:22.698979: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:29:22.698982: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Sep 21 07:29:22.698985: | ****parse IKEv2 Transform Substructure Payload: Sep 21 07:29:22.698987: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:29:22.698990: | length: 8 (0x8) Sep 21 07:29:22.698992: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:29:22.698994: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:29:22.698998: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Sep 21 07:29:22.699001: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none Sep 21 07:29:22.699006: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN Sep 21 07:29:22.699008: | remote proposal 1 matches local proposal 1 Sep 21 07:29:22.699011: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] Sep 21 07:29:22.699016: | CREATE_CHILD_SA initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP:SPI=95b56805;ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED Sep 21 07:29:22.699021: | converting proposal to internal trans attrs Sep 21 07:29:22.699026: | updating #3's .st_oakley with preserved PRF, but why update? Sep 21 07:29:22.699033: | adding ikev2 Child SA initiator pfs=yes work-order 4 for state #3 Sep 21 07:29:22.699036: | state #3 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:29:22.699039: | #3 STATE_V2_CREATE_I: retransmits: cleared Sep 21 07:29:22.699043: | libevent_free: release ptr-libevent@0x55d0f5690e50 Sep 21 07:29:22.699046: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55d0f5696960 Sep 21 07:29:22.699049: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55d0f5696960 Sep 21 07:29:22.699052: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:29:22.699055: | libevent_malloc: new ptr-libevent@0x55d0f5690e50 size 128 Sep 21 07:29:22.699065: | #3 spent 0.224 milliseconds in processing: Process CREATE_CHILD_SA IPsec SA Response in ikev2_process_state_packet() Sep 21 07:29:22.699071: | [RE]START processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:29:22.699075: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_SUSPEND Sep 21 07:29:22.699077: | suspending state #3 and saving MD Sep 21 07:29:22.699079: | #3 is busy; has a suspended MD Sep 21 07:29:22.699084: | [RE]START processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:29:22.699087: | "westnet-eastnet-vti-02" #3 complete v2 state STATE_V2_CREATE_I transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:29:22.699091: | stop processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:29:22.699095: | #1 spent 0.542 milliseconds in ikev2_process_packet() Sep 21 07:29:22.699099: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:29:22.699102: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:29:22.699105: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:29:22.699108: | spent 0.555 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:29:22.699118: | crypto helper 1 resuming Sep 21 07:29:22.699122: | crypto helper 1 starting work-order 4 for state #3 Sep 21 07:29:22.699126: | crypto helper 1 doing crypto (ikev2 Child SA initiator pfs=yes); request ID 4 Sep 21 07:29:22.700087: | crypto helper 1 finished crypto (ikev2 Child SA initiator pfs=yes); request ID 4 time elapsed 0.000961 seconds Sep 21 07:29:22.700096: | (#3) spent 0.966 milliseconds in crypto helper computing work-order 4: ikev2 Child SA initiator pfs=yes (dh) Sep 21 07:29:22.700099: | crypto helper 1 sending results from work-order 4 for state #3 to event queue Sep 21 07:29:22.700101: | scheduling resume sending helper answer for #3 Sep 21 07:29:22.700104: | libevent_malloc: new ptr-libevent@0x7f9c90001ef0 size 128 Sep 21 07:29:22.700112: | crypto helper 1 waiting (nothing to do) Sep 21 07:29:22.700121: | processing resume sending helper answer for #3 Sep 21 07:29:22.700126: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:29:22.700130: | crypto helper 1 replies to request ID 4 Sep 21 07:29:22.700132: | calling continuation function 0x55d0f3d2b4f0 Sep 21 07:29:22.700135: | ikev2_child_inR_continue for #3 STATE_V2_CREATE_I Sep 21 07:29:22.700138: | TSi: parsing 1 traffic selectors Sep 21 07:29:22.700140: | ***parse IKEv2 Traffic Selector: Sep 21 07:29:22.700143: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:29:22.700145: | IP Protocol ID: 0 (0x0) Sep 21 07:29:22.700148: | length: 16 (0x10) Sep 21 07:29:22.700150: | start port: 0 (0x0) Sep 21 07:29:22.700152: | end port: 65535 (0xffff) Sep 21 07:29:22.700155: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:29:22.700159: | TS low 0a 00 01 00 Sep 21 07:29:22.700162: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:29:22.700164: | TS high 0a 00 01 ff Sep 21 07:29:22.700166: | TSi: parsed 1 traffic selectors Sep 21 07:29:22.700169: | TSr: parsing 1 traffic selectors Sep 21 07:29:22.700171: | ***parse IKEv2 Traffic Selector: Sep 21 07:29:22.700173: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Sep 21 07:29:22.700176: | IP Protocol ID: 0 (0x0) Sep 21 07:29:22.700178: | length: 16 (0x10) Sep 21 07:29:22.700180: | start port: 0 (0x0) Sep 21 07:29:22.700182: | end port: 65535 (0xffff) Sep 21 07:29:22.700184: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Sep 21 07:29:22.700187: | TS low 0a 00 02 00 Sep 21 07:29:22.700189: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Sep 21 07:29:22.700191: | TS high 0a 00 02 ff Sep 21 07:29:22.700193: | TSr: parsed 1 traffic selectors Sep 21 07:29:22.700199: | evaluating our conn="westnet-eastnet-vti-02" I=10.0.1.0/24:0:0/0 R=10.0.2.0/24:0:0/0 to their: Sep 21 07:29:22.700204: | TSi[0] .net=10.0.1.0-10.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:29:22.700211: | match address end->client=10.0.1.0/24 == TSi[0]net=10.0.1.0-10.0.1.255: YES fitness 32 Sep 21 07:29:22.700214: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Sep 21 07:29:22.700217: | TSi[0] port match: YES fitness 65536 Sep 21 07:29:22.700219: | narrow protocol end=*0 == TSi[0]=*0: 0 Sep 21 07:29:22.700222: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Sep 21 07:29:22.700227: | TSr[0] .net=10.0.2.0-10.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Sep 21 07:29:22.700232: | match address end->client=10.0.2.0/24 == TSr[0]net=10.0.2.0-10.0.2.255: YES fitness 32 Sep 21 07:29:22.700235: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Sep 21 07:29:22.700237: | TSr[0] port match: YES fitness 65536 Sep 21 07:29:22.700240: | narrow protocol end=*0 == TSr[0]=*0: 0 Sep 21 07:29:22.700243: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Sep 21 07:29:22.700245: | best fit so far: TSi[0] TSr[0] Sep 21 07:29:22.700247: | found an acceptable TSi/TSr Traffic Selector Sep 21 07:29:22.700249: | printing contents struct traffic_selector Sep 21 07:29:22.700252: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:29:22.700254: | ipprotoid: 0 Sep 21 07:29:22.700256: | port range: 0-65535 Sep 21 07:29:22.700260: | ip range: 10.0.1.0-10.0.1.255 Sep 21 07:29:22.700262: | printing contents struct traffic_selector Sep 21 07:29:22.700264: | ts_type: IKEv2_TS_IPV6_ADDR_RANGE Sep 21 07:29:22.700266: | ipprotoid: 0 Sep 21 07:29:22.700268: | port range: 0-65535 Sep 21 07:29:22.700272: | ip range: 10.0.2.0-10.0.2.255 Sep 21 07:29:22.700275: | integ=none: .key_size=0 encrypt=aes_gcm_16: .key_size=32 .salt_size=4 keymat_len=36 Sep 21 07:29:22.700448: | install_ipsec_sa() for #3: inbound and outbound Sep 21 07:29:22.700453: | could_route called for westnet-eastnet-vti-02 (kind=CK_PERMANENT) Sep 21 07:29:22.700456: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:29:22.700459: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff vs Sep 21 07:29:22.700461: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff Sep 21 07:29:22.700464: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff vs Sep 21 07:29:22.700466: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff Sep 21 07:29:22.700470: | route owner of "westnet-eastnet-vti-02" unrouted: NULL; eroute owner: NULL Sep 21 07:29:22.700474: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:29:22.700477: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:29:22.700479: | AES_GCM_16 requires 4 salt bytes Sep 21 07:29:22.700482: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:29:22.700486: | setting IPsec SA replay-window to 32 Sep 21 07:29:22.700491: | NIC esp-hw-offload not for connection 'westnet-eastnet-vti-02' not available on interface eth1 Sep 21 07:29:22.700494: | netlink: enabling tunnel mode Sep 21 07:29:22.700496: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:29:22.700499: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:29:22.700689: | netlink response for Add SA esp.95b56805@192.1.2.23 included non-error error Sep 21 07:29:22.700695: | set up outgoing SA, ref=0/0 Sep 21 07:29:22.700698: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Sep 21 07:29:22.700701: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Sep 21 07:29:22.700704: | AES_GCM_16 requires 4 salt bytes Sep 21 07:29:22.700707: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Sep 21 07:29:22.700710: | setting IPsec SA replay-window to 32 Sep 21 07:29:22.700713: | NIC esp-hw-offload not for connection 'westnet-eastnet-vti-02' not available on interface eth1 Sep 21 07:29:22.700716: | netlink: enabling tunnel mode Sep 21 07:29:22.700718: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:29:22.700721: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:29:22.700855: | netlink response for Add SA esp.769070b@192.1.2.45 included non-error error Sep 21 07:29:22.700863: | priority calculation of connection "westnet-eastnet-vti-02" is 0xfe7e7 Sep 21 07:29:22.700870: | add inbound eroute 10.0.2.0/24:0 --0-> 10.0.1.0/24:0 => tun.10000@192.1.2.45 (raw_eroute) Sep 21 07:29:22.700874: | IPsec Sa SPD priority set to 1042407 Sep 21 07:29:22.701064: | raw_eroute result=success Sep 21 07:29:22.701070: | set up incoming SA, ref=0/0 Sep 21 07:29:22.701073: | sr for #3: unrouted Sep 21 07:29:22.701077: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:29:22.701079: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:29:22.701083: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff vs Sep 21 07:29:22.701086: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff Sep 21 07:29:22.701089: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff vs Sep 21 07:29:22.701092: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff Sep 21 07:29:22.701096: | route owner of "westnet-eastnet-vti-02" unrouted: NULL; eroute owner: NULL Sep 21 07:29:22.701100: | route_and_eroute with c: westnet-eastnet-vti-02 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #3 Sep 21 07:29:22.701104: | priority calculation of connection "westnet-eastnet-vti-02" is 0xfe7e7 Sep 21 07:29:22.701112: | eroute_connection add eroute 10.0.1.0/24:0 --0-> 10.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:29:22.701115: | IPsec Sa SPD priority set to 1042407 Sep 21 07:29:22.701214: | raw_eroute result=success Sep 21 07:29:22.701221: | running updown command "ipsec _updown" for verb up Sep 21 07:29:22.701224: | command executing up-client Sep 21 07:29:22.701257: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xffffffff CONNMARK Sep 21 07:29:22.701261: | popen cmd is 1123 chars long Sep 21 07:29:22.701267: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti: Sep 21 07:29:22.701270: | cmd( 80):-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PL: Sep 21 07:29:22.701273: | cmd( 160):UTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0' P: Sep 21 07:29:22.701276: | cmd( 240):LUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' PLU: Sep 21 07:29:22.701279: | cmd( 320):TO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.: Sep 21 07:29:22.701282: | cmd( 400):2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT_NE: Sep 21 07:29:22.701285: | cmd( 480):T='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PE: Sep 21 07:29:22.701287: | cmd( 560):ER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CO: Sep 21 07:29:22.701290: | cmd( 640):NN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+E: Sep 21 07:29:22.701293: | cmd( 720):SN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=: Sep 21 07:29:22.701296: | cmd( 800):0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO: Sep 21 07:29:22.701299: | cmd( 880):_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0: Sep 21 07:29:22.701302: | cmd( 960):' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ipsec0' VTI_RO: Sep 21 07:29:22.701304: | cmd(1040):UTING='yes' VTI_SHARED='yes' SPI_IN=0x95b56805 SPI_OUT=0x769070b ipsec _updown 2: Sep 21 07:29:22.701307: | cmd(1120):>&1: Sep 21 07:29:22.739325: "westnet-eastnet-vti-02" #3: up-client output: vti interface "ipsec0" already exists with conflicting setting Sep 21 07:29:22.739353: "westnet-eastnet-vti-02" #3: up-client output: existing: ipsec0: ip/ip remote any local 192.1.2.45 ttl inherit ikey 20 okey 21 Sep 21 07:29:22.739360: "westnet-eastnet-vti-02" #3: up-client output: wanted : ipsec0: ip/ip remote any local 192.1.2.45 ttl inherit key 21 Sep 21 07:29:22.749421: "westnet-eastnet-vti-02" #3: up-client output: done ip route Sep 21 07:29:22.749632: | route_and_eroute: firewall_notified: true Sep 21 07:29:22.749638: | running updown command "ipsec _updown" for verb prepare Sep 21 07:29:22.749642: | command executing prepare-client Sep 21 07:29:22.749676: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xfffffff Sep 21 07:29:22.749679: | popen cmd is 1128 chars long Sep 21 07:29:22.749682: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Sep 21 07:29:22.749685: | cmd( 80):t-vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.4: Sep 21 07:29:22.749688: | cmd( 160):5' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1: Sep 21 07:29:22.749690: | cmd( 240):.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0: Sep 21 07:29:22.749693: | cmd( 320):' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='1: Sep 21 07:29:22.749698: | cmd( 400):92.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIE: Sep 21 07:29:22.749701: | cmd( 480):NT_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLU: Sep 21 07:29:22.749703: | cmd( 560):TO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLU: Sep 21 07:29:22.749706: | cmd( 640):TO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_AL: Sep 21 07:29:22.749708: | cmd( 720):LOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FA: Sep 21 07:29:22.749711: | cmd( 800):ILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' : Sep 21 07:29:22.749713: | cmd( 880):PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGUR: Sep 21 07:29:22.749716: | cmd( 960):ED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ipsec0' V: Sep 21 07:29:22.749718: | cmd(1040):TI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0x95b56805 SPI_OUT=0x769070b ipsec _upd: Sep 21 07:29:22.749720: | cmd(1120):own 2>&1: Sep 21 07:29:22.780329: "westnet-eastnet-vti-02" #3: prepare-client output: vti interface "ipsec0" already exists with conflicting setting Sep 21 07:29:22.780354: "westnet-eastnet-vti-02" #3: prepare-client output: existing: ipsec0: ip/ip remote any local 192.1.2.45 ttl inherit ikey 20 okey 21 Sep 21 07:29:22.780359: "westnet-eastnet-vti-02" #3: prepare-client output: wanted : ipsec0: ip/ip remote any local 192.1.2.45 ttl inherit key 21 Sep 21 07:29:22.780597: | running updown command "ipsec _updown" for verb route Sep 21 07:29:22.780603: | command executing route-client Sep 21 07:29:22.780637: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xffffffff CO Sep 21 07:29:22.780640: | popen cmd is 1126 chars long Sep 21 07:29:22.780643: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Sep 21 07:29:22.780646: | cmd( 80):vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45': Sep 21 07:29:22.780648: | cmd( 160): PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0: Sep 21 07:29:22.780651: | cmd( 240):' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' : Sep 21 07:29:22.780653: | cmd( 320):PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192: Sep 21 07:29:22.780656: | cmd( 400):.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT: Sep 21 07:29:22.780658: | cmd( 480):_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO: Sep 21 07:29:22.780661: | cmd( 560):_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO: Sep 21 07:29:22.780663: | cmd( 640):_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLO: Sep 21 07:29:22.780666: | cmd( 720):W+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAIL: Sep 21 07:29:22.780668: | cmd( 800):ED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PL: Sep 21 07:29:22.780674: | cmd( 880):UTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED: Sep 21 07:29:22.780677: | cmd( 960):='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ipsec0' VTI: Sep 21 07:29:22.780683: | cmd(1040):_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0x95b56805 SPI_OUT=0x769070b ipsec _updow: Sep 21 07:29:22.780685: | cmd(1120):n 2>&1: Sep 21 07:29:22.807989: "westnet-eastnet-vti-02" #3: route-client output: RTNETLINK answers: File exists Sep 21 07:29:22.809891: "westnet-eastnet-vti-02" #3: route-client output: done ip route Sep 21 07:29:22.816605: | route_and_eroute: instance "westnet-eastnet-vti-02", setting eroute_owner {spd=0x55d0f568d9e0,sr=0x55d0f568d9e0} to #3 (was #0) (newest_ipsec_sa=#0) Sep 21 07:29:22.816927: | #1 spent 1.16 milliseconds in install_ipsec_sa() Sep 21 07:29:22.816939: | inR2: instance westnet-eastnet-vti-02[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Sep 21 07:29:22.816943: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:29:22.816949: | libevent_free: release ptr-libevent@0x55d0f5690e50 Sep 21 07:29:22.816952: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55d0f5696960 Sep 21 07:29:22.816961: | [RE]START processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:29:22.816965: | #3 complete_v2_state_transition() V2_CREATE_I->V2_IPSEC_I with status STF_OK Sep 21 07:29:22.816968: | IKEv2: transition from state STATE_V2_CREATE_I to state STATE_V2_IPSEC_I Sep 21 07:29:22.816972: | child state #3: V2_CREATE_I(established IKE SA) => V2_IPSEC_I(established CHILD SA) Sep 21 07:29:22.816975: | Message ID: updating counters for #3 to 2 after switching state Sep 21 07:29:22.816980: | Message ID: recv #1.#3 response 2; ike: initiator.sent=2 initiator.recv=1->2 responder.sent=-1 responder.recv=-1; child: wip.initiator=2->-1 wip.responder=-1 Sep 21 07:29:22.816985: | Message ID: #1.#3 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1 Sep 21 07:29:22.816988: | pstats #3 ikev2.child established Sep 21 07:29:22.816997: "westnet-eastnet-vti-02" #3: negotiated connection [10.0.1.0-10.0.1.255:0-65535 0] -> [10.0.2.0-10.0.2.255:0-65535 0] Sep 21 07:29:22.817009: | NAT-T: encaps is 'auto' Sep 21 07:29:22.817015: "westnet-eastnet-vti-02" #3: STATE_V2_IPSEC_I: IPsec SA established tunnel mode {ESP=>0x95b56805 <0x0769070b xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive} Sep 21 07:29:22.817019: | releasing whack for #3 (sock=fd@22) Sep 21 07:29:22.817026: | close_any(fd@22) (in release_whack() at state.c:654) Sep 21 07:29:22.817029: | releasing whack and unpending for parent #1 Sep 21 07:29:22.817032: | unpending state #1 connection "westnet-eastnet-vti-02" Sep 21 07:29:22.817037: | #3 will start re-keying in 27838 seconds with margin of 962 seconds (attempting re-key) Sep 21 07:29:22.817040: | event_schedule: new EVENT_SA_REKEY-pe@0x55d0f5696960 Sep 21 07:29:22.817044: | inserting event EVENT_SA_REKEY, timeout in 27838 seconds for #3 Sep 21 07:29:22.817047: | libevent_malloc: new ptr-libevent@0x55d0f5690e50 size 128 Sep 21 07:29:22.817054: | #3 spent 1.61 milliseconds in resume sending helper answer Sep 21 07:29:22.817059: | stop processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:29:22.817062: | libevent_free: release ptr-libevent@0x7f9c90001ef0 Sep 21 07:29:22.817072: | kernel_process_msg_cb process netlink message Sep 21 07:29:22.817078: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:29:22.817083: | spent 0.00729 milliseconds in kernel message Sep 21 07:29:22.817090: | processing signal PLUTO_SIGCHLD Sep 21 07:29:22.817095: | waitpid returned ECHILD (no child processes left) Sep 21 07:29:22.817099: | spent 0.00481 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:29:22.817101: | processing signal PLUTO_SIGCHLD Sep 21 07:29:22.817107: | waitpid returned ECHILD (no child processes left) Sep 21 07:29:22.817111: | spent 0.00364 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:29:22.817114: | processing signal PLUTO_SIGCHLD Sep 21 07:29:22.817117: | waitpid returned ECHILD (no child processes left) Sep 21 07:29:22.817120: | spent 0.00341 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:29:26.118207: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:29:26.118225: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:29:26.118228: | FOR_EACH_STATE_... in sort_states Sep 21 07:29:26.118234: | get_sa_info esp.eec7c242@192.1.2.45 Sep 21 07:29:26.118247: | get_sa_info esp.be21e6a1@192.1.2.23 Sep 21 07:29:26.118258: | get_sa_info esp.769070b@192.1.2.45 Sep 21 07:29:26.118263: | get_sa_info esp.95b56805@192.1.2.23 Sep 21 07:29:26.118276: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:29:26.118280: | spent 0.0818 milliseconds in whack Sep 21 07:29:27.338485: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:29:27.338683: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:29:27.338688: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:29:27.338798: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:29:27.338804: | FOR_EACH_STATE_... in sort_states Sep 21 07:29:27.338818: | get_sa_info esp.eec7c242@192.1.2.45 Sep 21 07:29:27.338832: | get_sa_info esp.be21e6a1@192.1.2.23 Sep 21 07:29:27.338848: | get_sa_info esp.769070b@192.1.2.45 Sep 21 07:29:27.338856: | get_sa_info esp.95b56805@192.1.2.23 Sep 21 07:29:27.338875: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:29:27.338882: | spent 0.4 milliseconds in whack Sep 21 07:29:27.724468: | spent 0.00298 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:29:27.724492: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:29:27.724496: | fc 0f a2 c4 c7 27 e0 04 a6 e8 ae 6b 63 e8 b3 16 Sep 21 07:29:27.724498: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:29:27.724500: | 0c 0b 68 db ef 86 f3 89 fe e5 56 da 50 87 e3 92 Sep 21 07:29:27.724503: | df fc 02 ea 4c 83 af 89 6e e8 92 79 9b 43 df 42 Sep 21 07:29:27.724505: | e6 af 0e 36 bb Sep 21 07:29:27.724510: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:29:27.724513: | **parse ISAKMP Message: Sep 21 07:29:27.724516: | initiator cookie: Sep 21 07:29:27.724518: | fc 0f a2 c4 c7 27 e0 04 Sep 21 07:29:27.724520: | responder cookie: Sep 21 07:29:27.724522: | a6 e8 ae 6b 63 e8 b3 16 Sep 21 07:29:27.724525: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:29:27.724528: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:29:27.724530: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:29:27.724533: | flags: none (0x0) Sep 21 07:29:27.724535: | Message ID: 0 (0x0) Sep 21 07:29:27.724537: | length: 69 (0x45) Sep 21 07:29:27.724540: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:29:27.724543: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:29:27.724547: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:29:27.724553: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:29:27.724557: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:29:27.724561: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:29:27.724564: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Sep 21 07:29:27.724569: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 Sep 21 07:29:27.724574: | unpacking clear payload Sep 21 07:29:27.724576: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:29:27.724579: | ***parse IKEv2 Encryption Payload: Sep 21 07:29:27.724582: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:29:27.724584: | flags: none (0x0) Sep 21 07:29:27.724586: | length: 41 (0x29) Sep 21 07:29:27.724589: | processing payload: ISAKMP_NEXT_v2SK (len=37) Sep 21 07:29:27.724594: | Message ID: start-responder #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=-1->0 Sep 21 07:29:27.724596: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:29:27.724612: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:29:27.724615: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:29:27.724618: | **parse IKEv2 Delete Payload: Sep 21 07:29:27.724620: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:27.724623: | flags: none (0x0) Sep 21 07:29:27.724625: | length: 12 (0xc) Sep 21 07:29:27.724627: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:29:27.724630: | SPI size: 4 (0x4) Sep 21 07:29:27.724632: | number of SPIs: 1 (0x1) Sep 21 07:29:27.724634: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:29:27.724637: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:29:27.724639: | Now let's proceed with state specific processing Sep 21 07:29:27.724642: | calling processor I3: INFORMATIONAL Request Sep 21 07:29:27.724645: | an informational request should send a response Sep 21 07:29:27.724650: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:29:27.724653: | **emit ISAKMP Message: Sep 21 07:29:27.724655: | initiator cookie: Sep 21 07:29:27.724657: | fc 0f a2 c4 c7 27 e0 04 Sep 21 07:29:27.724660: | responder cookie: Sep 21 07:29:27.724662: | a6 e8 ae 6b 63 e8 b3 16 Sep 21 07:29:27.724664: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:29:27.724667: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:29:27.724669: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:29:27.724672: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:29:27.724674: | Message ID: 0 (0x0) Sep 21 07:29:27.724677: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:29:27.724680: | ***emit IKEv2 Encryption Payload: Sep 21 07:29:27.724682: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:27.724684: | flags: none (0x0) Sep 21 07:29:27.724688: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:29:27.724690: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:29:27.724693: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:29:27.724699: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:29:27.724702: | SPI 95 b5 68 05 Sep 21 07:29:27.724704: | delete PROTO_v2_ESP SA(0x95b56805) Sep 21 07:29:27.724707: | v2 CHILD SA #3 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Sep 21 07:29:27.724710: | State DB: found IKEv2 state #3 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Sep 21 07:29:27.724713: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0x95b56805) Sep 21 07:29:27.724716: "westnet-eastnet-vti-01" #1: received Delete SA payload: replace IPsec State #3 now Sep 21 07:29:27.724719: | state #3 requesting EVENT_SA_REKEY to be deleted Sep 21 07:29:27.724722: | libevent_free: release ptr-libevent@0x55d0f5690e50 Sep 21 07:29:27.724725: | free_event_entry: release EVENT_SA_REKEY-pe@0x55d0f5696960 Sep 21 07:29:27.724728: | event_schedule: new EVENT_SA_REPLACE-pe@0x55d0f5696960 Sep 21 07:29:27.724731: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #3 Sep 21 07:29:27.724734: | libevent_malloc: new ptr-libevent@0x55d0f5690e50 size 128 Sep 21 07:29:27.724738: | ****emit IKEv2 Delete Payload: Sep 21 07:29:27.724742: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:27.724745: | flags: none (0x0) Sep 21 07:29:27.724747: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:29:27.724749: | SPI size: 4 (0x4) Sep 21 07:29:27.724752: | number of SPIs: 1 (0x1) Sep 21 07:29:27.724755: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:29:27.724757: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:29:27.724760: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:29:27.724763: | local SPIs 07 69 07 0b Sep 21 07:29:27.724765: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:29:27.724768: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:29:27.724771: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:29:27.724773: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:29:27.724776: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:29:27.724778: | emitting length of ISAKMP Message: 69 Sep 21 07:29:27.724796: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:29:27.724801: | fc 0f a2 c4 c7 27 e0 04 a6 e8 ae 6b 63 e8 b3 16 Sep 21 07:29:27.724804: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Sep 21 07:29:27.724806: | 32 ec 40 c1 1d 7e 73 a9 ce f7 65 91 fb bb 4a 58 Sep 21 07:29:27.724808: | ec 48 8d 25 15 eb 96 ab a8 0b 6c 84 2e b1 1d 2b Sep 21 07:29:27.724810: | df df cb e9 3a Sep 21 07:29:27.724840: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=-1 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:29:27.724845: | Message ID: sent #1 response 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=-1->0 responder.recv=-1 wip.initiator=-1 wip.responder=0 Sep 21 07:29:27.724851: | #1 spent 0.188 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:29:27.724856: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:29:27.724860: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:29:27.724863: | Message ID: updating counters for #1 to 0 after switching state Sep 21 07:29:27.724868: | Message ID: recv #1 request 0; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=-1->0 wip.initiator=-1 wip.responder=0->-1 Sep 21 07:29:27.724872: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1 Sep 21 07:29:27.724875: "westnet-eastnet-vti-01" #1: STATE_PARENT_I3: PARENT SA established Sep 21 07:29:27.724880: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:29:27.724884: | #1 spent 0.385 milliseconds in ikev2_process_packet() Sep 21 07:29:27.724888: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:29:27.724891: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:29:27.724894: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:29:27.724897: | spent 0.398 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:29:27.724904: | timer_event_cb: processing event@0x55d0f5696960 Sep 21 07:29:27.724907: | handling event EVENT_SA_REPLACE for child state #3 Sep 21 07:29:27.724912: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:29:27.724915: | picked newest_ipsec_sa #3 for #3 Sep 21 07:29:27.724920: | replacing stale CHILD SA Sep 21 07:29:27.724924: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:29:27.724926: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:29:27.724930: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:29:27.724934: | creating state object #4 at 0x55d0f569f540 Sep 21 07:29:27.724937: | State DB: adding IKEv2 state #4 in UNDEFINED Sep 21 07:29:27.724940: | pstats #4 ikev2.child started Sep 21 07:29:27.724943: | duplicating state object #1 "westnet-eastnet-vti-01" as #4 for IPSEC SA Sep 21 07:29:27.724948: | #4 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:29:27.724953: | Message ID: init_child #1.#4; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:29:27.724956: | in connection_discard for connection westnet-eastnet-vti-01 Sep 21 07:29:27.724961: | suspend processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:29:27.724965: | start processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:29:27.724969: | child state #4: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Sep 21 07:29:27.724982: | using existing local ESP/AH proposals for westnet-eastnet-vti-02 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:29:27.724988: | #4 schedule rekey initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #3 using IKE# 1 pfs=MODP2048 Sep 21 07:29:27.724991: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x7f9c9c002b20 Sep 21 07:29:27.724994: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #4 Sep 21 07:29:27.724997: | libevent_malloc: new ptr-libevent@0x7f9c90001ef0 size 128 Sep 21 07:29:27.725002: | RESET processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:29:27.725005: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55d0f5698a20 Sep 21 07:29:27.725008: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #3 Sep 21 07:29:27.725011: | libevent_malloc: new ptr-libevent@0x7f9c9c006900 size 128 Sep 21 07:29:27.725014: | libevent_free: release ptr-libevent@0x55d0f5690e50 Sep 21 07:29:27.725016: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55d0f5696960 Sep 21 07:29:27.725020: | #3 spent 0.116 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:29:27.725023: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:29:27.725027: | timer_event_cb: processing event@0x7f9c9c002b20 Sep 21 07:29:27.725030: | handling event EVENT_v2_INITIATE_CHILD for child state #4 Sep 21 07:29:27.725034: | start processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:29:27.725038: | adding Child Rekey Initiator KE and nonce ni work-order 5 for state #4 Sep 21 07:29:27.725041: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55d0f5696960 Sep 21 07:29:27.725044: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Sep 21 07:29:27.725047: | libevent_malloc: new ptr-libevent@0x55d0f5690e50 size 128 Sep 21 07:29:27.725054: | libevent_free: release ptr-libevent@0x7f9c90001ef0 Sep 21 07:29:27.725057: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x7f9c9c002b20 Sep 21 07:29:27.725058: | crypto helper 2 resuming Sep 21 07:29:27.725061: | #4 spent 0.0326 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:29:27.725070: | crypto helper 2 starting work-order 5 for state #4 Sep 21 07:29:27.725077: | stop processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:29:27.725084: | crypto helper 2 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 Sep 21 07:29:27.725088: | timer_event_cb: processing event@0x55d0f5698a20 Sep 21 07:29:27.725098: | handling event EVENT_SA_EXPIRE for child state #3 Sep 21 07:29:27.725102: | start processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:29:27.725105: | picked newest_ipsec_sa #3 for #3 Sep 21 07:29:27.725108: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:29:27.725110: | pstats #3 ikev2.child re-failed exchange-timeout Sep 21 07:29:27.725113: | pstats #3 ikev2.child deleted completed Sep 21 07:29:27.725116: | #3 spent 3.68 milliseconds in total Sep 21 07:29:27.725120: | [RE]START processing: state #3 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:29:27.725124: "westnet-eastnet-vti-02" #3: deleting state (STATE_V2_IPSEC_I) aged 5.131s and NOT sending notification Sep 21 07:29:27.725127: | child state #3: V2_IPSEC_I(established CHILD SA) => delete Sep 21 07:29:27.725131: | get_sa_info esp.95b56805@192.1.2.23 Sep 21 07:29:27.725144: | get_sa_info esp.769070b@192.1.2.45 Sep 21 07:29:27.725151: "westnet-eastnet-vti-02" #3: ESP traffic information: in=0B out=0B Sep 21 07:29:27.725154: | child state #3: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:29:27.725216: | running updown command "ipsec _updown" for verb down Sep 21 07:29:27.725220: | command executing down-client Sep 21 07:29:27.725249: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050962' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xffff Sep 21 07:29:27.725252: | popen cmd is 1134 chars long Sep 21 07:29:27.725255: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-v: Sep 21 07:29:27.725258: | cmd( 80):ti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' : Sep 21 07:29:27.725260: | cmd( 160):PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0': Sep 21 07:29:27.725263: | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' P: Sep 21 07:29:27.725265: | cmd( 320):LUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.: Sep 21 07:29:27.725267: | cmd( 400):1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT_: Sep 21 07:29:27.725270: | cmd( 480):NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_: Sep 21 07:29:27.725272: | cmd( 560):PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='156905096: Sep 21 07:29:27.725275: | cmd( 640):2' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_F: Sep 21 07:29:27.725277: | cmd( 720):RAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XA: Sep 21 07:29:27.725280: | cmd( 800):UTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_IN: Sep 21 07:29:27.725285: | cmd( 880):FO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CO: Sep 21 07:29:27.725288: | cmd( 960):NFIGURED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ips: Sep 21 07:29:27.725290: | cmd(1040):ec0' VTI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0x95b56805 SPI_OUT=0x769070b ipse: Sep 21 07:29:27.725292: | cmd(1120):c _updown 2>&1: Sep 21 07:29:27.726103: | crypto helper 2 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 5 time elapsed 0.001019 seconds Sep 21 07:29:27.726116: | (#4) spent 1.02 milliseconds in crypto helper computing work-order 5: Child Rekey Initiator KE and nonce ni (pcr) Sep 21 07:29:27.726120: | crypto helper 2 sending results from work-order 5 for state #4 to event queue Sep 21 07:29:27.726123: | scheduling resume sending helper answer for #4 Sep 21 07:29:27.726126: | libevent_malloc: new ptr-libevent@0x7f9c94006900 size 128 Sep 21 07:29:27.726132: | crypto helper 2 waiting (nothing to do) Sep 21 07:29:27.741227: "westnet-eastnet-vti-02" #3: down-client output: Command line is not complete. Try option "help" Sep 21 07:29:27.742002: | shunt_eroute() called for connection 'westnet-eastnet-vti-02' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 10.0.1.0/24:0 --0->- 10.0.2.0/24:0 Sep 21 07:29:27.742015: | netlink_shunt_eroute for proto 0, and source 10.0.1.0/24:0 dest 10.0.2.0/24:0 Sep 21 07:29:27.742019: | priority calculation of connection "westnet-eastnet-vti-02" is 0xfe7e7 Sep 21 07:29:27.742022: | IPsec Sa SPD priority set to 1042407 Sep 21 07:29:27.742150: | delete esp.95b56805@192.1.2.23 Sep 21 07:29:27.742221: | netlink response for Del SA esp.95b56805@192.1.2.23 included non-error error Sep 21 07:29:27.742227: | priority calculation of connection "westnet-eastnet-vti-02" is 0xfe7e7 Sep 21 07:29:27.742234: | delete inbound eroute 10.0.2.0/24:0 --0-> 10.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Sep 21 07:29:27.742279: | raw_eroute result=success Sep 21 07:29:27.742283: | delete esp.769070b@192.1.2.45 Sep 21 07:29:27.742304: | netlink response for Del SA esp.769070b@192.1.2.45 included non-error error Sep 21 07:29:27.742308: | in connection_discard for connection westnet-eastnet-vti-02 Sep 21 07:29:27.742312: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Sep 21 07:29:27.742316: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:29:27.742331: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:29:27.742339: | State DB: found IKEv2 state #4 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Sep 21 07:29:27.742342: | can't expire unused IKE SA #1; it has the child #4 Sep 21 07:29:27.742346: | libevent_free: release ptr-libevent@0x7f9c9c006900 Sep 21 07:29:27.742349: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55d0f5698a20 Sep 21 07:29:27.742352: | in statetime_stop() and could not find #3 Sep 21 07:29:27.742355: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:29:27.742375: | spent 0.00212 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:29:27.742387: | *received 69 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:29:27.742390: | fc 0f a2 c4 c7 27 e0 04 a6 e8 ae 6b 63 e8 b3 16 Sep 21 07:29:27.742392: | 2e 20 25 00 00 00 00 01 00 00 00 45 2a 00 00 29 Sep 21 07:29:27.742394: | 01 13 4e 33 57 ce b8 c2 1c 27 d3 e0 1f 85 e1 e7 Sep 21 07:29:27.742397: | 70 6f 40 03 7a 23 a5 de 57 b2 bb 5a 10 b5 86 57 Sep 21 07:29:27.742399: | 05 0c 9a c3 97 Sep 21 07:29:27.742404: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:29:27.742408: | **parse ISAKMP Message: Sep 21 07:29:27.742410: | initiator cookie: Sep 21 07:29:27.742413: | fc 0f a2 c4 c7 27 e0 04 Sep 21 07:29:27.742415: | responder cookie: Sep 21 07:29:27.742417: | a6 e8 ae 6b 63 e8 b3 16 Sep 21 07:29:27.742420: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:29:27.742426: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:29:27.742428: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:29:27.742431: | flags: none (0x0) Sep 21 07:29:27.742433: | Message ID: 1 (0x1) Sep 21 07:29:27.742436: | length: 69 (0x45) Sep 21 07:29:27.742439: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:29:27.742442: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:29:27.742446: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:29:27.742452: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:29:27.742455: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:29:27.742460: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:29:27.742463: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Sep 21 07:29:27.742467: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 Sep 21 07:29:27.742469: | unpacking clear payload Sep 21 07:29:27.742472: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:29:27.742475: | ***parse IKEv2 Encryption Payload: Sep 21 07:29:27.742477: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:29:27.742480: | flags: none (0x0) Sep 21 07:29:27.742482: | length: 41 (0x29) Sep 21 07:29:27.742532: | processing payload: ISAKMP_NEXT_v2SK (len=37) Sep 21 07:29:27.742539: | Message ID: start-responder #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=-1->1 Sep 21 07:29:27.742542: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:29:27.742554: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:29:27.742557: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:29:27.742560: | **parse IKEv2 Delete Payload: Sep 21 07:29:27.742563: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:27.742565: | flags: none (0x0) Sep 21 07:29:27.742568: | length: 12 (0xc) Sep 21 07:29:27.742571: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:29:27.742573: | SPI size: 4 (0x4) Sep 21 07:29:27.742576: | number of SPIs: 1 (0x1) Sep 21 07:29:27.742578: | processing payload: ISAKMP_NEXT_v2D (len=4) Sep 21 07:29:27.742581: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:29:27.742583: | Now let's proceed with state specific processing Sep 21 07:29:27.742586: | calling processor I3: INFORMATIONAL Request Sep 21 07:29:27.742589: | an informational request should send a response Sep 21 07:29:27.742594: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:29:27.742597: | **emit ISAKMP Message: Sep 21 07:29:27.742600: | initiator cookie: Sep 21 07:29:27.742602: | fc 0f a2 c4 c7 27 e0 04 Sep 21 07:29:27.742605: | responder cookie: Sep 21 07:29:27.742607: | a6 e8 ae 6b 63 e8 b3 16 Sep 21 07:29:27.742609: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:29:27.742612: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:29:27.742615: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:29:27.742618: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:29:27.742620: | Message ID: 1 (0x1) Sep 21 07:29:27.742623: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:29:27.742626: | ***emit IKEv2 Encryption Payload: Sep 21 07:29:27.742628: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:27.742631: | flags: none (0x0) Sep 21 07:29:27.742634: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:29:27.742637: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:29:27.742642: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:29:27.742652: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Sep 21 07:29:27.742655: | SPI be 21 e6 a1 Sep 21 07:29:27.742657: | delete PROTO_v2_ESP SA(0xbe21e6a1) Sep 21 07:29:27.742660: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_IPSEC_I Sep 21 07:29:27.742663: | State DB: found IKEv2 state #2 in V2_IPSEC_I (find_v2_child_sa_by_outbound_spi) Sep 21 07:29:27.742666: | our side SPI that needs to be deleted: PROTO_v2_ESP SA(0xbe21e6a1) Sep 21 07:29:27.742669: "westnet-eastnet-vti-01" #1: received Delete SA payload: replace IPsec State #2 now Sep 21 07:29:27.742672: | state #2 requesting EVENT_SA_REKEY to be deleted Sep 21 07:29:27.742675: | libevent_free: release ptr-libevent@0x7f9ca0006900 Sep 21 07:29:27.742678: | free_event_entry: release EVENT_SA_REKEY-pe@0x55d0f56966e0 Sep 21 07:29:27.742681: | event_schedule: new EVENT_SA_REPLACE-pe@0x55d0f5693810 Sep 21 07:29:27.742685: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Sep 21 07:29:27.742688: | libevent_malloc: new ptr-libevent@0x7f9ca0006900 size 128 Sep 21 07:29:27.742691: | ****emit IKEv2 Delete Payload: Sep 21 07:29:27.742694: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:27.742696: | flags: none (0x0) Sep 21 07:29:27.742699: | protocol ID: PROTO_v2_ESP (0x3) Sep 21 07:29:27.742701: | SPI size: 4 (0x4) Sep 21 07:29:27.742704: | number of SPIs: 1 (0x1) Sep 21 07:29:27.742707: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Sep 21 07:29:27.742710: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:29:27.742713: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Sep 21 07:29:27.742715: | local SPIs ee c7 c2 42 Sep 21 07:29:27.742717: | emitting length of IKEv2 Delete Payload: 12 Sep 21 07:29:27.742720: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:29:27.742723: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:29:27.742726: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:29:27.742728: | emitting length of IKEv2 Encryption Payload: 41 Sep 21 07:29:27.742731: | emitting length of ISAKMP Message: 69 Sep 21 07:29:27.742742: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:29:27.742745: | fc 0f a2 c4 c7 27 e0 04 a6 e8 ae 6b 63 e8 b3 16 Sep 21 07:29:27.742748: | 2e 20 25 28 00 00 00 01 00 00 00 45 2a 00 00 29 Sep 21 07:29:27.742750: | 1c 53 b3 8a 1b 53 61 0f 04 44 64 88 ec 61 79 6e Sep 21 07:29:27.742752: | a7 71 1c 0c 89 13 77 d4 93 f4 ca e0 76 65 9d 2a Sep 21 07:29:27.742755: | ac 45 ad 1d bd Sep 21 07:29:27.742797: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=0 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:29:27.742805: | Message ID: sent #1 response 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=0->1 responder.recv=0 wip.initiator=-1 wip.responder=1 Sep 21 07:29:27.742811: | #1 spent 0.196 milliseconds in processing: I3: INFORMATIONAL Request in ikev2_process_state_packet() Sep 21 07:29:27.742817: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:29:27.742821: | #1 complete_v2_state_transition() PARENT_I3->PARENT_I3 with status STF_OK Sep 21 07:29:27.742824: | Message ID: updating counters for #1 to 1 after switching state Sep 21 07:29:27.742829: | Message ID: recv #1 request 1; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=0->1 wip.initiator=-1 wip.responder=1->-1 Sep 21 07:29:27.742835: | Message ID: #1 skipping update_send as nothing to send; initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Sep 21 07:29:27.742838: "westnet-eastnet-vti-01" #1: STATE_PARENT_I3: PARENT SA established Sep 21 07:29:27.742843: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:29:27.742848: | #1 spent 0.412 milliseconds in ikev2_process_packet() Sep 21 07:29:27.742852: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:29:27.742855: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:29:27.742858: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:29:27.742861: | spent 0.426 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:29:27.742865: | processing resume sending helper answer for #4 Sep 21 07:29:27.742870: | start processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:29:27.742873: | crypto helper 2 replies to request ID 5 Sep 21 07:29:27.742876: | calling continuation function 0x55d0f3d2a630 Sep 21 07:29:27.742879: | ikev2_child_outI_continue for #4 STATE_V2_REKEY_CHILD_I0 Sep 21 07:29:27.742882: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:29:27.742885: | libevent_free: release ptr-libevent@0x55d0f5690e50 Sep 21 07:29:27.742888: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55d0f5696960 Sep 21 07:29:27.742891: | event_schedule: new EVENT_SA_REPLACE-pe@0x55d0f5696960 Sep 21 07:29:27.742894: | inserting event EVENT_SA_REPLACE, timeout in 200 seconds for #4 Sep 21 07:29:27.742897: | libevent_malloc: new ptr-libevent@0x55d0f5690e50 size 128 Sep 21 07:29:27.742902: | Message ID: #1 wakeing IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Sep 21 07:29:27.742905: | scheduling callback v2_msgid_schedule_next_initiator (#1) Sep 21 07:29:27.742908: | libevent_malloc: new ptr-libevent@0x7f9c9c006900 size 128 Sep 21 07:29:27.742913: | [RE]START processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:29:27.742917: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_SUSPEND Sep 21 07:29:27.742919: | suspending state #4 and saving MD Sep 21 07:29:27.742921: | #4 is busy; has a suspended MD Sep 21 07:29:27.742926: | [RE]START processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in log_stf_suspend() at ikev2.c:3266) Sep 21 07:29:27.742929: | "westnet-eastnet-vti-02" #4 complete v2 state STATE_V2_REKEY_CHILD_I0 transition with STF_SUSPEND suspended from complete_v2_state_transition:3448 Sep 21 07:29:27.742933: | resume sending helper answer for #4 suppresed complete_v2_state_transition() Sep 21 07:29:27.742937: | #4 spent 0.0633 milliseconds in resume sending helper answer Sep 21 07:29:27.742942: | stop processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:29:27.742944: | libevent_free: release ptr-libevent@0x7f9c94006900 Sep 21 07:29:27.742948: | processing signal PLUTO_SIGCHLD Sep 21 07:29:27.742952: | waitpid returned ECHILD (no child processes left) Sep 21 07:29:27.742955: | spent 0.00415 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:29:27.742962: | timer_event_cb: processing event@0x55d0f5693810 Sep 21 07:29:27.742965: | handling event EVENT_SA_REPLACE for child state #2 Sep 21 07:29:27.742969: | start processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:29:27.742973: | picked newest_ipsec_sa #2 for #2 Sep 21 07:29:27.742975: | replacing stale CHILD SA Sep 21 07:29:27.742979: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:29:27.742982: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:29:27.742987: | FOR_EACH_STATE_... in find_pending_phase2 Sep 21 07:29:27.742991: | creating state object #5 at 0x55d0f5692ca0 Sep 21 07:29:27.742993: | State DB: adding IKEv2 state #5 in UNDEFINED Sep 21 07:29:27.742997: | pstats #5 ikev2.child started Sep 21 07:29:27.743000: | duplicating state object #1 "westnet-eastnet-vti-01" as #5 for IPSEC SA Sep 21 07:29:27.743004: | #5 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:29:27.743010: | Message ID: init_child #1.#5; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1; child: wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:29:27.743015: | suspend processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:29:27.743020: | start processing: state #5 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5634) Sep 21 07:29:27.743024: | child state #5: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Sep 21 07:29:27.743027: | create child proposal's DH changed from no-PFS to MODP2048, flushing Sep 21 07:29:27.743031: | constructing ESP/AH proposals with default DH MODP2048 for westnet-eastnet-vti-01 (ESP/AH initiator emitting proposals) Sep 21 07:29:27.743035: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Sep 21 07:29:27.743041: | ... ikev2_proposal: 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:29:27.743044: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Sep 21 07:29:27.743049: | ... ikev2_proposal: 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED Sep 21 07:29:27.743052: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:29:27.743056: | ... ikev2_proposal: 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:29:27.743059: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Sep 21 07:29:27.743063: | ... ikev2_proposal: 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:29:27.743072: "westnet-eastnet-vti-01": constructed local ESP/AH proposals for westnet-eastnet-vti-01 (ESP/AH initiator emitting proposals): 1:ESP:ENCR=AES_GCM_C_256;INTEG=NONE;DH=MODP2048;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_128;INTEG=NONE;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Sep 21 07:29:27.743078: | #5 schedule rekey initiate IPsec SA RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Sep 21 07:29:27.743081: | event_schedule: new EVENT_v2_INITIATE_CHILD-pe@0x7f9c94002b20 Sep 21 07:29:27.743084: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #5 Sep 21 07:29:27.743087: | libevent_malloc: new ptr-libevent@0x7f9c94006900 size 128 Sep 21 07:29:27.743092: | RESET processing: state #5 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5734) Sep 21 07:29:27.743096: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55d0f5612210 Sep 21 07:29:27.743099: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Sep 21 07:29:27.743101: | libevent_malloc: new ptr-libevent@0x7f9c90001ef0 size 128 Sep 21 07:29:27.743104: | libevent_free: release ptr-libevent@0x7f9ca0006900 Sep 21 07:29:27.743107: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55d0f5693810 Sep 21 07:29:27.743111: | #2 spent 0.149 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:29:27.743114: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:29:27.743117: | processing callback v2_msgid_schedule_next_initiator for #1 Sep 21 07:29:27.743122: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in callback_handler() at server.c:904) Sep 21 07:29:27.743129: | Message ID: #1.#4 resuming SA using IKE SA (unack 0); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1 Sep 21 07:29:27.743133: | suspend processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:29:27.743138: | start processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:553) Sep 21 07:29:27.743142: | **emit ISAKMP Message: Sep 21 07:29:27.743145: | initiator cookie: Sep 21 07:29:27.743147: | fc 0f a2 c4 c7 27 e0 04 Sep 21 07:29:27.743150: | responder cookie: Sep 21 07:29:27.743152: | a6 e8 ae 6b 63 e8 b3 16 Sep 21 07:29:27.743154: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:29:27.743157: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:29:27.743159: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Sep 21 07:29:27.743162: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:29:27.743164: | Message ID: 3 (0x3) Sep 21 07:29:27.743167: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:29:27.743170: | ***emit IKEv2 Encryption Payload: Sep 21 07:29:27.743172: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:27.743175: | flags: none (0x0) Sep 21 07:29:27.743178: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:29:27.743180: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Sep 21 07:29:27.743183: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:29:27.743198: | netlink_get_spi: allocated 0x4921f6f2 for esp.0@192.1.2.45 Sep 21 07:29:27.743201: | Emitting ikev2_proposals ... Sep 21 07:29:27.743204: | ****emit IKEv2 Security Association Payload: Sep 21 07:29:27.743206: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:27.743209: | flags: none (0x0) Sep 21 07:29:27.743212: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:29:27.743215: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:29:27.743218: | discarding INTEG=NONE Sep 21 07:29:27.743220: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:29:27.743223: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:27.743225: | prop #: 1 (0x1) Sep 21 07:29:27.743227: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:29:27.743230: | spi size: 4 (0x4) Sep 21 07:29:27.743232: | # transforms: 3 (0x3) Sep 21 07:29:27.743235: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:29:27.743238: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:29:27.743240: | our spi 49 21 f6 f2 Sep 21 07:29:27.743243: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.743246: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.743248: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:29:27.743251: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:29:27.743254: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.743257: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:29:27.743259: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:29:27.743262: | length/value: 256 (0x100) Sep 21 07:29:27.743265: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:29:27.743267: | discarding INTEG=NONE Sep 21 07:29:27.743269: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.743272: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.743274: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.743277: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:29:27.743281: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.743284: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.743287: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.743289: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.743292: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:29:27.743294: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:29:27.743297: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:29:27.743300: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.743303: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.743305: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.743308: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:29:27.743311: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:29:27.743313: | discarding INTEG=NONE Sep 21 07:29:27.743315: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:29:27.743318: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:27.743320: | prop #: 2 (0x2) Sep 21 07:29:27.743323: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:29:27.743325: | spi size: 4 (0x4) Sep 21 07:29:27.743328: | # transforms: 3 (0x3) Sep 21 07:29:27.743331: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:27.743334: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:29:27.743336: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:29:27.743339: | our spi 49 21 f6 f2 Sep 21 07:29:27.743341: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.743344: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.743346: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:29:27.743349: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:29:27.743351: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.743354: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:29:27.743357: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:29:27.743359: | length/value: 128 (0x80) Sep 21 07:29:27.743362: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:29:27.743364: | discarding INTEG=NONE Sep 21 07:29:27.743366: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.743369: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.743371: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.743373: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:29:27.743377: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.743379: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.743382: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.743384: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.743387: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:29:27.743389: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:29:27.743392: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:29:27.743395: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.743399: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.743402: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.743404: | emitting length of IKEv2 Proposal Substructure Payload: 40 Sep 21 07:29:27.743407: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:29:27.743409: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:29:27.743412: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:27.743414: | prop #: 3 (0x3) Sep 21 07:29:27.743417: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:29:27.743419: | spi size: 4 (0x4) Sep 21 07:29:27.743421: | # transforms: 5 (0x5) Sep 21 07:29:27.743424: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:27.743427: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:29:27.743430: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:29:27.743432: | our spi 49 21 f6 f2 Sep 21 07:29:27.743434: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.743437: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.743439: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:29:27.743442: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:29:27.743444: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.743447: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:29:27.743450: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:29:27.743452: | length/value: 256 (0x100) Sep 21 07:29:27.743455: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:29:27.743457: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.743460: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.743462: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:29:27.743465: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:29:27.743468: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.743471: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.743473: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.743476: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.743478: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.743480: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:29:27.743483: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:29:27.743486: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.743489: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.743491: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.743494: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.743496: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.743499: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.743501: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:29:27.743504: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.743507: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.743510: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.743513: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.743515: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:29:27.743518: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:29:27.743520: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:29:27.743523: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.743526: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.743528: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.743531: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:29:27.743534: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:29:27.743536: | *****emit IKEv2 Proposal Substructure Payload: Sep 21 07:29:27.743539: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:29:27.743541: | prop #: 4 (0x4) Sep 21 07:29:27.743543: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Sep 21 07:29:27.743546: | spi size: 4 (0x4) Sep 21 07:29:27.743548: | # transforms: 5 (0x5) Sep 21 07:29:27.743551: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:27.743554: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:29:27.743557: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Sep 21 07:29:27.743559: | our spi 49 21 f6 f2 Sep 21 07:29:27.743561: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.743564: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.743566: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:29:27.743569: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:29:27.743571: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.743574: | *******emit IKEv2 Attribute Substructure Payload: Sep 21 07:29:27.743577: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:29:27.743579: | length/value: 128 (0x80) Sep 21 07:29:27.743582: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:29:27.743584: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.743587: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.743589: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:29:27.743592: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:29:27.743595: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.743598: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.743600: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.743603: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.743605: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.743608: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:29:27.743610: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:29:27.743613: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.743616: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.743618: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.743622: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.743624: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.743627: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.743629: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:29:27.743632: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.743635: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.743638: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.743640: | ******emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.743642: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:29:27.743645: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Sep 21 07:29:27.743647: | IKEv2 transform ID: ESN_DISABLED (0x0) Sep 21 07:29:27.743650: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.743653: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.743656: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.743658: | emitting length of IKEv2 Proposal Substructure Payload: 56 Sep 21 07:29:27.743661: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:29:27.743664: | emitting length of IKEv2 Security Association Payload: 196 Sep 21 07:29:27.743666: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:29:27.743670: "westnet-eastnet-vti-02" #4: CHILD SA to rekey #3 vanished abort this exchange Sep 21 07:29:27.743672: | ikev2_child_sa_respond returned STF_INTERNAL_ERROR Sep 21 07:29:27.743677: | [RE]START processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:29:27.743681: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I with status STF_INTERNAL_ERROR Sep 21 07:29:27.743740: | state transition function for STATE_V2_REKEY_CHILD_I0 had internal error Sep 21 07:29:27.743747: | stop processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:29:27.743752: | resume processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:557) Sep 21 07:29:27.743756: | #1 spent 0.626 milliseconds in callback v2_msgid_schedule_next_initiator Sep 21 07:29:27.743761: | stop processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in callback_handler() at server.c:908) Sep 21 07:29:27.743764: | libevent_free: release ptr-libevent@0x7f9c9c006900 Sep 21 07:29:27.743769: | timer_event_cb: processing event@0x7f9c94002b20 Sep 21 07:29:27.743772: | handling event EVENT_v2_INITIATE_CHILD for child state #5 Sep 21 07:29:27.743777: | start processing: state #5 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:29:27.743781: | adding Child Rekey Initiator KE and nonce ni work-order 6 for state #5 Sep 21 07:29:27.743792: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55d0f5693810 Sep 21 07:29:27.743796: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Sep 21 07:29:27.743798: | libevent_malloc: new ptr-libevent@0x7f9c9c006900 size 128 Sep 21 07:29:27.743806: | libevent_free: release ptr-libevent@0x7f9c94006900 Sep 21 07:29:27.743809: | free_event_entry: release EVENT_v2_INITIATE_CHILD-pe@0x7f9c94002b20 Sep 21 07:29:27.743811: | crypto helper 4 resuming Sep 21 07:29:27.743814: | #5 spent 0.038 milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Sep 21 07:29:27.743824: | crypto helper 4 starting work-order 6 for state #5 Sep 21 07:29:27.743835: | stop processing: state #5 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:29:27.743844: | crypto helper 4 doing build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 6 Sep 21 07:29:27.743847: | timer_event_cb: processing event@0x55d0f5612210 Sep 21 07:29:27.743851: | handling event EVENT_SA_EXPIRE for child state #2 Sep 21 07:29:27.743855: | start processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:29:27.743858: | picked newest_ipsec_sa #2 for #2 Sep 21 07:29:27.743861: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:29:27.743863: | pstats #2 ikev2.child re-failed exchange-timeout Sep 21 07:29:27.743866: | pstats #2 ikev2.child deleted completed Sep 21 07:29:27.743869: | #2 spent 2.22 milliseconds in total Sep 21 07:29:27.743874: | [RE]START processing: state #2 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:29:27.743877: "westnet-eastnet-vti-01" #2: deleting state (STATE_V2_IPSEC_I) aged 5.487s and NOT sending notification Sep 21 07:29:27.743880: | child state #2: V2_IPSEC_I(established CHILD SA) => delete Sep 21 07:29:27.743884: | get_sa_info esp.be21e6a1@192.1.2.23 Sep 21 07:29:27.743894: | get_sa_info esp.eec7c242@192.1.2.45 Sep 21 07:29:27.743901: "westnet-eastnet-vti-01" #2: ESP traffic information: in=336B out=336B Sep 21 07:29:27.743904: | child state #2: V2_IPSEC_I(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:29:27.744056: | running updown command "ipsec _updown" for verb down Sep 21 07:29:27.744062: | command executing down-client Sep 21 07:29:27.744091: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569050962' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0 Sep 21 07:29:27.744095: | popen cmd is 1140 chars long Sep 21 07:29:27.744098: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-v: Sep 21 07:29:27.744100: | cmd( 80):ti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' : Sep 21 07:29:27.744103: | cmd( 160):PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.: Sep 21 07:29:27.744106: | cmd( 240):0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT='0: Sep 21 07:29:27.744108: | cmd( 320):' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='1: Sep 21 07:29:27.744111: | cmd( 400):92.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLI: Sep 21 07:29:27.744113: | cmd( 480):ENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' P: Sep 21 07:29:27.744116: | cmd( 560):LUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569: Sep 21 07:29:27.744119: | cmd( 640):050962' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+: Sep 21 07:29:27.744121: | cmd( 720):IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv: Sep 21 07:29:27.744127: | cmd( 800):4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMA: Sep 21 07:29:27.744129: | cmd( 880):IN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_: Sep 21 07:29:27.744132: | cmd( 960):NM_CONFIGURED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE: Sep 21 07:29:27.744134: | cmd(1040):='ipsec0' VTI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0xbe21e6a1 SPI_OUT=0xeec7c24: Sep 21 07:29:27.744137: | cmd(1120):2 ipsec _updown 2>&1: Sep 21 07:29:27.744843: | crypto helper 4 finished build KE and nonce (Child Rekey Initiator KE and nonce ni); request ID 6 time elapsed 0.000999 seconds Sep 21 07:29:27.744853: | (#5) spent 1 milliseconds in crypto helper computing work-order 6: Child Rekey Initiator KE and nonce ni (pcr) Sep 21 07:29:27.744857: | crypto helper 4 sending results from work-order 6 for state #5 to event queue Sep 21 07:29:27.744859: | scheduling resume sending helper answer for #5 Sep 21 07:29:27.744863: | libevent_malloc: new ptr-libevent@0x7f9c88006900 size 128 Sep 21 07:29:27.744868: | crypto helper 4 waiting (nothing to do) Sep 21 07:29:27.761557: "westnet-eastnet-vti-01" #2: down-client output: Command line is not complete. Try option "help" Sep 21 07:29:27.762462: | shunt_eroute() called for connection 'westnet-eastnet-vti-01' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:29:27.762477: | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:29:27.762481: | priority calculation of connection "westnet-eastnet-vti-01" is 0xfe7e7 Sep 21 07:29:27.762570: | IPsec Sa SPD priority set to 1042407 Sep 21 07:29:27.762742: | delete esp.be21e6a1@192.1.2.23 Sep 21 07:29:27.762847: | netlink response for Del SA esp.be21e6a1@192.1.2.23 included non-error error Sep 21 07:29:27.762856: | priority calculation of connection "westnet-eastnet-vti-01" is 0xfe7e7 Sep 21 07:29:27.762865: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Sep 21 07:29:27.763067: | raw_eroute result=success Sep 21 07:29:27.763074: | delete esp.eec7c242@192.1.2.45 Sep 21 07:29:27.763171: | netlink response for Del SA esp.eec7c242@192.1.2.45 included non-error error Sep 21 07:29:27.763180: | in connection_discard for connection westnet-eastnet-vti-01 Sep 21 07:29:27.763184: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Sep 21 07:29:27.763189: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:29:27.763195: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:29:27.763203: | State DB: found IKEv2 state #5 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Sep 21 07:29:27.763205: | can't expire unused IKE SA #1; it has the child #5 Sep 21 07:29:27.763211: | libevent_free: release ptr-libevent@0x7f9c90001ef0 Sep 21 07:29:27.763214: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55d0f5612210 Sep 21 07:29:27.763217: | in statetime_stop() and could not find #2 Sep 21 07:29:27.763220: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:29:27.763239: | spent 0.00312 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:29:27.763253: | *received 65 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) Sep 21 07:29:27.763256: | fc 0f a2 c4 c7 27 e0 04 a6 e8 ae 6b 63 e8 b3 16 Sep 21 07:29:27.763258: | 2e 20 25 00 00 00 00 02 00 00 00 41 2a 00 00 25 Sep 21 07:29:27.763260: | 43 ec 47 dc b1 a2 36 7c 8d 8b 49 34 b0 66 c6 9e Sep 21 07:29:27.763262: | 25 fb 3c 32 da 82 c7 3b e7 26 3a 04 c2 ff 17 44 Sep 21 07:29:27.763264: | 7c Sep 21 07:29:27.763268: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:29:27.763273: | **parse ISAKMP Message: Sep 21 07:29:27.763275: | initiator cookie: Sep 21 07:29:27.763277: | fc 0f a2 c4 c7 27 e0 04 Sep 21 07:29:27.763279: | responder cookie: Sep 21 07:29:27.763281: | a6 e8 ae 6b 63 e8 b3 16 Sep 21 07:29:27.763288: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Sep 21 07:29:27.763291: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:29:27.763293: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:29:27.763296: | flags: none (0x0) Sep 21 07:29:27.763298: | Message ID: 2 (0x2) Sep 21 07:29:27.763301: | length: 65 (0x41) Sep 21 07:29:27.763304: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Sep 21 07:29:27.763307: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Sep 21 07:29:27.763311: | State DB: found IKEv2 state #1 in PARENT_I3 (find_v2_ike_sa) Sep 21 07:29:27.763317: | start processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:2016) Sep 21 07:29:27.763320: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Sep 21 07:29:27.763325: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:2064) Sep 21 07:29:27.763328: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Sep 21 07:29:27.763332: | Message ID: #1 not a duplicate - message is new; initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 Sep 21 07:29:27.763334: | unpacking clear payload Sep 21 07:29:27.763337: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Sep 21 07:29:27.763339: | ***parse IKEv2 Encryption Payload: Sep 21 07:29:27.763342: | next payload type: ISAKMP_NEXT_v2D (0x2a) Sep 21 07:29:27.763345: | flags: none (0x0) Sep 21 07:29:27.763347: | length: 37 (0x25) Sep 21 07:29:27.763349: | processing payload: ISAKMP_NEXT_v2SK (len=33) Sep 21 07:29:27.763354: | Message ID: start-responder #1 request 2; ike: initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=-1->2 Sep 21 07:29:27.763357: | #1 in state PARENT_I3: PARENT SA established Sep 21 07:29:27.763376: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Sep 21 07:29:27.763379: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Sep 21 07:29:27.763382: | **parse IKEv2 Delete Payload: Sep 21 07:29:27.763385: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:27.763387: | flags: none (0x0) Sep 21 07:29:27.763390: | length: 8 (0x8) Sep 21 07:29:27.763392: | protocol ID: PROTO_v2_IKE (0x1) Sep 21 07:29:27.763395: | SPI size: 0 (0x0) Sep 21 07:29:27.763397: | number of SPIs: 0 (0x0) Sep 21 07:29:27.763400: | processing payload: ISAKMP_NEXT_v2D (len=0) Sep 21 07:29:27.763402: | selected state microcode I3: INFORMATIONAL Request Sep 21 07:29:27.763405: | Now let's proceed with state specific processing Sep 21 07:29:27.763407: | calling processor I3: INFORMATIONAL Request Sep 21 07:29:27.763411: | an informational request should send a response Sep 21 07:29:27.763416: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Sep 21 07:29:27.763420: | **emit ISAKMP Message: Sep 21 07:29:27.763422: | initiator cookie: Sep 21 07:29:27.763425: | fc 0f a2 c4 c7 27 e0 04 Sep 21 07:29:27.763428: | responder cookie: Sep 21 07:29:27.763430: | a6 e8 ae 6b 63 e8 b3 16 Sep 21 07:29:27.763432: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:29:27.763435: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:29:27.763438: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Sep 21 07:29:27.763441: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Sep 21 07:29:27.763443: | Message ID: 2 (0x2) Sep 21 07:29:27.763446: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:29:27.763449: | ***emit IKEv2 Encryption Payload: Sep 21 07:29:27.763452: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:27.763455: | flags: none (0x0) Sep 21 07:29:27.763458: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Sep 21 07:29:27.763461: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Sep 21 07:29:27.763467: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Sep 21 07:29:27.763477: | adding 1 bytes of padding (including 1 byte padding-length) Sep 21 07:29:27.763481: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Sep 21 07:29:27.763484: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Sep 21 07:29:27.763487: | emitting length of IKEv2 Encryption Payload: 29 Sep 21 07:29:27.763489: | emitting length of ISAKMP Message: 57 Sep 21 07:29:27.763504: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) Sep 21 07:29:27.763507: | fc 0f a2 c4 c7 27 e0 04 a6 e8 ae 6b 63 e8 b3 16 Sep 21 07:29:27.763510: | 2e 20 25 28 00 00 00 02 00 00 00 39 00 00 00 1d Sep 21 07:29:27.763512: | 16 45 dc f3 ab ad 88 cb 9b 04 1a cb 85 90 5e 43 Sep 21 07:29:27.763514: | d7 17 88 77 bd a8 1a e2 1b Sep 21 07:29:27.763559: | Message ID: #1 XXX: in process_encrypted_informational_ikev2() hacking around record'n'send bypassing send queue hacking around delete_my_family(); initiator.sent=2 initiator.recv=2 responder.sent=1 responder.recv=1 wip.initiator=-1 wip.responder=2 Sep 21 07:29:27.763566: | Message ID: sent #1 response 2; ike: initiator.sent=2 initiator.recv=2 responder.sent=1->2 responder.recv=1 wip.initiator=-1 wip.responder=2 Sep 21 07:29:27.763570: | child state #5: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Sep 21 07:29:27.763573: | pstats #5 ikev2.child deleted other Sep 21 07:29:27.763577: | #5 spent 0.038 milliseconds in total Sep 21 07:29:27.763583: | suspend processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:29:27.763587: | start processing: state #5 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:29:27.763591: "westnet-eastnet-vti-01" #5: deleting other state #5 (STATE_CHILDSA_DEL) aged 0.020s and NOT sending notification Sep 21 07:29:27.763594: | child state #5: CHILDSA_DEL(informational) => delete Sep 21 07:29:27.763598: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:29:27.763602: | libevent_free: release ptr-libevent@0x7f9c9c006900 Sep 21 07:29:27.763605: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55d0f5693810 Sep 21 07:29:27.763610: | priority calculation of connection "westnet-eastnet-vti-01" is 0xfe7e7 Sep 21 07:29:27.763617: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Sep 21 07:29:27.763629: | raw_eroute result=success Sep 21 07:29:27.763633: | in connection_discard for connection westnet-eastnet-vti-01 Sep 21 07:29:27.763635: | State DB: deleting IKEv2 state #5 in CHILDSA_DEL Sep 21 07:29:27.763639: | child state #5: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:29:27.763644: | stop processing: state #5 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:29:27.763648: | resume processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:29:27.763652: | child state #4: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Sep 21 07:29:27.763655: | pstats #4 ikev2.child deleted other Sep 21 07:29:27.763659: | #4 spent 1.12 milliseconds in total Sep 21 07:29:27.763663: | suspend processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:29:27.763669: | start processing: state #4 connection "westnet-eastnet-vti-02" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:29:27.763673: "westnet-eastnet-vti-02" #4: deleting other state #4 connection (STATE_CHILDSA_DEL) "westnet-eastnet-vti-02" aged 0.038s and NOT sending notification Sep 21 07:29:27.763676: | child state #4: CHILDSA_DEL(informational) => delete Sep 21 07:29:27.763680: | state #4 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:29:27.763685: | libevent_free: release ptr-libevent@0x55d0f5690e50 Sep 21 07:29:27.763688: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55d0f5696960 Sep 21 07:29:27.763691: | priority calculation of connection "westnet-eastnet-vti-02" is 0xfe7e7 Sep 21 07:29:27.763698: | delete inbound eroute 10.0.2.0/24:0 --0-> 10.0.1.0/24:0 => unk255.10000@192.1.2.45 (raw_eroute) Sep 21 07:29:27.763708: | raw_eroute result=success Sep 21 07:29:27.763711: | in connection_discard for connection westnet-eastnet-vti-02 Sep 21 07:29:27.763713: | State DB: deleting IKEv2 state #4 in CHILDSA_DEL Sep 21 07:29:27.763716: | child state #4: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:29:27.763730: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:29:27.763735: | resume processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:29:27.763739: | State DB: IKEv2 state not found (delete_my_family) Sep 21 07:29:27.763742: | parent state #1: PARENT_I3(established IKE SA) => IKESA_DEL(established IKE SA) Sep 21 07:29:27.763744: | pstats #1 ikev2.ike deleted completed Sep 21 07:29:27.763748: | #1 spent 17.5 milliseconds in total Sep 21 07:29:27.763752: | [RE]START processing: state #1 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:29:27.763755: "westnet-eastnet-vti-01" #1: deleting state (STATE_IKESA_DEL) aged 5.515s and NOT sending notification Sep 21 07:29:27.763758: | parent state #1: IKESA_DEL(established IKE SA) => delete Sep 21 07:29:27.763950: | state #1 requesting EVENT_SA_REKEY to be deleted Sep 21 07:29:27.763959: | libevent_free: release ptr-libevent@0x55d0f5690ff0 Sep 21 07:29:27.763963: | free_event_entry: release EVENT_SA_REKEY-pe@0x55d0f5690fb0 Sep 21 07:29:27.763966: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:29:27.763969: | picked newest_isakmp_sa #0 for #1 Sep 21 07:29:27.763973: "westnet-eastnet-vti-01" #1: deleting IKE SA for connection 'westnet-eastnet-vti-01' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:29:27.763976: | add revival: connection 'westnet-eastnet-vti-01' added to the list and scheduled for 0 seconds Sep 21 07:29:27.763979: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Sep 21 07:29:27.763984: | in connection_discard for connection westnet-eastnet-vti-01 Sep 21 07:29:27.763986: | State DB: deleting IKEv2 state #1 in IKESA_DEL Sep 21 07:29:27.763990: | parent state #1: IKESA_DEL(established IKE SA) => UNDEFINED(ignore) Sep 21 07:29:27.763994: | unreference key: 0x55d0f5616520 @east cnt 2-- Sep 21 07:29:27.764007: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:29:27.764025: | in statetime_stop() and could not find #1 Sep 21 07:29:27.764030: | skip start processing: state #0 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:29:27.764035: | #0 complete_v2_state_transition() md.from_state=PARENT_I3 md.svm.state[from]=PARENT_I3 UNDEFINED->PARENT_I3 with status STF_OK Sep 21 07:29:27.764037: | STF_OK but no state object remains Sep 21 07:29:27.764040: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:2018) Sep 21 07:29:27.764042: | in statetime_stop() and could not find #1 Sep 21 07:29:27.764046: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:29:27.764050: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:29:27.764052: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:29:27.764058: | spent 0.668 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:29:27.764066: | processing resume sending helper answer for #5 Sep 21 07:29:27.764070: | crypto helper 4 replies to request ID 6 Sep 21 07:29:27.764072: | calling continuation function 0x55d0f3d2a630 Sep 21 07:29:27.764074: | work-order 6 state #5 crypto result suppressed Sep 21 07:29:27.764086: | (#5) spent 0.0155 milliseconds in resume sending helper answer Sep 21 07:29:27.764092: | libevent_free: release ptr-libevent@0x7f9c88006900 Sep 21 07:29:27.764096: | processing signal PLUTO_SIGCHLD Sep 21 07:29:27.764101: | waitpid returned ECHILD (no child processes left) Sep 21 07:29:27.764105: | spent 0.00518 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:29:27.764111: | processing global timer EVENT_REVIVE_CONNS Sep 21 07:29:27.764115: Initiating connection westnet-eastnet-vti-01 which received a Delete/Notify but must remain up per local policy Sep 21 07:29:27.764118: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:29:27.764123: | start processing: connection "westnet-eastnet-vti-01" (in initiate_a_connection() at initiate.c:186) Sep 21 07:29:27.764126: | connection 'westnet-eastnet-vti-01' +POLICY_UP Sep 21 07:29:27.764129: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Sep 21 07:29:27.764131: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:29:27.764138: | creating state object #6 at 0x55d0f5692ca0 Sep 21 07:29:27.764140: | State DB: adding IKEv2 state #6 in UNDEFINED Sep 21 07:29:27.764148: | pstats #6 ikev2.ike started Sep 21 07:29:27.764151: | Message ID: init #6: msgid=0 lastack=4294967295 nextuse=0 lastrecv=4294967295 lastreplied=0 Sep 21 07:29:27.764154: | parent state #6: UNDEFINED(ignore) => PARENT_I0(ignore) Sep 21 07:29:27.764160: | Message ID: init_ike #6; ike: initiator.sent=0->-1 initiator.recv=0->-1 responder.sent=0->-1 responder.recv=0->-1 wip.initiator=0->-1 wip.responder=0->-1 Sep 21 07:29:27.764166: | suspend processing: connection "westnet-eastnet-vti-01" (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:29:27.764171: | start processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:535) Sep 21 07:29:27.764174: | dup_any(fd@-1) -> fd@-1 (in ikev2_parent_outI1() at ikev2_parent.c:551) Sep 21 07:29:27.764178: | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-vti-01" IKE SA #6 "westnet-eastnet-vti-01" Sep 21 07:29:27.764182: "westnet-eastnet-vti-01" #6: initiating v2 parent SA Sep 21 07:29:27.764198: | using existing local IKE proposals for connection westnet-eastnet-vti-01 (IKE SA initiator selecting KE): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:29:27.764217: | adding ikev2_outI1 KE work-order 7 for state #6 Sep 21 07:29:27.764266: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55d0f569a430 Sep 21 07:29:27.764270: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Sep 21 07:29:27.764273: | libevent_malloc: new ptr-libevent@0x55d0f5690ff0 size 128 Sep 21 07:29:27.764283: | #6 spent 0.11 milliseconds in ikev2_parent_outI1() Sep 21 07:29:27.764288: | RESET processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:29:27.764291: | RESET processing: connection "westnet-eastnet-vti-01" (in ikev2_parent_outI1() at ikev2_parent.c:610) Sep 21 07:29:27.764294: | processing: STOP connection NULL (in initiate_a_connection() at initiate.c:349) Sep 21 07:29:27.764298: | spent 0.133 milliseconds in global timer EVENT_REVIVE_CONNS Sep 21 07:29:27.764306: | crypto helper 3 resuming Sep 21 07:29:27.764310: | crypto helper 3 starting work-order 7 for state #6 Sep 21 07:29:27.764314: | crypto helper 3 doing build KE and nonce (ikev2_outI1 KE); request ID 7 Sep 21 07:29:27.765056: | crypto helper 3 finished build KE and nonce (ikev2_outI1 KE); request ID 7 time elapsed 0.000741 seconds Sep 21 07:29:27.765071: | (#6) spent 0.717 milliseconds in crypto helper computing work-order 7: ikev2_outI1 KE (pcr) Sep 21 07:29:27.765075: | crypto helper 3 sending results from work-order 7 for state #6 to event queue Sep 21 07:29:27.765078: | scheduling resume sending helper answer for #6 Sep 21 07:29:27.765081: | libevent_malloc: new ptr-libevent@0x7f9c8c006900 size 128 Sep 21 07:29:27.765089: | crypto helper 3 waiting (nothing to do) Sep 21 07:29:27.765098: | processing resume sending helper answer for #6 Sep 21 07:29:27.765105: | start processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:29:27.765108: | crypto helper 3 replies to request ID 7 Sep 21 07:29:27.765111: | calling continuation function 0x55d0f3d2a630 Sep 21 07:29:27.765114: | ikev2_parent_outI1_continue for #6 Sep 21 07:29:27.765119: | **emit ISAKMP Message: Sep 21 07:29:27.765122: | initiator cookie: Sep 21 07:29:27.765124: | 2e fd b5 0e 0c b4 77 8c Sep 21 07:29:27.765127: | responder cookie: Sep 21 07:29:27.765129: | 00 00 00 00 00 00 00 00 Sep 21 07:29:27.765132: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:29:27.765135: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Sep 21 07:29:27.765137: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Sep 21 07:29:27.765141: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Sep 21 07:29:27.765143: | Message ID: 0 (0x0) Sep 21 07:29:27.765146: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:29:27.765165: | using existing local IKE proposals for connection westnet-eastnet-vti-01 (IKE SA initiator emitting local proposals): 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=NONE;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512,HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256,HMAC_SHA2_256_128;DH=MODP2048,MODP3072,MODP4096,MODP8192,ECP_256,ECP_384,ECP_521,CURVE25519 Sep 21 07:29:27.765168: | Emitting ikev2_proposals ... Sep 21 07:29:27.765170: | ***emit IKEv2 Security Association Payload: Sep 21 07:29:27.765173: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:27.765175: | flags: none (0x0) Sep 21 07:29:27.765178: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Sep 21 07:29:27.765180: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:29:27.765183: | discarding INTEG=NONE Sep 21 07:29:27.765185: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:29:27.765187: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:27.765190: | prop #: 1 (0x1) Sep 21 07:29:27.765192: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:29:27.765194: | spi size: 0 (0x0) Sep 21 07:29:27.765196: | # transforms: 11 (0xb) Sep 21 07:29:27.765198: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:29:27.765201: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765203: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765206: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:29:27.765208: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:29:27.765210: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765213: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:29:27.765215: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:29:27.765220: | length/value: 256 (0x100) Sep 21 07:29:27.765223: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:29:27.765225: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765227: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765229: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:29:27.765232: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:29:27.765235: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765237: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765240: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765242: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765244: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765246: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:29:27.765248: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:29:27.765251: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765254: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765256: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765258: | discarding INTEG=NONE Sep 21 07:29:27.765260: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765262: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765264: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.765267: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:29:27.765269: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765272: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765274: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765276: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765278: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765281: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.765283: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:29:27.765286: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765289: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765292: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765294: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765297: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765300: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.765303: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:29:27.765306: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765309: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765312: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765314: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765317: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765320: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.765322: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:29:27.765326: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765331: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765334: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765336: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765339: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765342: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.765344: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:29:27.765347: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765351: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765353: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765356: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765359: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765361: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.765364: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:29:27.765367: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765370: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765373: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765376: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765378: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765381: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.765384: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:29:27.765387: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765390: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765393: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765396: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765398: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:29:27.765401: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.765404: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:29:27.765407: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765410: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765413: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765416: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:29:27.765419: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:29:27.765422: | discarding INTEG=NONE Sep 21 07:29:27.765424: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:29:27.765426: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:27.765428: | prop #: 2 (0x2) Sep 21 07:29:27.765431: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:29:27.765433: | spi size: 0 (0x0) Sep 21 07:29:27.765435: | # transforms: 11 (0xb) Sep 21 07:29:27.765438: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:27.765441: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:29:27.765445: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765447: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765449: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:29:27.765451: | IKEv2 transform ID: AES_GCM_C (0x14) Sep 21 07:29:27.765454: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765456: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:29:27.765458: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:29:27.765461: | length/value: 128 (0x80) Sep 21 07:29:27.765463: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:29:27.765465: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765468: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765470: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:29:27.765472: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:29:27.765475: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765478: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765480: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765483: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765485: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765487: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:29:27.765489: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:29:27.765492: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765494: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765497: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765499: | discarding INTEG=NONE Sep 21 07:29:27.765501: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765504: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765506: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.765508: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:29:27.765511: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765513: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765516: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765518: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765521: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765523: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.765525: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:29:27.765528: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765531: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765533: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765536: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765538: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765540: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.765542: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:29:27.765545: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765549: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765552: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765554: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765556: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765558: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.765560: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:29:27.765564: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765566: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765568: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765571: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765573: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765576: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.765578: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:29:27.765580: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765583: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765585: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765588: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765590: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765592: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.765595: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:29:27.765597: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765600: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765602: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765605: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765607: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765610: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.765612: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:29:27.765615: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765618: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765620: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765623: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765625: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:29:27.765628: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.765630: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:29:27.765633: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765635: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765638: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765640: | emitting length of IKEv2 Proposal Substructure Payload: 100 Sep 21 07:29:27.765643: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:29:27.765647: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:29:27.765650: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:27.765652: | prop #: 3 (0x3) Sep 21 07:29:27.765654: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:29:27.765656: | spi size: 0 (0x0) Sep 21 07:29:27.765658: | # transforms: 13 (0xd) Sep 21 07:29:27.765661: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:27.765664: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:29:27.765666: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765669: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765671: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:29:27.765673: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:29:27.765676: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765678: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:29:27.765681: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:29:27.765683: | length/value: 256 (0x100) Sep 21 07:29:27.765686: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:29:27.765688: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765690: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765693: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:29:27.765695: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:29:27.765698: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765700: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765703: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765705: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765707: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765709: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:29:27.765712: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:29:27.765715: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765717: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765720: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765722: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765724: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765726: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:29:27.765729: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:29:27.765731: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765734: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765736: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765738: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765740: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765743: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:29:27.765745: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:29:27.765747: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765750: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765754: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765756: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765758: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765761: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.765763: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:29:27.765766: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765769: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765771: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765773: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765775: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765778: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.765780: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:29:27.765786: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765792: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765795: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765797: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765800: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765802: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.765804: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:29:27.765808: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765810: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765813: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765815: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765817: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765819: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.765821: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:29:27.765824: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765827: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765829: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765831: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765833: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765836: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.765838: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:29:27.765841: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765844: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765846: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765848: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765851: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765853: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.765855: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:29:27.765858: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765863: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765865: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765867: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765870: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765872: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.765874: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:29:27.765877: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765880: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765883: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765885: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765887: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:29:27.765890: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.765892: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:29:27.765895: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765897: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765900: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765903: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:29:27.765905: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:29:27.765908: | ****emit IKEv2 Proposal Substructure Payload: Sep 21 07:29:27.765910: | last proposal: v2_PROPOSAL_LAST (0x0) Sep 21 07:29:27.765912: | prop #: 4 (0x4) Sep 21 07:29:27.765915: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Sep 21 07:29:27.765917: | spi size: 0 (0x0) Sep 21 07:29:27.765919: | # transforms: 13 (0xd) Sep 21 07:29:27.765922: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is v2_PROPOSAL_NON_LAST (0x2) Sep 21 07:29:27.765925: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Sep 21 07:29:27.765927: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765930: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765932: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Sep 21 07:29:27.765934: | IKEv2 transform ID: AES_CBC (0xc) Sep 21 07:29:27.765937: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765940: | ******emit IKEv2 Attribute Substructure Payload: Sep 21 07:29:27.765942: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Sep 21 07:29:27.765945: | length/value: 128 (0x80) Sep 21 07:29:27.765947: | emitting length of IKEv2 Transform Substructure Payload: 12 Sep 21 07:29:27.765950: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765952: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765955: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:29:27.765957: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Sep 21 07:29:27.765960: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765963: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765968: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765971: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765973: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765975: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Sep 21 07:29:27.765978: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Sep 21 07:29:27.765981: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765984: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.765986: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.765989: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.765991: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.765994: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:29:27.765996: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Sep 21 07:29:27.765999: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.766002: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.766004: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.766006: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.766009: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.766011: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Sep 21 07:29:27.766014: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Sep 21 07:29:27.766017: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.766019: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.766022: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.766024: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.766026: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.766029: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.766031: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:29:27.766034: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.766037: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.766039: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.766041: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.766044: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.766046: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.766048: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Sep 21 07:29:27.766051: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.766054: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.766056: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.766059: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.766061: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.766063: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.766065: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Sep 21 07:29:27.766068: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.766073: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.766075: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.766077: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.766080: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.766082: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.766084: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Sep 21 07:29:27.766087: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.766090: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.766092: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.766095: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.766097: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.766100: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.766102: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Sep 21 07:29:27.766105: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.766107: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.766110: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.766112: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.766114: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.766117: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.766119: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Sep 21 07:29:27.766122: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.766124: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.766126: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.766129: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.766131: | last transform: v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.766133: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.766136: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Sep 21 07:29:27.766139: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.766142: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.766145: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.766147: | *****emit IKEv2 Transform Substructure Payload: Sep 21 07:29:27.766150: | last transform: v2_TRANSFORM_LAST (0x0) Sep 21 07:29:27.766153: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Sep 21 07:29:27.766156: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Sep 21 07:29:27.766158: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is v2_TRANSFORM_NON_LAST (0x3) Sep 21 07:29:27.766161: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Sep 21 07:29:27.766163: | emitting length of IKEv2 Transform Substructure Payload: 8 Sep 21 07:29:27.766166: | emitting length of IKEv2 Proposal Substructure Payload: 116 Sep 21 07:29:27.766169: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Sep 21 07:29:27.766171: | emitting length of IKEv2 Security Association Payload: 436 Sep 21 07:29:27.766175: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Sep 21 07:29:27.766178: | ***emit IKEv2 Key Exchange Payload: Sep 21 07:29:27.766180: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:27.766182: | flags: none (0x0) Sep 21 07:29:27.766184: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Sep 21 07:29:27.766187: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Sep 21 07:29:27.766190: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:29:27.766193: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Sep 21 07:29:27.766196: | ikev2 g^x b0 04 c0 71 20 5b d2 8d 45 81 fb 21 7e ac 08 88 Sep 21 07:29:27.766198: | ikev2 g^x 6c cb a4 8f bb f5 49 0b e7 c7 2e f4 3d 6e a9 c0 Sep 21 07:29:27.766200: | ikev2 g^x b8 46 59 d2 20 00 40 cc aa b6 83 b4 7c 1b 4b 1c Sep 21 07:29:27.766202: | ikev2 g^x 70 b4 ea 35 af a2 e5 05 ec 8a d7 e0 b6 fd 49 8e Sep 21 07:29:27.766204: | ikev2 g^x d7 38 85 57 ed 3e 0c 55 12 68 09 c6 8f d9 bf 75 Sep 21 07:29:27.766206: | ikev2 g^x 2d db 25 d0 8d 09 b0 77 b9 cf 45 b6 d3 1b 65 f4 Sep 21 07:29:27.766208: | ikev2 g^x 02 10 fc 41 e1 97 5a 13 6f 18 65 3d 96 4a 28 2a Sep 21 07:29:27.766211: | ikev2 g^x d7 a1 99 48 37 7d 79 89 c4 e1 2c 2c 81 20 4f 82 Sep 21 07:29:27.766213: | ikev2 g^x ed 57 ae 49 2c d2 95 5b 33 64 2d 95 f8 e9 64 4d Sep 21 07:29:27.766215: | ikev2 g^x 58 ba a8 ac 7e f4 2f 34 20 25 88 bb ad a5 ca fc Sep 21 07:29:27.766217: | ikev2 g^x 53 d7 39 8a 89 a3 7d 03 60 3f 19 1b a4 be 6c 4f Sep 21 07:29:27.766219: | ikev2 g^x a6 62 ff d1 2f 24 28 7a 85 ce 58 52 7f 51 61 3b Sep 21 07:29:27.766222: | ikev2 g^x 0e fb 07 5c e2 c4 74 bb d1 ee a8 ea 20 c4 db 74 Sep 21 07:29:27.766224: | ikev2 g^x b9 89 d9 d7 aa 28 c1 ea 6b 07 6c 5f 56 51 65 89 Sep 21 07:29:27.766226: | ikev2 g^x ff bc ea 1d 52 7f 9c 06 60 8d 62 35 3c 38 af a4 Sep 21 07:29:27.766228: | ikev2 g^x e7 9c a9 12 9e 5b ba 30 6d 4d 86 57 62 86 c7 38 Sep 21 07:29:27.766231: | emitting length of IKEv2 Key Exchange Payload: 264 Sep 21 07:29:27.766234: | ***emit IKEv2 Nonce Payload: Sep 21 07:29:27.766236: | next payload type: ISAKMP_NEXT_v2N (0x29) Sep 21 07:29:27.766239: | flags: none (0x0) Sep 21 07:29:27.766242: | next payload chain: ignoring supplied 'IKEv2 Nonce Payload'.'next payload type' value 41:ISAKMP_NEXT_v2N Sep 21 07:29:27.766245: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Sep 21 07:29:27.766248: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:29:27.766251: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Sep 21 07:29:27.766253: | IKEv2 nonce 1a 7d f0 78 69 bb 84 9f a4 a7 7d 34 46 ba 4c 3f Sep 21 07:29:27.766256: | IKEv2 nonce ec 4f 9b 38 7c 3c 5e 5a 30 63 52 78 4e 3d a6 ed Sep 21 07:29:27.766258: | emitting length of IKEv2 Nonce Payload: 36 Sep 21 07:29:27.766261: | Adding a v2N Payload Sep 21 07:29:27.766263: | ***emit IKEv2 Notify Payload: Sep 21 07:29:27.766265: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:27.766268: | flags: none (0x0) Sep 21 07:29:27.766270: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:29:27.766273: | SPI size: 0 (0x0) Sep 21 07:29:27.766276: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Sep 21 07:29:27.766279: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:29:27.766282: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:29:27.766284: | emitting length of IKEv2 Notify Payload: 8 Sep 21 07:29:27.766288: | NAT-Traversal support [enabled] add v2N payloads. Sep 21 07:29:27.766292: | natd_hash: rcookie is zero Sep 21 07:29:27.766308: | natd_hash: hasher=0x55d0f3e007a0(20) Sep 21 07:29:27.766311: | natd_hash: icookie= 2e fd b5 0e 0c b4 77 8c Sep 21 07:29:27.766314: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:29:27.766316: | natd_hash: ip= c0 01 02 2d Sep 21 07:29:27.766318: | natd_hash: port= 01 f4 Sep 21 07:29:27.766321: | natd_hash: hash= d8 90 f5 c6 83 72 a8 51 33 e8 ed f3 fb 9d d9 e9 Sep 21 07:29:27.766323: | natd_hash: hash= dc ef ec cc Sep 21 07:29:27.766325: | Adding a v2N Payload Sep 21 07:29:27.766327: | ***emit IKEv2 Notify Payload: Sep 21 07:29:27.766330: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:27.766333: | flags: none (0x0) Sep 21 07:29:27.766335: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:29:27.766337: | SPI size: 0 (0x0) Sep 21 07:29:27.766340: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Sep 21 07:29:27.766343: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:29:27.766346: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:29:27.766349: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:29:27.766351: | Notify data d8 90 f5 c6 83 72 a8 51 33 e8 ed f3 fb 9d d9 e9 Sep 21 07:29:27.766353: | Notify data dc ef ec cc Sep 21 07:29:27.766356: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:29:27.766358: | natd_hash: rcookie is zero Sep 21 07:29:27.766365: | natd_hash: hasher=0x55d0f3e007a0(20) Sep 21 07:29:27.766367: | natd_hash: icookie= 2e fd b5 0e 0c b4 77 8c Sep 21 07:29:27.766370: | natd_hash: rcookie= 00 00 00 00 00 00 00 00 Sep 21 07:29:27.766372: | natd_hash: ip= c0 01 02 17 Sep 21 07:29:27.766374: | natd_hash: port= 01 f4 Sep 21 07:29:27.766376: | natd_hash: hash= 17 bd 66 d0 88 e4 c9 6a 94 dd 52 89 7b ed 0f 04 Sep 21 07:29:27.766378: | natd_hash: hash= 87 79 94 0f Sep 21 07:29:27.766380: | Adding a v2N Payload Sep 21 07:29:27.766383: | ***emit IKEv2 Notify Payload: Sep 21 07:29:27.766385: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Sep 21 07:29:27.766387: | flags: none (0x0) Sep 21 07:29:27.766390: | Protocol ID: PROTO_v2_RESERVED (0x0) Sep 21 07:29:27.766392: | SPI size: 0 (0x0) Sep 21 07:29:27.766395: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Sep 21 07:29:27.766398: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Sep 21 07:29:27.766400: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Sep 21 07:29:27.766403: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Sep 21 07:29:27.766406: | Notify data 17 bd 66 d0 88 e4 c9 6a 94 dd 52 89 7b ed 0f 04 Sep 21 07:29:27.766408: | Notify data 87 79 94 0f Sep 21 07:29:27.766410: | emitting length of IKEv2 Notify Payload: 28 Sep 21 07:29:27.766413: | emitting length of ISAKMP Message: 828 Sep 21 07:29:27.766420: | stop processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in ikev2_parent_outI1_common() at ikev2_parent.c:817) Sep 21 07:29:27.766427: | start processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3376) Sep 21 07:29:27.766431: | #6 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Sep 21 07:29:27.766434: | IKEv2: transition from state STATE_PARENT_I0 to state STATE_PARENT_I1 Sep 21 07:29:27.766437: | parent state #6: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Sep 21 07:29:27.766440: | Message ID: updating counters for #6 to 4294967295 after switching state Sep 21 07:29:27.766442: | Message ID: IKE #6 skipping update_recv as MD is fake Sep 21 07:29:27.766448: | Message ID: sent #6 request 0; ike: initiator.sent=-1->0 initiator.recv=-1 responder.sent=-1 responder.recv=-1 wip.initiator=-1->0 wip.responder=-1 Sep 21 07:29:27.766453: "westnet-eastnet-vti-01" #6: STATE_PARENT_I1: sent v2I1, expected v2R1 Sep 21 07:29:27.766458: | sending V2 reply packet to 192.1.2.23:500 (from 192.1.2.45:500) Sep 21 07:29:27.766464: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #6) Sep 21 07:29:27.766467: | 2e fd b5 0e 0c b4 77 8c 00 00 00 00 00 00 00 00 Sep 21 07:29:27.766469: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:29:27.766471: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:29:27.766474: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:29:27.766476: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:29:27.766478: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:29:27.766480: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:29:27.766482: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:29:27.766577: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:29:27.766583: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:29:27.766586: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:29:27.766588: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:29:27.766591: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:29:27.766593: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:29:27.766595: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:29:27.766598: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:29:27.766600: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:29:27.766602: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:29:27.766605: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:29:27.766607: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:29:27.766609: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:29:27.766611: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:29:27.766614: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:29:27.766616: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:29:27.766618: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:29:27.766620: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:29:27.766623: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:29:27.766625: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:29:27.766627: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:29:27.766629: | 28 00 01 08 00 0e 00 00 b0 04 c0 71 20 5b d2 8d Sep 21 07:29:27.766631: | 45 81 fb 21 7e ac 08 88 6c cb a4 8f bb f5 49 0b Sep 21 07:29:27.766634: | e7 c7 2e f4 3d 6e a9 c0 b8 46 59 d2 20 00 40 cc Sep 21 07:29:27.766636: | aa b6 83 b4 7c 1b 4b 1c 70 b4 ea 35 af a2 e5 05 Sep 21 07:29:27.766638: | ec 8a d7 e0 b6 fd 49 8e d7 38 85 57 ed 3e 0c 55 Sep 21 07:29:27.766640: | 12 68 09 c6 8f d9 bf 75 2d db 25 d0 8d 09 b0 77 Sep 21 07:29:27.766643: | b9 cf 45 b6 d3 1b 65 f4 02 10 fc 41 e1 97 5a 13 Sep 21 07:29:27.766645: | 6f 18 65 3d 96 4a 28 2a d7 a1 99 48 37 7d 79 89 Sep 21 07:29:27.766648: | c4 e1 2c 2c 81 20 4f 82 ed 57 ae 49 2c d2 95 5b Sep 21 07:29:27.766650: | 33 64 2d 95 f8 e9 64 4d 58 ba a8 ac 7e f4 2f 34 Sep 21 07:29:27.766653: | 20 25 88 bb ad a5 ca fc 53 d7 39 8a 89 a3 7d 03 Sep 21 07:29:27.766655: | 60 3f 19 1b a4 be 6c 4f a6 62 ff d1 2f 24 28 7a Sep 21 07:29:27.766657: | 85 ce 58 52 7f 51 61 3b 0e fb 07 5c e2 c4 74 bb Sep 21 07:29:27.766660: | d1 ee a8 ea 20 c4 db 74 b9 89 d9 d7 aa 28 c1 ea Sep 21 07:29:27.766662: | 6b 07 6c 5f 56 51 65 89 ff bc ea 1d 52 7f 9c 06 Sep 21 07:29:27.766665: | 60 8d 62 35 3c 38 af a4 e7 9c a9 12 9e 5b ba 30 Sep 21 07:29:27.766667: | 6d 4d 86 57 62 86 c7 38 29 00 00 24 1a 7d f0 78 Sep 21 07:29:27.766669: | 69 bb 84 9f a4 a7 7d 34 46 ba 4c 3f ec 4f 9b 38 Sep 21 07:29:27.766672: | 7c 3c 5e 5a 30 63 52 78 4e 3d a6 ed 29 00 00 08 Sep 21 07:29:27.766677: | 00 00 40 2e 29 00 00 1c 00 00 40 04 d8 90 f5 c6 Sep 21 07:29:27.766679: | 83 72 a8 51 33 e8 ed f3 fb 9d d9 e9 dc ef ec cc Sep 21 07:29:27.766682: | 00 00 00 1c 00 00 40 05 17 bd 66 d0 88 e4 c9 6a Sep 21 07:29:27.766684: | 94 dd 52 89 7b ed 0f 04 87 79 94 0f Sep 21 07:29:27.766724: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:29:27.766730: | libevent_free: release ptr-libevent@0x55d0f5690ff0 Sep 21 07:29:27.766733: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55d0f569a430 Sep 21 07:29:27.766736: | success_v2_state_transition scheduling EVENT_RETRANSMIT of c->r_interval=500ms Sep 21 07:29:27.766740: | event_schedule: new EVENT_RETRANSMIT-pe@0x55d0f569a430 Sep 21 07:29:27.766743: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #6 Sep 21 07:29:27.766746: | libevent_malloc: new ptr-libevent@0x55d0f5690ff0 size 128 Sep 21 07:29:27.766753: | #6 STATE_PARENT_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49614.135004 Sep 21 07:29:27.766757: | resume sending helper answer for #6 suppresed complete_v2_state_transition() and stole MD Sep 21 07:29:27.766764: | #6 spent 1.56 milliseconds in resume sending helper answer Sep 21 07:29:27.766769: | stop processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:29:27.766772: | libevent_free: release ptr-libevent@0x7f9c8c006900 Sep 21 07:29:28.267198: | timer_event_cb: processing event@0x55d0f569a430 Sep 21 07:29:28.267211: | handling event EVENT_RETRANSMIT for parent state #6 Sep 21 07:29:28.267219: | start processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:29:28.267223: | IKEv2 retransmit event Sep 21 07:29:28.267228: | [RE]START processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:144) Sep 21 07:29:28.267233: | handling event EVENT_RETRANSMIT for 192.1.2.23 "westnet-eastnet-vti-01" #6 attempt 2 of 0 Sep 21 07:29:28.267237: | and parent for 192.1.2.23 "westnet-eastnet-vti-01" #6 keying attempt 1 of 0; retransmit 1 Sep 21 07:29:28.267244: | retransmits: current time 49614.635505; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.500501 exceeds limit? NO Sep 21 07:29:28.267247: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f9c8c002b20 Sep 21 07:29:28.267251: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #6 Sep 21 07:29:28.267254: | libevent_malloc: new ptr-libevent@0x7f9c8c006900 size 128 Sep 21 07:29:28.267259: "westnet-eastnet-vti-01" #6: STATE_PARENT_I1: retransmission; will wait 0.5 seconds for response Sep 21 07:29:28.267265: | sending 828 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #6) Sep 21 07:29:28.267268: | 2e fd b5 0e 0c b4 77 8c 00 00 00 00 00 00 00 00 Sep 21 07:29:28.267270: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Sep 21 07:29:28.267272: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Sep 21 07:29:28.267275: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Sep 21 07:29:28.267277: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Sep 21 07:29:28.267279: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Sep 21 07:29:28.267281: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Sep 21 07:29:28.267284: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Sep 21 07:29:28.267286: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Sep 21 07:29:28.267288: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Sep 21 07:29:28.267290: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Sep 21 07:29:28.267292: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Sep 21 07:29:28.267295: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Sep 21 07:29:28.267297: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Sep 21 07:29:28.267299: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Sep 21 07:29:28.267305: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Sep 21 07:29:28.267307: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Sep 21 07:29:28.267310: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Sep 21 07:29:28.267312: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Sep 21 07:29:28.267314: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Sep 21 07:29:28.267316: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Sep 21 07:29:28.267319: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Sep 21 07:29:28.267321: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Sep 21 07:29:28.267323: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Sep 21 07:29:28.267325: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Sep 21 07:29:28.267327: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Sep 21 07:29:28.267330: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Sep 21 07:29:28.267332: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Sep 21 07:29:28.267334: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Sep 21 07:29:28.267336: | 28 00 01 08 00 0e 00 00 b0 04 c0 71 20 5b d2 8d Sep 21 07:29:28.267339: | 45 81 fb 21 7e ac 08 88 6c cb a4 8f bb f5 49 0b Sep 21 07:29:28.267341: | e7 c7 2e f4 3d 6e a9 c0 b8 46 59 d2 20 00 40 cc Sep 21 07:29:28.267343: | aa b6 83 b4 7c 1b 4b 1c 70 b4 ea 35 af a2 e5 05 Sep 21 07:29:28.267345: | ec 8a d7 e0 b6 fd 49 8e d7 38 85 57 ed 3e 0c 55 Sep 21 07:29:28.267347: | 12 68 09 c6 8f d9 bf 75 2d db 25 d0 8d 09 b0 77 Sep 21 07:29:28.267350: | b9 cf 45 b6 d3 1b 65 f4 02 10 fc 41 e1 97 5a 13 Sep 21 07:29:28.267352: | 6f 18 65 3d 96 4a 28 2a d7 a1 99 48 37 7d 79 89 Sep 21 07:29:28.267354: | c4 e1 2c 2c 81 20 4f 82 ed 57 ae 49 2c d2 95 5b Sep 21 07:29:28.267356: | 33 64 2d 95 f8 e9 64 4d 58 ba a8 ac 7e f4 2f 34 Sep 21 07:29:28.267358: | 20 25 88 bb ad a5 ca fc 53 d7 39 8a 89 a3 7d 03 Sep 21 07:29:28.267361: | 60 3f 19 1b a4 be 6c 4f a6 62 ff d1 2f 24 28 7a Sep 21 07:29:28.267363: | 85 ce 58 52 7f 51 61 3b 0e fb 07 5c e2 c4 74 bb Sep 21 07:29:28.267365: | d1 ee a8 ea 20 c4 db 74 b9 89 d9 d7 aa 28 c1 ea Sep 21 07:29:28.267367: | 6b 07 6c 5f 56 51 65 89 ff bc ea 1d 52 7f 9c 06 Sep 21 07:29:28.267369: | 60 8d 62 35 3c 38 af a4 e7 9c a9 12 9e 5b ba 30 Sep 21 07:29:28.267372: | 6d 4d 86 57 62 86 c7 38 29 00 00 24 1a 7d f0 78 Sep 21 07:29:28.267374: | 69 bb 84 9f a4 a7 7d 34 46 ba 4c 3f ec 4f 9b 38 Sep 21 07:29:28.267376: | 7c 3c 5e 5a 30 63 52 78 4e 3d a6 ed 29 00 00 08 Sep 21 07:29:28.267378: | 00 00 40 2e 29 00 00 1c 00 00 40 04 d8 90 f5 c6 Sep 21 07:29:28.267381: | 83 72 a8 51 33 e8 ed f3 fb 9d d9 e9 dc ef ec cc Sep 21 07:29:28.267383: | 00 00 00 1c 00 00 40 05 17 bd 66 d0 88 e4 c9 6a Sep 21 07:29:28.267385: | 94 dd 52 89 7b ed 0f 04 87 79 94 0f Sep 21 07:29:28.267416: | libevent_free: release ptr-libevent@0x55d0f5690ff0 Sep 21 07:29:28.267420: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55d0f569a430 Sep 21 07:29:28.267427: | #6 spent 0.226 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:29:28.267432: | stop processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:29:28.683419: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:29:28.683937: shutting down Sep 21 07:29:28.683950: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:29:28.683954: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:29:28.683961: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:29:28.683963: forgetting secrets Sep 21 07:29:28.683969: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:29:28.683974: | unreference key: 0x55d0f5616520 @east cnt 1-- Sep 21 07:29:28.683978: | unreference key: 0x55d0f56148c0 @west cnt 1-- Sep 21 07:29:28.683983: | start processing: connection "westnet-eastnet-vti-01" (in delete_connection() at connections.c:189) Sep 21 07:29:28.683990: | removing pending policy for no connection {0x55d0f5690f00} Sep 21 07:29:28.683993: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:29:28.683995: | pass 0 Sep 21 07:29:28.683998: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:29:28.684000: | state #6 Sep 21 07:29:28.684003: | suspend processing: connection "westnet-eastnet-vti-01" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:29:28.684009: | start processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:29:28.684013: | pstats #6 ikev2.ike deleted other Sep 21 07:29:28.684018: | #6 spent 2.61 milliseconds in total Sep 21 07:29:28.684023: | [RE]START processing: state #6 connection "westnet-eastnet-vti-01" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:29:28.684028: "westnet-eastnet-vti-01" #6: deleting state (STATE_PARENT_I1) aged 0.919s and NOT sending notification Sep 21 07:29:28.684031: | parent state #6: PARENT_I1(half-open IKE SA) => delete Sep 21 07:29:28.684034: | state #6 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:29:28.684037: | #6 STATE_PARENT_I1: retransmits: cleared Sep 21 07:29:28.684041: | libevent_free: release ptr-libevent@0x7f9c8c006900 Sep 21 07:29:28.684044: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f9c8c002b20 Sep 21 07:29:28.684047: | State DB: IKEv2 state not found (flush_incomplete_children) Sep 21 07:29:28.684050: | picked newest_isakmp_sa #0 for #6 Sep 21 07:29:28.684053: "westnet-eastnet-vti-01" #6: deleting IKE SA for connection 'westnet-eastnet-vti-01' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:29:28.684056: | add revival: connection 'westnet-eastnet-vti-01' added to the list and scheduled for 5 seconds Sep 21 07:29:28.684059: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Sep 21 07:29:28.684065: | stop processing: connection "westnet-eastnet-vti-01" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:29:28.684068: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:29:28.684071: | in connection_discard for connection westnet-eastnet-vti-01 Sep 21 07:29:28.684073: | State DB: deleting IKEv2 state #6 in PARENT_I1 Sep 21 07:29:28.684077: | parent state #6: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Sep 21 07:29:28.684097: | stop processing: state #6 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:29:28.684102: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:29:28.684105: | pass 1 Sep 21 07:29:28.684107: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:29:28.684114: | shunt_eroute() called for connection 'westnet-eastnet-vti-01' to 'delete' for rt_kind 'unrouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:29:28.684120: | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:29:28.684123: | priority calculation of connection "westnet-eastnet-vti-01" is 0xfe7e7 Sep 21 07:29:28.684373: | priority calculation of connection "westnet-eastnet-vti-01" is 0xfe7e7 Sep 21 07:29:28.684389: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:29:28.684393: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff vs Sep 21 07:29:28.684396: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff Sep 21 07:29:28.684399: | conn westnet-eastnet-vti-01 mark 20/0xffffffff, 21/0xffffffff vs Sep 21 07:29:28.684403: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff Sep 21 07:29:28.684407: | route owner of "westnet-eastnet-vti-01" unrouted: NULL Sep 21 07:29:28.684410: | running updown command "ipsec _updown" for verb unroute Sep 21 07:29:28.684413: | command executing unroute-client Sep 21 07:29:28.684444: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xf Sep 21 07:29:28.684451: | popen cmd is 1121 chars long Sep 21 07:29:28.684454: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Sep 21 07:29:28.684457: | cmd( 80):t-vti-01' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.4: Sep 21 07:29:28.684459: | cmd( 160):5' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0: Sep 21 07:29:28.684462: | cmd( 240):.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='192.0.1.254/24' PLUTO_MY_PORT: Sep 21 07:29:28.684465: | cmd( 320):='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEE: Sep 21 07:29:28.684468: | cmd( 400):R='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER: Sep 21 07:29:28.684470: | cmd( 480):_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT=': Sep 21 07:29:28.684473: | cmd( 560):0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME=': Sep 21 07:29:28.684475: | cmd( 640):0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_F: Sep 21 07:29:28.684478: | cmd( 720):RAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XA: Sep 21 07:29:28.684481: | cmd( 800):UTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_IN: Sep 21 07:29:28.684483: | cmd( 880):FO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CO: Sep 21 07:29:28.684485: | cmd( 960):NFIGURED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ips: Sep 21 07:29:28.684488: | cmd(1040):ec0' VTI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&: Sep 21 07:29:28.684490: | cmd(1120):1: Sep 21 07:29:28.713194: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.713244: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.713276: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.713307: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.713338: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714198: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714241: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714276: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714309: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714341: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714374: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714410: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714438: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714452: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714466: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714480: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714548: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714553: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714556: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714558: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714560: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714563: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714572: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714587: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714600: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714613: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714628: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714905: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714918: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714932: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714945: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714961: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714975: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714987: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.714999: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715013: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715027: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715041: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715054: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715067: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715079: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715093: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715105: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715118: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715130: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715143: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715158: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715170: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715183: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715208: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715239: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715270: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715299: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715330: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715359: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715389: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715420: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715447: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715472: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715497: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715525: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715556: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715580: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715590: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715607: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715623: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715638: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715652: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715665: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715678: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715722: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715725: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715727: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715730: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715744: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715761: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715885: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715893: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715896: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715898: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715900: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715903: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715905: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715907: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715911: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715913: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715922: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715936: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715949: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715961: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715973: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.715989: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.716002: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.716016: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.716029: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.716042: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.716057: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.716072: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.716086: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.716100: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.716141: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.716156: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.716171: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.736282: | flush revival: connection 'westnet-eastnet-vti-01' revival flushed Sep 21 07:29:28.736295: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:29:28.736305: | start processing: connection "westnet-eastnet-vti-02" (in delete_connection() at connections.c:189) Sep 21 07:29:28.736309: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:29:28.736311: | pass 0 Sep 21 07:29:28.736313: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:29:28.736316: | pass 1 Sep 21 07:29:28.736321: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:29:28.736329: | shunt_eroute() called for connection 'westnet-eastnet-vti-02' to 'delete' for rt_kind 'unrouted' using protoports 10.0.1.0/24:0 --0->- 10.0.2.0/24:0 Sep 21 07:29:28.736334: | netlink_shunt_eroute for proto 0, and source 10.0.1.0/24:0 dest 10.0.2.0/24:0 Sep 21 07:29:28.736338: | priority calculation of connection "westnet-eastnet-vti-02" is 0xfe7e7 Sep 21 07:29:28.736691: | priority calculation of connection "westnet-eastnet-vti-02" is 0xfe7e7 Sep 21 07:29:28.736706: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:29:28.736709: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff vs Sep 21 07:29:28.736712: | conn westnet-eastnet-vti-02 mark 20/0xffffffff, 21/0xffffffff Sep 21 07:29:28.736716: | route owner of "westnet-eastnet-vti-02" unrouted: NULL Sep 21 07:29:28.736719: | running updown command "ipsec _updown" for verb unroute Sep 21 07:29:28.736722: | command executing unroute-client Sep 21 07:29:28.736752: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLIENT_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' CONNMARK_IN=20/0xffffff Sep 21 07:29:28.736755: | popen cmd is 1116 chars long Sep 21 07:29:28.736758: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Sep 21 07:29:28.736761: | cmd( 80):t-vti-02' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.4: Sep 21 07:29:28.736764: | cmd( 160):5' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='10.0.1.0/24' PLUTO_MY_CLIENT_NET='10.0.1: Sep 21 07:29:28.736766: | cmd( 240):.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' VTI_IP='10.0.1.254/24' PLUTO_MY_PORT='0: Sep 21 07:29:28.736769: | cmd( 320):' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER=': Sep 21 07:29:28.736771: | cmd( 400):192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='10.0.2.0/24' PLUTO_PEER_CLI: Sep 21 07:29:28.736774: | cmd( 480):ENT_NET='10.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PL: Sep 21 07:29:28.736776: | cmd( 560):UTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PL: Sep 21 07:29:28.736779: | cmd( 640):UTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_A: Sep 21 07:29:28.736781: | cmd( 720):LLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_F: Sep 21 07:29:28.737206: | cmd( 800):AILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='': Sep 21 07:29:28.737215: | cmd( 880): PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGU: Sep 21 07:29:28.737218: | cmd( 960):RED='0' CONNMARK_IN=20/0xffffffff CONNMARK_OUT=21/0xffffffff VTI_IFACE='ipsec0' : Sep 21 07:29:28.737221: | cmd(1040):VTI_ROUTING='yes' VTI_SHARED='yes' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:29:28.826163: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.826206: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.826234: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.826265: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.826292: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.826320: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.826351: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.826379: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.826406: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.826434: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.826461: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.826552: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.826589: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.826617: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.826644: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.826671: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.826700: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.826728: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.826754: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.826786: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.826822: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.826854: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.826881: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.826909: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.826936: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.826963: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.826991: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827226: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827235: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827245: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827258: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827271: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827283: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827294: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827306: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827318: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827333: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827345: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827357: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827369: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827379: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827393: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827405: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827416: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827428: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827439: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827453: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827465: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827477: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827488: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827500: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827515: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827528: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827539: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827551: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827563: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827578: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827590: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827601: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827613: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827624: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827638: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827650: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827662: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827673: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827685: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827700: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827712: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827724: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827735: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827748: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827763: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827775: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827812: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827818: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827822: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827828: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827836: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827848: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827860: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827872: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827887: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827900: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827911: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827923: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827935: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827948: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827959: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827971: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827983: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.827995: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.828009: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.828021: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.828032: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.828044: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.828055: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.828071: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.828083: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.828095: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.828106: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.828140: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.828155: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.828168: "westnet-eastnet-vti-02": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:29:28.882863: | free hp@0x55d0f5658450 Sep 21 07:29:28.882880: | flush revival: connection 'westnet-eastnet-vti-02' wasn't on the list Sep 21 07:29:28.882885: | stop processing: connection "westnet-eastnet-vti-02" (in discard_connection() at connections.c:249) Sep 21 07:29:28.882892: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:29:28.882894: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:29:28.882908: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:29:28.882911: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:29:28.882914: shutting down interface eth1/eth1 192.1.2.45:4500 Sep 21 07:29:28.882917: shutting down interface eth1/eth1 192.1.2.45:500 Sep 21 07:29:28.882922: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:29:28.882930: | libevent_free: release ptr-libevent@0x55d0f568ba40 Sep 21 07:29:28.882933: | free_event_entry: release EVENT_NULL-pe@0x55d0f5674890 Sep 21 07:29:28.882942: | libevent_free: release ptr-libevent@0x55d0f568bb30 Sep 21 07:29:28.882948: | free_event_entry: release EVENT_NULL-pe@0x55d0f568baf0 Sep 21 07:29:28.882954: | libevent_free: release ptr-libevent@0x55d0f568bc20 Sep 21 07:29:28.882957: | free_event_entry: release EVENT_NULL-pe@0x55d0f568bbe0 Sep 21 07:29:28.882963: | libevent_free: release ptr-libevent@0x55d0f568bd10 Sep 21 07:29:28.882965: | free_event_entry: release EVENT_NULL-pe@0x55d0f568bcd0 Sep 21 07:29:28.882969: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:29:28.883525: | libevent_free: release ptr-libevent@0x55d0f568b4e0 Sep 21 07:29:28.883533: | free_event_entry: release EVENT_NULL-pe@0x55d0f566f2d0 Sep 21 07:29:28.883537: | libevent_free: release ptr-libevent@0x55d0f5680f70 Sep 21 07:29:28.883540: | free_event_entry: release EVENT_NULL-pe@0x55d0f5674d00 Sep 21 07:29:28.883544: | libevent_free: release ptr-libevent@0x55d0f5680ee0 Sep 21 07:29:28.883546: | free_event_entry: release EVENT_NULL-pe@0x55d0f5674d40 Sep 21 07:29:28.883550: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:29:28.883552: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:29:28.883554: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:29:28.883557: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:29:28.883559: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:29:28.883561: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:29:28.883564: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:29:28.883566: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:29:28.883568: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:29:28.883573: | libevent_free: release ptr-libevent@0x55d0f568b5b0 Sep 21 07:29:28.883576: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:29:28.883579: | libevent_free: release ptr-libevent@0x55d0f568b690 Sep 21 07:29:28.883582: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:29:28.883584: | libevent_free: release ptr-libevent@0x55d0f568b750 Sep 21 07:29:28.883586: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:29:28.883589: | libevent_free: release ptr-libevent@0x55d0f5680260 Sep 21 07:29:28.883592: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:29:28.883594: | releasing event base Sep 21 07:29:28.883607: | libevent_free: release ptr-libevent@0x55d0f568b810 Sep 21 07:29:28.883610: | libevent_free: release ptr-libevent@0x55d0f5661ea0 Sep 21 07:29:28.883614: | libevent_free: release ptr-libevent@0x55d0f566f5e0 Sep 21 07:29:28.883616: | libevent_free: release ptr-libevent@0x55d0f569a340 Sep 21 07:29:28.883619: | libevent_free: release ptr-libevent@0x55d0f566f600 Sep 21 07:29:28.883622: | libevent_free: release ptr-libevent@0x55d0f568b570 Sep 21 07:29:28.883624: | libevent_free: release ptr-libevent@0x55d0f568b650 Sep 21 07:29:28.883626: | libevent_free: release ptr-libevent@0x55d0f566f690 Sep 21 07:29:28.883629: | libevent_free: release ptr-libevent@0x55d0f566f970 Sep 21 07:29:28.883631: | libevent_free: release ptr-libevent@0x55d0f5674040 Sep 21 07:29:28.883633: | libevent_free: release ptr-libevent@0x55d0f568bda0 Sep 21 07:29:28.883635: | libevent_free: release ptr-libevent@0x55d0f568bcb0 Sep 21 07:29:28.883637: | libevent_free: release ptr-libevent@0x55d0f568bbc0 Sep 21 07:29:28.883639: | libevent_free: release ptr-libevent@0x55d0f568bad0 Sep 21 07:29:28.883642: | libevent_free: release ptr-libevent@0x55d0f55f1370 Sep 21 07:29:28.883644: | libevent_free: release ptr-libevent@0x55d0f568b730 Sep 21 07:29:28.883647: | libevent_free: release ptr-libevent@0x55d0f568b670 Sep 21 07:29:28.883649: | libevent_free: release ptr-libevent@0x55d0f568b590 Sep 21 07:29:28.883652: | libevent_free: release ptr-libevent@0x55d0f568b7f0 Sep 21 07:29:28.883654: | libevent_free: release ptr-libevent@0x55d0f55ef5b0 Sep 21 07:29:28.883656: | libevent_free: release ptr-libevent@0x55d0f566f620 Sep 21 07:29:28.883659: | libevent_free: release ptr-libevent@0x55d0f566f650 Sep 21 07:29:28.883661: | libevent_free: release ptr-libevent@0x55d0f566f340 Sep 21 07:29:28.883663: | releasing global libevent data Sep 21 07:29:28.883669: | libevent_free: release ptr-libevent@0x55d0f566dff0 Sep 21 07:29:28.883672: | libevent_free: release ptr-libevent@0x55d0f566e020 Sep 21 07:29:28.883675: | libevent_free: release ptr-libevent@0x55d0f566f310