Oct 31 15:24:18.912401: | newref logger@0x55d64a66dbb8(0->1) (in main() at plutomain.c:1591)
Oct 31 15:24:18.912444: | delref logger@0x55d64a66dbb8(1->0) (in main() at plutomain.c:1592)
Oct 31 15:24:18.912450: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:18.912452: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:18.912457: NSS DB directory: sql:/var/lib/ipsec/nss
Oct 31 15:24:18.912601: Initializing NSS
Oct 31 15:24:18.912606: Opening NSS database "sql:/var/lib/ipsec/nss" read-only
Oct 31 15:24:18.944059: FIPS Mode: NO
Oct 31 15:24:18.944071: NSS crypto library initialized
Oct 31 15:24:18.944098: FIPS mode disabled for pluto daemon
Oct 31 15:24:18.944101: FIPS HMAC integrity support [disabled]
Oct 31 15:24:18.944160: libcap-ng support [enabled]
Oct 31 15:24:18.944166: Linux audit support [enabled]
Oct 31 15:24:18.944182: Linux audit activated
Oct 31 15:24:18.944188: Starting Pluto (Libreswan Version v4.1-88-gf1d1933837ef-main IKEv2 IKEv1 XFRM(netkey) XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-PRF) DNSSEC LABELED_IPSEC (SELINUX) SECCOMP LIBCAP_NG LINUX_AUDIT AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:2108163
Oct 31 15:24:18.944190: core dump dir: /tmp
Oct 31 15:24:18.944191: secrets file: /etc/ipsec.secrets
Oct 31 15:24:18.944193: leak-detective enabled
Oct 31 15:24:18.944194: NSS crypto [enabled]
Oct 31 15:24:18.944195: XAUTH PAM support [enabled]
Oct 31 15:24:18.944261: | libevent is using pluto's memory allocator
Oct 31 15:24:18.944268: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800)
Oct 31 15:24:18.944278: | libevent_malloc: newref ptr-libevent@0x55d64a6f0fa8 size 40
Oct 31 15:24:18.944282: | libevent_malloc: newref ptr-libevent@0x55d64a6e50b8 size 40
Oct 31 15:24:18.944284: | libevent_malloc: newref ptr-libevent@0x55d64a6f1488 size 40
Oct 31 15:24:18.944285: | creating event base
Oct 31 15:24:18.944287: | libevent_malloc: newref ptr-libevent@0x55d64a6f1788 size 56
Oct 31 15:24:18.944289: | libevent_malloc: newref ptr-libevent@0x55d64a6e7bd8 size 664
Oct 31 15:24:18.944298: | libevent_malloc: newref ptr-libevent@0x55d64a71e458 size 24
Oct 31 15:24:18.944300: | libevent_malloc: newref ptr-libevent@0x55d64a71e4a8 size 384
Oct 31 15:24:18.944308: | libevent_malloc: newref ptr-libevent@0x55d64a71e658 size 16
Oct 31 15:24:18.944310: | libevent_malloc: newref ptr-libevent@0x55d64a6f1408 size 40
Oct 31 15:24:18.944311: | libevent_malloc: newref ptr-libevent@0x55d64a6f0c68 size 48
Oct 31 15:24:18.944314: | libevent_realloc: newref ptr-libevent@0x55d64a71e698 size 256
Oct 31 15:24:18.944316: | libevent_malloc: newref ptr-libevent@0x55d64a71e7c8 size 16
Oct 31 15:24:18.944319: | libevent_free: delref ptr-libevent@0x55d64a6f1788
Oct 31 15:24:18.944321: | libevent initialized
Oct 31 15:24:18.944324: | libevent_realloc: newref ptr-libevent@0x55d64a6f1788 size 64
Oct 31 15:24:18.944327: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds
Oct 31 15:24:18.944329: | init_nat_traversal() initialized with keep_alive=0s
Oct 31 15:24:18.944330: NAT-Traversal support  [enabled]
Oct 31 15:24:18.944332: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized
Oct 31 15:24:18.944335: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized
Oct 31 15:24:18.944337: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds
Oct 31 15:24:18.944348: | checking IKEv1 state table
Oct 31 15:24:18.944352: |   MAIN_R0: category: half-open IKE SA; flags: 0:
Oct 31 15:24:18.944354: |     -> MAIN_R1 EVENT_SO_DISCARD (main_inI1_outR1)
Oct 31 15:24:18.944357: |   MAIN_I1: category: half-open IKE SA; flags: 0:
Oct 31 15:24:18.944358: |     -> MAIN_I2 EVENT_RETRANSMIT (main_inR1_outI2)
Oct 31 15:24:18.944360: |   MAIN_R1: category: open IKE SA; flags: 0:
Oct 31 15:24:18.944361: |     -> MAIN_R2 EVENT_RETRANSMIT (main_inI2_outR2)
Oct 31 15:24:18.944363: |     -> MAIN_R1 EVENT_RETRANSMIT (unexpected)
Oct 31 15:24:18.944364: |     -> MAIN_R1 EVENT_RETRANSMIT (unexpected)
Oct 31 15:24:18.944366: |   MAIN_I2: category: open IKE SA; flags: 0:
Oct 31 15:24:18.944372: |     -> MAIN_I3 EVENT_RETRANSMIT (main_inR2_outI3)
Oct 31 15:24:18.944374: |     -> MAIN_I2 EVENT_RETRANSMIT (unexpected)
Oct 31 15:24:18.944375: |     -> MAIN_I2 EVENT_RETRANSMIT (unexpected)
Oct 31 15:24:18.944376: |   MAIN_R2: category: open IKE SA; flags: 0:
Oct 31 15:24:18.944378: |     -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3)
Oct 31 15:24:18.944379: |     -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3)
Oct 31 15:24:18.944380: |     -> MAIN_R2 EVENT_SA_REPLACE (unexpected)
Oct 31 15:24:18.944382: |   MAIN_I3: category: open IKE SA; flags: 0:
Oct 31 15:24:18.944383: |     -> MAIN_I4 EVENT_SA_REPLACE (main_inR3)
Oct 31 15:24:18.944385: |     -> MAIN_I4 EVENT_SA_REPLACE (main_inR3)
Oct 31 15:24:18.944386: |     -> MAIN_I3 EVENT_SA_REPLACE (unexpected)
Oct 31 15:24:18.944388: |   MAIN_R3: category: established IKE SA; flags: 0:
Oct 31 15:24:18.944389: |     -> MAIN_R3 EVENT_NULL (unexpected)
Oct 31 15:24:18.944391: |   MAIN_I4: category: established IKE SA; flags: 0:
Oct 31 15:24:18.944392: |     -> MAIN_I4 EVENT_NULL (unexpected)
Oct 31 15:24:18.944393: |   AGGR_R0: category: half-open IKE SA; flags: 0:
Oct 31 15:24:18.944395: |     -> AGGR_R1 EVENT_SO_DISCARD (aggr_inI1_outR1)
Oct 31 15:24:18.944396: |   AGGR_I1: category: half-open IKE SA; flags: 0:
Oct 31 15:24:18.944398: |     -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2)
Oct 31 15:24:18.944399: |     -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2)
Oct 31 15:24:18.944401: |   AGGR_R1: category: open IKE SA; flags: 0:
Oct 31 15:24:18.944402: |     -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2)
Oct 31 15:24:18.944403: |     -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2)
Oct 31 15:24:18.944405: |   AGGR_I2: category: established IKE SA; flags: 0:
Oct 31 15:24:18.944406: |     -> AGGR_I2 EVENT_NULL (unexpected)
Oct 31 15:24:18.944408: |   AGGR_R2: category: established IKE SA; flags: 0:
Oct 31 15:24:18.944409: |     -> AGGR_R2 EVENT_NULL (unexpected)
Oct 31 15:24:18.944411: |   QUICK_R0: category: established CHILD SA; flags: 0:
Oct 31 15:24:18.944412: |     -> QUICK_R1 EVENT_RETRANSMIT (quick_inI1_outR1)
Oct 31 15:24:18.944414: |   QUICK_I1: category: established CHILD SA; flags: 0:
Oct 31 15:24:18.944415: |     -> QUICK_I2 EVENT_SA_REPLACE (quick_inR1_outI2)
Oct 31 15:24:18.944417: |   QUICK_R1: category: established CHILD SA; flags: 0:
Oct 31 15:24:18.944418: |     -> QUICK_R2 EVENT_SA_REPLACE (quick_inI2)
Oct 31 15:24:18.944419: |   QUICK_I2: category: established CHILD SA; flags: 0:
Oct 31 15:24:18.944421: |     -> QUICK_I2 EVENT_NULL (unexpected)
Oct 31 15:24:18.944422: |   QUICK_R2: category: established CHILD SA; flags: 0:
Oct 31 15:24:18.944424: |     -> QUICK_R2 EVENT_NULL (unexpected)
Oct 31 15:24:18.944425: |   INFO: category: informational; flags: 0:
Oct 31 15:24:18.944427: |     -> INFO EVENT_NULL (informational)
Oct 31 15:24:18.944428: |   INFO_PROTECTED: category: informational; flags: 0:
Oct 31 15:24:18.944430: |     -> INFO_PROTECTED EVENT_NULL (informational)
Oct 31 15:24:18.944431: |   XAUTH_R0: category: established IKE SA; flags: 0:
Oct 31 15:24:18.944432: |     -> XAUTH_R1 EVENT_NULL (xauth_inR0)
Oct 31 15:24:18.944434: |   XAUTH_R1: category: established IKE SA; flags: 0:
Oct 31 15:24:18.944435: |     -> MAIN_R3 EVENT_SA_REPLACE (xauth_inR1)
Oct 31 15:24:18.944437: |   MODE_CFG_R0: category: informational; flags: 0:
Oct 31 15:24:18.944438: |     -> MODE_CFG_R1 EVENT_SA_REPLACE (modecfg_inR0)
Oct 31 15:24:18.944440: |   MODE_CFG_R1: category: established IKE SA; flags: 0:
Oct 31 15:24:18.944441: |     -> MODE_CFG_R2 EVENT_SA_REPLACE (modecfg_inR1)
Oct 31 15:24:18.944443: |   MODE_CFG_R2: category: established IKE SA; flags: 0:
Oct 31 15:24:18.944444: |     -> MODE_CFG_R2 EVENT_NULL (unexpected)
Oct 31 15:24:18.944446: |   MODE_CFG_I1: category: established IKE SA; flags: 0:
Oct 31 15:24:18.944447: |     -> MAIN_I4 EVENT_SA_REPLACE (modecfg_inR1)
Oct 31 15:24:18.944449: |   XAUTH_I0: category: established IKE SA; flags: 0:
Oct 31 15:24:18.944450: |     -> XAUTH_I1 EVENT_RETRANSMIT (xauth_inI0)
Oct 31 15:24:18.944453: |   XAUTH_I1: category: established IKE SA; flags: 0:
Oct 31 15:24:18.944454: |     -> MAIN_I4 EVENT_RETRANSMIT (xauth_inI1)
Oct 31 15:24:18.944459: | checking IKEv2 state table
Oct 31 15:24:18.944464: |   V2_REKEY_IKE_I0: category: established IKE SA; flags: 0:
Oct 31 15:24:18.944465: |     -> V2_REKEY_IKE_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey)
Oct 31 15:24:18.944468: |   V2_REKEY_CHILD_I0: category: established IKE SA; flags: 0:
Oct 31 15:24:18.944470: |     -> V2_REKEY_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA)
Oct 31 15:24:18.944471: |   V2_NEW_CHILD_I0: category: established IKE SA; flags: 0:
Oct 31 15:24:18.944473: |     -> V2_NEW_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA)
Oct 31 15:24:18.944474: |   PARENT_I0: category: ignore; flags: 0:
Oct 31 15:24:18.944476: |     -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT)
Oct 31 15:24:18.944478: |   PARENT_I1: category: half-open IKE SA; flags: 0:
Oct 31 15:24:18.944479: |     -> PARENT_I0 EVENT_SO_DISCARD (received anti-DDOS COOKIE notify response; resending IKE_SA_INIT request with cookie payload added)
Oct 31 15:24:18.944483: |     -> PARENT_I0 EVENT_SO_DISCARD (received IKE_SA_INIT INVALID_KE_PAYLOAD notify response; resending IKE_SA_INIT with new KE payload)
Oct 31 15:24:18.944485: |     -> IKESA_DEL EVENT_v2_REDIRECT (received REDIRECT notify response; resending IKE_SA_INIT request to new destination)
Oct 31 15:24:18.944487: |     -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE)
Oct 31 15:24:18.944488: |   PARENT_I2: category: open IKE SA; flags: 0:
Oct 31 15:24:18.944490: |     -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_INTERMEDIATE reply, initiate IKE_AUTH or IKE_INTERMEDIATE)
Oct 31 15:24:18.944491: |     -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification)
Oct 31 15:24:18.944493: |     -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification)
Oct 31 15:24:18.944494: |     -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification)
Oct 31 15:24:18.944496: |     -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Initiator: process IKE_AUTH response)
Oct 31 15:24:18.944497: |     -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification)
Oct 31 15:24:18.944499: |   PARENT_R0: category: half-open IKE SA; flags: 0:
Oct 31 15:24:18.944500: |     -> PARENT_R1 EVENT_SO_DISCARD send-response (Respond to IKE_SA_INIT)
Oct 31 15:24:18.944502: |   PARENT_R1: category: half-open IKE SA; flags: 0:
Oct 31 15:24:18.944503: |     -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request (no SKEYSEED))
Oct 31 15:24:18.944505: |     -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (no SKEYSEED))
Oct 31 15:24:18.944506: |     -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (with SKEYSEED))
Oct 31 15:24:18.944507: |     -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request)
Oct 31 15:24:18.944509: |   V2_REKEY_IKE_R0: category: established IKE SA; flags: 0:
Oct 31 15:24:18.944511: |     -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IKE Rekey)
Oct 31 15:24:18.944512: |   V2_REKEY_IKE_I1: category: established IKE SA; flags: 0:
Oct 31 15:24:18.944514: |     -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response)
Oct 31 15:24:18.944515: |   V2_NEW_CHILD_I1: category: established IKE SA; flags: 0:
Oct 31 15:24:18.944517: |     -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response)
Oct 31 15:24:18.944518: |   V2_REKEY_CHILD_R0: category: established IKE SA; flags: 0:
Oct 31 15:24:18.944520: |     -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA rekey CHILD SA request)
Oct 31 15:24:18.944521: |   V2_NEW_CHILD_R0: category: established IKE SA; flags: 0:
Oct 31 15:24:18.944525: |     -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IPsec SA Request)
Oct 31 15:24:18.944527: |   ESTABLISHED_IKE_SA: category: established IKE SA; flags: 0:
Oct 31 15:24:18.944529: |     -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request (liveness probe))
Oct 31 15:24:18.944530: |     -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response (liveness probe))
Oct 31 15:24:18.944531: |     -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request)
Oct 31 15:24:18.944533: |     -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response)
Oct 31 15:24:18.944535: |   IKESA_DEL: category: established IKE SA; flags: 0:
Oct 31 15:24:18.944536: |     -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL)
Oct 31 15:24:18.944538: |   CHILDSA_DEL: category: informational; flags: 0:
Oct 31 15:24:18.944539: |     -> CHILDSA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL)
Oct 31 15:24:18.944541: | global one-shot timer EVENT_REVIVE_CONNS initialized
Oct 31 15:24:18.944543: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds
Oct 31 15:24:18.944545: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds
Oct 31 15:24:18.944653: Encryption algorithms:
Oct 31 15:24:18.944664:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Oct 31 15:24:18.944670:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Oct 31 15:24:18.944676:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Oct 31 15:24:18.944681:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Oct 31 15:24:18.944685:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
Oct 31 15:24:18.944688:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Oct 31 15:24:18.944691:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Oct 31 15:24:18.944694:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Oct 31 15:24:18.944697:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Oct 31 15:24:18.944700:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Oct 31 15:24:18.944702:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Oct 31 15:24:18.944705:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Oct 31 15:24:18.944707:   NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
Oct 31 15:24:18.944710:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Oct 31 15:24:18.944712: Hash algorithms:
Oct 31 15:24:18.944714:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
Oct 31 15:24:18.944716:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Oct 31 15:24:18.944718:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Oct 31 15:24:18.944720:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Oct 31 15:24:18.944722:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Oct 31 15:24:18.944724: PRF algorithms:
Oct 31 15:24:18.944726:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Oct 31 15:24:18.944730:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Oct 31 15:24:18.944738:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Oct 31 15:24:18.944746:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Oct 31 15:24:18.944751:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Oct 31 15:24:18.944755:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Oct 31 15:24:18.944758: Integrity algorithms:
Oct 31 15:24:18.944763:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Oct 31 15:24:18.944769:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Oct 31 15:24:18.944774:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Oct 31 15:24:18.944778:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Oct 31 15:24:18.944781:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Oct 31 15:24:18.944783:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
Oct 31 15:24:18.944786:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Oct 31 15:24:18.944788:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Oct 31 15:24:18.944790:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Oct 31 15:24:18.944792: DH algorithms:
Oct 31 15:24:18.944794:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Oct 31 15:24:18.944796:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Oct 31 15:24:18.944798:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Oct 31 15:24:18.944801:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Oct 31 15:24:18.944802:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Oct 31 15:24:18.944804:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Oct 31 15:24:18.944806:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Oct 31 15:24:18.944809:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Oct 31 15:24:18.944811:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Oct 31 15:24:18.944813:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Oct 31 15:24:18.944815:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Oct 31 15:24:18.944817: testing CAMELLIA_CBC:
Oct 31 15:24:18.944819:   Camellia: 16 bytes with 128-bit key
Oct 31 15:24:18.944873:   Camellia: 16 bytes with 128-bit key
Oct 31 15:24:18.944894:   Camellia: 16 bytes with 256-bit key
Oct 31 15:24:18.944914:   Camellia: 16 bytes with 256-bit key
Oct 31 15:24:18.944933: testing AES_GCM_16:
Oct 31 15:24:18.944935:   empty string
Oct 31 15:24:18.944954:   one block
Oct 31 15:24:18.944988:   two blocks
Oct 31 15:24:18.945017:   two blocks with associated data
Oct 31 15:24:18.945037: testing AES_CTR:
Oct 31 15:24:18.945039:   Encrypting 16 octets using AES-CTR with 128-bit key
Oct 31 15:24:18.945058:   Encrypting 32 octets using AES-CTR with 128-bit key
Oct 31 15:24:18.945078:   Encrypting 36 octets using AES-CTR with 128-bit key
Oct 31 15:24:18.945100:   Encrypting 16 octets using AES-CTR with 192-bit key
Oct 31 15:24:18.945121:   Encrypting 32 octets using AES-CTR with 192-bit key
Oct 31 15:24:18.945141:   Encrypting 36 octets using AES-CTR with 192-bit key
Oct 31 15:24:18.945160:   Encrypting 16 octets using AES-CTR with 256-bit key
Oct 31 15:24:18.945178:   Encrypting 32 octets using AES-CTR with 256-bit key
Oct 31 15:24:18.945197:   Encrypting 36 octets using AES-CTR with 256-bit key
Oct 31 15:24:18.945237: testing AES_CBC:
Oct 31 15:24:18.945240:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Oct 31 15:24:18.945258:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Oct 31 15:24:18.945277:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Oct 31 15:24:18.945297:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Oct 31 15:24:18.945321: testing AES_XCBC:
Oct 31 15:24:18.945323:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Oct 31 15:24:18.945396:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Oct 31 15:24:18.945476:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Oct 31 15:24:18.945550:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Oct 31 15:24:18.945625:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Oct 31 15:24:18.945728:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Oct 31 15:24:18.945838:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Oct 31 15:24:18.946056:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Oct 31 15:24:18.946137:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Oct 31 15:24:18.946229:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Oct 31 15:24:18.946368: testing HMAC_MD5:
Oct 31 15:24:18.946371:   RFC 2104: MD5_HMAC test 1
Oct 31 15:24:18.946475:   RFC 2104: MD5_HMAC test 2
Oct 31 15:24:18.946568:   RFC 2104: MD5_HMAC test 3
Oct 31 15:24:18.946678: 8 CPU cores online
Oct 31 15:24:18.946681: starting up 7 helper threads
Oct 31 15:24:18.946717: started thread for helper 0
Oct 31 15:24:18.946728: | starting helper thread 1
Oct 31 15:24:18.946736: seccomp security disabled for crypto helper 1
Oct 31 15:24:18.946744: | status value returned by setting the priority of this helper thread 1: 22
Oct 31 15:24:18.946748: | helper thread 1 has nothing to do
Oct 31 15:24:18.946746: started thread for helper 1
Oct 31 15:24:18.946754: | starting helper thread 2
Oct 31 15:24:18.946760: seccomp security disabled for crypto helper 2
Oct 31 15:24:18.946763: | status value returned by setting the priority of this helper thread 2: 22
Oct 31 15:24:18.946766: | helper thread 2 has nothing to do
Oct 31 15:24:18.946776: started thread for helper 2
Oct 31 15:24:18.946785: | starting helper thread 3
Oct 31 15:24:18.946789: seccomp security disabled for crypto helper 3
Oct 31 15:24:18.946792: | status value returned by setting the priority of this helper thread 3: 22
Oct 31 15:24:18.946795: | helper thread 3 has nothing to do
Oct 31 15:24:18.946802: started thread for helper 3
Oct 31 15:24:18.946806: | starting helper thread 4
Oct 31 15:24:18.946810: seccomp security disabled for crypto helper 4
Oct 31 15:24:18.946813: | status value returned by setting the priority of this helper thread 4: 22
Oct 31 15:24:18.946816: | helper thread 4 has nothing to do
Oct 31 15:24:18.946825: started thread for helper 4
Oct 31 15:24:18.946829: | starting helper thread 5
Oct 31 15:24:18.946832: seccomp security disabled for crypto helper 5
Oct 31 15:24:18.946835: | status value returned by setting the priority of this helper thread 5: 22
Oct 31 15:24:18.946838: | helper thread 5 has nothing to do
Oct 31 15:24:18.946847: started thread for helper 5
Oct 31 15:24:18.946851: | starting helper thread 6
Oct 31 15:24:18.946855: seccomp security disabled for crypto helper 6
Oct 31 15:24:18.946858: | status value returned by setting the priority of this helper thread 6: 22
Oct 31 15:24:18.946860: | helper thread 6 has nothing to do
Oct 31 15:24:18.946869: started thread for helper 6
Oct 31 15:24:18.946873: | starting helper thread 7
Oct 31 15:24:18.946881: seccomp security disabled for crypto helper 7
Oct 31 15:24:18.946884: | status value returned by setting the priority of this helper thread 7: 22
Oct 31 15:24:18.946886: | helper thread 7 has nothing to do
Oct 31 15:24:18.946892: Using Linux XFRM/NETKEY IPsec kernel support code on 5.8.15-201.fc32.x86_64
Oct 31 15:24:18.946937: | Hard-wiring algorithms
Oct 31 15:24:18.946941: | adding AES_CCM_16 to kernel algorithm db
Oct 31 15:24:18.946946: | adding AES_CCM_12 to kernel algorithm db
Oct 31 15:24:18.946948: | adding AES_CCM_8 to kernel algorithm db
Oct 31 15:24:18.946949: | adding 3DES_CBC to kernel algorithm db
Oct 31 15:24:18.946951: | adding CAMELLIA_CBC to kernel algorithm db
Oct 31 15:24:18.946952: | adding AES_GCM_16 to kernel algorithm db
Oct 31 15:24:18.946954: | adding AES_GCM_12 to kernel algorithm db
Oct 31 15:24:18.946956: | adding AES_GCM_8 to kernel algorithm db
Oct 31 15:24:18.946959: | adding AES_CTR to kernel algorithm db
Oct 31 15:24:18.946964: | adding AES_CBC to kernel algorithm db
Oct 31 15:24:18.946966: | adding NULL_AUTH_AES_GMAC to kernel algorithm db
Oct 31 15:24:18.946969: | adding NULL to kernel algorithm db
Oct 31 15:24:18.946971: | adding CHACHA20_POLY1305 to kernel algorithm db
Oct 31 15:24:18.946974: | adding HMAC_MD5_96 to kernel algorithm db
Oct 31 15:24:18.946976: | adding HMAC_SHA1_96 to kernel algorithm db
Oct 31 15:24:18.946979: | adding HMAC_SHA2_512_256 to kernel algorithm db
Oct 31 15:24:18.946981: | adding HMAC_SHA2_384_192 to kernel algorithm db
Oct 31 15:24:18.946983: | adding HMAC_SHA2_256_128 to kernel algorithm db
Oct 31 15:24:18.946986: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db
Oct 31 15:24:18.946988: | adding AES_XCBC_96 to kernel algorithm db
Oct 31 15:24:18.946991: | adding AES_CMAC_96 to kernel algorithm db
Oct 31 15:24:18.946993: | adding NONE to kernel algorithm db
Oct 31 15:24:18.947015: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes
Oct 31 15:24:18.947025: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds
Oct 31 15:24:18.947028: | setup kernel fd callback
Oct 31 15:24:18.947031: | add_fd_read_event_handler: newref KERNEL_XRM_FD-pe@0x55d64a727fb8
Oct 31 15:24:18.947035: | libevent_malloc: newref ptr-libevent@0x55d64a6eef18 size 128
Oct 31 15:24:18.947038: | libevent_malloc: newref ptr-libevent@0x55d64a7225c8 size 16
Oct 31 15:24:18.947045: | add_fd_read_event_handler: newref KERNEL_ROUTE_FD-pe@0x55d64a72b9c8
Oct 31 15:24:18.947048: | libevent_malloc: newref ptr-libevent@0x55d64a6eefc8 size 128
Oct 31 15:24:18.947051: | libevent_malloc: newref ptr-libevent@0x55d64a721f88 size 16
Oct 31 15:24:18.947195: | global one-shot timer EVENT_CHECK_CRLS initialized
Oct 31 15:24:18.947221: SELinux support is enabled in PERMISSIVE mode.
Oct 31 15:24:18.947385: | unbound context created - setting debug level to 5
Oct 31 15:24:18.947415: | /etc/hosts lookups activated
Oct 31 15:24:18.947428: | /etc/resolv.conf usage activated
Oct 31 15:24:18.947460: | outgoing-port-avoid set 0-65535
Oct 31 15:24:18.947476: | outgoing-port-permit set 32768-60999
Oct 31 15:24:18.947478: | loading dnssec root key from:/var/lib/unbound/root.key
Oct 31 15:24:18.947480: | no additional dnssec trust anchors defined via dnssec-trusted= option
Oct 31 15:24:18.947482: | Setting up events, loop start
Oct 31 15:24:18.947484: | add_fd_read_event_handler: newref PLUTO_CTL_FD-pe@0x55d64a72ef28
Oct 31 15:24:18.947486: | libevent_malloc: newref ptr-libevent@0x55d64a72bae8 size 128
Oct 31 15:24:18.947488: | libevent_malloc: newref ptr-libevent@0x55d64a7229a8 size 16
Oct 31 15:24:18.947492: | libevent_realloc: newref ptr-libevent@0x55d64a72ef98 size 256
Oct 31 15:24:18.947494: | libevent_malloc: newref ptr-libevent@0x55d64a722608 size 8
Oct 31 15:24:18.947496: | libevent_realloc: newref ptr-libevent@0x55d64a723008 size 144
Oct 31 15:24:18.947498: | libevent_malloc: newref ptr-libevent@0x55d64a6e5378 size 152
Oct 31 15:24:18.947500: | libevent_malloc: newref ptr-libevent@0x55d64a7227b8 size 16
Oct 31 15:24:18.947502: | signal event handler PLUTO_SIGCHLD installed
Oct 31 15:24:18.947508: | libevent_malloc: newref ptr-libevent@0x55d64a72f0c8 size 8
Oct 31 15:24:18.947510: | libevent_malloc: newref ptr-libevent@0x55d64a6819d8 size 152
Oct 31 15:24:18.947512: | signal event handler PLUTO_SIGTERM installed
Oct 31 15:24:18.947513: | libevent_malloc: newref ptr-libevent@0x55d64a72f108 size 8
Oct 31 15:24:18.947515: | libevent_malloc: newref ptr-libevent@0x55d64a681738 size 152
Oct 31 15:24:18.947517: | signal event handler PLUTO_SIGHUP installed
Oct 31 15:24:18.947518: | libevent_malloc: newref ptr-libevent@0x55d64a72f148 size 8
Oct 31 15:24:18.947520: | libevent_realloc: delref ptr-libevent@0x55d64a723008
Oct 31 15:24:18.947521: | libevent_realloc: newref ptr-libevent@0x55d64a72f188 size 256
Oct 31 15:24:18.947523: | libevent_malloc: newref ptr-libevent@0x55d64a72f2b8 size 152
Oct 31 15:24:18.947525: | signal event handler PLUTO_SIGSYS installed
Oct 31 15:24:18.947772: | created addconn helper (pid:2108199) using fork+execve
Oct 31 15:24:18.947789: | forked child 2108199
Oct 31 15:24:18.947798: seccomp security disabled
Oct 31 15:24:18.950734: | newref struct fd@0x55d64a72f418(0->1) (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:18.950746: | fd_accept: new fd-fd@0x55d64a72f418 (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:18.950758: | whack: listen
Oct 31 15:24:18.950761: listening for IKE messages
Oct 31 15:24:18.950793: | Inspecting interface lo 
Oct 31 15:24:18.950799: | found lo with address 127.0.0.1
Oct 31 15:24:18.950801: | Inspecting interface eth0 
Oct 31 15:24:18.950804: | found eth0 with address 192.0.2.254
Oct 31 15:24:18.950807: | Inspecting interface eth1 
Oct 31 15:24:18.950810: | found eth1 with address 192.1.2.23
Oct 31 15:24:18.950817: | newref struct iface_dev@0x55d64a72f938(0->1) (in add_iface_dev() at iface.c:67)
Oct 31 15:24:18.950835: Kernel supports NIC esp-hw-offload
Oct 31 15:24:18.950842: | iface: marking eth1 add
Oct 31 15:24:18.950844: | newref struct iface_dev@0x55d64a72fa68(0->1) (in add_iface_dev() at iface.c:67)
Oct 31 15:24:18.950847: | iface: marking eth0 add
Oct 31 15:24:18.950849: | newref struct iface_dev@0x55d64a72fb38(0->1) (in add_iface_dev() at iface.c:67)
Oct 31 15:24:18.950852: | iface: marking lo add
Oct 31 15:24:18.950907: | no interfaces to sort
Oct 31 15:24:18.950919: | MSG_ERRQUEUE enabled on fd 18
Oct 31 15:24:18.950940: | addref ifd@0x55d64a72f938(1->2) (in bind_iface_port() at iface.c:237)
Oct 31 15:24:18.950948: adding UDP interface eth1 192.1.2.23:500
Oct 31 15:24:18.950967: | MSG_ERRQUEUE enabled on fd 19
Oct 31 15:24:18.950976: | NAT-Traversal: Trying sockopt style NAT-T
Oct 31 15:24:18.950981: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Oct 31 15:24:18.950984: | addref ifd@0x55d64a72f938(2->3) (in bind_iface_port() at iface.c:237)
Oct 31 15:24:18.950986: adding UDP interface eth1 192.1.2.23:4500
Oct 31 15:24:18.950999: | MSG_ERRQUEUE enabled on fd 20
Oct 31 15:24:18.951006: | addref ifd@0x55d64a72fa68(1->2) (in bind_iface_port() at iface.c:237)
Oct 31 15:24:18.951008: adding UDP interface eth0 192.0.2.254:500
Oct 31 15:24:18.951019: | MSG_ERRQUEUE enabled on fd 21
Oct 31 15:24:18.951023: | NAT-Traversal: Trying sockopt style NAT-T
Oct 31 15:24:18.951025: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Oct 31 15:24:18.951027: | addref ifd@0x55d64a72fa68(2->3) (in bind_iface_port() at iface.c:237)
Oct 31 15:24:18.951030: adding UDP interface eth0 192.0.2.254:4500
Oct 31 15:24:18.951044: | MSG_ERRQUEUE enabled on fd 22
Oct 31 15:24:18.951057: | addref ifd@0x55d64a72fb38(1->2) (in bind_iface_port() at iface.c:237)
Oct 31 15:24:18.951062: adding UDP interface lo 127.0.0.1:500
Oct 31 15:24:18.951080: | MSG_ERRQUEUE enabled on fd 23
Oct 31 15:24:18.951088: | NAT-Traversal: Trying sockopt style NAT-T
Oct 31 15:24:18.951092: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Oct 31 15:24:18.951096: | addref ifd@0x55d64a72fb38(2->3) (in bind_iface_port() at iface.c:237)
Oct 31 15:24:18.951100: adding UDP interface lo 127.0.0.1:4500
Oct 31 15:24:18.951109: | updating interfaces - listing interfaces that are going down
Oct 31 15:24:18.951111: | updating interfaces - checking orientation
Oct 31 15:24:18.951113: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
Oct 31 15:24:18.951128: | libevent_malloc: newref ptr-libevent@0x55d64a72ba38 size 128
Oct 31 15:24:18.951131: | libevent_malloc: newref ptr-libevent@0x55d64a72fe78 size 16
Oct 31 15:24:18.951137: | setup callback for interface lo 127.0.0.1:4500 fd 23 on UDP
Oct 31 15:24:18.951145: | libevent_malloc: newref ptr-libevent@0x55d64a6ef0c8 size 128
Oct 31 15:24:18.951148: | libevent_malloc: newref ptr-libevent@0x55d64a730518 size 16
Oct 31 15:24:18.951154: | setup callback for interface lo 127.0.0.1:500 fd 22 on UDP
Oct 31 15:24:18.951157: | libevent_malloc: newref ptr-libevent@0x55d64a6e4388 size 128
Oct 31 15:24:18.951160: | libevent_malloc: newref ptr-libevent@0x55d64a730558 size 16
Oct 31 15:24:18.951165: | setup callback for interface eth0 192.0.2.254:4500 fd 21 on UDP
Oct 31 15:24:18.951168: | libevent_malloc: newref ptr-libevent@0x55d64a6ef1c8 size 128
Oct 31 15:24:18.951170: | libevent_malloc: newref ptr-libevent@0x55d64a730598 size 16
Oct 31 15:24:18.951176: | setup callback for interface eth0 192.0.2.254:500 fd 20 on UDP
Oct 31 15:24:18.951180: | libevent_malloc: newref ptr-libevent@0x55d64a6ebbe8 size 128
Oct 31 15:24:18.951183: | libevent_malloc: newref ptr-libevent@0x55d64a7305d8 size 16
Oct 31 15:24:18.951188: | setup callback for interface eth1 192.1.2.23:4500 fd 19 on UDP
Oct 31 15:24:18.951190: | libevent_malloc: newref ptr-libevent@0x55d64a6ebb38 size 128
Oct 31 15:24:18.951191: | libevent_malloc: newref ptr-libevent@0x55d64a730618 size 16
Oct 31 15:24:18.951196: | setup callback for interface eth1 192.1.2.23:500 fd 18 on UDP
Oct 31 15:24:18.952362: | no stale xfrmi interface 'ipsec1' found
Oct 31 15:24:18.952372: | certs and keys locked by 'free_preshared_secrets'
Oct 31 15:24:18.952374: | certs and keys unlocked by 'free_preshared_secrets'
Oct 31 15:24:18.952394: loading secrets from "/etc/ipsec.secrets"
Oct 31 15:24:18.952408: | id type added to secret(0x55d64a731f28) PKK_PSK: @east
Oct 31 15:24:18.952411: | id type added to secret(0x55d64a731f28) PKK_PSK: @west
Oct 31 15:24:18.952416: | processing PSK at line 1: passed
Oct 31 15:24:18.952417: | certs and keys locked by 'process_secret'
Oct 31 15:24:18.952420: | certs and keys unlocked by 'process_secret'
Oct 31 15:24:18.952424: | old food groups:
Oct 31 15:24:18.952425: | new food groups:
Oct 31 15:24:18.952429: | delref fd@0x55d64a72f418(1->0) (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:24:18.952435: | freeref fd-fd@0x55d64a72f418 (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:24:18.952441: | spent 0.587 (1.71) milliseconds in whack
Oct 31 15:24:18.952747: | processing signal PLUTO_SIGCHLD
Oct 31 15:24:18.952760: | waitpid returned pid 2108199 (exited with status 0)
Oct 31 15:24:18.952766: | reaped addconn helper child (status 0)
Oct 31 15:24:18.952772: | waitpid returned ECHILD (no child processes left)
Oct 31 15:24:18.952776: | spent 0.0214 (0.0214) milliseconds in signal handler PLUTO_SIGCHLD
Oct 31 15:24:18.970178: | newref struct fd@0x55d64a72f458(0->1) (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:18.970191: | fd_accept: new fd-fd@0x55d64a72f458 (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:18.970231: | whack: options (impair|debug)
Oct 31 15:24:18.970239: | old debugging base+cpu-usage + none
Oct 31 15:24:18.970241: | new debugging = base+cpu-usage
Oct 31 15:24:18.970248: | delref fd@0x55d64a72f458(1->0) (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:24:18.970257: | freeref fd-fd@0x55d64a72f458 (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:24:18.970264: | spent 0.0691 (0.0959) milliseconds in whack
Oct 31 15:24:19.031584: | newref struct fd@0x55d64a72f498(0->1) (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:19.031599: | fd_accept: new fd-fd@0x55d64a72f498 (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:19.031612: | whack: delete 'westnet-eastnet-ipv4-psk-ikev2'
Oct 31 15:24:19.031623: | FOR_EACH_CONNECTION_... in conn_by_name
Oct 31 15:24:19.031628: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Oct 31 15:24:19.031632: | FOR_EACH_CONNECTION_... in conn_by_name
Oct 31 15:24:19.031634: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Oct 31 15:24:19.031636: | whack: connection 'westnet-eastnet-ipv4-psk-ikev2'
Oct 31 15:24:19.031640: | addref fd@0x55d64a72f498(1->2) (in string_logger() at log.c:838)
Oct 31 15:24:19.031643: | newref string logger@0x55d64a722d68(0->1) (in add_connection() at connections.c:1998)
Oct 31 15:24:19.031646: | Connection DB: adding connection "westnet-eastnet-ipv4-psk-ikev2" $1
Oct 31 15:24:19.031653: | FOR_EACH_CONNECTION_... in conn_by_name
Oct 31 15:24:19.031663: | added new connection westnet-eastnet-ipv4-psk-ikev2 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO
Oct 31 15:24:19.031733: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31
Oct 31 15:24:19.031736: | from whack: got --esp=
Oct 31 15:24:19.031766: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128
Oct 31 15:24:19.031769: | counting wild cards for @west is 0
Oct 31 15:24:19.031772: | counting wild cards for @east is 0
Oct 31 15:24:19.031774: | updating connection from left.host_addr
Oct 31 15:24:19.031777: | right host_nexthop 192.1.2.45
Oct 31 15:24:19.031778: | left host_port 500
Oct 31 15:24:19.031780: | updating connection from right.host_addr
Oct 31 15:24:19.031782: | left host_nexthop 192.1.2.23
Oct 31 15:24:19.031783: | right host_port 500
Oct 31 15:24:19.031787: | orienting westnet-eastnet-ipv4-psk-ikev2
Oct 31 15:24:19.031791: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 127.0.0.1:4500 at all
Oct 31 15:24:19.031793: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 127.0.0.1:500 at all
Oct 31 15:24:19.031795: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 192.0.2.254:4500 at all
Oct 31 15:24:19.031798: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 192.0.2.254:500 at all
Oct 31 15:24:19.031800: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 192.1.2.23:4500 at all
Oct 31 15:24:19.031801: | oriented westnet-eastnet-ipv4-psk-ikev2's that
Oct 31 15:24:19.031803: | swapping ends so that that is this
Oct 31 15:24:19.031806: | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none
Oct 31 15:24:19.031810: | newref hp@0x55d64a732798(0->1) (in connect_to_host_pair() at hostpair.c:290)
Oct 31 15:24:19.031813: added IKEv2 connection "westnet-eastnet-ipv4-psk-ikev2"
Oct 31 15:24:19.031820: | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO
Oct 31 15:24:19.031827: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24
Oct 31 15:24:19.031829: | delref logger@0x55d64a722d68(1->0) (in add_connection() at connections.c:2026)
Oct 31 15:24:19.031831: | delref fd@0x55d64a72f498(2->1) (in free_logger() at log.c:853)
Oct 31 15:24:19.031832: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:19.031835: | delref fd@0x55d64a72f498(1->0) (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:24:19.031840: | freeref fd-fd@0x55d64a72f498 (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:24:19.031846: | spent 0.274 (0.273) milliseconds in whack
Oct 31 15:24:19.095349: | newref struct fd@0x55d64a730698(0->1) (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:19.095361: | fd_accept: new fd-fd@0x55d64a730698 (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:19.095371: | whack: status
Oct 31 15:24:19.095570: | FOR_EACH_CONNECTION_... in show_connections_status
Oct 31 15:24:19.095577: | FOR_EACH_CONNECTION_... in show_connections_status
Oct 31 15:24:19.095634: | FOR_EACH_STATE_... in show_states (sort_states)
Oct 31 15:24:19.095648: | delref fd@0x55d64a730698(1->0) (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:24:19.095655: | freeref fd-fd@0x55d64a730698 (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:24:19.095663: | spent 0.321 (0.321) milliseconds in whack
Oct 31 15:24:21.403540: | spent 0.00387 (0.00378) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue()
Oct 31 15:24:21.403561: | newref struct msg_digest@0x55d64a732848(0->1) (in read_message() at demux.c:103)
Oct 31 15:24:21.403565: | newref alloc logger@0x55d64a72f5c8(0->1) (in read_message() at demux.c:103)
Oct 31 15:24:21.403573: | *received 828 bytes from 192.1.2.45:500 on eth1 192.1.2.23:500 using UDP
Oct 31 15:24:21.403575: |   da 5c 6a eb  32 47 9a 54  00 00 00 00  00 00 00 00
Oct 31 15:24:21.403577: |   21 20 22 08  00 00 00 00  00 00 03 3c  22 00 01 b4
Oct 31 15:24:21.403579: |   02 00 00 64  01 01 00 0b  03 00 00 0c  01 00 00 14
Oct 31 15:24:21.403581: |   80 0e 01 00  03 00 00 08  02 00 00 07  03 00 00 08
Oct 31 15:24:21.403584: |   02 00 00 05  03 00 00 08  04 00 00 0e  03 00 00 08
Oct 31 15:24:21.403586: |   04 00 00 0f  03 00 00 08  04 00 00 10  03 00 00 08
Oct 31 15:24:21.403588: |   04 00 00 12  03 00 00 08  04 00 00 13  03 00 00 08
Oct 31 15:24:21.403590: |   04 00 00 14  03 00 00 08  04 00 00 15  00 00 00 08
Oct 31 15:24:21.403592: |   04 00 00 1f  02 00 00 64  02 01 00 0b  03 00 00 0c
Oct 31 15:24:21.403593: |   01 00 00 14  80 0e 00 80  03 00 00 08  02 00 00 07
Oct 31 15:24:21.403595: |   03 00 00 08  02 00 00 05  03 00 00 08  04 00 00 0e
Oct 31 15:24:21.403598: |   03 00 00 08  04 00 00 0f  03 00 00 08  04 00 00 10
Oct 31 15:24:21.403600: |   03 00 00 08  04 00 00 12  03 00 00 08  04 00 00 13
Oct 31 15:24:21.403602: |   03 00 00 08  04 00 00 14  03 00 00 08  04 00 00 15
Oct 31 15:24:21.403603: |   00 00 00 08  04 00 00 1f  02 00 00 74  03 01 00 0d
Oct 31 15:24:21.403605: |   03 00 00 0c  01 00 00 0c  80 0e 01 00  03 00 00 08
Oct 31 15:24:21.403607: |   02 00 00 07  03 00 00 08  02 00 00 05  03 00 00 08
Oct 31 15:24:21.403609: |   03 00 00 0e  03 00 00 08  03 00 00 0c  03 00 00 08
Oct 31 15:24:21.403611: |   04 00 00 0e  03 00 00 08  04 00 00 0f  03 00 00 08
Oct 31 15:24:21.403613: |   04 00 00 10  03 00 00 08  04 00 00 12  03 00 00 08
Oct 31 15:24:21.403615: |   04 00 00 13  03 00 00 08  04 00 00 14  03 00 00 08
Oct 31 15:24:21.403617: |   04 00 00 15  00 00 00 08  04 00 00 1f  00 00 00 74
Oct 31 15:24:21.403619: |   04 01 00 0d  03 00 00 0c  01 00 00 0c  80 0e 00 80
Oct 31 15:24:21.403621: |   03 00 00 08  02 00 00 07  03 00 00 08  02 00 00 05
Oct 31 15:24:21.403622: |   03 00 00 08  03 00 00 0e  03 00 00 08  03 00 00 0c
Oct 31 15:24:21.403624: |   03 00 00 08  04 00 00 0e  03 00 00 08  04 00 00 0f
Oct 31 15:24:21.403626: |   03 00 00 08  04 00 00 10  03 00 00 08  04 00 00 12
Oct 31 15:24:21.403627: |   03 00 00 08  04 00 00 13  03 00 00 08  04 00 00 14
Oct 31 15:24:21.403629: |   03 00 00 08  04 00 00 15  00 00 00 08  04 00 00 1f
Oct 31 15:24:21.403631: |   28 00 01 08  00 0e 00 00  cb c1 b5 7c  fe 23 b7 c6
Oct 31 15:24:21.403633: |   df 18 06 27  fa c6 8e 12  ab 43 5d a7  80 c0 ed 60
Oct 31 15:24:21.403634: |   d7 b3 62 da  5a e9 57 69  6f a4 e6 f9  3e b0 84 dd
Oct 31 15:24:21.403636: |   a6 c2 3a 45  00 6b da e4  91 7a cc 58  97 f8 26 d7
Oct 31 15:24:21.403638: |   69 da 26 75  71 59 aa b7  d2 ae 1f b5  be 1f b8 da
Oct 31 15:24:21.403640: |   83 48 f9 19  8a a0 b6 a0  59 cc 95 1f  29 d7 de 4a
Oct 31 15:24:21.403642: |   d2 5c 7e b7  17 69 d2 36  f0 36 c0 28  38 2f 62 41
Oct 31 15:24:21.403643: |   4a e9 bf 07  e1 bd e2 bd  7e f3 fc a5  36 57 98 0b
Oct 31 15:24:21.403645: |   3c d9 d9 05  0e b4 24 bc  36 fb f2 05  31 2e 4c 92
Oct 31 15:24:21.403647: |   f7 ab f7 17  a2 0a 08 97  4e 42 0c 17  39 31 33 1c
Oct 31 15:24:21.403648: |   4b fd f9 db  96 52 e5 5f  01 85 a3 5b  2d ec 7c f0
Oct 31 15:24:21.403654: |   d3 29 3f 0a  4a 9b fd 7b  c1 25 43 d4  99 1d 6b 05
Oct 31 15:24:21.403655: |   42 6a 6f f4  72 4f 0d 65  0d 39 6b 30  27 84 84 7c
Oct 31 15:24:21.403657: |   4b d3 0b 20  9f 9a 1c 28  ec 3e 51 91  e3 a2 22 78
Oct 31 15:24:21.403659: |   52 79 d2 5d  9a 84 cf 06  27 88 c1 b9  ac b2 7b c5
Oct 31 15:24:21.403661: |   7e 13 5b 5d  86 ef 5d 27  70 69 4c 03  49 a3 f5 54
Oct 31 15:24:21.403662: |   28 d2 93 01  a8 66 f2 6a  29 00 00 24  ad 94 d4 60
Oct 31 15:24:21.403664: |   0a 1a 59 7e  3f 00 bb 39  bd 31 e0 46  f9 49 9f 5b
Oct 31 15:24:21.403666: |   19 13 22 45  67 be 70 d3  d0 43 16 fe  29 00 00 08
Oct 31 15:24:21.403667: |   00 00 40 2e  29 00 00 1c  00 00 40 04  31 c8 e4 54
Oct 31 15:24:21.403669: |   15 5e 3d ac  b2 48 de 23  ea dc 7a 85  d7 41 a0 c0
Oct 31 15:24:21.403671: |   00 00 00 1c  00 00 40 05  34 67 49 9c  0d 77 9f 8e
Oct 31 15:24:21.403673: |   51 58 fe c3  6c 58 c9 b3  ad de a6 81
Oct 31 15:24:21.403681: | **parse ISAKMP Message:
Oct 31 15:24:21.403686: |    initiator SPI: da 5c 6a eb  32 47 9a 54
Oct 31 15:24:21.403690: |    responder SPI: 00 00 00 00  00 00 00 00
Oct 31 15:24:21.403693: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Oct 31 15:24:21.403695: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:21.403698: |    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
Oct 31 15:24:21.403702: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Oct 31 15:24:21.403705: |    Message ID: 0 (00 00 00 00)
Oct 31 15:24:21.403709: |    length: 828 (00 00 03 3c)
Oct 31 15:24:21.403711: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34)
Oct 31 15:24:21.403715: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request 
Oct 31 15:24:21.403718: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi)
Oct 31 15:24:21.403721: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Oct 31 15:24:21.403725: | ***parse IKEv2 Security Association Payload:
Oct 31 15:24:21.403728: |    next payload type: ISAKMP_NEXT_v2KE (0x22)
Oct 31 15:24:21.403730: |    flags: none (0x0)
Oct 31 15:24:21.403733: |    length: 436 (01 b4)
Oct 31 15:24:21.403736: | processing payload: ISAKMP_NEXT_v2SA (len=432)
Oct 31 15:24:21.403738: | Now let's proceed with payload (ISAKMP_NEXT_v2KE)
Oct 31 15:24:21.403741: | ***parse IKEv2 Key Exchange Payload:
Oct 31 15:24:21.403743: |    next payload type: ISAKMP_NEXT_v2Ni (0x28)
Oct 31 15:24:21.403745: |    flags: none (0x0)
Oct 31 15:24:21.403747: |    length: 264 (01 08)
Oct 31 15:24:21.403749: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:21.403751: | processing payload: ISAKMP_NEXT_v2KE (len=256)
Oct 31 15:24:21.403753: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
Oct 31 15:24:21.403755: | ***parse IKEv2 Nonce Payload:
Oct 31 15:24:21.403757: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Oct 31 15:24:21.403759: |    flags: none (0x0)
Oct 31 15:24:21.403762: |    length: 36 (00 24)
Oct 31 15:24:21.403764: | processing payload: ISAKMP_NEXT_v2Ni (len=32)
Oct 31 15:24:21.403766: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Oct 31 15:24:21.403768: | ***parse IKEv2 Notify Payload:
Oct 31 15:24:21.403770: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Oct 31 15:24:21.403772: |    flags: none (0x0)
Oct 31 15:24:21.403775: |    length: 8 (00 08)
Oct 31 15:24:21.403777: |    Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
Oct 31 15:24:21.403779: |    SPI size: 0 (00)
Oct 31 15:24:21.403782: |    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
Oct 31 15:24:21.403784: | processing payload: ISAKMP_NEXT_v2N (len=0)
Oct 31 15:24:21.403786: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Oct 31 15:24:21.403788: | ***parse IKEv2 Notify Payload:
Oct 31 15:24:21.403791: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Oct 31 15:24:21.403793: |    flags: none (0x0)
Oct 31 15:24:21.403795: |    length: 28 (00 1c)
Oct 31 15:24:21.403797: |    Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
Oct 31 15:24:21.403800: |    SPI size: 0 (00)
Oct 31 15:24:21.403802: |    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Oct 31 15:24:21.403810: | processing payload: ISAKMP_NEXT_v2N (len=20)
Oct 31 15:24:21.403812: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Oct 31 15:24:21.403814: | ***parse IKEv2 Notify Payload:
Oct 31 15:24:21.403817: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:21.403819: |    flags: none (0x0)
Oct 31 15:24:21.403821: |    length: 28 (00 1c)
Oct 31 15:24:21.403824: |    Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
Oct 31 15:24:21.403826: |    SPI size: 0 (00)
Oct 31 15:24:21.403828: |    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Oct 31 15:24:21.403830: | processing payload: ISAKMP_NEXT_v2N (len=20)
Oct 31 15:24:21.403833: | DDOS disabled and no cookie sent, continuing
Oct 31 15:24:21.403836: | looking for message matching transition from STATE_PARENT_R0
Oct 31 15:24:21.403838: |   trying Respond to IKE_SA_INIT
Oct 31 15:24:21.403841: |     matched unencrypted message
Oct 31 15:24:21.403847: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports
Oct 31 15:24:21.403853: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Oct 31 15:24:21.403856: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW
Oct 31 15:24:21.403859: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ipv4-psk-ikev2)
Oct 31 15:24:21.403861: | find_next_host_connection returns <empty>
Oct 31 15:24:21.403865: | find_host_connection local=192.1.2.23:500 remote=<none:> policy=ECDSA+IKEV2_ALLOW but ignoring ports
Oct 31 15:24:21.403868: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW
Oct 31 15:24:21.403870: | find_next_host_connection returns <empty>
Oct 31 15:24:21.403874: | ISAKMP_v2_IKE_SA_INIT message received on 192.1.2.23:500 but no connection has been authorized with policy ECDSA+IKEV2_ALLOW
Oct 31 15:24:21.403879: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=RSASIG+IKEV2_ALLOW but ignoring ports
Oct 31 15:24:21.403884: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Oct 31 15:24:21.403887: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW
Oct 31 15:24:21.403889: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ipv4-psk-ikev2)
Oct 31 15:24:21.403891: | find_next_host_connection returns <empty>
Oct 31 15:24:21.403895: | find_host_connection local=192.1.2.23:500 remote=<none:> policy=RSASIG+IKEV2_ALLOW but ignoring ports
Oct 31 15:24:21.403898: | find_next_host_connection policy=RSASIG+IKEV2_ALLOW
Oct 31 15:24:21.403900: | find_next_host_connection returns <empty>
Oct 31 15:24:21.403903: | ISAKMP_v2_IKE_SA_INIT message received on 192.1.2.23:500 but no connection has been authorized with policy RSASIG+IKEV2_ALLOW
Oct 31 15:24:21.403908: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=PSK+IKEV2_ALLOW but ignoring ports
Oct 31 15:24:21.403913: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Oct 31 15:24:21.403915: | find_next_host_connection policy=PSK+IKEV2_ALLOW
Oct 31 15:24:21.403918: | found policy = PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-ipv4-psk-ikev2)
Oct 31 15:24:21.403920: | find_next_host_connection returns "westnet-eastnet-ipv4-psk-ikev2"
Oct 31 15:24:21.403923: | find_next_host_connection policy=PSK+IKEV2_ALLOW
Oct 31 15:24:21.403925: | find_next_host_connection returns <empty>
Oct 31 15:24:21.403928: | found connection: "westnet-eastnet-ipv4-psk-ikev2" with policy PSK+IKEV2_ALLOW
Oct 31 15:24:21.403954: | newref alloc logger@0x55d64a7229e8(0->1) (in new_state() at state.c:576)
Oct 31 15:24:21.403957: | addref fd@NULL (in new_state() at state.c:577)
Oct 31 15:24:21.403960: | creating state object #1 at 0x55d64a7341b8
Oct 31 15:24:21.403962: | State DB: adding IKEv2 state #1 in UNDEFINED
Oct 31 15:24:21.403972: | pstats #1 ikev2.ike started
Oct 31 15:24:21.403976: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA)
Oct 31 15:24:21.403980: | #1.st_v2_transition NULL -> PARENT_R0->PARENT_R1 (in new_v2_ike_state() at state.c:620)
Oct 31 15:24:21.403991: | Message ID: IKE #1 initializing (IKE SA): ike.initiator.sent=0->-1 ike.initiator.recv=0->-1 ike.initiator.last_contact=0->744535.836782 ike.responder.sent=0->-1 ike.responder.recv=0->-1 ike.responder.last_contact=0->744535.836782 ike.wip.initiator=0->-1 ike.wip.responder=0->-1
Oct 31 15:24:21.403997: | orienting westnet-eastnet-ipv4-psk-ikev2
Oct 31 15:24:21.404001: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 127.0.0.1:4500 at all
Oct 31 15:24:21.404005: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 127.0.0.1:500 at all
Oct 31 15:24:21.404009: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 192.0.2.254:4500 at all
Oct 31 15:24:21.404075: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 192.0.2.254:500 at all
Oct 31 15:24:21.404088: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 192.1.2.23:4500 at all
Oct 31 15:24:21.404091: | oriented westnet-eastnet-ipv4-psk-ikev2's this
Oct 31 15:24:21.404099: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:1758)
Oct 31 15:24:21.404106: | Message ID: IKE #1 responder starting message request 0: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744535.836782 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744535.836782 ike.wip.initiator=-1 ike.wip.responder=-1->0
Oct 31 15:24:21.404109: | calling processor Respond to IKE_SA_INIT
Oct 31 15:24:21.404116: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2631)
Oct 31 15:24:21.404120: | constructing local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA responder matching remote proposals)
Oct 31 15:24:21.404132: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Oct 31 15:24:21.404150: | ...  ikev2_proposal: 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:24:21.404155: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Oct 31 15:24:21.404161: | ...  ikev2_proposal: 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:24:21.404166: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Oct 31 15:24:21.404173: | ...  ikev2_proposal: 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:24:21.404178: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Oct 31 15:24:21.404186: | ...  ikev2_proposal: 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:24:21.404192: "westnet-eastnet-ipv4-psk-ikev2": local IKE proposals (IKE SA responder matching remote proposals): 
Oct 31 15:24:21.404215: "westnet-eastnet-ipv4-psk-ikev2":   1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:24:21.404225: "westnet-eastnet-ipv4-psk-ikev2":   2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:24:21.404231: "westnet-eastnet-ipv4-psk-ikev2":   3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:24:21.404299: "westnet-eastnet-ipv4-psk-ikev2":   4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:24:21.404307: | comparing remote proposals against IKE responder 4 local proposals
Oct 31 15:24:21.404313: | local proposal 1 type ENCR has 1 transforms
Oct 31 15:24:21.404316: | local proposal 1 type PRF has 2 transforms
Oct 31 15:24:21.404318: | local proposal 1 type INTEG has 1 transforms
Oct 31 15:24:21.404321: | local proposal 1 type DH has 8 transforms
Oct 31 15:24:21.404323: | local proposal 1 type ESN has 0 transforms
Oct 31 15:24:21.404326: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG
Oct 31 15:24:21.404329: | local proposal 2 type ENCR has 1 transforms
Oct 31 15:24:21.404333: | local proposal 2 type PRF has 2 transforms
Oct 31 15:24:21.404336: | local proposal 2 type INTEG has 1 transforms
Oct 31 15:24:21.404339: | local proposal 2 type DH has 8 transforms
Oct 31 15:24:21.404342: | local proposal 2 type ESN has 0 transforms
Oct 31 15:24:21.404345: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG
Oct 31 15:24:21.404348: | local proposal 3 type ENCR has 1 transforms
Oct 31 15:24:21.404350: | local proposal 3 type PRF has 2 transforms
Oct 31 15:24:21.404353: | local proposal 3 type INTEG has 2 transforms
Oct 31 15:24:21.404355: | local proposal 3 type DH has 8 transforms
Oct 31 15:24:21.404357: | local proposal 3 type ESN has 0 transforms
Oct 31 15:24:21.404361: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Oct 31 15:24:21.404363: | local proposal 4 type ENCR has 1 transforms
Oct 31 15:24:21.404366: | local proposal 4 type PRF has 2 transforms
Oct 31 15:24:21.404368: | local proposal 4 type INTEG has 2 transforms
Oct 31 15:24:21.404371: | local proposal 4 type DH has 8 transforms
Oct 31 15:24:21.404374: | local proposal 4 type ESN has 0 transforms
Oct 31 15:24:21.404377: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Oct 31 15:24:21.404381: | ****parse IKEv2 Proposal Substructure Payload:
Oct 31 15:24:21.404384: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:21.404390: |    length: 100 (00 64)
Oct 31 15:24:21.404395: |    prop #: 1 (01)
Oct 31 15:24:21.404398: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Oct 31 15:24:21.404401: |    spi size: 0 (00)
Oct 31 15:24:21.404404: |    # transforms: 11 (0b)
Oct 31 15:24:21.404407: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals
Oct 31 15:24:21.404410: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404413: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404416: |    length: 12 (00 0c)
Oct 31 15:24:21.404418: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:21.404420: |    IKEv2 transform ID: AES_GCM_C (0x14)
Oct 31 15:24:21.404423: | ******parse IKEv2 Attribute Substructure Payload:
Oct 31 15:24:21.404425: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:21.404428: |    length/value: 256 (01 00)
Oct 31 15:24:21.404432: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Oct 31 15:24:21.404435: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404438: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404441: |    length: 8 (00 08)
Oct 31 15:24:21.404443: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:24:21.404445: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Oct 31 15:24:21.404449: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0
Oct 31 15:24:21.404452: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0
Oct 31 15:24:21.404455: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0
Oct 31 15:24:21.404458: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0
Oct 31 15:24:21.404460: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404462: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404464: |    length: 8 (00 08)
Oct 31 15:24:21.404470: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:24:21.404472: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Oct 31 15:24:21.404475: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404478: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404480: |    length: 8 (00 08)
Oct 31 15:24:21.404483: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.404485: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:21.404488: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0
Oct 31 15:24:21.404491: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0
Oct 31 15:24:21.404494: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0
Oct 31 15:24:21.404496: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0
Oct 31 15:24:21.404499: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404502: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404505: |    length: 8 (00 08)
Oct 31 15:24:21.404507: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.404508: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Oct 31 15:24:21.404511: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404514: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404517: |    length: 8 (00 08)
Oct 31 15:24:21.404519: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.404521: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Oct 31 15:24:21.404524: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404527: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404530: |    length: 8 (00 08)
Oct 31 15:24:21.404532: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.404535: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Oct 31 15:24:21.404538: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404540: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404543: |    length: 8 (00 08)
Oct 31 15:24:21.404545: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.404547: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Oct 31 15:24:21.404550: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404553: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404556: |    length: 8 (00 08)
Oct 31 15:24:21.404558: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.404560: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Oct 31 15:24:21.404563: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404565: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404568: |    length: 8 (00 08)
Oct 31 15:24:21.404570: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.404572: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Oct 31 15:24:21.404575: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404577: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:21.404580: |    length: 8 (00 08)
Oct 31 15:24:21.404582: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.404584: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Oct 31 15:24:21.404588: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none
Oct 31 15:24:21.404593: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH
Oct 31 15:24:21.404596: | remote proposal 1 matches local proposal 1
Oct 31 15:24:21.404599: | ****parse IKEv2 Proposal Substructure Payload:
Oct 31 15:24:21.404601: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:21.404604: |    length: 100 (00 64)
Oct 31 15:24:21.404606: |    prop #: 2 (02)
Oct 31 15:24:21.404609: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Oct 31 15:24:21.404611: |    spi size: 0 (00)
Oct 31 15:24:21.404613: |    # transforms: 11 (0b)
Oct 31 15:24:21.404620: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals
Oct 31 15:24:21.404623: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404626: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404629: |    length: 12 (00 0c)
Oct 31 15:24:21.404631: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:21.404633: |    IKEv2 transform ID: AES_GCM_C (0x14)
Oct 31 15:24:21.404636: | ******parse IKEv2 Attribute Substructure Payload:
Oct 31 15:24:21.404638: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:21.404641: |    length/value: 128 (00 80)
Oct 31 15:24:21.404644: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404646: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404649: |    length: 8 (00 08)
Oct 31 15:24:21.404651: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:24:21.404653: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Oct 31 15:24:21.404656: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404658: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404660: |    length: 8 (00 08)
Oct 31 15:24:21.404663: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:24:21.404665: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Oct 31 15:24:21.404668: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404670: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404673: |    length: 8 (00 08)
Oct 31 15:24:21.404676: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.404678: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:21.404681: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404683: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404685: |    length: 8 (00 08)
Oct 31 15:24:21.404687: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.404689: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Oct 31 15:24:21.404692: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404694: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404696: |    length: 8 (00 08)
Oct 31 15:24:21.404698: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.404700: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Oct 31 15:24:21.404703: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404705: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404707: |    length: 8 (00 08)
Oct 31 15:24:21.404709: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.404711: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Oct 31 15:24:21.404714: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404716: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404718: |    length: 8 (00 08)
Oct 31 15:24:21.404720: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.404723: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Oct 31 15:24:21.404725: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404728: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404730: |    length: 8 (00 08)
Oct 31 15:24:21.404733: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.404735: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Oct 31 15:24:21.404738: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404740: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404742: |    length: 8 (00 08)
Oct 31 15:24:21.404745: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.404747: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Oct 31 15:24:21.404750: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404752: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:21.404755: |    length: 8 (00 08)
Oct 31 15:24:21.404757: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.404759: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Oct 31 15:24:21.404765: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH
Oct 31 15:24:21.404768: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH
Oct 31 15:24:21.404771: | ****parse IKEv2 Proposal Substructure Payload:
Oct 31 15:24:21.404773: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:21.404776: |    length: 116 (00 74)
Oct 31 15:24:21.404778: |    prop #: 3 (03)
Oct 31 15:24:21.404780: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Oct 31 15:24:21.404783: |    spi size: 0 (00)
Oct 31 15:24:21.404785: |    # transforms: 13 (0d)
Oct 31 15:24:21.404788: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals
Oct 31 15:24:21.404790: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404792: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404795: |    length: 12 (00 0c)
Oct 31 15:24:21.404797: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:21.404800: |    IKEv2 transform ID: AES_CBC (0xc)
Oct 31 15:24:21.404802: | ******parse IKEv2 Attribute Substructure Payload:
Oct 31 15:24:21.404805: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:21.404807: |    length/value: 256 (01 00)
Oct 31 15:24:21.404810: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404812: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404815: |    length: 8 (00 08)
Oct 31 15:24:21.404817: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:24:21.404819: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Oct 31 15:24:21.404822: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404824: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404827: |    length: 8 (00 08)
Oct 31 15:24:21.404829: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:24:21.404831: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Oct 31 15:24:21.404834: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404836: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404839: |    length: 8 (00 08)
Oct 31 15:24:21.404841: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:24:21.404843: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Oct 31 15:24:21.404845: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404847: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404850: |    length: 8 (00 08)
Oct 31 15:24:21.404852: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:24:21.404854: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Oct 31 15:24:21.404856: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404858: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404861: |    length: 8 (00 08)
Oct 31 15:24:21.404863: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.404865: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:21.404868: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404870: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404873: |    length: 8 (00 08)
Oct 31 15:24:21.404875: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.404878: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Oct 31 15:24:21.404880: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404883: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404886: |    length: 8 (00 08)
Oct 31 15:24:21.404888: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.404890: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Oct 31 15:24:21.404893: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404895: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404898: |    length: 8 (00 08)
Oct 31 15:24:21.404900: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.404902: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Oct 31 15:24:21.404904: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404908: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404911: |    length: 8 (00 08)
Oct 31 15:24:21.404913: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.404915: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Oct 31 15:24:21.404917: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404919: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404922: |    length: 8 (00 08)
Oct 31 15:24:21.404924: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.404926: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Oct 31 15:24:21.404928: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404930: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404933: |    length: 8 (00 08)
Oct 31 15:24:21.404935: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.404937: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Oct 31 15:24:21.404939: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404941: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:21.404943: |    length: 8 (00 08)
Oct 31 15:24:21.404945: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.404947: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Oct 31 15:24:21.404951: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH
Oct 31 15:24:21.404955: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH
Oct 31 15:24:21.404957: | ****parse IKEv2 Proposal Substructure Payload:
Oct 31 15:24:21.404960: |    last proposal: v2_PROPOSAL_LAST (0x0)
Oct 31 15:24:21.404963: |    length: 116 (00 74)
Oct 31 15:24:21.404965: |    prop #: 4 (04)
Oct 31 15:24:21.404967: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Oct 31 15:24:21.404970: |    spi size: 0 (00)
Oct 31 15:24:21.404972: |    # transforms: 13 (0d)
Oct 31 15:24:21.404975: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals
Oct 31 15:24:21.404977: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.404980: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.404983: |    length: 12 (00 0c)
Oct 31 15:24:21.404985: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:21.404987: |    IKEv2 transform ID: AES_CBC (0xc)
Oct 31 15:24:21.404989: | ******parse IKEv2 Attribute Substructure Payload:
Oct 31 15:24:21.404992: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:21.404995: |    length/value: 128 (00 80)
Oct 31 15:24:21.404998: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.405000: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.405003: |    length: 8 (00 08)
Oct 31 15:24:21.405005: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:24:21.405007: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Oct 31 15:24:21.405010: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.405012: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.405015: |    length: 8 (00 08)
Oct 31 15:24:21.405017: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:24:21.405019: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Oct 31 15:24:21.405022: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.405024: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.405027: |    length: 8 (00 08)
Oct 31 15:24:21.405029: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:24:21.405031: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Oct 31 15:24:21.405034: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.405035: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.405041: |    length: 8 (00 08)
Oct 31 15:24:21.405044: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:24:21.405109: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Oct 31 15:24:21.405113: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.405114: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.405118: |    length: 8 (00 08)
Oct 31 15:24:21.405120: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.405122: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:21.405124: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.405125: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.405127: |    length: 8 (00 08)
Oct 31 15:24:21.405129: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.405130: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Oct 31 15:24:21.405132: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.405134: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.405136: |    length: 8 (00 08)
Oct 31 15:24:21.405137: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.405139: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Oct 31 15:24:21.405140: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.405142: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.405144: |    length: 8 (00 08)
Oct 31 15:24:21.405145: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.405147: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Oct 31 15:24:21.405149: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.405150: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.405152: |    length: 8 (00 08)
Oct 31 15:24:21.405154: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.405155: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Oct 31 15:24:21.405157: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.405159: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.405161: |    length: 8 (00 08)
Oct 31 15:24:21.405163: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.405168: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Oct 31 15:24:21.405172: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.405175: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.405178: |    length: 8 (00 08)
Oct 31 15:24:21.405180: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.405183: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Oct 31 15:24:21.405186: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.405188: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:21.405191: |    length: 8 (00 08)
Oct 31 15:24:21.405194: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.405196: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Oct 31 15:24:21.405205: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH
Oct 31 15:24:21.405212: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH
Oct 31 15:24:21.405219: "westnet-eastnet-ipv4-psk-ikev2" #1: proposal 1:IKE=AES_GCM_C_256-HMAC_SHA2_512-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519
Oct 31 15:24:21.405224: | accepted IKE proposal ikev2_proposal: 1:IKE=AES_GCM_C_256-HMAC_SHA2_512-MODP2048
Oct 31 15:24:21.405227: | converting proposal to internal trans attrs
Oct 31 15:24:21.405232: | nat: IKE.SPIr is zero
Oct 31 15:24:21.405247: | natd_hash: hasher=0x55d6489f3f80(20)
Oct 31 15:24:21.405249: | natd_hash: icookie=
Oct 31 15:24:21.405251: |   da 5c 6a eb  32 47 9a 54
Oct 31 15:24:21.405254: | natd_hash: rcookie=
Oct 31 15:24:21.405255: |   00 00 00 00  00 00 00 00
Oct 31 15:24:21.405257: | natd_hash: ip=
Oct 31 15:24:21.405258: |   c0 01 02 17
Oct 31 15:24:21.405259: | natd_hash: port=
Oct 31 15:24:21.405261: |   01 f4
Oct 31 15:24:21.405262: | natd_hash: hash=
Oct 31 15:24:21.405263: |   34 67 49 9c  0d 77 9f 8e  51 58 fe c3  6c 58 c9 b3
Oct 31 15:24:21.405265: |   ad de a6 81
Oct 31 15:24:21.405266: | nat: IKE.SPIr is zero
Oct 31 15:24:21.405280: | natd_hash: hasher=0x55d6489f3f80(20)
Oct 31 15:24:21.405284: | natd_hash: icookie=
Oct 31 15:24:21.405287: |   da 5c 6a eb  32 47 9a 54
Oct 31 15:24:21.405289: | natd_hash: rcookie=
Oct 31 15:24:21.405291: |   00 00 00 00  00 00 00 00
Oct 31 15:24:21.405293: | natd_hash: ip=
Oct 31 15:24:21.405295: |   c0 01 02 2d
Oct 31 15:24:21.405298: | natd_hash: port=
Oct 31 15:24:21.405300: |   01 f4
Oct 31 15:24:21.405302: | natd_hash: hash=
Oct 31 15:24:21.405304: |   31 c8 e4 54  15 5e 3d ac  b2 48 de 23  ea dc 7a 85
Oct 31 15:24:21.405306: |   d7 41 a0 c0
Oct 31 15:24:21.405309: | NAT_TRAVERSAL encaps using auto-detect
Oct 31 15:24:21.405312: | NAT_TRAVERSAL this end is NOT behind NAT
Oct 31 15:24:21.405314: | NAT_TRAVERSAL that end is NOT behind NAT
Oct 31 15:24:21.405318: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45
Oct 31 15:24:21.405327: | addref fd@NULL (in clone_logger() at log.c:809)
Oct 31 15:24:21.405330: | addref fd@NULL (in clone_logger() at log.c:810)
Oct 31 15:24:21.405333: | newref clone logger@0x55d64a722cf8(0->1) (in clone_logger() at log.c:817)
Oct 31 15:24:21.405336: | job 1 for #1: ikev2_inI1outR1 KE (build KE and nonce): adding job to queue
Oct 31 15:24:21.405339: | state #1 has no .st_event to delete
Oct 31 15:24:21.405342: | #1 STATE_PARENT_R0: retransmits: cleared
Oct 31 15:24:21.405344: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55d64a7375f8
Oct 31 15:24:21.405346: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Oct 31 15:24:21.405348: | libevent_malloc: newref ptr-libevent@0x55d64a736908 size 128
Oct 31 15:24:21.405362: |   #1 spent 1.12 (1.25) milliseconds in processing: Respond to IKE_SA_INIT in v2_dispatch()
Oct 31 15:24:21.405370: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3364)
Oct 31 15:24:21.405370: | job 1 for #1: ikev2_inI1outR1 KE (build KE and nonce): helper 1 starting job
Oct 31 15:24:21.405379: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND
Oct 31 15:24:21.405397: | suspending state #1 and saving MD 0x55d64a732848
Oct 31 15:24:21.405402: | addref md@0x55d64a732848(1->2) (in complete_v2_state_transition() at ikev2.c:3485)
Oct 31 15:24:21.405405: | #1 is busy; has suspended MD 0x55d64a732848
Oct 31 15:24:21.405411: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:1760)
Oct 31 15:24:21.405418: | #1 spent 1.7 (1.89) milliseconds in ikev2_process_packet()
Oct 31 15:24:21.405421: | processing: STOP state #0 (in process_md() at demux.c:287)
Oct 31 15:24:21.405424: | delref mdp@0x55d64a732848(2->1) (in handle_packet_cb() at demux.c:318)
Oct 31 15:24:21.405428: | spent 1.71 (1.9) milliseconds in handle_packet_cb() reading and processing packet
Oct 31 15:24:21.407090: | "westnet-eastnet-ipv4-psk-ikev2" #1: spent 1.58 (1.72) milliseconds in helper 1 processing job 1 for state #1: ikev2_inI1outR1 KE (pcr)
Oct 31 15:24:21.407103: | job 1 for #1: ikev2_inI1outR1 KE (build KE and nonce): helper thread 1 sending result back to state
Oct 31 15:24:21.407106: | scheduling resume sending helper answer back to state for #1
Oct 31 15:24:21.407109: | libevent_malloc: newref ptr-libevent@0x7fb454006108 size 128
Oct 31 15:24:21.407116: | helper thread 1 has nothing to do
Oct 31 15:24:21.407188: | processing resume sending helper answer back to state for #1
Oct 31 15:24:21.407218: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:641)
Oct 31 15:24:21.407231: | unsuspending #1 MD 0x55d64a732848
Oct 31 15:24:21.407235: | job 1 for #1: ikev2_inI1outR1 KE (build KE and nonce): processing response from helper 1
Oct 31 15:24:21.407238: | job 1 for #1: ikev2_inI1outR1 KE (build KE and nonce): calling continuation function 0x55d648901fe7
Oct 31 15:24:21.407241: | ikev2_parent_inI1outR1_continue() for #1 STATE_PARENT_R0: calculated ke+nonce, sending R1
Oct 31 15:24:21.407281: | opening output PBS reply packet
Oct 31 15:24:21.407287: | **emit ISAKMP Message:
Oct 31 15:24:21.407291: |    initiator SPI: da 5c 6a eb  32 47 9a 54
Oct 31 15:24:21.407295: |    responder SPI: ce ff 87 fc  f7 d6 16 65
Oct 31 15:24:21.407298: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Oct 31 15:24:21.407300: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:21.407303: |    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
Oct 31 15:24:21.407305: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Oct 31 15:24:21.407309: |    Message ID: 0 (00 00 00 00)
Oct 31 15:24:21.407312: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Oct 31 15:24:21.407315: | emitting ikev2_proposal ...
Oct 31 15:24:21.407318: | ***emit IKEv2 Security Association Payload:
Oct 31 15:24:21.407320: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:21.407322: |    flags: none (0x0)
Oct 31 15:24:21.407326: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Oct 31 15:24:21.407328: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:21.407333: | ****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:24:21.407336: |    last proposal: v2_PROPOSAL_LAST (0x0)
Oct 31 15:24:21.407339: |    prop #: 1 (01)
Oct 31 15:24:21.407342: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Oct 31 15:24:21.407345: |    spi size: 0 (00)
Oct 31 15:24:21.407348: |    # transforms: 3 (03)
Oct 31 15:24:21.407350: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:24:21.407354: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.407356: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.407359: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:21.407361: |    IKEv2 transform ID: AES_GCM_C (0x14)
Oct 31 15:24:21.407363: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:21.407366: | ******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:24:21.407369: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:21.407372: |    length/value: 256 (01 00)
Oct 31 15:24:21.407375: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:24:21.407377: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.407380: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.407382: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:24:21.407384: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Oct 31 15:24:21.407387: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.407389: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:21.407392: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:21.407394: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.407397: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:21.407399: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:21.407401: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:21.407403: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.407408: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:21.407411: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:21.407413: | emitting length of IKEv2 Proposal Substructure Payload: 36
Oct 31 15:24:21.407415: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:24:21.407417: | emitting length of IKEv2 Security Association Payload: 40
Oct 31 15:24:21.407419: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Oct 31 15:24:21.407424: | DH secret MODP2048@0x7fb454006ba8: transferring ownership from helper KE to state #1
Oct 31 15:24:21.407427: | ***emit IKEv2 Key Exchange Payload:
Oct 31 15:24:21.407429: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:21.407432: |    flags: none (0x0)
Oct 31 15:24:21.407434: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:21.407437: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE)
Oct 31 15:24:21.407440: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:21.407444: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
Oct 31 15:24:21.407446: | ikev2 g^x:
Oct 31 15:24:21.407449: |   6d 17 89 a6  00 4f c2 38  d4 89 31 bb  1a 96 2c 00
Oct 31 15:24:21.407451: |   53 5b 5c a8  ea bc 42 3c  fd 31 c4 49  b1 5f 17 6b
Oct 31 15:24:21.407453: |   d3 43 9a 02  dc 47 61 ad  01 53 7e 26  53 bb f7 6a
Oct 31 15:24:21.407455: |   16 7c e2 5d  aa f9 e0 59  3c e0 47 c2  23 e4 c6 14
Oct 31 15:24:21.407457: |   33 a5 06 29  8f bb 7f 1a  de 11 d8 31  6f cd 4d 8b
Oct 31 15:24:21.407459: |   0f 98 ce a7  13 8b 09 8b  a9 bd 64 2f  49 e6 a1 03
Oct 31 15:24:21.407461: |   cf 7e 7a 52  ef d9 17 6a  bf 6f a8 9b  51 b0 72 53
Oct 31 15:24:21.407463: |   0d 59 ec 36  70 a1 8f 50  f5 74 59 1d  0a 8c 7e c1
Oct 31 15:24:21.407465: |   13 f9 d9 c0  b2 10 52 bf  9c d9 03 13  a0 d6 29 de
Oct 31 15:24:21.407467: |   1b 51 d0 88  8e d5 6f 0d  7f f8 ff 8d  4f 7c 33 bc
Oct 31 15:24:21.407469: |   22 21 b5 aa  a5 6f db 8d  5f a2 ad ae  bc 98 36 79
Oct 31 15:24:21.407471: |   91 dc f8 2b  0d 02 0f 1c  4c 18 c4 a8  80 a7 60 c6
Oct 31 15:24:21.407472: |   d7 99 f9 5f  78 1c 1e 12  41 6f 86 ea  62 55 d6 89
Oct 31 15:24:21.407475: |   54 84 47 8f  29 20 ac a1  43 ff 6e 95  e3 74 4a ff
Oct 31 15:24:21.407477: |   70 fa 5c 74  cf ea 9d 51  4f b6 c8 97  2c 6e 8f 62
Oct 31 15:24:21.407479: |   85 61 be 04  6f 1c 0d 13  a1 2f aa 31  9e 21 bb 50
Oct 31 15:24:21.407481: | emitting length of IKEv2 Key Exchange Payload: 264
Oct 31 15:24:21.407484: | ***emit IKEv2 Nonce Payload:
Oct 31 15:24:21.407486: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:21.407488: |    flags: none (0x0)
Oct 31 15:24:21.407491: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni)
Oct 31 15:24:21.407493: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:21.407496: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
Oct 31 15:24:21.407498: | IKEv2 nonce:
Oct 31 15:24:21.407501: |   82 88 28 75  b1 15 98 99  a6 cd 7e bf  df fb ea b9
Oct 31 15:24:21.407503: |   39 62 20 8c  f1 0f 24 fa  50 8e 12 65  80 e3 f1 76
Oct 31 15:24:21.407505: | emitting length of IKEv2 Nonce Payload: 36
Oct 31 15:24:21.407508: | adding a v2N Payload
Oct 31 15:24:21.407510: | ***emit IKEv2 Notify Payload:
Oct 31 15:24:21.407513: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:21.407515: |    flags: none (0x0)
Oct 31 15:24:21.407518: |    Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
Oct 31 15:24:21.407521: |    SPI size: 0 (00)
Oct 31 15:24:21.407525: |    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
Oct 31 15:24:21.407528: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Oct 31 15:24:21.407530: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:21.407533: | emitting length of IKEv2 Notify Payload: 8
Oct 31 15:24:21.407536: |  NAT-Traversal support  [enabled] add v2N payloads.
Oct 31 15:24:21.407550: | natd_hash: hasher=0x55d6489f3f80(20)
Oct 31 15:24:21.407553: | natd_hash: icookie=
Oct 31 15:24:21.407556: |   da 5c 6a eb  32 47 9a 54
Oct 31 15:24:21.407558: | natd_hash: rcookie=
Oct 31 15:24:21.407560: |   ce ff 87 fc  f7 d6 16 65
Oct 31 15:24:21.407562: | natd_hash: ip=
Oct 31 15:24:21.407564: |   c0 01 02 17
Oct 31 15:24:21.407566: | natd_hash: port=
Oct 31 15:24:21.407568: |   01 f4
Oct 31 15:24:21.407570: | natd_hash: hash=
Oct 31 15:24:21.407572: |   08 c0 b8 2b  20 0c 2c 6f  7d b2 c9 27  c4 4a 27 d9
Oct 31 15:24:21.407574: |   d7 0a 7f 82
Oct 31 15:24:21.407576: | adding a v2N Payload
Oct 31 15:24:21.407578: | ***emit IKEv2 Notify Payload:
Oct 31 15:24:21.407581: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:21.407583: |    flags: none (0x0)
Oct 31 15:24:21.407585: |    Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
Oct 31 15:24:21.407588: |    SPI size: 0 (00)
Oct 31 15:24:21.407591: |    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Oct 31 15:24:21.407594: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Oct 31 15:24:21.407596: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:21.407599: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Oct 31 15:24:21.407601: | Notify data:
Oct 31 15:24:21.407604: |   08 c0 b8 2b  20 0c 2c 6f  7d b2 c9 27  c4 4a 27 d9
Oct 31 15:24:21.407606: |   d7 0a 7f 82
Oct 31 15:24:21.407608: | emitting length of IKEv2 Notify Payload: 28
Oct 31 15:24:21.407616: | natd_hash: hasher=0x55d6489f3f80(20)
Oct 31 15:24:21.407618: | natd_hash: icookie=
Oct 31 15:24:21.407620: |   da 5c 6a eb  32 47 9a 54
Oct 31 15:24:21.407622: | natd_hash: rcookie=
Oct 31 15:24:21.407624: |   ce ff 87 fc  f7 d6 16 65
Oct 31 15:24:21.407625: | natd_hash: ip=
Oct 31 15:24:21.407627: |   c0 01 02 2d
Oct 31 15:24:21.407629: | natd_hash: port=
Oct 31 15:24:21.407631: |   01 f4
Oct 31 15:24:21.407633: | natd_hash: hash=
Oct 31 15:24:21.407634: |   82 54 2d e5  7d 21 a7 4c  d4 0b 61 0e  64 df cb fd
Oct 31 15:24:21.407636: |   59 7b c7 33
Oct 31 15:24:21.407638: | adding a v2N Payload
Oct 31 15:24:21.407640: | ***emit IKEv2 Notify Payload:
Oct 31 15:24:21.407642: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:21.407644: |    flags: none (0x0)
Oct 31 15:24:21.407646: |    Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
Oct 31 15:24:21.407648: |    SPI size: 0 (00)
Oct 31 15:24:21.407651: |    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Oct 31 15:24:21.407653: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Oct 31 15:24:21.407655: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:21.407658: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Oct 31 15:24:21.407660: | Notify data:
Oct 31 15:24:21.407662: |   82 54 2d e5  7d 21 a7 4c  d4 0b 61 0e  64 df cb fd
Oct 31 15:24:21.407664: |   59 7b c7 33
Oct 31 15:24:21.407666: | emitting length of IKEv2 Notify Payload: 28
Oct 31 15:24:21.407669: | emitting length of ISAKMP Message: 432
Oct 31 15:24:21.407676: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3364)
Oct 31 15:24:21.407681: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK
Oct 31 15:24:21.407686: | transitioning from state STATE_PARENT_R0 to state STATE_PARENT_R1
Oct 31 15:24:21.407688: | Message ID: updating counters for #1
Oct 31 15:24:21.407702: | Message ID: IKE #1 updating responder received message request 0: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744535.836782 ike.responder.sent=-1 ike.responder.recv=-1->0 ike.responder.last_contact=744535.836782->744535.840492 ike.wip.initiator=-1 ike.wip.responder=0->-1
Oct 31 15:24:21.407709: | Message ID: IKE #1 updating responder sent message response 0: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744535.836782 ike.responder.sent=-1->0 ike.responder.recv=0 ike.responder.last_contact=744535.840492 ike.wip.initiator=-1 ike.wip.responder=-1
Oct 31 15:24:21.407716: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744535.836782 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744535.840492 ike.wip.initiator=-1 ike.wip.responder=-1
Oct 31 15:24:21.407720: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA)
Oct 31 15:24:21.407723: | announcing the state transition
Oct 31 15:24:21.407729: "westnet-eastnet-ipv4-psk-ikev2" #1: sent IKE_SA_INIT reply {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
Oct 31 15:24:21.407742: | sending 432 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 using UDP (for #1)
Oct 31 15:24:21.407745: |   da 5c 6a eb  32 47 9a 54  ce ff 87 fc  f7 d6 16 65
Oct 31 15:24:21.407747: |   21 20 22 20  00 00 00 00  00 00 01 b0  22 00 00 28
Oct 31 15:24:21.407750: |   00 00 00 24  01 01 00 03  03 00 00 0c  01 00 00 14
Oct 31 15:24:21.407752: |   80 0e 01 00  03 00 00 08  02 00 00 07  00 00 00 08
Oct 31 15:24:21.407754: |   04 00 00 0e  28 00 01 08  00 0e 00 00  6d 17 89 a6
Oct 31 15:24:21.407756: |   00 4f c2 38  d4 89 31 bb  1a 96 2c 00  53 5b 5c a8
Oct 31 15:24:21.407758: |   ea bc 42 3c  fd 31 c4 49  b1 5f 17 6b  d3 43 9a 02
Oct 31 15:24:21.407760: |   dc 47 61 ad  01 53 7e 26  53 bb f7 6a  16 7c e2 5d
Oct 31 15:24:21.407762: |   aa f9 e0 59  3c e0 47 c2  23 e4 c6 14  33 a5 06 29
Oct 31 15:24:21.407764: |   8f bb 7f 1a  de 11 d8 31  6f cd 4d 8b  0f 98 ce a7
Oct 31 15:24:21.407766: |   13 8b 09 8b  a9 bd 64 2f  49 e6 a1 03  cf 7e 7a 52
Oct 31 15:24:21.407768: |   ef d9 17 6a  bf 6f a8 9b  51 b0 72 53  0d 59 ec 36
Oct 31 15:24:21.407770: |   70 a1 8f 50  f5 74 59 1d  0a 8c 7e c1  13 f9 d9 c0
Oct 31 15:24:21.407772: |   b2 10 52 bf  9c d9 03 13  a0 d6 29 de  1b 51 d0 88
Oct 31 15:24:21.407774: |   8e d5 6f 0d  7f f8 ff 8d  4f 7c 33 bc  22 21 b5 aa
Oct 31 15:24:21.407776: |   a5 6f db 8d  5f a2 ad ae  bc 98 36 79  91 dc f8 2b
Oct 31 15:24:21.407778: |   0d 02 0f 1c  4c 18 c4 a8  80 a7 60 c6  d7 99 f9 5f
Oct 31 15:24:21.407781: |   78 1c 1e 12  41 6f 86 ea  62 55 d6 89  54 84 47 8f
Oct 31 15:24:21.407783: |   29 20 ac a1  43 ff 6e 95  e3 74 4a ff  70 fa 5c 74
Oct 31 15:24:21.407785: |   cf ea 9d 51  4f b6 c8 97  2c 6e 8f 62  85 61 be 04
Oct 31 15:24:21.407787: |   6f 1c 0d 13  a1 2f aa 31  9e 21 bb 50  29 00 00 24
Oct 31 15:24:21.407794: |   82 88 28 75  b1 15 98 99  a6 cd 7e bf  df fb ea b9
Oct 31 15:24:21.407797: |   39 62 20 8c  f1 0f 24 fa  50 8e 12 65  80 e3 f1 76
Oct 31 15:24:21.407799: |   29 00 00 08  00 00 40 2e  29 00 00 1c  00 00 40 04
Oct 31 15:24:21.407801: |   08 c0 b8 2b  20 0c 2c 6f  7d b2 c9 27  c4 4a 27 d9
Oct 31 15:24:21.407803: |   d7 0a 7f 82  00 00 00 1c  00 00 40 05  82 54 2d e5
Oct 31 15:24:21.407805: |   7d 21 a7 4c  d4 0b 61 0e  64 df cb fd  59 7b c7 33
Oct 31 15:24:21.407851: | sent 1 messages
Oct 31 15:24:21.407856: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT
Oct 31 15:24:21.407861: | libevent_free: delref ptr-libevent@0x55d64a736908
Oct 31 15:24:21.407864: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55d64a7375f8
Oct 31 15:24:21.407868: | event_schedule: newref EVENT_SO_DISCARD-pe@0x55d64a736908
Oct 31 15:24:21.407871: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1
Oct 31 15:24:21.407876: | libevent_malloc: newref ptr-libevent@0x55d64a737ad8 size 128
Oct 31 15:24:21.407952: | delref logger@0x55d64a722cf8(1->0) (in handle_helper_answer() at pluto_crypt.c:658)
Oct 31 15:24:21.407957: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:21.407960: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:21.407964: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition()
Oct 31 15:24:21.407967: | delref mdp@0x55d64a732848(1->0) (in resume_handler() at server.c:743)
Oct 31 15:24:21.407970: | delref logger@0x55d64a72f5c8(1->0) (in resume_handler() at server.c:743)
Oct 31 15:24:21.407973: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:21.407975: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:21.407983: | #1 spent 0.66 (0.751) milliseconds in resume sending helper answer back to state
Oct 31 15:24:21.407989: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:745)
Oct 31 15:24:21.407993: | libevent_free: delref ptr-libevent@0x7fb454006108
Oct 31 15:24:21.410193: | spent 0.00258 (0.00257) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue()
Oct 31 15:24:21.410227: | newref struct msg_digest@0x55d64a732848(0->1) (in read_message() at demux.c:103)
Oct 31 15:24:21.410232: | newref alloc logger@0x55d64a72f5c8(0->1) (in read_message() at demux.c:103)
Oct 31 15:24:21.410247: | *received 365 bytes from 192.1.2.45:500 on eth1 192.1.2.23:500 using UDP
Oct 31 15:24:21.410250: |   da 5c 6a eb  32 47 9a 54  ce ff 87 fc  f7 d6 16 65
Oct 31 15:24:21.410252: |   2e 20 23 08  00 00 00 01  00 00 01 6d  23 00 01 51
Oct 31 15:24:21.410254: |   0f cf 60 9d  86 97 e7 90  70 71 28 2c  7f c2 39 82
Oct 31 15:24:21.410256: |   91 52 5c 39  c9 dd c6 d5  69 cb 0d 99  90 af 3a 98
Oct 31 15:24:21.410259: |   e9 3f 08 a1  4c ac 23 d1  b4 c8 dc 46  89 5f ad 4d
Oct 31 15:24:21.410261: |   dc 2a e9 72  27 5f aa 74  a4 51 48 e9  a5 4a e0 5f
Oct 31 15:24:21.410263: |   de b1 59 7d  be e0 80 ea  96 89 78 95  23 a0 85 4a
Oct 31 15:24:21.410265: |   79 ad 9e 8e  9f a7 e7 a5  dc aa 2b 94  57 af 19 f4
Oct 31 15:24:21.410267: |   cb 9b 32 78  c4 d0 0b a8  4f 0f d0 a3  19 76 0a 2c
Oct 31 15:24:21.410269: |   72 0c 79 a6  88 40 ae 15  53 6d d3 19  85 c3 0e 1d
Oct 31 15:24:21.410271: |   e2 63 74 2a  85 42 9c 2b  a6 99 88 4e  b2 9f 8b b9
Oct 31 15:24:21.410273: |   93 bd ca fe  dd e4 7c 9d  29 cd 03 36  50 08 15 7c
Oct 31 15:24:21.410275: |   04 73 79 6c  ac 8f 18 ff  b4 a7 d9 ef  01 38 2e 6c
Oct 31 15:24:21.410277: |   03 2f 9a 10  b0 b6 e1 0f  e8 14 ea 20  97 34 fe a5
Oct 31 15:24:21.410279: |   3d b6 ab 29  74 ef 9b 80  11 38 04 11  04 b1 4b 83
Oct 31 15:24:21.410281: |   c7 b9 8d 3d  e5 d7 a2 2d  b0 41 b8 7b  07 65 c1 fb
Oct 31 15:24:21.410283: |   8c c6 d2 92  93 0e 0d 68  41 4d 8f 7f  ab 8c 7c 21
Oct 31 15:24:21.410285: |   82 61 b9 e5  67 fd 16 cb  46 03 b2 c1  c1 2a ed 0e
Oct 31 15:24:21.410287: |   4d 79 3a 3b  56 99 31 34  b1 5a e6 54  0b d1 06 44
Oct 31 15:24:21.410289: |   d9 dd 66 28  d4 91 bd 07  0a 23 00 20  0c 94 0b f8
Oct 31 15:24:21.410291: |   a5 d7 f9 3e  d4 7b 95 87  d2 1e 13 46  68 28 92 3f
Oct 31 15:24:21.410293: |   49 60 2e 5c  31 12 ed c3  94 98 4c 4c  23 4b b3 43
Oct 31 15:24:21.410295: |   f1 50 12 15  38 9a aa 3e  89 95 46 80  a6
Oct 31 15:24:21.410300: | **parse ISAKMP Message:
Oct 31 15:24:21.410309: |    initiator SPI: da 5c 6a eb  32 47 9a 54
Oct 31 15:24:21.410314: |    responder SPI: ce ff 87 fc  f7 d6 16 65
Oct 31 15:24:21.410316: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Oct 31 15:24:21.410319: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:21.410321: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Oct 31 15:24:21.410324: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Oct 31 15:24:21.410328: |    Message ID: 1 (00 00 00 01)
Oct 31 15:24:21.410332: |    length: 365 (00 00 01 6d)
Oct 31 15:24:21.410335: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35)
Oct 31 15:24:21.410342: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request 
Oct 31 15:24:21.410347: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa)
Oct 31 15:24:21.410354: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:1902)
Oct 31 15:24:21.410361: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001
Oct 31 15:24:21.410364: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Oct 31 15:24:21.410367: | #1 is idle
Oct 31 15:24:21.410373: | Message ID: IKE #1 not a duplicate - message request 1 is new: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744535.836782 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744535.840492 ike.wip.initiator=-1 ike.wip.responder=-1
Oct 31 15:24:21.410379: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:1983)
Oct 31 15:24:21.410381: | unpacking clear payload
Oct 31 15:24:21.410384: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
Oct 31 15:24:21.410388: | ***parse IKEv2 Encryption Payload:
Oct 31 15:24:21.410391: |    next payload type: ISAKMP_NEXT_v2IDi (0x23)
Oct 31 15:24:21.410393: |    flags: none (0x0)
Oct 31 15:24:21.410397: |    length: 337 (01 51)
Oct 31 15:24:21.410399: | processing payload: ISAKMP_NEXT_v2SK (len=333)
Oct 31 15:24:21.410402: | #1 in state PARENT_R1: sent IKE_SA_INIT reply
Oct 31 15:24:21.410405: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED)
Oct 31 15:24:21.410408: | calling processor Responder: process IKE_AUTH request (no SKEYSEED)
Oct 31 15:24:21.410412: | ikev2 parent ikev2_ike_sa_process_auth_request_no_skeyid(): calculating g^{xy} in order to decrypt I2
Oct 31 15:24:21.410416: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16
Oct 31 15:24:21.410420: | DH secret MODP2048@0x7fb454006ba8: transferring ownership from state #1 to helper IKEv2 DH
Oct 31 15:24:21.410424: | addref fd@NULL (in clone_logger() at log.c:809)
Oct 31 15:24:21.410426: | addref fd@NULL (in clone_logger() at log.c:810)
Oct 31 15:24:21.410430: | newref clone logger@0x55d64a722cf8(0->1) (in clone_logger() at log.c:817)
Oct 31 15:24:21.410432: | job 2 for #1: ikev2_inI2outR2 KE (compute dh (V2)): adding job to queue
Oct 31 15:24:21.410435: | state #1 deleting .st_event EVENT_SO_DISCARD
Oct 31 15:24:21.410438: | libevent_free: delref ptr-libevent@0x55d64a737ad8
Oct 31 15:24:21.410441: | free_event_entry: delref EVENT_SO_DISCARD-pe@0x55d64a736908
Oct 31 15:24:21.410449: | #1 STATE_PARENT_R1: retransmits: cleared
Oct 31 15:24:21.410452: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55d64a737ad8
Oct 31 15:24:21.410455: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Oct 31 15:24:21.410458: | libevent_malloc: newref ptr-libevent@0x7fb454006108 size 128
Oct 31 15:24:21.410469: |   #1 spent 0.0516 (0.0551) milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in v2_dispatch()
Oct 31 15:24:21.410474: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3364)
Oct 31 15:24:21.410478: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND; .st_v2_transition=PARENT_R0->PARENT_R1
Oct 31 15:24:21.410481: | suspending state #1 and saving MD 0x55d64a732848
Oct 31 15:24:21.410485: | addref md@0x55d64a732848(1->2) (in complete_v2_state_transition() at ikev2.c:3485)
Oct 31 15:24:21.410479: | job 2 for #1: ikev2_inI2outR2 KE (compute dh (V2)): helper 2 starting job
Oct 31 15:24:21.410488: | #1 is busy; has suspended MD 0x55d64a732848
Oct 31 15:24:21.410503: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:1904)
Oct 31 15:24:21.410509: | #1 spent 0.293 (0.322) milliseconds in ikev2_process_packet()
Oct 31 15:24:21.410512: | processing: STOP state #0 (in process_md() at demux.c:287)
Oct 31 15:24:21.410517: | delref mdp@0x55d64a732848(2->1) (in handle_packet_cb() at demux.c:318)
Oct 31 15:24:21.410521: | spent 0.306 (0.335) milliseconds in handle_packet_cb() reading and processing packet
Oct 31 15:24:21.411050: | calculating skeyseed using prf=HMAC_SHA2_512 integ=NONE cipherkey-size=32 salt-size=4
Oct 31 15:24:21.411173: | "westnet-eastnet-ipv4-psk-ikev2" #1: spent 0.69 (0.694) milliseconds in helper 2 processing job 2 for state #1: ikev2_inI2outR2 KE (pcr)
Oct 31 15:24:21.411178: | job 2 for #1: ikev2_inI2outR2 KE (compute dh (V2)): helper thread 2 sending result back to state
Oct 31 15:24:21.411180: | scheduling resume sending helper answer back to state for #1
Oct 31 15:24:21.411182: | libevent_malloc: newref ptr-libevent@0x7fb44c00b578 size 128
Oct 31 15:24:21.411188: | helper thread 2 has nothing to do
Oct 31 15:24:21.411211: | processing resume sending helper answer back to state for #1
Oct 31 15:24:21.411224: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:641)
Oct 31 15:24:21.411229: | unsuspending #1 MD 0x55d64a732848
Oct 31 15:24:21.411232: | job 2 for #1: ikev2_inI2outR2 KE (compute dh (V2)): processing response from helper 2
Oct 31 15:24:21.411235: | job 2 for #1: ikev2_inI2outR2 KE (compute dh (V2)): calling continuation function 0x55d648901fe7
Oct 31 15:24:21.411238: | ikev2_ike_sa_process_auth_request_no_skeyid_continue() for #1 STATE_PARENT_R1: calculating g^{xy}, sending R2
Oct 31 15:24:21.411241: | DH secret MODP2048@0x7fb454006ba8: transferring ownership from helper IKEv2 DH to state #1
Oct 31 15:24:21.411244: | #1 in state PARENT_R1: sent IKE_SA_INIT reply
Oct 31 15:24:21.411262: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success
Oct 31 15:24:21.411265: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi)
Oct 31 15:24:21.411269: | **parse IKEv2 Identification - Initiator - Payload:
Oct 31 15:24:21.411272: |    next payload type: ISAKMP_NEXT_v2IDr (0x24)
Oct 31 15:24:21.411274: |    flags: none (0x0)
Oct 31 15:24:21.411278: |    length: 12 (00 0c)
Oct 31 15:24:21.411281: |    ID type: ID_FQDN (0x2)
Oct 31 15:24:21.411284: |    reserved: 00 00 00
Oct 31 15:24:21.411286: | processing payload: ISAKMP_NEXT_v2IDi (len=4)
Oct 31 15:24:21.411288: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr)
Oct 31 15:24:21.411291: | **parse IKEv2 Identification - Responder - Payload:
Oct 31 15:24:21.411294: |    next payload type: ISAKMP_NEXT_v2AUTH (0x27)
Oct 31 15:24:21.411296: |    flags: none (0x0)
Oct 31 15:24:21.411299: |    length: 12 (00 0c)
Oct 31 15:24:21.411301: |    ID type: ID_FQDN (0x2)
Oct 31 15:24:21.411304: |    reserved: 00 00 00
Oct 31 15:24:21.411307: | processing payload: ISAKMP_NEXT_v2IDr (len=4)
Oct 31 15:24:21.411309: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH)
Oct 31 15:24:21.411311: | **parse IKEv2 Authentication Payload:
Oct 31 15:24:21.411314: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Oct 31 15:24:21.411316: |    flags: none (0x0)
Oct 31 15:24:21.411319: |    length: 72 (00 48)
Oct 31 15:24:21.411322: |    auth method: IKEv2_AUTH_SHARED (0x2)
Oct 31 15:24:21.411324: | processing payload: ISAKMP_NEXT_v2AUTH (len=64)
Oct 31 15:24:21.411326: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Oct 31 15:24:21.411328: | **parse IKEv2 Security Association Payload:
Oct 31 15:24:21.411331: |    next payload type: ISAKMP_NEXT_v2TSi (0x2c)
Oct 31 15:24:21.411333: |    flags: none (0x0)
Oct 31 15:24:21.411336: |    length: 164 (00 a4)
Oct 31 15:24:21.411338: | processing payload: ISAKMP_NEXT_v2SA (len=160)
Oct 31 15:24:21.411341: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi)
Oct 31 15:24:21.411343: | **parse IKEv2 Traffic Selector - Initiator - Payload:
Oct 31 15:24:21.411345: |    next payload type: ISAKMP_NEXT_v2TSr (0x2d)
Oct 31 15:24:21.411348: |    flags: none (0x0)
Oct 31 15:24:21.411351: |    length: 24 (00 18)
Oct 31 15:24:21.411353: |    number of TS: 1 (01)
Oct 31 15:24:21.411356: | processing payload: ISAKMP_NEXT_v2TSi (len=16)
Oct 31 15:24:21.411358: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr)
Oct 31 15:24:21.411363: | **parse IKEv2 Traffic Selector - Responder - Payload:
Oct 31 15:24:21.411365: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:21.411367: |    flags: none (0x0)
Oct 31 15:24:21.411370: |    length: 24 (00 18)
Oct 31 15:24:21.411373: |    number of TS: 1 (01)
Oct 31 15:24:21.411375: | processing payload: ISAKMP_NEXT_v2TSr (len=16)
Oct 31 15:24:21.411378: | selected state microcode Responder: process IKE_AUTH request
Oct 31 15:24:21.411385: | Message ID: IKE #1 responder starting message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744535.836782 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744535.840492 ike.wip.initiator=-1 ike.wip.responder=-1->1
Oct 31 15:24:21.411388: | calling processor Responder: process IKE_AUTH request
Oct 31 15:24:21.411395: "westnet-eastnet-ipv4-psk-ikev2" #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr}
Oct 31 15:24:21.411398: | no certs to decode
Oct 31 15:24:21.411404: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2631)
Oct 31 15:24:21.411407: | received IDr payload - extracting our alleged ID
Oct 31 15:24:21.411410: | refine_host_connection for IKEv2: starting with "westnet-eastnet-ipv4-psk-ikev2"
Oct 31 15:24:21.411414: |    match_id a=@west
Oct 31 15:24:21.411416: |             b=@west
Oct 31 15:24:21.411419: |    results  matched
Oct 31 15:24:21.411422: | refine_host_connection: checking "westnet-eastnet-ipv4-psk-ikev2" against "westnet-eastnet-ipv4-psk-ikev2", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0))
Oct 31 15:24:21.411425: | warning: not switching back to template of current instance
Oct 31 15:24:21.411427: | peer expects us to be @east (ID_FQDN) according to its IDr payload
Oct 31 15:24:21.411430: | this connection's local id is @east (ID_FQDN)
Oct 31 15:24:21.411433: | refine_host_connection: checked "westnet-eastnet-ipv4-psk-ikev2" against "westnet-eastnet-ipv4-psk-ikev2", now for see if best
Oct 31 15:24:21.411436: | lsw_get_secret() using IDs for @east->@west of kind PKK_PSK
Oct 31 15:24:21.411439: | line 1: key type PKK_PSK(@east) to type PKK_PSK
Oct 31 15:24:21.411443: | 1: compared key @west to @east / @west -> 004
Oct 31 15:24:21.411446: | 2: compared key @east to @east / @west -> 014
Oct 31 15:24:21.411449: | line 1: match=014
Oct 31 15:24:21.411451: | match 014 beats previous best_match 000 match=0x55d64a731f28 (line=1)
Oct 31 15:24:21.411454: | concluding with best_match=014 best=0x55d64a731f28 (lineno=1)
Oct 31 15:24:21.411456: | returning because exact peer id match
Oct 31 15:24:21.411459: | offered CA: '%none'
Oct 31 15:24:21.411463: "westnet-eastnet-ipv4-psk-ikev2" #1: IKEv2 mode peer ID is ID_FQDN: '@west'
Oct 31 15:24:21.411488: | verifying AUTH payload
Oct 31 15:24:21.411492: | ikev2_calculate_psk_sighash() called from STATE_PARENT_R1 to verify PSK with authby=secret
Oct 31 15:24:21.411496: | lsw_get_secret() using IDs for @east->@west of kind PKK_PSK
Oct 31 15:24:21.411498: | line 1: key type PKK_PSK(@east) to type PKK_PSK
Oct 31 15:24:21.411502: | 1: compared key @west to @east / @west -> 004
Oct 31 15:24:21.411505: | 2: compared key @east to @east / @west -> 014
Oct 31 15:24:21.411507: | line 1: match=014
Oct 31 15:24:21.411509: | match 014 beats previous best_match 000 match=0x55d64a731f28 (line=1)
Oct 31 15:24:21.411512: | concluding with best_match=014 best=0x55d64a731f28 (lineno=1)
Oct 31 15:24:21.411579: "westnet-eastnet-ipv4-psk-ikev2" #1: authenticated using authby=secret
Oct 31 15:24:21.411598: | parent state #1: PARENT_R1(half-open IKE SA) => ESTABLISHED_IKE_SA(established IKE SA)
Oct 31 15:24:21.411603: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key)
Oct 31 15:24:21.411605: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT
Oct 31 15:24:21.411609: | libevent_free: delref ptr-libevent@0x7fb454006108
Oct 31 15:24:21.411611: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55d64a737ad8
Oct 31 15:24:21.411617: | event_schedule: newref EVENT_SA_REKEY-pe@0x55d64a737fc8
Oct 31 15:24:21.411620: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1
Oct 31 15:24:21.411623: | libevent_malloc: newref ptr-libevent@0x55d64a737dd8 size 128
Oct 31 15:24:21.411717: | pstats #1 ikev2.ike established
Oct 31 15:24:21.411723: | opening output PBS reply packet
Oct 31 15:24:21.411726: | **emit ISAKMP Message:
Oct 31 15:24:21.411731: |    initiator SPI: da 5c 6a eb  32 47 9a 54
Oct 31 15:24:21.411735: |    responder SPI: ce ff 87 fc  f7 d6 16 65
Oct 31 15:24:21.411737: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Oct 31 15:24:21.411740: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:21.411742: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Oct 31 15:24:21.411745: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Oct 31 15:24:21.411749: |    Message ID: 1 (00 00 00 01)
Oct 31 15:24:21.411752: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Oct 31 15:24:21.411755: | IKEv2 CERT: send a certificate?
Oct 31 15:24:21.411758: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK
Oct 31 15:24:21.411760: | ***emit IKEv2 Encryption Payload:
Oct 31 15:24:21.411763: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:21.411765: |    flags: none (0x0)
Oct 31 15:24:21.411768: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Oct 31 15:24:21.411771: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:21.411774: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Oct 31 15:24:21.411782: | initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED
Oct 31 15:24:21.411785: | ****emit IKEv2 Identification - Responder - Payload:
Oct 31 15:24:21.411787: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:21.411789: |    flags: none (0x0)
Oct 31 15:24:21.411792: |    ID type: ID_FQDN (0x2)
Oct 31 15:24:21.411795: |    reserved: 00 00 00
Oct 31 15:24:21.411798: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr)
Oct 31 15:24:21.411800: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:21.411803: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload
Oct 31 15:24:21.411806: | my identity: 65 61 73 74
Oct 31 15:24:21.411809: | emitting length of IKEv2 Identification - Responder - Payload: 12
Oct 31 15:24:21.411811: | added IDr payload to packet
Oct 31 15:24:21.411814: | CHILD SA proposals received
Oct 31 15:24:21.411816: | going to assemble AUTH payload
Oct 31 15:24:21.411818: | ****emit IKEv2 Authentication Payload:
Oct 31 15:24:21.411821: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:21.411823: |    flags: none (0x0)
Oct 31 15:24:21.411825: |    auth method: IKEv2_AUTH_SHARED (0x2)
Oct 31 15:24:21.411828: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH)
Oct 31 15:24:21.411830: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:21.411833: | ikev2_calculate_psk_sighash() called from STATE_V2_ESTABLISHED_IKE_SA to create PSK with authby=secret
Oct 31 15:24:21.411836: | lsw_get_secret() using IDs for @east->@west of kind PKK_PSK
Oct 31 15:24:21.411839: | line 1: key type PKK_PSK(@east) to type PKK_PSK
Oct 31 15:24:21.411843: | 1: compared key @west to @east / @west -> 004
Oct 31 15:24:21.411846: | 2: compared key @east to @east / @west -> 014
Oct 31 15:24:21.411848: | line 1: match=014
Oct 31 15:24:21.411851: | match 014 beats previous best_match 000 match=0x55d64a731f28 (line=1)
Oct 31 15:24:21.411853: | concluding with best_match=014 best=0x55d64a731f28 (lineno=1)
Oct 31 15:24:21.411906: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload
Oct 31 15:24:21.411910: | PSK auth:
Oct 31 15:24:21.411912: |   e4 f7 d6 bd  c5 29 65 3d  8f 40 4a 0c  40 59 f0 4d
Oct 31 15:24:21.411914: |   ab 67 c6 cd  7e 03 c7 60  b5 30 da c7  6c 6c f7 70
Oct 31 15:24:21.411916: |   92 9c bc 25  cb 8b 1a 3c  e4 57 a8 17  0f e7 1b 1c
Oct 31 15:24:21.411918: |   ba 78 47 70  45 73 27 34  0a 79 af 5a  b2 83 3d 92
Oct 31 15:24:21.411920: | emitting length of IKEv2 Authentication Payload: 72
Oct 31 15:24:21.411928: | newref alloc logger@0x55d64a737ad8(0->1) (in new_state() at state.c:576)
Oct 31 15:24:21.411931: | addref fd@NULL (in new_state() at state.c:577)
Oct 31 15:24:21.411933: | creating state object #2 at 0x55d64a738428
Oct 31 15:24:21.411936: | State DB: adding IKEv2 state #2 in UNDEFINED
Oct 31 15:24:21.411942: | pstats #2 ikev2.child started
Oct 31 15:24:21.411945: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #2 for IPSEC SA
Oct 31 15:24:21.411951: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1581)
Oct 31 15:24:21.411959: | Message ID: CHILD #1.#2 initializing (CHILD SA): ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744535.836782 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744535.840492 child.wip.initiator=0->-1 child.wip.responder=0->-1
Oct 31 15:24:21.411962: | child state #2: UNDEFINED(ignore) => V2_IKE_AUTH_CHILD_R0(ignore)
Oct 31 15:24:21.411967: | #2.st_v2_transition NULL -> NULL (in new_v2_child_state() at state.c:1666)
Oct 31 15:24:21.411973: | Message ID: IKE #1 switching from IKE SA responder message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744535.836782 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744535.840492 ike.wip.initiator=-1 ike.wip.responder=1->-1
Oct 31 15:24:21.411979: | Message ID: CHILD #1.#2 switching to CHILD SA responder message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744535.836782 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744535.840492 child.wip.initiator=-1 child.wip.responder=-1->1
Oct 31 15:24:21.411983: | switching IKEv2 MD.ST from IKE #1 ESTABLISHED_IKE_SA to CHILD #2 V2_IKE_AUTH_CHILD_R0 (in ike_auth_child_responder() at ikev2_parent.c:3282)
Oct 31 15:24:21.411986: | Child SA TS Request has child->sa == md->st; so using child connection
Oct 31 15:24:21.411989: | TSi: parsing 1 traffic selectors
Oct 31 15:24:21.411992: | ***parse IKEv2 Traffic Selector:
Oct 31 15:24:21.411994: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Oct 31 15:24:21.411997: |    IP Protocol ID: ALL (0x0)
Oct 31 15:24:21.412000: |    length: 16 (00 10)
Oct 31 15:24:21.412003: |    start port: 0 (00 00)
Oct 31 15:24:21.412006: |    end port: 65535 (ff ff)
Oct 31 15:24:21.412009: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Oct 31 15:24:21.412011: | TS low
Oct 31 15:24:21.412013: |   c0 00 01 00
Oct 31 15:24:21.412016: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Oct 31 15:24:21.412018: | TS high
Oct 31 15:24:21.412020: |   c0 00 01 ff
Oct 31 15:24:21.412023: | TSi: parsed 1 traffic selectors
Oct 31 15:24:21.412025: | TSr: parsing 1 traffic selectors
Oct 31 15:24:21.412027: | ***parse IKEv2 Traffic Selector:
Oct 31 15:24:21.412030: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Oct 31 15:24:21.412032: |    IP Protocol ID: ALL (0x0)
Oct 31 15:24:21.412035: |    length: 16 (00 10)
Oct 31 15:24:21.412038: |    start port: 0 (00 00)
Oct 31 15:24:21.412040: |    end port: 65535 (ff ff)
Oct 31 15:24:21.412043: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Oct 31 15:24:21.412045: | TS low
Oct 31 15:24:21.412047: |   c0 00 02 00
Oct 31 15:24:21.412049: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Oct 31 15:24:21.412051: | TS high
Oct 31 15:24:21.412053: |   c0 00 02 ff
Oct 31 15:24:21.412055: | TSr: parsed 1 traffic selectors
Oct 31 15:24:21.412057: | looking for best SPD in current connection
Oct 31 15:24:21.412066: | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their:
Oct 31 15:24:21.412072: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Oct 31 15:24:21.412080: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Oct 31 15:24:21.412083: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Oct 31 15:24:21.412086: |           TSi[0] port match: YES fitness 65536
Oct 31 15:24:21.412089: |         narrow protocol end=*0 == TSi[0]=*0: 0
Oct 31 15:24:21.412092: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Oct 31 15:24:21.412097: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Oct 31 15:24:21.412108: |         match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32
Oct 31 15:24:21.412111: |         narrow port end=0..65535 == TSr[0]=0..65535: 0
Oct 31 15:24:21.412114: |           TSr[0] port match: YES fitness 65536
Oct 31 15:24:21.412117: |         narrow protocol end=*0 == TSr[0]=*0: 0
Oct 31 15:24:21.412119: |         match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255
Oct 31 15:24:21.412121: | best fit so far: TSi[0] TSr[0]
Oct 31 15:24:21.412124: |     found better spd route for TSi[0],TSr[0]
Oct 31 15:24:21.412126: | looking for better host pair
Oct 31 15:24:21.412132: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports
Oct 31 15:24:21.412137: |   checking hostpair 192.0.2.0/24:0 -> 192.0.1.0/24:0 is found
Oct 31 15:24:21.412140: |   investigating connection "westnet-eastnet-ipv4-psk-ikev2" as a better match
Oct 31 15:24:21.412142: |    match_id a=@west
Oct 31 15:24:21.412145: |             b=@west
Oct 31 15:24:21.412147: |    results  matched
Oct 31 15:24:21.412153: | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their:
Oct 31 15:24:21.412162: |     TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535
Oct 31 15:24:21.412168: |         match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32
Oct 31 15:24:21.412171: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Oct 31 15:24:21.412173: |           TSi[0] port match: YES fitness 65536
Oct 31 15:24:21.412176: |         narrow protocol end=*0 == TSi[0]=*0: 0
Oct 31 15:24:21.412179: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Oct 31 15:24:21.412183: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Oct 31 15:24:21.412189: |         match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32
Oct 31 15:24:21.412192: |         narrow port end=0..65535 == TSr[0]=0..65535: 0
Oct 31 15:24:21.412194: |           TSr[0] port match: YES fitness 65536
Oct 31 15:24:21.412197: |         narrow protocol end=*0 == TSr[0]=*0: 0
Oct 31 15:24:21.412205: |         match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255
Oct 31 15:24:21.412208: | best fit so far: TSi[0] TSr[0]
Oct 31 15:24:21.412210: |   did not find a better connection using host pair
Oct 31 15:24:21.412213: | printing contents struct traffic_selector
Oct 31 15:24:21.412215: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Oct 31 15:24:21.412217: |   ipprotoid: 0
Oct 31 15:24:21.412219: |   port range: 0-65535
Oct 31 15:24:21.412223: |   ip range: 192.0.2.0-192.0.2.255
Oct 31 15:24:21.412225: | printing contents struct traffic_selector
Oct 31 15:24:21.412227: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Oct 31 15:24:21.412229: |   ipprotoid: 0
Oct 31 15:24:21.412231: |   port range: 0-65535
Oct 31 15:24:21.412235: |   ip range: 192.0.1.0-192.0.1.255
Oct 31 15:24:21.412239: | constructing ESP/AH proposals with all DH removed  for westnet-eastnet-ipv4-psk-ikev2 (IKE_AUTH responder matching remote ESP/AH proposals)
Oct 31 15:24:21.412249: | converting proposal AES_GCM_16_256-NONE to ikev2 ...
Oct 31 15:24:21.412256: | ...  ikev2_proposal: 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED
Oct 31 15:24:21.412262: | converting proposal AES_GCM_16_128-NONE to ikev2 ...
Oct 31 15:24:21.412267: | ...  ikev2_proposal: 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED
Oct 31 15:24:21.412270: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Oct 31 15:24:21.412274: | ...  ikev2_proposal: 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED
Oct 31 15:24:21.412277: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Oct 31 15:24:21.412281: | ...  ikev2_proposal: 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED
Oct 31 15:24:21.412284: "westnet-eastnet-ipv4-psk-ikev2": local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): 
Oct 31 15:24:21.412288: "westnet-eastnet-ipv4-psk-ikev2":   1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED
Oct 31 15:24:21.412292: "westnet-eastnet-ipv4-psk-ikev2":   2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED
Oct 31 15:24:21.412295: "westnet-eastnet-ipv4-psk-ikev2":   3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED
Oct 31 15:24:21.412299: "westnet-eastnet-ipv4-psk-ikev2":   4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED
Oct 31 15:24:21.412302: | comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals
Oct 31 15:24:21.412306: | local proposal 1 type ENCR has 1 transforms
Oct 31 15:24:21.412308: | local proposal 1 type PRF has 0 transforms
Oct 31 15:24:21.412310: | local proposal 1 type INTEG has 1 transforms
Oct 31 15:24:21.412313: | local proposal 1 type DH has 1 transforms
Oct 31 15:24:21.412315: | local proposal 1 type ESN has 1 transforms
Oct 31 15:24:21.412318: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH
Oct 31 15:24:21.412320: | local proposal 2 type ENCR has 1 transforms
Oct 31 15:24:21.412323: | local proposal 2 type PRF has 0 transforms
Oct 31 15:24:21.412325: | local proposal 2 type INTEG has 1 transforms
Oct 31 15:24:21.412327: | local proposal 2 type DH has 1 transforms
Oct 31 15:24:21.412329: | local proposal 2 type ESN has 1 transforms
Oct 31 15:24:21.412332: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH
Oct 31 15:24:21.412334: | local proposal 3 type ENCR has 1 transforms
Oct 31 15:24:21.412336: | local proposal 3 type PRF has 0 transforms
Oct 31 15:24:21.412339: | local proposal 3 type INTEG has 2 transforms
Oct 31 15:24:21.412341: | local proposal 3 type DH has 1 transforms
Oct 31 15:24:21.412343: | local proposal 3 type ESN has 1 transforms
Oct 31 15:24:21.412346: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH
Oct 31 15:24:21.412348: | local proposal 4 type ENCR has 1 transforms
Oct 31 15:24:21.412350: | local proposal 4 type PRF has 0 transforms
Oct 31 15:24:21.412353: | local proposal 4 type INTEG has 2 transforms
Oct 31 15:24:21.412355: | local proposal 4 type DH has 1 transforms
Oct 31 15:24:21.412357: | local proposal 4 type ESN has 1 transforms
Oct 31 15:24:21.412360: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH
Oct 31 15:24:21.412364: | ***parse IKEv2 Proposal Substructure Payload:
Oct 31 15:24:21.412366: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:21.412370: |    length: 32 (00 20)
Oct 31 15:24:21.412373: |    prop #: 1 (01)
Oct 31 15:24:21.412375: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:24:21.412377: |    spi size: 4 (04)
Oct 31 15:24:21.412379: |    # transforms: 2 (02)
Oct 31 15:24:21.412383: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Oct 31 15:24:21.412385: | remote SPI
Oct 31 15:24:21.412387: |   18 f5 e9 ba
Oct 31 15:24:21.412390: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals
Oct 31 15:24:21.412393: | ****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.412396: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.412399: |    length: 12 (00 0c)
Oct 31 15:24:21.412401: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:21.412406: |    IKEv2 transform ID: AES_GCM_C (0x14)
Oct 31 15:24:21.412408: | *****parse IKEv2 Attribute Substructure Payload:
Oct 31 15:24:21.412411: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:21.412414: |    length/value: 256 (01 00)
Oct 31 15:24:21.412418: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Oct 31 15:24:21.412421: | ****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.412423: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:21.412426: |    length: 8 (00 08)
Oct 31 15:24:21.412428: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Oct 31 15:24:21.412430: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Oct 31 15:24:21.412434: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0
Oct 31 15:24:21.412437: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0
Oct 31 15:24:21.412440: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0
Oct 31 15:24:21.412443: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0
Oct 31 15:24:21.412446: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none
Oct 31 15:24:21.412450: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN
Oct 31 15:24:21.412453: | remote proposal 1 matches local proposal 1
Oct 31 15:24:21.412456: | ***parse IKEv2 Proposal Substructure Payload:
Oct 31 15:24:21.412458: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:21.412461: |    length: 32 (00 20)
Oct 31 15:24:21.412464: |    prop #: 2 (02)
Oct 31 15:24:21.412466: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:24:21.412469: |    spi size: 4 (04)
Oct 31 15:24:21.412471: |    # transforms: 2 (02)
Oct 31 15:24:21.412475: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Oct 31 15:24:21.412477: | remote SPI
Oct 31 15:24:21.412479: |   18 f5 e9 ba
Oct 31 15:24:21.412481: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals
Oct 31 15:24:21.412484: | ****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.412486: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.412489: |    length: 12 (00 0c)
Oct 31 15:24:21.412491: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:21.412493: |    IKEv2 transform ID: AES_GCM_C (0x14)
Oct 31 15:24:21.412496: | *****parse IKEv2 Attribute Substructure Payload:
Oct 31 15:24:21.412498: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:21.412501: |    length/value: 128 (00 80)
Oct 31 15:24:21.412504: | ****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.412507: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:21.412509: |    length: 8 (00 08)
Oct 31 15:24:21.412512: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Oct 31 15:24:21.412514: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Oct 31 15:24:21.412517: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN
Oct 31 15:24:21.412520: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN
Oct 31 15:24:21.412523: | ***parse IKEv2 Proposal Substructure Payload:
Oct 31 15:24:21.412525: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:21.412528: |    length: 48 (00 30)
Oct 31 15:24:21.412530: |    prop #: 3 (03)
Oct 31 15:24:21.412532: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:24:21.412535: |    spi size: 4 (04)
Oct 31 15:24:21.412537: |    # transforms: 4 (04)
Oct 31 15:24:21.412540: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Oct 31 15:24:21.412542: | remote SPI
Oct 31 15:24:21.412544: |   18 f5 e9 ba
Oct 31 15:24:21.412547: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals
Oct 31 15:24:21.412550: | ****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.412554: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.412557: |    length: 12 (00 0c)
Oct 31 15:24:21.412559: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:21.412562: |    IKEv2 transform ID: AES_CBC (0xc)
Oct 31 15:24:21.412564: | *****parse IKEv2 Attribute Substructure Payload:
Oct 31 15:24:21.412566: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:21.412569: |    length/value: 256 (01 00)
Oct 31 15:24:21.412573: | ****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.412575: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.412577: |    length: 8 (00 08)
Oct 31 15:24:21.412580: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:24:21.412582: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Oct 31 15:24:21.412585: | ****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.412587: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.412590: |    length: 8 (00 08)
Oct 31 15:24:21.412592: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:24:21.412594: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Oct 31 15:24:21.412597: | ****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.412600: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:21.412602: |    length: 8 (00 08)
Oct 31 15:24:21.412605: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Oct 31 15:24:21.412607: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Oct 31 15:24:21.412611: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN
Oct 31 15:24:21.412613: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN
Oct 31 15:24:21.412617: | ***parse IKEv2 Proposal Substructure Payload:
Oct 31 15:24:21.412619: |    last proposal: v2_PROPOSAL_LAST (0x0)
Oct 31 15:24:21.412622: |    length: 48 (00 30)
Oct 31 15:24:21.412624: |    prop #: 4 (04)
Oct 31 15:24:21.412626: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:24:21.412629: |    spi size: 4 (04)
Oct 31 15:24:21.412632: |    # transforms: 4 (04)
Oct 31 15:24:21.412634: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Oct 31 15:24:21.412637: | remote SPI
Oct 31 15:24:21.412639: |   18 f5 e9 ba
Oct 31 15:24:21.412641: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals
Oct 31 15:24:21.412644: | ****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.412646: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.412649: |    length: 12 (00 0c)
Oct 31 15:24:21.412651: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:21.412653: |    IKEv2 transform ID: AES_CBC (0xc)
Oct 31 15:24:21.412656: | *****parse IKEv2 Attribute Substructure Payload:
Oct 31 15:24:21.412658: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:21.412661: |    length/value: 128 (00 80)
Oct 31 15:24:21.412664: | ****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.412667: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.412669: |    length: 8 (00 08)
Oct 31 15:24:21.412672: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:24:21.412674: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Oct 31 15:24:21.412677: | ****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.412679: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.412682: |    length: 8 (00 08)
Oct 31 15:24:21.412684: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:24:21.412686: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Oct 31 15:24:21.412689: | ****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.412691: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:21.412694: |    length: 8 (00 08)
Oct 31 15:24:21.412697: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Oct 31 15:24:21.412699: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Oct 31 15:24:21.412703: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN
Oct 31 15:24:21.412708: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN
Oct 31 15:24:21.412715: "westnet-eastnet-ipv4-psk-ikev2" #2: proposal 1:ESP=AES_GCM_C_256-DISABLED SPI=18f5e9ba chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED
Oct 31 15:24:21.412720: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP=AES_GCM_C_256-DISABLED SPI=18f5e9ba
Oct 31 15:24:21.412722: | converting proposal to internal trans attrs
Oct 31 15:24:21.412742: | netlink_get_spi: allocated 0x867c77ba for esp.0@192.1.2.23
Oct 31 15:24:21.412746: | emitting ikev2_proposal ...
Oct 31 15:24:21.412748: | ****emit IKEv2 Security Association Payload:
Oct 31 15:24:21.412750: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:21.412753: |    flags: none (0x0)
Oct 31 15:24:21.412756: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Oct 31 15:24:21.412758: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:21.412762: | *****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:24:21.412764: |    last proposal: v2_PROPOSAL_LAST (0x0)
Oct 31 15:24:21.412767: |    prop #: 1 (01)
Oct 31 15:24:21.412769: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:24:21.412772: |    spi size: 4 (04)
Oct 31 15:24:21.412774: |    # transforms: 2 (02)
Oct 31 15:24:21.412777: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:24:21.412780: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Oct 31 15:24:21.412783: | our spi: 86 7c 77 ba
Oct 31 15:24:21.412786: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.412788: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.412790: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:21.412793: |    IKEv2 transform ID: AES_GCM_C (0x14)
Oct 31 15:24:21.412795: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:21.412797: | *******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:24:21.412800: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:21.412803: |    length/value: 256 (01 00)
Oct 31 15:24:21.412806: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:24:21.412808: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:21.412811: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:21.412813: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Oct 31 15:24:21.412815: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Oct 31 15:24:21.412818: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:21.412820: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:21.412823: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:21.412825: | emitting length of IKEv2 Proposal Substructure Payload: 32
Oct 31 15:24:21.412827: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:24:21.412830: | emitting length of IKEv2 Security Association Payload: 36
Oct 31 15:24:21.412832: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Oct 31 15:24:21.412835: | ****emit IKEv2 Traffic Selector - Initiator - Payload:
Oct 31 15:24:21.412838: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:21.412842: |    flags: none (0x0)
Oct 31 15:24:21.412846: |    number of TS: 1 (01)
Oct 31 15:24:21.412848: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi)
Oct 31 15:24:21.412851: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:21.412854: | *****emit IKEv2 Traffic Selector:
Oct 31 15:24:21.412856: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Oct 31 15:24:21.412858: |    IP Protocol ID: ALL (0x0)
Oct 31 15:24:21.412861: |    start port: 0 (00 00)
Oct 31 15:24:21.412864: |    end port: 65535 (ff ff)
Oct 31 15:24:21.412868: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector
Oct 31 15:24:21.412871: | IP start: c0 00 01 00
Oct 31 15:24:21.412874: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector
Oct 31 15:24:21.412877: | IP end: c0 00 01 ff
Oct 31 15:24:21.412879: | emitting length of IKEv2 Traffic Selector: 16
Oct 31 15:24:21.412881: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24
Oct 31 15:24:21.412884: | ****emit IKEv2 Traffic Selector - Responder - Payload:
Oct 31 15:24:21.412886: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:21.412888: |    flags: none (0x0)
Oct 31 15:24:21.412891: |    number of TS: 1 (01)
Oct 31 15:24:21.412894: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr)
Oct 31 15:24:21.412896: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:21.412899: | *****emit IKEv2 Traffic Selector:
Oct 31 15:24:21.412902: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Oct 31 15:24:21.412904: |    IP Protocol ID: ALL (0x0)
Oct 31 15:24:21.412907: |    start port: 0 (00 00)
Oct 31 15:24:21.412910: |    end port: 65535 (ff ff)
Oct 31 15:24:21.412913: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector
Oct 31 15:24:21.412916: | IP start: c0 00 02 00
Oct 31 15:24:21.412918: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector
Oct 31 15:24:21.412921: | IP end: c0 00 02 ff
Oct 31 15:24:21.412923: | emitting length of IKEv2 Traffic Selector: 16
Oct 31 15:24:21.412926: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24
Oct 31 15:24:21.412928: | initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED
Oct 31 15:24:21.412932: | integ=NONE: .key_size=0 encrypt=AES_GCM_16: .key_size=32 .salt_size=4 keymat_len=36
Oct 31 15:24:21.412998: | FOR_EACH_CONNECTION_... in IKE_SA_established
Oct 31 15:24:21.413003: | install_ipsec_sa() for #2: inbound and outbound
Oct 31 15:24:21.413007: | could_route called for westnet-eastnet-ipv4-psk-ikev2; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500
Oct 31 15:24:21.413010: | FOR_EACH_CONNECTION_... in route_owner
Oct 31 15:24:21.413013: |  conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs
Oct 31 15:24:21.413016: |  conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000
Oct 31 15:24:21.413019: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL
Oct 31 15:24:21.413023: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Oct 31 15:24:21.413026: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Oct 31 15:24:21.413028: | AES_GCM_16 requires 4 salt bytes
Oct 31 15:24:21.413030: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Oct 31 15:24:21.413034: | setting IPsec SA replay-window to 32
Oct 31 15:24:21.413036: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1
Oct 31 15:24:21.413039: | netlink: enabling tunnel mode
Oct 31 15:24:21.413041: | XFRM: adding IPsec SA with reqid 16389
Oct 31 15:24:21.413044: | netlink: setting IPsec SA replay-window to 32 using old-style req
Oct 31 15:24:21.413049: | netlink: esp-hw-offload not set for IPsec SA
Oct 31 15:24:21.413108: | netlink response for Add SA esp.18f5e9ba@192.1.2.45 included non-error error
Oct 31 15:24:21.413113: | setup_half_ipsec_sa() is installing inbound eroute? inbound=0 owner=#0 mode=1
Oct 31 15:24:21.413115: | set up outgoing SA, ref=0/0
Oct 31 15:24:21.413118: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Oct 31 15:24:21.413121: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Oct 31 15:24:21.413123: | AES_GCM_16 requires 4 salt bytes
Oct 31 15:24:21.413125: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Oct 31 15:24:21.413128: | setting IPsec SA replay-window to 32
Oct 31 15:24:21.413131: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1
Oct 31 15:24:21.413133: | netlink: enabling tunnel mode
Oct 31 15:24:21.413136: | XFRM: adding IPsec SA with reqid 16389
Oct 31 15:24:21.413138: | netlink: setting IPsec SA replay-window to 32 using old-style req
Oct 31 15:24:21.413140: | netlink: esp-hw-offload not set for IPsec SA
Oct 31 15:24:21.413184: | netlink response for Add SA esp.867c77ba@192.1.2.23 included non-error error
Oct 31 15:24:21.413188: | setup_half_ipsec_sa() is installing inbound eroute? inbound=1 owner=#0 mode=1
Oct 31 15:24:21.413190: | setup_half_ipsec_sa() is installing inbound eroute
Oct 31 15:24:21.413193: | setup_half_ipsec_sa() before proto 50
Oct 31 15:24:21.413195: | setup_half_ipsec_sa() after proto 50
Oct 31 15:24:21.413197: | setup_half_ipsec_sa() calling raw_eroute backwards (i.e., inbound)
Oct 31 15:24:21.413207: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 2084814 (0x1fcfce)
Oct 31 15:24:21.413215: | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 using reqid 16389 (raw_eroute) proto=50
Oct 31 15:24:21.413219: | IPsec SA SPD priority set to 2084814
Oct 31 15:24:21.413257: | raw_eroute result=success
Oct 31 15:24:21.413262: | set up incoming SA, ref=0/0
Oct 31 15:24:21.413264: | sr for #2: unrouted
Oct 31 15:24:21.413267: | route_and_eroute() for proto 0, and source port 0 dest port 0
Oct 31 15:24:21.413270: | FOR_EACH_CONNECTION_... in route_owner
Oct 31 15:24:21.413272: |  conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs
Oct 31 15:24:21.413275: |  conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000
Oct 31 15:24:21.413278: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL
Oct 31 15:24:21.413281: | route_and_eroute with c: westnet-eastnet-ipv4-psk-ikev2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2
Oct 31 15:24:21.413284: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 2084814 (0x1fcfce)
Oct 31 15:24:21.413293: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45 using reqid 16389 (raw_eroute) proto=50
Oct 31 15:24:21.413296: | IPsec SA SPD priority set to 2084814
Oct 31 15:24:21.413310: | raw_eroute result=success
Oct 31 15:24:21.413314: | running updown command "ipsec _updown" for verb up 
Oct 31 15:24:21.413316: | command executing up-client
Oct 31 15:24:21.413321: | get_sa_info esp.18f5e9ba@192.1.2.45
Oct 31 15:24:21.413330: | get_sa_info esp.867c77ba@192.1.2.23
Oct 31 15:24:21.413361: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157861' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INB...
Oct 31 15:24:21.413368: | popen cmd is 1127 chars long
Oct 31 15:24:21.413371: | cmd(   0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv:
Oct 31 15:24:21.413373: | cmd(  80):4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUT:
Oct 31 15:24:21.413375: | cmd( 160):E='' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO:
Oct 31 15:24:21.413378: | cmd( 240):_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK=':
Oct 31 15:24:21.413380: | cmd( 320):255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PL:
Oct 31 15:24:21.413382: | cmd( 400):UTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIEN:
Oct 31 15:24:21.413384: | cmd( 480):T='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.2:
Oct 31 15:24:21.413386: | cmd( 560):55.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STA:
Oct 31 15:24:21.413389: | cmd( 640):CK='xfrm' PLUTO_ADDTIME='1604157861' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+I:
Oct 31 15:24:21.413391: | cmd( 720):KEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDR:
Oct 31 15:24:21.413393: | cmd( 800):FAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUT:
Oct 31 15:24:21.413395: | cmd( 880):O_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT:
Oct 31 15:24:21.413397: | cmd( 960):='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IFACE='' V:
Oct 31 15:24:21.413399: | cmd(1040):TI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x18f5e9ba SPI_OUT=0x867c77ba ipsec _updo:
Oct 31 15:24:21.413401: | cmd(1120):wn 2>&1:
Oct 31 15:24:21.434113: | route_and_eroute: firewall_notified: true
Oct 31 15:24:21.434124: | running updown command "ipsec _updown" for verb prepare 
Oct 31 15:24:21.434127: | command executing prepare-client
Oct 31 15:24:21.434133: | get_sa_info esp.18f5e9ba@192.1.2.45
Oct 31 15:24:21.434144: | get_sa_info esp.867c77ba@192.1.2.23
Oct 31 15:24:21.434167: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157861' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0'...
Oct 31 15:24:21.434170: | popen cmd is 1132 chars long
Oct 31 15:24:21.434172: | cmd(   0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne:
Oct 31 15:24:21.434173: | cmd(  80):t-ipv4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI:
Oct 31 15:24:21.434175: | cmd( 160):_ROUTE='' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' :
Oct 31 15:24:21.434176: | cmd( 240):PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_M:
Oct 31 15:24:21.434177: | cmd( 320):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638:
Oct 31 15:24:21.434181: | cmd( 400):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_:
Oct 31 15:24:21.434182: | cmd( 480):CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK=':
Oct 31 15:24:21.434184: | cmd( 560):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT:
Oct 31 15:24:21.434185: | cmd( 640):O_STACK='xfrm' PLUTO_ADDTIME='1604157861' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+:
Oct 31 15:24:21.434187: | cmd( 720):PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN:
Oct 31 15:24:21.434188: | cmd( 800):_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='':
Oct 31 15:24:21.434189: | cmd( 880): PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_C:
Oct 31 15:24:21.434191: | cmd( 960):LIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IFACE:
Oct 31 15:24:21.434192: | cmd(1040):='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x18f5e9ba SPI_OUT=0x867c77ba ipsec :
Oct 31 15:24:21.434193: | cmd(1120):_updown 2>&1:
Oct 31 15:24:21.446663: | running updown command "ipsec _updown" for verb route 
Oct 31 15:24:21.446674: | command executing route-client
Oct 31 15:24:21.446680: | get_sa_info esp.18f5e9ba@192.1.2.45
Oct 31 15:24:21.446693: | get_sa_info esp.867c77ba@192.1.2.23
Oct 31 15:24:21.446718: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157861' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLU...
Oct 31 15:24:21.446721: | popen cmd is 1130 chars long
Oct 31 15:24:21.446723: | cmd(   0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-:
Oct 31 15:24:21.446724: | cmd(  80):ipv4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_R:
Oct 31 15:24:21.446726: | cmd( 160):OUTE='' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PL:
Oct 31 15:24:21.446727: | cmd( 240):UTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MAS:
Oct 31 15:24:21.446728: | cmd( 320):K='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388':
Oct 31 15:24:21.446730: | cmd( 400): PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CL:
Oct 31 15:24:21.446731: | cmd( 480):IENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='25:
Oct 31 15:24:21.446732: | cmd( 560):5.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_:
Oct 31 15:24:21.446734: | cmd( 640):STACK='xfrm' PLUTO_ADDTIME='1604157861' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PF:
Oct 31 15:24:21.446735: | cmd( 720):S+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_A:
Oct 31 15:24:21.446736: | cmd( 800):DDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' P:
Oct 31 15:24:21.446738: | cmd( 880):LUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLI:
Oct 31 15:24:21.446739: | cmd( 960):ENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IFACE=':
Oct 31 15:24:21.446740: | cmd(1040):' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x18f5e9ba SPI_OUT=0x867c77ba ipsec _u:
Oct 31 15:24:21.447010: | cmd(1120):pdown 2>&1:
Oct 31 15:24:21.463065: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.463121: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.463153: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.463162: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.463176: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.463189: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.463218: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.463233: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.463247: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.463262: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.463277: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.463292: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.463307: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.463320: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.463332: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.463344: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.463362: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.463374: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.463389: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.463404: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.463506: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.463794: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.463833: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.463870: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.463901: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.463917: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.463933: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.463947: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.463961: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.464037: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.464041: "westnet-eastnet-ipv4-psk-ikev2" #1: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:21.471829: | route_and_eroute: instance "westnet-eastnet-ipv4-psk-ikev2", setting eroute_owner {spd=0x55d64a730c68,sr=0x55d64a730c68} to #2 (was #0) (newest_ipsec_sa=#0)
Oct 31 15:24:21.472089: | ISAKMP_v2_IKE_AUTH: instance westnet-eastnet-ipv4-psk-ikev2[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1
Oct 31 15:24:21.472099: | adding 1 bytes of padding (including 1 byte padding-length)
Oct 31 15:24:21.472103: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Oct 31 15:24:21.472106: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Oct 31 15:24:21.472109: | emitting length of IKEv2 Encryption Payload: 197
Oct 31 15:24:21.472111: | emitting length of ISAKMP Message: 225
Oct 31 15:24:21.472130: | recording outgoing fragment failed
Oct 31 15:24:21.472135: | ikev2_parent_inI2outR2_continue_tail returned STF_OK
Oct 31 15:24:21.472146: |   #1 spent 2.85 (60.7) milliseconds in processing: Responder: process IKE_AUTH request in v2_dispatch()
Oct 31 15:24:21.472149: | XXX: processor 'Responder: process IKE_AUTH request' for #1 switched state to #2
Oct 31 15:24:21.472156: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3364)
Oct 31 15:24:21.472161: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3364)
Oct 31 15:24:21.472166: | #2 complete_v2_state_transition() in state V2_IKE_AUTH_CHILD_R0 PARENT_R1->ESTABLISHED_CHILD_SA with status STF_OK; .st_v2_transition=NULL
Oct 31 15:24:21.472169: | transitioning from state STATE_PARENT_R1 to state STATE_V2_ESTABLISHED_CHILD_SA
Oct 31 15:24:21.472171: | Message ID: updating counters for #2
Oct 31 15:24:21.472180: | Message ID: CHILD #1.#2 updating responder received message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744535.836782 ike.responder.sent=0 ike.responder.recv=0->1 ike.responder.last_contact=744535.840492->744535.90497 child.wip.initiator=-1 child.wip.responder=1->-1
Oct 31 15:24:21.472187: | Message ID: CHILD #1.#2 updating responder sent message response 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744535.836782 ike.responder.sent=0->1 ike.responder.recv=1 ike.responder.last_contact=744535.90497 child.wip.initiator=-1 child.wip.responder=-1
Oct 31 15:24:21.472193: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744535.836782 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744535.90497 ike.wip.initiator=-1 ike.wip.responder=-1
Oct 31 15:24:21.472197: | child state #2: V2_IKE_AUTH_CHILD_R0(ignore) => ESTABLISHED_CHILD_SA(established CHILD SA)
Oct 31 15:24:21.472220: | pstats #2 ikev2.child established
Oct 31 15:24:21.472223: | announcing the state transition
Oct 31 15:24:21.472232: "westnet-eastnet-ipv4-psk-ikev2" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0]
Oct 31 15:24:21.472236: | NAT-T: encaps is 'auto'
Oct 31 15:24:21.472242: "westnet-eastnet-ipv4-psk-ikev2" #2: IPsec SA established tunnel mode {ESP=>0x18f5e9ba <0x867c77ba xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive}
Oct 31 15:24:21.472249: | sending 225 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 using UDP (for #1)
Oct 31 15:24:21.472252: |   da 5c 6a eb  32 47 9a 54  ce ff 87 fc  f7 d6 16 65
Oct 31 15:24:21.472254: |   2e 20 23 20  00 00 00 01  00 00 00 e1  24 00 00 c5
Oct 31 15:24:21.472256: |   b1 e7 bf db  98 ec cf 1d  4a 04 e4 70  14 63 22 38
Oct 31 15:24:21.472258: |   02 ae 00 d0  c5 3e 49 e5  4f 8c 68 74  df 3c bc 87
Oct 31 15:24:21.472260: |   ab 00 c2 ed  cc e9 ef 7e  38 8d d6 4f  5a ac f4 bf
Oct 31 15:24:21.472263: |   b3 41 e3 2e  02 61 c9 27  04 b3 88 da  67 3b 8f 55
Oct 31 15:24:21.472265: |   ec 0c f8 34  82 9e 5c 8d  16 66 94 7c  24 67 04 b5
Oct 31 15:24:21.472267: |   84 9e 98 df  6d 73 21 c2  e8 bc 0f 79  05 3c 0b 6e
Oct 31 15:24:21.472269: |   33 f3 86 7e  e1 e7 bb 7c  f6 b9 7d a6  98 a3 9e 38
Oct 31 15:24:21.472271: |   f9 eb 8a f7  aa 70 3d 82  36 67 f0 fe  a2 d0 d5 a6
Oct 31 15:24:21.472275: |   6d fa 0b e1  26 62 4b 97  ad 70 06 bf  70 a1 a7 84
Oct 31 15:24:21.472277: |   44 26 2c 83  68 1d 8a 3d  b4 45 d9 6b  8d 0b dd 03
Oct 31 15:24:21.472280: |   3a 69 ea 9e  32 c0 29 76  7f ee c5 ed  02 75 24 15
Oct 31 15:24:21.472282: |   a7 df 5d 0b  23 ad e5 e0  00 05 1e a3  21 55 38 f4
Oct 31 15:24:21.472284: |   fd
Oct 31 15:24:21.472330: | sent 1 messages
Oct 31 15:24:21.472334: | releasing #2's fd-fd@(nil) because IKEv2 transitions finished
Oct 31 15:24:21.472336: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189)
Oct 31 15:24:21.472339: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189)
Oct 31 15:24:21.472341: | unpending #2's IKE SA #1
Oct 31 15:24:21.472344: | unpending state #1 connection "westnet-eastnet-ipv4-psk-ikev2"
Oct 31 15:24:21.472347: | releasing #1's fd-fd@(nil) because IKEv2 transitions finished so releaseing IKE SA
Oct 31 15:24:21.472349: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222)
Oct 31 15:24:21.472352: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222)
Oct 31 15:24:21.472355: | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key)
Oct 31 15:24:21.472357: | state #2 has no .st_event to delete
Oct 31 15:24:21.472361: | event_schedule: newref EVENT_SA_REKEY-pe@0x55d64a73c0a8
Oct 31 15:24:21.472364: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2
Oct 31 15:24:21.472367: | libevent_malloc: newref ptr-libevent@0x55d64a738378 size 128
Oct 31 15:24:21.472374: | delref logger@0x55d64a722cf8(1->0) (in handle_helper_answer() at pluto_crypt.c:658)
Oct 31 15:24:21.472376: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:21.472379: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:21.472382: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition(); MD.ST was switched
Oct 31 15:24:21.472386: | delref mdp@0x55d64a732848(1->0) (in resume_handler() at server.c:743)
Oct 31 15:24:21.472389: | delref logger@0x55d64a72f5c8(1->0) (in resume_handler() at server.c:743)
Oct 31 15:24:21.472391: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:21.472394: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:21.472400: | #1 spent 3.23 (61.2) milliseconds in resume sending helper answer back to state
Oct 31 15:24:21.472405: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:745)
Oct 31 15:24:21.472409: | libevent_free: delref ptr-libevent@0x7fb44c00b578
Oct 31 15:24:21.472421: | processing signal PLUTO_SIGCHLD
Oct 31 15:24:21.472426: | waitpid returned ECHILD (no child processes left)
Oct 31 15:24:21.472431: | spent 0.00502 (0.00493) milliseconds in signal handler PLUTO_SIGCHLD
Oct 31 15:24:21.472433: | processing signal PLUTO_SIGCHLD
Oct 31 15:24:21.472436: | waitpid returned ECHILD (no child processes left)
Oct 31 15:24:21.472440: | spent 0.00325 (0.00322) milliseconds in signal handler PLUTO_SIGCHLD
Oct 31 15:24:21.472442: | processing signal PLUTO_SIGCHLD
Oct 31 15:24:21.472445: | waitpid returned ECHILD (no child processes left)
Oct 31 15:24:21.472449: | spent 0.00321 (0.00322) milliseconds in signal handler PLUTO_SIGCHLD
Oct 31 15:24:23.084406: | newref struct fd@0x55d64a736978(0->1) (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:23.084423: | fd_accept: new fd-fd@0x55d64a736978 (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:23.084438: | whack: status
Oct 31 15:24:23.085162: | FOR_EACH_CONNECTION_... in show_connections_status
Oct 31 15:24:23.085171: | FOR_EACH_CONNECTION_... in show_connections_status
Oct 31 15:24:23.085255: | FOR_EACH_STATE_... in show_states (sort_states)
Oct 31 15:24:23.085265: | FOR_EACH_STATE_... in sort_states
Oct 31 15:24:23.085285: | get_sa_info esp.867c77ba@192.1.2.23
Oct 31 15:24:23.085306: | get_sa_info esp.18f5e9ba@192.1.2.45
Oct 31 15:24:23.085329: | delref fd@0x55d64a736978(1->0) (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:24:23.085336: | freeref fd-fd@0x55d64a736978 (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:24:23.085349: | spent 0.549 (0.955) milliseconds in whack
Oct 31 15:24:23.868951: | newref struct fd@0x55d64a736978(0->1) (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:23.868971: | fd_accept: new fd-fd@0x55d64a736978 (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:23.868986: shutting down
Oct 31 15:24:23.868996: | leaking fd-fd@0x55d64a736978's FD; will be closed when pluto exits (in whack_handle_cb() at rcv_whack.c:889)
Oct 31 15:24:23.869001: | delref fd@0x55d64a736978(1->0) (in whack_handle_cb() at rcv_whack.c:895)
Oct 31 15:24:23.869004: | freeref fd-fd@0x55d64a736978 (in whack_handle_cb() at rcv_whack.c:895)
Oct 31 15:24:23.869023: | shutting down helper thread 3
Oct 31 15:24:23.869036: | helper thread 3 exited
Oct 31 15:24:23.869056: | shutting down helper thread 4
Oct 31 15:24:23.869070: | helper thread 4 exited
Oct 31 15:24:23.869086: | shutting down helper thread 5
Oct 31 15:24:23.869111: | helper thread 5 exited
Oct 31 15:24:23.869127: | shutting down helper thread 6
Oct 31 15:24:23.869137: | helper thread 6 exited
Oct 31 15:24:23.869151: | shutting down helper thread 7
Oct 31 15:24:23.869159: | helper thread 7 exited
Oct 31 15:24:23.869176: | shutting down helper thread 1
Oct 31 15:24:23.869186: | helper thread 1 exited
Oct 31 15:24:23.869216: | shutting down helper thread 2
Oct 31 15:24:23.869233: | helper thread 2 exited
Oct 31 15:24:23.869238: 7 helper threads shutdown
Oct 31 15:24:23.869241: | delref root_certs@NULL (in free_root_certs() at root_certs.c:127)
Oct 31 15:24:23.869244: | certs and keys locked by 'free_preshared_secrets'
Oct 31 15:24:23.869246: forgetting secrets
Oct 31 15:24:23.869249: | certs and keys unlocked by 'free_preshared_secrets'
Oct 31 15:24:23.869253: | deleting states for connection - including all other IPsec SA's of this IKE SA
Oct 31 15:24:23.869255: | pass 0
Oct 31 15:24:23.869257: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
Oct 31 15:24:23.869259: | state #2
Oct 31 15:24:23.869266: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1406)
Oct 31 15:24:23.869268: | delref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1408)
Oct 31 15:24:23.869270: | addref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1409)
Oct 31 15:24:23.869273: | pstats #2 ikev2.child deleted completed
Oct 31 15:24:23.869278: | #2 main thread spent 0 (0) milliseconds helper thread spent 0 (0) milliseconds in total
Oct 31 15:24:23.869282: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in delete_state() at state.c:935)
Oct 31 15:24:23.869285: | should_send_delete: yes
Oct 31 15:24:23.869289: "westnet-eastnet-ipv4-psk-ikev2" #2: deleting state (STATE_V2_ESTABLISHED_CHILD_SA) aged 2.457361s and sending notification
Oct 31 15:24:23.869292: | child state #2: ESTABLISHED_CHILD_SA(established CHILD SA) => delete
Oct 31 15:24:23.869298: | get_sa_info esp.18f5e9ba@192.1.2.45
Oct 31 15:24:23.869314: | get_sa_info esp.867c77ba@192.1.2.23
Oct 31 15:24:23.869323: "westnet-eastnet-ipv4-psk-ikev2" #2: ESP traffic information: in=168B out=168B
Oct 31 15:24:23.869327: | unsuspending #2 MD (nil)
Oct 31 15:24:23.869329: | should_send_delete: yes
Oct 31 15:24:23.869332: | #2 send IKEv2 delete notification for STATE_V2_ESTABLISHED_CHILD_SA
Oct 31 15:24:23.869335: | opening output PBS informational exchange delete request
Oct 31 15:24:23.869339: | **emit ISAKMP Message:
Oct 31 15:24:23.869343: |    initiator SPI: da 5c 6a eb  32 47 9a 54
Oct 31 15:24:23.869347: |    responder SPI: ce ff 87 fc  f7 d6 16 65
Oct 31 15:24:23.869350: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Oct 31 15:24:23.869353: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:23.869355: |    exchange type: ISAKMP_v2_INFORMATIONAL (0x25)
Oct 31 15:24:23.869358: |    flags: none (0x0)
Oct 31 15:24:23.869362: |    Message ID: 0 (00 00 00 00)
Oct 31 15:24:23.869368: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Oct 31 15:24:23.869372: | ***emit IKEv2 Encryption Payload:
Oct 31 15:24:23.869374: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:23.869376: |    flags: none (0x0)
Oct 31 15:24:23.869379: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Oct 31 15:24:23.869381: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request'
Oct 31 15:24:23.869385: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Oct 31 15:24:23.869394: | ****emit IKEv2 Delete Payload:
Oct 31 15:24:23.869396: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:23.869397: |    flags: none (0x0)
Oct 31 15:24:23.869399: |    protocol ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:24:23.869401: |    SPI size: 4 (04)
Oct 31 15:24:23.869403: |    number of SPIs: 1 (00 01)
Oct 31 15:24:23.869405: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D)
Oct 31 15:24:23.869406: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request'
Oct 31 15:24:23.869408: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload
Oct 31 15:24:23.869410: | local spis: 86 7c 77 ba
Oct 31 15:24:23.869412: | emitting length of IKEv2 Delete Payload: 12
Oct 31 15:24:23.869413: | adding 1 bytes of padding (including 1 byte padding-length)
Oct 31 15:24:23.869415: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Oct 31 15:24:23.869417: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Oct 31 15:24:23.869418: | emitting length of IKEv2 Encryption Payload: 41
Oct 31 15:24:23.869420: | emitting length of ISAKMP Message: 69
Oct 31 15:24:23.869437: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.2.45:500 using UDP (for #1)
Oct 31 15:24:23.869439: |   da 5c 6a eb  32 47 9a 54  ce ff 87 fc  f7 d6 16 65
Oct 31 15:24:23.869440: |   2e 20 25 00  00 00 00 00  00 00 00 45  2a 00 00 29
Oct 31 15:24:23.869442: |   13 53 f1 68  46 e7 af 0a  54 07 9c 8f  7b 69 1c 43
Oct 31 15:24:23.869443: |   33 4d a4 c6  7b 74 e5 dd  89 f7 83 90  76 c7 fe 7b
Oct 31 15:24:23.869444: |   e0 eb 0a a1  0a
Oct 31 15:24:23.869480: | sent 1 messages
Oct 31 15:24:23.869482: | Message ID: IKE #1 sender #2 in send_delete hacking around record 'n' send
Oct 31 15:24:23.869488: | Message ID: IKE #1 scheduling EVENT_RETRANSMIT: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744535.836782 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744535.90497 ike.wip.initiator=0 ike.wip.responder=-1
Oct 31 15:24:23.869491: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55d64a732038
Oct 31 15:24:23.869493: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1
Oct 31 15:24:23.869495: | libevent_malloc: newref ptr-libevent@0x7fb44c00b578 size 128
Oct 31 15:24:23.869499: | #1 STATE_V2_ESTABLISHED_IKE_SA: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744538.302286
Oct 31 15:24:23.869503: | Message ID: IKE #1 updating initiator sent message request 0: ike.initiator.sent=-1->0 ike.initiator.recv=-1 ike.initiator.last_contact=744535.836782 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744535.90497 ike.wip.initiator=-1->0 ike.wip.responder=-1
Oct 31 15:24:23.869505: | state #2 deleting .st_event EVENT_SA_REKEY
Oct 31 15:24:23.869508: | libevent_free: delref ptr-libevent@0x55d64a738378
Oct 31 15:24:23.869509: | free_event_entry: delref EVENT_SA_REKEY-pe@0x55d64a73c0a8
Oct 31 15:24:23.869511: | #2 STATE_V2_ESTABLISHED_CHILD_SA: retransmits: cleared
Oct 31 15:24:23.869559: | running updown command "ipsec _updown" for verb down 
Oct 31 15:24:23.869565: | command executing down-client
Oct 31 15:24:23.869572: | get_sa_info esp.18f5e9ba@192.1.2.45
Oct 31 15:24:23.869583: | get_sa_info esp.867c77ba@192.1.2.23
Oct 31 15:24:23.869615: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157861' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO...
Oct 31 15:24:23.869618: | popen cmd is 1133 chars long
Oct 31 15:24:23.869621: | cmd(   0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-i:
Oct 31 15:24:23.869624: | cmd(  80):pv4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_RO:
Oct 31 15:24:23.869626: | cmd( 160):UTE='' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLU:
Oct 31 15:24:23.869629: | cmd( 240):TO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK:
Oct 31 15:24:23.869631: | cmd( 320):='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' :
Oct 31 15:24:23.869633: | cmd( 400):PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLI:
Oct 31 15:24:23.869635: | cmd( 480):ENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255:
Oct 31 15:24:23.869637: | cmd( 560):.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_S:
Oct 31 15:24:23.869639: | cmd( 640):TACK='xfrm' PLUTO_ADDTIME='1604157861' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS:
Oct 31 15:24:23.869641: | cmd( 720):+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_AD:
Oct 31 15:24:23.869643: | cmd( 800):DRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PL:
Oct 31 15:24:23.869646: | cmd( 880):UTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIE:
Oct 31 15:24:23.869648: | cmd( 960):NT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='168' PLUTO_OUTBYTES='168' VTI_IFAC:
Oct 31 15:24:23.869651: | cmd(1040):E='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x18f5e9ba SPI_OUT=0x867c77ba ipsec:
Oct 31 15:24:23.869653: | cmd(1120): _updown 2>&1:
Oct 31 15:24:23.883311: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.1.0/24:0
Oct 31 15:24:23.883336: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.1.0/24:0
Oct 31 15:24:23.883340: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 2084814 (0x1fcfce)
Oct 31 15:24:23.883345: | IPsec SA SPD priority set to 2084814
Oct 31 15:24:23.883390: | delete esp.18f5e9ba@192.1.2.45
Oct 31 15:24:23.883396: | XFRM: deleting IPsec SA with reqid 0
Oct 31 15:24:23.883417: | netlink response for Del SA esp.18f5e9ba@192.1.2.45 included non-error error
Oct 31 15:24:23.883421: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 2084814 (0x1fcfce)
Oct 31 15:24:23.883428: | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk.10000@192.1.2.23 using reqid 0 (raw_eroute) proto=50
Oct 31 15:24:23.883452: | raw_eroute result=success
Oct 31 15:24:23.883457: | delete esp.867c77ba@192.1.2.23
Oct 31 15:24:23.883460: | XFRM: deleting IPsec SA with reqid 0
Oct 31 15:24:23.883469: | netlink response for Del SA esp.867c77ba@192.1.2.23 included non-error error
Oct 31 15:24:23.883480: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2
Oct 31 15:24:23.883483: | State DB: deleting IKEv2 state #2 in ESTABLISHED_CHILD_SA
Oct 31 15:24:23.883489: | child state #2: ESTABLISHED_CHILD_SA(established CHILD SA) => UNDEFINED(ignore)
Oct 31 15:24:23.883492: | releasing #2's fd-fd@(nil) because deleting state
Oct 31 15:24:23.883495: | delref fd@NULL (in delete_state() at state.c:1195)
Oct 31 15:24:23.883497: | delref fd@NULL (in delete_state() at state.c:1195)
Oct 31 15:24:23.883506: | delref pkp@NULL (in delete_state() at state.c:1202)
Oct 31 15:24:23.883513: | stop processing: state #2 from 192.1.2.45:500 (in delete_state() at state.c:1239)
Oct 31 15:24:23.883523: | delref logger@0x55d64a737ad8(1->0) (in delete_state() at state.c:1306)
Oct 31 15:24:23.883527: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:23.883533: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:23.883537: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1411)
Oct 31 15:24:23.883540: | state #1
Oct 31 15:24:23.883543: | pass 1
Oct 31 15:24:23.883545: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
Oct 31 15:24:23.883547: | state #1
Oct 31 15:24:23.883553: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1406)
Oct 31 15:24:23.883556: | delref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1408)
Oct 31 15:24:23.883558: | addref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1409)
Oct 31 15:24:23.883561: | pstats #1 ikev2.ike deleted completed
Oct 31 15:24:23.883569: | #1 main thread spent 5.88 (64.1) milliseconds helper thread spent 2.27 (2.41) milliseconds in total
Oct 31 15:24:23.883574: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.45:500 (in delete_state() at state.c:935)
Oct 31 15:24:23.883578: | should_send_delete: yes
Oct 31 15:24:23.883583: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 2.479628s and sending notification
Oct 31 15:24:23.883586: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => delete
Oct 31 15:24:23.883636: | unsuspending #1 MD (nil)
Oct 31 15:24:23.883641: | should_send_delete: yes
Oct 31 15:24:23.883644: | #1 send IKEv2 delete notification for STATE_V2_ESTABLISHED_IKE_SA
Oct 31 15:24:23.883647: | opening output PBS informational exchange delete request
Oct 31 15:24:23.883651: | **emit ISAKMP Message:
Oct 31 15:24:23.883656: |    initiator SPI: da 5c 6a eb  32 47 9a 54
Oct 31 15:24:23.883660: |    responder SPI: ce ff 87 fc  f7 d6 16 65
Oct 31 15:24:23.883664: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Oct 31 15:24:23.883666: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:23.883669: |    exchange type: ISAKMP_v2_INFORMATIONAL (0x25)
Oct 31 15:24:23.883672: |    flags: none (0x0)
Oct 31 15:24:23.883677: |    Message ID: 1 (00 00 00 01)
Oct 31 15:24:23.883680: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Oct 31 15:24:23.883684: | ***emit IKEv2 Encryption Payload:
Oct 31 15:24:23.883687: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:23.883690: |    flags: none (0x0)
Oct 31 15:24:23.883693: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Oct 31 15:24:23.883696: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request'
Oct 31 15:24:23.883700: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Oct 31 15:24:23.883711: | ****emit IKEv2 Delete Payload:
Oct 31 15:24:23.883714: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:23.883717: |    flags: none (0x0)
Oct 31 15:24:23.883719: |    protocol ID: IKEv2_SEC_PROTO_IKE (0x1)
Oct 31 15:24:23.883722: |    SPI size: 0 (00)
Oct 31 15:24:23.883728: |    number of SPIs: 0 (00 00)
Oct 31 15:24:23.883731: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D)
Oct 31 15:24:23.883734: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request'
Oct 31 15:24:23.883737: | emitting length of IKEv2 Delete Payload: 8
Oct 31 15:24:23.883740: | adding 1 bytes of padding (including 1 byte padding-length)
Oct 31 15:24:23.883743: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Oct 31 15:24:23.883746: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Oct 31 15:24:23.883749: | emitting length of IKEv2 Encryption Payload: 37
Oct 31 15:24:23.883752: | emitting length of ISAKMP Message: 65
Oct 31 15:24:23.883779: | sending 65 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.2.45:500 using UDP (for #1)
Oct 31 15:24:23.883785: |   da 5c 6a eb  32 47 9a 54  ce ff 87 fc  f7 d6 16 65
Oct 31 15:24:23.883788: |   2e 20 25 00  00 00 00 01  00 00 00 41  2a 00 00 25
Oct 31 15:24:23.883790: |   5c 5c 8d a8  3d c5 2e b0  f2 52 e0 30  61 0b 29 8e
Oct 31 15:24:23.883792: |   43 26 82 f7  3c 9a 56 35  c8 fe e5 54  e0 8f ab ee
Oct 31 15:24:23.883794: |   32
Oct 31 15:24:23.883840: | sent 1 messages
Oct 31 15:24:23.883844: | Message ID: IKE #1 sender #1 in send_delete hacking around record 'n' send
Oct 31 15:24:23.883851: | Message ID: IKE #1 XXX: expecting sender.wip.initiator 0 == -1 - suspect record'n'send out-of-order?): ike.initiator.sent=1 ike.initiator.recv=-1 ike.initiator.last_contact=744535.836782 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744535.90497 ike.wip.initiator=1 ike.wip.responder=-1
Oct 31 15:24:23.883858: | Message ID: IKE #1 XXX: EVENT_RETRANSMIT already scheduled -- suspect record'n'send: ike.initiator.sent=1 ike.initiator.recv=-1 ike.initiator.last_contact=744535.836782 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744535.90497 ike.wip.initiator=1 ike.wip.responder=-1
Oct 31 15:24:23.883864: | Message ID: IKE #1 updating initiator sent message request 1: ike.initiator.sent=0->1 ike.initiator.recv=-1 ike.initiator.last_contact=744535.836782 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744535.90497 ike.wip.initiator=0->1 ike.wip.responder=-1
Oct 31 15:24:23.883868: | state #1 deleting .st_event EVENT_SA_REKEY
Oct 31 15:24:23.883873: | libevent_free: delref ptr-libevent@0x55d64a737dd8
Oct 31 15:24:23.883876: | free_event_entry: delref EVENT_SA_REKEY-pe@0x55d64a737fc8
Oct 31 15:24:23.883879: | #1 requesting EVENT_RETRANSMIT-pe@0x55d64a732038 be deleted
Oct 31 15:24:23.883882: | libevent_free: delref ptr-libevent@0x7fb44c00b578
Oct 31 15:24:23.883885: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55d64a732038
Oct 31 15:24:23.883887: | #1 STATE_V2_ESTABLISHED_IKE_SA: retransmits: cleared
Oct 31 15:24:23.883891: | State DB: IKEv2 state not found (flush_incomplete_children)
Oct 31 15:24:23.883894: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2
Oct 31 15:24:23.883897: | State DB: deleting IKEv2 state #1 in ESTABLISHED_IKE_SA
Oct 31 15:24:23.883900: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => UNDEFINED(ignore)
Oct 31 15:24:23.883903: | releasing #1's fd-fd@(nil) because deleting state
Oct 31 15:24:23.883905: | delref fd@NULL (in delete_state() at state.c:1195)
Oct 31 15:24:23.883907: | delref fd@NULL (in delete_state() at state.c:1195)
Oct 31 15:24:23.883910: | delref pkp@NULL (in delete_state() at state.c:1202)
Oct 31 15:24:23.883928: | stop processing: state #1 from 192.1.2.45:500 (in delete_state() at state.c:1239)
Oct 31 15:24:23.883944: | delref logger@0x55d64a7229e8(1->0) (in delete_state() at state.c:1306)
Oct 31 15:24:23.883948: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:23.883951: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:23.883954: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1411)
Oct 31 15:24:23.883965: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.2.0/24:0 --0->- 192.0.1.0/24:0
Oct 31 15:24:23.883970: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.1.0/24:0
Oct 31 15:24:23.883976: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 2084814 (0x1fcfce)
Oct 31 15:24:23.883999: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 2084814 (0x1fcfce)
Oct 31 15:24:23.884011: | FOR_EACH_CONNECTION_... in route_owner
Oct 31 15:24:23.884015: |  conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs
Oct 31 15:24:23.884018: |  conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000
Oct 31 15:24:23.884021: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL
Oct 31 15:24:23.884024: | running updown command "ipsec _updown" for verb unroute 
Oct 31 15:24:23.884034: | command executing unroute-client
Oct 31 15:24:23.884062: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFA...
Oct 31 15:24:23.884067: | popen cmd is 1073 chars long
Oct 31 15:24:23.884070: | cmd(   0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne:
Oct 31 15:24:23.884072: | cmd(  80):t-ipv4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI:
Oct 31 15:24:23.884074: | cmd( 160):_ROUTE='' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' :
Oct 31 15:24:23.884077: | cmd( 240):PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_M:
Oct 31 15:24:23.884079: | cmd( 320):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638:
Oct 31 15:24:23.884082: | cmd( 400):8' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER:
Oct 31 15:24:23.884084: | cmd( 480):_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK=:
Oct 31 15:24:23.884087: | cmd( 560):'255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLU:
Oct 31 15:24:23.884089: | cmd( 640):TO_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEV:
Oct 31 15:24:23.884092: | cmd( 720):2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAM:
Oct 31 15:24:23.884094: | cmd( 800):ILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_P:
Oct 31 15:24:23.884097: | cmd( 880):EER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0:
Oct 31 15:24:23.884100: | cmd( 960):' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0:
Oct 31 15:24:23.884102: | cmd(1040):x0 SPI_OUT=0x0 ipsec _updown 2>&1:
Oct 31 15:24:23.922272: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922297: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922302: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922314: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922329: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922344: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922361: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922376: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922391: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922406: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922420: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922436: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922452: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922468: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922541: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922547: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922550: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922553: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922557: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922562: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922577: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922594: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922609: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922623: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922639: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922654: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922805: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922816: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922821: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922830: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922842: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922852: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922861: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922872: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922881: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.922892: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:23.932846: | addref fd@NULL (in clone_logger() at log.c:809)
Oct 31 15:24:23.932862: | addref fd@NULL (in clone_logger() at log.c:810)
Oct 31 15:24:23.932868: | newref clone logger@0x55d64a7380c8(0->1) (in clone_logger() at log.c:817)
Oct 31 15:24:23.932874: | delref hp@0x55d64a732798(1->0) (in delete_oriented_hp() at hostpair.c:360)
Oct 31 15:24:23.932877: | flush revival: connection 'westnet-eastnet-ipv4-psk-ikev2' wasn't on the list
Oct 31 15:24:23.932881: | delref vip@NULL (in discard_connection() at connections.c:262)
Oct 31 15:24:23.932883: | delref vip@NULL (in discard_connection() at connections.c:263)
Oct 31 15:24:23.932894: | Connection DB: deleting connection $1
Oct 31 15:24:23.932898: | delref logger@0x55d64a7380c8(1->0) (in delete_connection() at connections.c:214)
Oct 31 15:24:23.932901: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:23.932903: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:23.932907: | crl fetch request list locked by 'free_crl_fetch'
Oct 31 15:24:23.932909: | crl fetch request list unlocked by 'free_crl_fetch'
Oct 31 15:24:23.932917: | iface: marking eth1 dead
Oct 31 15:24:23.932919: | iface: marking eth0 dead
Oct 31 15:24:23.932921: | iface: marking lo dead
Oct 31 15:24:23.932926: | updating interfaces - listing interfaces that are going down
Oct 31 15:24:23.932933: shutting down interface lo 127.0.0.1:4500
Oct 31 15:24:23.932937: shutting down interface lo 127.0.0.1:500
Oct 31 15:24:23.932941: shutting down interface eth0 192.0.2.254:4500
Oct 31 15:24:23.932944: shutting down interface eth0 192.0.2.254:500
Oct 31 15:24:23.932947: shutting down interface eth1 192.1.2.23:4500
Oct 31 15:24:23.932950: shutting down interface eth1 192.1.2.23:500
Oct 31 15:24:23.932952: | updating interfaces - deleting the dead
Oct 31 15:24:23.932957: | FOR_EACH_STATE_... in delete_states_dead_interfaces
Oct 31 15:24:23.932967: | libevent_free: delref ptr-libevent@0x55d64a72ba38
Oct 31 15:24:23.932971: | delref id@0x55d64a72fb38(3->2) (in release_iface_dev() at iface.c:125)
Oct 31 15:24:23.932980: | libevent_free: delref ptr-libevent@0x55d64a6ef0c8
Oct 31 15:24:23.932983: | delref id@0x55d64a72fb38(2->1) (in release_iface_dev() at iface.c:125)
Oct 31 15:24:23.932988: | libevent_free: delref ptr-libevent@0x55d64a6e4388
Oct 31 15:24:23.932990: | delref id@0x55d64a72fa68(3->2) (in release_iface_dev() at iface.c:125)
Oct 31 15:24:23.932994: | libevent_free: delref ptr-libevent@0x55d64a6ef1c8
Oct 31 15:24:23.932995: | delref id@0x55d64a72fa68(2->1) (in release_iface_dev() at iface.c:125)
Oct 31 15:24:23.933000: | libevent_free: delref ptr-libevent@0x55d64a6ebbe8
Oct 31 15:24:23.933001: | delref id@0x55d64a72f938(3->2) (in release_iface_dev() at iface.c:125)
Oct 31 15:24:23.933007: | libevent_free: delref ptr-libevent@0x55d64a6ebb38
Oct 31 15:24:23.933008: | delref id@0x55d64a72f938(2->1) (in release_iface_dev() at iface.c:125)
Oct 31 15:24:23.933012: | delref id@0x55d64a72f938(1->0) (in release_iface_dev() at iface.c:125)
Oct 31 15:24:23.933014: | delref id@0x55d64a72fa68(1->0) (in release_iface_dev() at iface.c:125)
Oct 31 15:24:23.933015: | delref id@0x55d64a72fb38(1->0) (in release_iface_dev() at iface.c:125)
Oct 31 15:24:23.933017: | updating interfaces - checking orientation
Oct 31 15:24:23.933018: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
Oct 31 15:24:23.935041: | libevent_free: delref ptr-libevent@0x55d64a72bae8
Oct 31 15:24:23.935056: | free_event_entry: delref EVENT_NULL-pe@0x55d64a72ef28
Oct 31 15:24:23.935062: | libevent_free: delref ptr-libevent@0x55d64a6eefc8
Oct 31 15:24:23.935064: | free_event_entry: delref EVENT_NULL-pe@0x55d64a72b9c8
Oct 31 15:24:23.935068: | libevent_free: delref ptr-libevent@0x55d64a6eef18
Oct 31 15:24:23.935070: | free_event_entry: delref EVENT_NULL-pe@0x55d64a727fb8
Oct 31 15:24:23.935073: | global timer EVENT_REINIT_SECRET uninitialized
Oct 31 15:24:23.935076: | global timer EVENT_SHUNT_SCAN uninitialized
Oct 31 15:24:23.935078: | global timer EVENT_PENDING_DDNS uninitialized
Oct 31 15:24:23.935080: | global timer EVENT_PENDING_PHASE2 uninitialized
Oct 31 15:24:23.935082: | global timer EVENT_CHECK_CRLS uninitialized
Oct 31 15:24:23.935084: | global timer EVENT_REVIVE_CONNS uninitialized
Oct 31 15:24:23.935087: | global timer EVENT_FREE_ROOT_CERTS uninitialized
Oct 31 15:24:23.935089: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized
Oct 31 15:24:23.935091: | global timer EVENT_NAT_T_KEEPALIVE uninitialized
Oct 31 15:24:23.935095: | libevent_free: delref ptr-libevent@0x55d64a6e5378
Oct 31 15:24:23.935098: | signal event handler PLUTO_SIGCHLD uninstalled
Oct 31 15:24:23.935101: | libevent_free: delref ptr-libevent@0x55d64a6819d8
Oct 31 15:24:23.935103: | signal event handler PLUTO_SIGTERM uninstalled
Oct 31 15:24:23.935105: | libevent_free: delref ptr-libevent@0x55d64a681738
Oct 31 15:24:23.935108: | signal event handler PLUTO_SIGHUP uninstalled
Oct 31 15:24:23.935110: | libevent_free: delref ptr-libevent@0x55d64a72f2b8
Oct 31 15:24:23.935112: | signal event handler PLUTO_SIGSYS uninstalled
Oct 31 15:24:23.935114: | releasing event base
Oct 31 15:24:23.935128: | libevent_free: delref ptr-libevent@0x55d64a72f188
Oct 31 15:24:23.935131: | libevent_free: delref ptr-libevent@0x55d64a71e4a8
Oct 31 15:24:23.935135: | libevent_free: delref ptr-libevent@0x55d64a71e458
Oct 31 15:24:23.935142: | libevent_free: delref ptr-libevent@0x55d64a6f1788
Oct 31 15:24:23.935144: | libevent_free: delref ptr-libevent@0x55d64a71e658
Oct 31 15:24:23.935147: | libevent_free: delref ptr-libevent@0x55d64a7229a8
Oct 31 15:24:23.935149: | libevent_free: delref ptr-libevent@0x55d64a7227b8
Oct 31 15:24:23.935152: | libevent_free: delref ptr-libevent@0x55d64a71e7c8
Oct 31 15:24:23.935154: | libevent_free: delref ptr-libevent@0x55d64a7225c8
Oct 31 15:24:23.935156: | libevent_free: delref ptr-libevent@0x55d64a721f88
Oct 31 15:24:23.935159: | libevent_free: delref ptr-libevent@0x55d64a730618
Oct 31 15:24:23.935161: | libevent_free: delref ptr-libevent@0x55d64a7305d8
Oct 31 15:24:23.935163: | libevent_free: delref ptr-libevent@0x55d64a730598
Oct 31 15:24:23.935165: | libevent_free: delref ptr-libevent@0x55d64a730558
Oct 31 15:24:23.935167: | libevent_free: delref ptr-libevent@0x55d64a730518
Oct 31 15:24:23.935169: | libevent_free: delref ptr-libevent@0x55d64a72fe78
Oct 31 15:24:23.935172: | libevent_free: delref ptr-libevent@0x55d64a71e698
Oct 31 15:24:23.935174: | libevent_free: delref ptr-libevent@0x55d64a72f108
Oct 31 15:24:23.935176: | libevent_free: delref ptr-libevent@0x55d64a72f0c8
Oct 31 15:24:23.935178: | libevent_free: delref ptr-libevent@0x55d64a722608
Oct 31 15:24:23.935180: | libevent_free: delref ptr-libevent@0x55d64a72f148
Oct 31 15:24:23.935183: | libevent_free: delref ptr-libevent@0x55d64a72ef98
Oct 31 15:24:23.935186: | libevent_free: delref ptr-libevent@0x55d64a6f1408
Oct 31 15:24:23.935188: | libevent_free: delref ptr-libevent@0x55d64a6f0c68
Oct 31 15:24:23.935190: | libevent_free: delref ptr-libevent@0x55d64a6e7bd8
Oct 31 15:24:23.935193: | releasing global libevent data
Oct 31 15:24:23.935195: | libevent_free: delref ptr-libevent@0x55d64a6f0fa8
Oct 31 15:24:23.935213: | libevent_free: delref ptr-libevent@0x55d64a6e50b8
Oct 31 15:24:23.935220: | libevent_free: delref ptr-libevent@0x55d64a6f1488
Oct 31 15:24:23.935267: leak detective found no leaks