Oct 31 15:24:33.307755: | newref logger@0x55c9f9ee8bb8(0->1) (in main() at plutomain.c:1591) Oct 31 15:24:33.307823: | delref logger@0x55c9f9ee8bb8(1->0) (in main() at plutomain.c:1592) Oct 31 15:24:33.307829: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:33.307831: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:33.307836: NSS DB directory: sql:/var/lib/ipsec/nss Oct 31 15:24:33.307987: Initializing NSS Oct 31 15:24:33.307992: Opening NSS database "sql:/var/lib/ipsec/nss" read-only Oct 31 15:24:33.341290: FIPS Mode: NO Oct 31 15:24:33.341309: NSS crypto library initialized Oct 31 15:24:33.341344: FIPS mode disabled for pluto daemon Oct 31 15:24:33.341348: FIPS HMAC integrity support [disabled] Oct 31 15:24:33.341421: libcap-ng support [enabled] Oct 31 15:24:33.341429: Linux audit support [enabled] Oct 31 15:24:33.341459: Linux audit activated Oct 31 15:24:33.341467: Starting Pluto (Libreswan Version v4.1-88-gf1d1933837ef-main IKEv2 IKEv1 XFRM(netkey) XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-PRF) DNSSEC LABELED_IPSEC (SELINUX) SECCOMP LIBCAP_NG LINUX_AUDIT AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:2129266 Oct 31 15:24:33.341470: core dump dir: /tmp Oct 31 15:24:33.341472: secrets file: /etc/ipsec.secrets Oct 31 15:24:33.341474: leak-detective enabled Oct 31 15:24:33.341476: NSS crypto [enabled] Oct 31 15:24:33.341478: XAUTH PAM support [enabled] Oct 31 15:24:33.341553: | libevent is using pluto's memory allocator Oct 31 15:24:33.341558: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Oct 31 15:24:33.341570: | libevent_malloc: newref ptr-libevent@0x55c9f9efd998 size 40 Oct 31 15:24:33.341576: | libevent_malloc: newref ptr-libevent@0x55c9f9f622d8 size 40 Oct 31 15:24:33.341579: | libevent_malloc: newref ptr-libevent@0x55c9f9f6e848 size 40 Oct 31 15:24:33.341581: | creating event base Oct 31 15:24:33.341583: | libevent_malloc: newref ptr-libevent@0x55c9f9f6e488 size 56 Oct 31 15:24:33.341587: | libevent_malloc: newref ptr-libevent@0x55c9f9f64e58 size 664 Oct 31 15:24:33.341598: | libevent_malloc: newref ptr-libevent@0x55c9f9f9b7f8 size 24 Oct 31 15:24:33.341601: | libevent_malloc: newref ptr-libevent@0x55c9f9f62528 size 384 Oct 31 15:24:33.341611: | libevent_malloc: newref ptr-libevent@0x55c9f9f9b848 size 16 Oct 31 15:24:33.341613: | libevent_malloc: newref ptr-libevent@0x55c9f9f6e7c8 size 40 Oct 31 15:24:33.341615: | libevent_malloc: newref ptr-libevent@0x55c9f9f6e748 size 48 Oct 31 15:24:33.341620: | libevent_realloc: newref ptr-libevent@0x55c9f9f91fc8 size 256 Oct 31 15:24:33.341623: | libevent_malloc: newref ptr-libevent@0x55c9f9f9b888 size 16 Oct 31 15:24:33.341628: | libevent_free: delref ptr-libevent@0x55c9f9f6e488 Oct 31 15:24:33.341630: | libevent initialized Oct 31 15:24:33.341639: | libevent_realloc: newref ptr-libevent@0x55c9f9f6e488 size 64 Oct 31 15:24:33.341642: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Oct 31 15:24:33.341647: | init_nat_traversal() initialized with keep_alive=0s Oct 31 15:24:33.341650: NAT-Traversal support [enabled] Oct 31 15:24:33.341652: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Oct 31 15:24:33.341657: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Oct 31 15:24:33.341660: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Oct 31 15:24:33.341676: | checking IKEv1 state table Oct 31 15:24:33.341684: | MAIN_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:33.341687: | -> MAIN_R1 EVENT_SO_DISCARD (main_inI1_outR1) Oct 31 15:24:33.341691: | MAIN_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:33.341693: | -> MAIN_I2 EVENT_RETRANSMIT (main_inR1_outI2) Oct 31 15:24:33.341696: | MAIN_R1: category: open IKE SA; flags: 0: Oct 31 15:24:33.341698: | -> MAIN_R2 EVENT_RETRANSMIT (main_inI2_outR2) Oct 31 15:24:33.341700: | -> MAIN_R1 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:33.341702: | -> MAIN_R1 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:33.341705: | MAIN_I2: category: open IKE SA; flags: 0: Oct 31 15:24:33.341712: | -> MAIN_I3 EVENT_RETRANSMIT (main_inR2_outI3) Oct 31 15:24:33.341714: | -> MAIN_I2 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:33.341716: | -> MAIN_I2 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:33.341719: | MAIN_R2: category: open IKE SA; flags: 0: Oct 31 15:24:33.341721: | -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3) Oct 31 15:24:33.341723: | -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3) Oct 31 15:24:33.341725: | -> MAIN_R2 EVENT_SA_REPLACE (unexpected) Oct 31 15:24:33.341728: | MAIN_I3: category: open IKE SA; flags: 0: Oct 31 15:24:33.341730: | -> MAIN_I4 EVENT_SA_REPLACE (main_inR3) Oct 31 15:24:33.341732: | -> MAIN_I4 EVENT_SA_REPLACE (main_inR3) Oct 31 15:24:33.341735: | -> MAIN_I3 EVENT_SA_REPLACE (unexpected) Oct 31 15:24:33.341737: | MAIN_R3: category: established IKE SA; flags: 0: Oct 31 15:24:33.341739: | -> MAIN_R3 EVENT_NULL (unexpected) Oct 31 15:24:33.341742: | MAIN_I4: category: established IKE SA; flags: 0: Oct 31 15:24:33.341744: | -> MAIN_I4 EVENT_NULL (unexpected) Oct 31 15:24:33.341746: | AGGR_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:33.341748: | -> AGGR_R1 EVENT_SO_DISCARD (aggr_inI1_outR1) Oct 31 15:24:33.341750: | AGGR_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:33.341753: | -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2) Oct 31 15:24:33.341755: | -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2) Oct 31 15:24:33.341757: | AGGR_R1: category: open IKE SA; flags: 0: Oct 31 15:24:33.341759: | -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2) Oct 31 15:24:33.341761: | -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2) Oct 31 15:24:33.341764: | AGGR_I2: category: established IKE SA; flags: 0: Oct 31 15:24:33.341766: | -> AGGR_I2 EVENT_NULL (unexpected) Oct 31 15:24:33.341768: | AGGR_R2: category: established IKE SA; flags: 0: Oct 31 15:24:33.341770: | -> AGGR_R2 EVENT_NULL (unexpected) Oct 31 15:24:33.341773: | QUICK_R0: category: established CHILD SA; flags: 0: Oct 31 15:24:33.341775: | -> QUICK_R1 EVENT_RETRANSMIT (quick_inI1_outR1) Oct 31 15:24:33.341777: | QUICK_I1: category: established CHILD SA; flags: 0: Oct 31 15:24:33.341779: | -> QUICK_I2 EVENT_SA_REPLACE (quick_inR1_outI2) Oct 31 15:24:33.341782: | QUICK_R1: category: established CHILD SA; flags: 0: Oct 31 15:24:33.341784: | -> QUICK_R2 EVENT_SA_REPLACE (quick_inI2) Oct 31 15:24:33.341786: | QUICK_I2: category: established CHILD SA; flags: 0: Oct 31 15:24:33.341789: | -> QUICK_I2 EVENT_NULL (unexpected) Oct 31 15:24:33.341791: | QUICK_R2: category: established CHILD SA; flags: 0: Oct 31 15:24:33.341793: | -> QUICK_R2 EVENT_NULL (unexpected) Oct 31 15:24:33.341796: | INFO: category: informational; flags: 0: Oct 31 15:24:33.341798: | -> INFO EVENT_NULL (informational) Oct 31 15:24:33.341800: | INFO_PROTECTED: category: informational; flags: 0: Oct 31 15:24:33.341802: | -> INFO_PROTECTED EVENT_NULL (informational) Oct 31 15:24:33.341805: | XAUTH_R0: category: established IKE SA; flags: 0: Oct 31 15:24:33.341807: | -> XAUTH_R1 EVENT_NULL (xauth_inR0) Oct 31 15:24:33.341810: | XAUTH_R1: category: established IKE SA; flags: 0: Oct 31 15:24:33.341812: | -> MAIN_R3 EVENT_SA_REPLACE (xauth_inR1) Oct 31 15:24:33.341814: | MODE_CFG_R0: category: informational; flags: 0: Oct 31 15:24:33.341817: | -> MODE_CFG_R1 EVENT_SA_REPLACE (modecfg_inR0) Oct 31 15:24:33.341819: | MODE_CFG_R1: category: established IKE SA; flags: 0: Oct 31 15:24:33.341822: | -> MODE_CFG_R2 EVENT_SA_REPLACE (modecfg_inR1) Oct 31 15:24:33.341825: | MODE_CFG_R2: category: established IKE SA; flags: 0: Oct 31 15:24:33.341827: | -> MODE_CFG_R2 EVENT_NULL (unexpected) Oct 31 15:24:33.341829: | MODE_CFG_I1: category: established IKE SA; flags: 0: Oct 31 15:24:33.341831: | -> MAIN_I4 EVENT_SA_REPLACE (modecfg_inR1) Oct 31 15:24:33.341833: | XAUTH_I0: category: established IKE SA; flags: 0: Oct 31 15:24:33.341835: | -> XAUTH_I1 EVENT_RETRANSMIT (xauth_inI0) Oct 31 15:24:33.341841: | XAUTH_I1: category: established IKE SA; flags: 0: Oct 31 15:24:33.341843: | -> MAIN_I4 EVENT_RETRANSMIT (xauth_inI1) Oct 31 15:24:33.341849: | checking IKEv2 state table Oct 31 15:24:33.341854: | V2_REKEY_IKE_I0: category: established IKE SA; flags: 0: Oct 31 15:24:33.341857: | -> V2_REKEY_IKE_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Oct 31 15:24:33.341861: | V2_REKEY_CHILD_I0: category: established IKE SA; flags: 0: Oct 31 15:24:33.341864: | -> V2_REKEY_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Oct 31 15:24:33.341866: | V2_NEW_CHILD_I0: category: established IKE SA; flags: 0: Oct 31 15:24:33.341869: | -> V2_NEW_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Oct 31 15:24:33.341872: | PARENT_I0: category: ignore; flags: 0: Oct 31 15:24:33.341874: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Oct 31 15:24:33.341877: | PARENT_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:33.341879: | -> PARENT_I0 EVENT_SO_DISCARD (received anti-DDOS COOKIE notify response; resending IKE_SA_INIT request with cookie payload added) Oct 31 15:24:33.341886: | -> PARENT_I0 EVENT_SO_DISCARD (received IKE_SA_INIT INVALID_KE_PAYLOAD notify response; resending IKE_SA_INIT with new KE payload) Oct 31 15:24:33.341889: | -> IKESA_DEL EVENT_v2_REDIRECT (received REDIRECT notify response; resending IKE_SA_INIT request to new destination) Oct 31 15:24:33.341891: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE) Oct 31 15:24:33.341894: | PARENT_I2: category: open IKE SA; flags: 0: Oct 31 15:24:33.341897: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_INTERMEDIATE reply, initiate IKE_AUTH or IKE_INTERMEDIATE) Oct 31 15:24:33.341899: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Oct 31 15:24:33.341902: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Oct 31 15:24:33.341904: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Oct 31 15:24:33.341907: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Oct 31 15:24:33.341909: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Oct 31 15:24:33.341912: | PARENT_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:33.341914: | -> PARENT_R1 EVENT_SO_DISCARD send-response (Respond to IKE_SA_INIT) Oct 31 15:24:33.341917: | PARENT_R1: category: half-open IKE SA; flags: 0: Oct 31 15:24:33.341920: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request (no SKEYSEED)) Oct 31 15:24:33.341922: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (no SKEYSEED)) Oct 31 15:24:33.341924: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (with SKEYSEED)) Oct 31 15:24:33.341927: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request) Oct 31 15:24:33.341930: | V2_REKEY_IKE_R0: category: established IKE SA; flags: 0: Oct 31 15:24:33.341932: | -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IKE Rekey) Oct 31 15:24:33.341935: | V2_REKEY_IKE_I1: category: established IKE SA; flags: 0: Oct 31 15:24:33.341937: | -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Oct 31 15:24:33.341940: | V2_NEW_CHILD_I1: category: established IKE SA; flags: 0: Oct 31 15:24:33.341943: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Oct 31 15:24:33.341945: | V2_REKEY_CHILD_R0: category: established IKE SA; flags: 0: Oct 31 15:24:33.341948: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA rekey CHILD SA request) Oct 31 15:24:33.341950: | V2_NEW_CHILD_R0: category: established IKE SA; flags: 0: Oct 31 15:24:33.341955: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IPsec SA Request) Oct 31 15:24:33.341958: | ESTABLISHED_IKE_SA: category: established IKE SA; flags: 0: Oct 31 15:24:33.341961: | -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request (liveness probe)) Oct 31 15:24:33.341963: | -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response (liveness probe)) Oct 31 15:24:33.341965: | -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request) Oct 31 15:24:33.341968: | -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response) Oct 31 15:24:33.341971: | IKESA_DEL: category: established IKE SA; flags: 0: Oct 31 15:24:33.341973: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Oct 31 15:24:33.341976: | CHILDSA_DEL: category: informational; flags: 0: Oct 31 15:24:33.341978: | -> CHILDSA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Oct 31 15:24:33.341982: | global one-shot timer EVENT_REVIVE_CONNS initialized Oct 31 15:24:33.341986: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Oct 31 15:24:33.341989: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Oct 31 15:24:33.342131: Encryption algorithms: Oct 31 15:24:33.342140: AES_CCM_16 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c Oct 31 15:24:33.342145: AES_CCM_12 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b Oct 31 15:24:33.342150: AES_CCM_8 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a Oct 31 15:24:33.342155: 3DES_CBC [*192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des Oct 31 15:24:33.342159: CAMELLIA_CTR {256,192,*128} IKEv1: ESP IKEv2: ESP Oct 31 15:24:33.342164: CAMELLIA_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia Oct 31 15:24:33.342170: AES_GCM_16 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm, aes_gcm_c Oct 31 15:24:33.342175: AES_GCM_12 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_b Oct 31 15:24:33.342179: AES_GCM_8 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_a Oct 31 15:24:33.342184: AES_CTR {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr Oct 31 15:24:33.342189: AES_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes Oct 31 15:24:33.342194: NULL_AUTH_AES_GMAC {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac Oct 31 15:24:33.342198: NULL [] IKEv1: ESP IKEv2: ESP Oct 31 15:24:33.342210: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305 Oct 31 15:24:33.342212: Hash algorithms: Oct 31 15:24:33.342216: MD5 IKEv1: IKE IKEv2: NSS Oct 31 15:24:33.342219: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha Oct 31 15:24:33.342223: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256 Oct 31 15:24:33.342227: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384 Oct 31 15:24:33.342230: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512 Oct 31 15:24:33.342232: PRF algorithms: Oct 31 15:24:33.342236: HMAC_MD5 IKEv1: IKE IKEv2: IKE native(HMAC) md5 Oct 31 15:24:33.342240: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1 Oct 31 15:24:33.342244: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256 Oct 31 15:24:33.342251: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384 Oct 31 15:24:33.342255: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512 Oct 31 15:24:33.342258: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc Oct 31 15:24:33.342261: Integrity algorithms: Oct 31 15:24:33.342265: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH native(HMAC) md5, hmac_md5 Oct 31 15:24:33.342269: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1 Oct 31 15:24:33.342273: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Oct 31 15:24:33.342277: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Oct 31 15:24:33.342282: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Oct 31 15:24:33.342286: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Oct 31 15:24:33.342290: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96 Oct 31 15:24:33.342293: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Oct 31 15:24:33.342296: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Oct 31 15:24:33.342299: DH algorithms: Oct 31 15:24:33.342302: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0 Oct 31 15:24:33.342304: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5 Oct 31 15:24:33.342307: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14 Oct 31 15:24:33.342310: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15 Oct 31 15:24:33.342312: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16 Oct 31 15:24:33.342315: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17 Oct 31 15:24:33.342317: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18 Oct 31 15:24:33.342321: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256 Oct 31 15:24:33.342324: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384 Oct 31 15:24:33.342327: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521 Oct 31 15:24:33.342330: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519 Oct 31 15:24:33.342333: testing CAMELLIA_CBC: Oct 31 15:24:33.342335: Camellia: 16 bytes with 128-bit key Oct 31 15:24:33.342455: Camellia: 16 bytes with 128-bit key Oct 31 15:24:33.342491: Camellia: 16 bytes with 256-bit key Oct 31 15:24:33.342551: Camellia: 16 bytes with 256-bit key Oct 31 15:24:33.342584: testing AES_GCM_16: Oct 31 15:24:33.342588: empty string Oct 31 15:24:33.342618: one block Oct 31 15:24:33.342648: two blocks Oct 31 15:24:33.342678: two blocks with associated data Oct 31 15:24:33.342708: testing AES_CTR: Oct 31 15:24:33.342712: Encrypting 16 octets using AES-CTR with 128-bit key Oct 31 15:24:33.342743: Encrypting 32 octets using AES-CTR with 128-bit key Oct 31 15:24:33.342775: Encrypting 36 octets using AES-CTR with 128-bit key Oct 31 15:24:33.342809: Encrypting 16 octets using AES-CTR with 192-bit key Oct 31 15:24:33.342844: Encrypting 32 octets using AES-CTR with 192-bit key Oct 31 15:24:33.342878: Encrypting 36 octets using AES-CTR with 192-bit key Oct 31 15:24:33.342914: Encrypting 16 octets using AES-CTR with 256-bit key Oct 31 15:24:33.342945: Encrypting 32 octets using AES-CTR with 256-bit key Oct 31 15:24:33.342978: Encrypting 36 octets using AES-CTR with 256-bit key Oct 31 15:24:33.343012: testing AES_CBC: Oct 31 15:24:33.343015: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Oct 31 15:24:33.343046: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Oct 31 15:24:33.343081: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Oct 31 15:24:33.343115: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Oct 31 15:24:33.343157: testing AES_XCBC: Oct 31 15:24:33.343160: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input Oct 31 15:24:33.343296: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input Oct 31 15:24:33.343440: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input Oct 31 15:24:33.343586: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input Oct 31 15:24:33.343726: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input Oct 31 15:24:33.343866: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input Oct 31 15:24:33.344013: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input Oct 31 15:24:33.344311: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Oct 31 15:24:33.344438: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Oct 31 15:24:33.344574: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Oct 31 15:24:33.344800: testing HMAC_MD5: Oct 31 15:24:33.344807: RFC 2104: MD5_HMAC test 1 Oct 31 15:24:33.344997: RFC 2104: MD5_HMAC test 2 Oct 31 15:24:33.345150: RFC 2104: MD5_HMAC test 3 Oct 31 15:24:33.345315: 8 CPU cores online Oct 31 15:24:33.345323: starting up 7 helper threads Oct 31 15:24:33.345364: started thread for helper 0 Oct 31 15:24:33.345374: | starting helper thread 1 Oct 31 15:24:33.345381: seccomp security disabled for crypto helper 1 Oct 31 15:24:33.345386: | status value returned by setting the priority of this helper thread 1: 22 Oct 31 15:24:33.345391: | helper thread 1 has nothing to do Oct 31 15:24:33.345399: started thread for helper 1 Oct 31 15:24:33.345403: | starting helper thread 2 Oct 31 15:24:33.345407: seccomp security disabled for crypto helper 2 Oct 31 15:24:33.345410: | status value returned by setting the priority of this helper thread 2: 22 Oct 31 15:24:33.345412: | helper thread 2 has nothing to do Oct 31 15:24:33.345423: started thread for helper 2 Oct 31 15:24:33.345427: | starting helper thread 3 Oct 31 15:24:33.345430: seccomp security disabled for crypto helper 3 Oct 31 15:24:33.345433: | status value returned by setting the priority of this helper thread 3: 22 Oct 31 15:24:33.345436: | helper thread 3 has nothing to do Oct 31 15:24:33.345445: started thread for helper 3 Oct 31 15:24:33.345449: | starting helper thread 4 Oct 31 15:24:33.345452: seccomp security disabled for crypto helper 4 Oct 31 15:24:33.345455: | status value returned by setting the priority of this helper thread 4: 22 Oct 31 15:24:33.345458: | helper thread 4 has nothing to do Oct 31 15:24:33.345466: started thread for helper 4 Oct 31 15:24:33.345471: | starting helper thread 5 Oct 31 15:24:33.345474: seccomp security disabled for crypto helper 5 Oct 31 15:24:33.345478: | status value returned by setting the priority of this helper thread 5: 22 Oct 31 15:24:33.345480: | helper thread 5 has nothing to do Oct 31 15:24:33.345491: started thread for helper 5 Oct 31 15:24:33.345495: | starting helper thread 6 Oct 31 15:24:33.345499: seccomp security disabled for crypto helper 6 Oct 31 15:24:33.345503: | status value returned by setting the priority of this helper thread 6: 22 Oct 31 15:24:33.345506: | helper thread 6 has nothing to do Oct 31 15:24:33.345514: started thread for helper 6 Oct 31 15:24:33.345518: | starting helper thread 7 Oct 31 15:24:33.345527: seccomp security disabled for crypto helper 7 Oct 31 15:24:33.345530: | status value returned by setting the priority of this helper thread 7: 22 Oct 31 15:24:33.345532: | helper thread 7 has nothing to do Oct 31 15:24:33.345543: Using Linux XFRM/NETKEY IPsec kernel support code on 5.8.15-201.fc32.x86_64 Oct 31 15:24:33.345782: | Hard-wiring algorithms Oct 31 15:24:33.345788: | adding AES_CCM_16 to kernel algorithm db Oct 31 15:24:33.345796: | adding AES_CCM_12 to kernel algorithm db Oct 31 15:24:33.345799: | adding AES_CCM_8 to kernel algorithm db Oct 31 15:24:33.345802: | adding 3DES_CBC to kernel algorithm db Oct 31 15:24:33.345804: | adding CAMELLIA_CBC to kernel algorithm db Oct 31 15:24:33.345807: | adding AES_GCM_16 to kernel algorithm db Oct 31 15:24:33.345809: | adding AES_GCM_12 to kernel algorithm db Oct 31 15:24:33.345811: | adding AES_GCM_8 to kernel algorithm db Oct 31 15:24:33.345813: | adding AES_CTR to kernel algorithm db Oct 31 15:24:33.345816: | adding AES_CBC to kernel algorithm db Oct 31 15:24:33.345818: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Oct 31 15:24:33.345821: | adding NULL to kernel algorithm db Oct 31 15:24:33.345824: | adding CHACHA20_POLY1305 to kernel algorithm db Oct 31 15:24:33.345826: | adding HMAC_MD5_96 to kernel algorithm db Oct 31 15:24:33.345828: | adding HMAC_SHA1_96 to kernel algorithm db Oct 31 15:24:33.345831: | adding HMAC_SHA2_512_256 to kernel algorithm db Oct 31 15:24:33.345833: | adding HMAC_SHA2_384_192 to kernel algorithm db Oct 31 15:24:33.345835: | adding HMAC_SHA2_256_128 to kernel algorithm db Oct 31 15:24:33.345837: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Oct 31 15:24:33.345839: | adding AES_XCBC_96 to kernel algorithm db Oct 31 15:24:33.345841: | adding AES_CMAC_96 to kernel algorithm db Oct 31 15:24:33.345843: | adding NONE to kernel algorithm db Oct 31 15:24:33.345871: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Oct 31 15:24:33.345879: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Oct 31 15:24:33.345882: | setup kernel fd callback Oct 31 15:24:33.345885: | add_fd_read_event_handler: newref KERNEL_XRM_FD-pe@0x55c9f9fa4fd8 Oct 31 15:24:33.345889: | libevent_malloc: newref ptr-libevent@0x55c9f9f6c188 size 128 Oct 31 15:24:33.345892: | libevent_malloc: newref ptr-libevent@0x55c9f9f9f5e8 size 16 Oct 31 15:24:33.345899: | add_fd_read_event_handler: newref KERNEL_ROUTE_FD-pe@0x55c9f9fa89e8 Oct 31 15:24:33.345902: | libevent_malloc: newref ptr-libevent@0x55c9f9f6c288 size 128 Oct 31 15:24:33.345905: | libevent_malloc: newref ptr-libevent@0x55c9f9f9efa8 size 16 Oct 31 15:24:33.346062: | global one-shot timer EVENT_CHECK_CRLS initialized Oct 31 15:24:33.346144: SELinux support is enabled in PERMISSIVE mode. Oct 31 15:24:33.346341: | unbound context created - setting debug level to 5 Oct 31 15:24:33.346379: | /etc/hosts lookups activated Oct 31 15:24:33.346393: | /etc/resolv.conf usage activated Oct 31 15:24:33.346429: | outgoing-port-avoid set 0-65535 Oct 31 15:24:33.346444: | outgoing-port-permit set 32768-60999 Oct 31 15:24:33.346446: | loading dnssec root key from:/var/lib/unbound/root.key Oct 31 15:24:33.346448: | no additional dnssec trust anchors defined via dnssec-trusted= option Oct 31 15:24:33.346450: | Setting up events, loop start Oct 31 15:24:33.346452: | add_fd_read_event_handler: newref PLUTO_CTL_FD-pe@0x55c9f9fabf48 Oct 31 15:24:33.346454: | libevent_malloc: newref ptr-libevent@0x55c9f9fa8b08 size 128 Oct 31 15:24:33.346457: | libevent_malloc: newref ptr-libevent@0x55c9f9f9f9c8 size 16 Oct 31 15:24:33.346462: | libevent_realloc: newref ptr-libevent@0x55c9f9fabfb8 size 256 Oct 31 15:24:33.346464: | libevent_malloc: newref ptr-libevent@0x55c9f9f9f628 size 8 Oct 31 15:24:33.346465: | libevent_realloc: newref ptr-libevent@0x55c9f9fa0028 size 144 Oct 31 15:24:33.346467: | libevent_malloc: newref ptr-libevent@0x55c9f9f00b68 size 152 Oct 31 15:24:33.346470: | libevent_malloc: newref ptr-libevent@0x55c9f9f9f7d8 size 16 Oct 31 15:24:33.346472: | signal event handler PLUTO_SIGCHLD installed Oct 31 15:24:33.346477: | libevent_malloc: newref ptr-libevent@0x55c9f9fac0e8 size 8 Oct 31 15:24:33.346479: | libevent_malloc: newref ptr-libevent@0x55c9f9eed278 size 152 Oct 31 15:24:33.346481: | signal event handler PLUTO_SIGTERM installed Oct 31 15:24:33.346482: | libevent_malloc: newref ptr-libevent@0x55c9f9fac128 size 8 Oct 31 15:24:33.346484: | libevent_malloc: newref ptr-libevent@0x55c9f9fac168 size 152 Oct 31 15:24:33.346486: | signal event handler PLUTO_SIGHUP installed Oct 31 15:24:33.346487: | libevent_malloc: newref ptr-libevent@0x55c9f9fac238 size 8 Oct 31 15:24:33.346489: | libevent_realloc: delref ptr-libevent@0x55c9f9fa0028 Oct 31 15:24:33.346490: | libevent_realloc: newref ptr-libevent@0x55c9f9fac278 size 256 Oct 31 15:24:33.346492: | libevent_malloc: newref ptr-libevent@0x55c9f9fac3a8 size 152 Oct 31 15:24:33.346494: | signal event handler PLUTO_SIGSYS installed Oct 31 15:24:33.346831: | created addconn helper (pid:2129336) using fork+execve Oct 31 15:24:33.346851: | forked child 2129336 Oct 31 15:24:33.346862: seccomp security disabled Oct 31 15:24:33.354367: | newref struct fd@0x55c9f9fac508(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:33.354381: | fd_accept: new fd-fd@0x55c9f9fac508 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:33.354398: | whack: listen Oct 31 15:24:33.354402: listening for IKE messages Oct 31 15:24:33.354479: | Inspecting interface lo Oct 31 15:24:33.354485: | found lo with address 127.0.0.1 Oct 31 15:24:33.354487: | Inspecting interface eth0 Oct 31 15:24:33.354490: | found eth0 with address 192.0.2.254 Oct 31 15:24:33.354493: | Inspecting interface eth0 Oct 31 15:24:33.354495: | found eth0 with address 192.0.22.254 Oct 31 15:24:33.354497: | Inspecting interface eth1 Oct 31 15:24:33.354500: | found eth1 with address 192.1.2.23 Oct 31 15:24:33.354507: | newref struct iface_dev@0x55c9f9facaa8(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:33.354570: Kernel supports NIC esp-hw-offload Oct 31 15:24:33.354599: | iface: marking eth1 add Oct 31 15:24:33.354605: | newref struct iface_dev@0x55c9f9facbd8(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:33.354629: | iface: marking eth0 add Oct 31 15:24:33.354633: | newref struct iface_dev@0x55c9f9facca8(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:33.354639: | iface: marking eth0 add Oct 31 15:24:33.354641: | newref struct iface_dev@0x55c9f9facd78(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:33.354643: | iface: marking lo add Oct 31 15:24:33.354694: | no interfaces to sort Oct 31 15:24:33.354709: | MSG_ERRQUEUE enabled on fd 18 Oct 31 15:24:33.354721: | addref ifd@0x55c9f9facaa8(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:33.354724: adding UDP interface eth1 192.1.2.23:500 Oct 31 15:24:33.354738: | MSG_ERRQUEUE enabled on fd 19 Oct 31 15:24:33.354771: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:33.354774: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:33.354777: | addref ifd@0x55c9f9facaa8(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:33.354779: adding UDP interface eth1 192.1.2.23:4500 Oct 31 15:24:33.354790: | MSG_ERRQUEUE enabled on fd 20 Oct 31 15:24:33.354796: | addref ifd@0x55c9f9facbd8(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:33.354798: adding UDP interface eth0 192.0.22.254:500 Oct 31 15:24:33.354809: | MSG_ERRQUEUE enabled on fd 21 Oct 31 15:24:33.354813: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:33.354815: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:33.354817: | addref ifd@0x55c9f9facbd8(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:33.354819: adding UDP interface eth0 192.0.22.254:4500 Oct 31 15:24:33.354829: | MSG_ERRQUEUE enabled on fd 22 Oct 31 15:24:33.354839: | addref ifd@0x55c9f9facca8(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:33.354845: adding UDP interface eth0 192.0.2.254:500 Oct 31 15:24:33.354864: | MSG_ERRQUEUE enabled on fd 23 Oct 31 15:24:33.354872: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:33.354882: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:33.354886: | addref ifd@0x55c9f9facca8(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:33.354889: adding UDP interface eth0 192.0.2.254:4500 Oct 31 15:24:33.354901: | MSG_ERRQUEUE enabled on fd 24 Oct 31 15:24:33.354908: | addref ifd@0x55c9f9facd78(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:33.354910: adding UDP interface lo 127.0.0.1:500 Oct 31 15:24:33.354921: | MSG_ERRQUEUE enabled on fd 25 Oct 31 15:24:33.354925: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:33.354927: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:33.354929: | addref ifd@0x55c9f9facd78(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:33.354931: adding UDP interface lo 127.0.0.1:4500 Oct 31 15:24:33.354936: | updating interfaces - listing interfaces that are going down Oct 31 15:24:33.354941: | updating interfaces - checking orientation Oct 31 15:24:33.354945: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Oct 31 15:24:33.354966: | libevent_malloc: newref ptr-libevent@0x55c9f9fa8a58 size 128 Oct 31 15:24:33.354969: | libevent_malloc: newref ptr-libevent@0x55c9f9face48 size 16 Oct 31 15:24:33.354976: | setup callback for interface lo 127.0.0.1:4500 fd 25 on UDP Oct 31 15:24:33.354979: | libevent_malloc: newref ptr-libevent@0x55c9f9f6c388 size 128 Oct 31 15:24:33.354980: | libevent_malloc: newref ptr-libevent@0x55c9f9face88 size 16 Oct 31 15:24:33.354983: | setup callback for interface lo 127.0.0.1:500 fd 24 on UDP Oct 31 15:24:33.354985: | libevent_malloc: newref ptr-libevent@0x55c9f9f6c588 size 128 Oct 31 15:24:33.354986: | libevent_malloc: newref ptr-libevent@0x55c9f9facec8 size 16 Oct 31 15:24:33.354989: | setup callback for interface eth0 192.0.2.254:4500 fd 23 on UDP Oct 31 15:24:33.354990: | libevent_malloc: newref ptr-libevent@0x55c9f9f6c488 size 128 Oct 31 15:24:33.354992: | libevent_malloc: newref ptr-libevent@0x55c9f9fad948 size 16 Oct 31 15:24:33.354995: | setup callback for interface eth0 192.0.2.254:500 fd 22 on UDP Oct 31 15:24:33.354997: | libevent_malloc: newref ptr-libevent@0x55c9f9f68e38 size 128 Oct 31 15:24:33.354999: | libevent_malloc: newref ptr-libevent@0x55c9f9fad988 size 16 Oct 31 15:24:33.355002: | setup callback for interface eth0 192.0.22.254:4500 fd 21 on UDP Oct 31 15:24:33.355003: | libevent_malloc: newref ptr-libevent@0x55c9f9f68d38 size 128 Oct 31 15:24:33.355005: | libevent_malloc: newref ptr-libevent@0x55c9f9fad9c8 size 16 Oct 31 15:24:33.355008: | setup callback for interface eth0 192.0.22.254:500 fd 20 on UDP Oct 31 15:24:33.355009: | libevent_malloc: newref ptr-libevent@0x55c9f9fada08 size 128 Oct 31 15:24:33.355011: | libevent_malloc: newref ptr-libevent@0x55c9f9fadab8 size 16 Oct 31 15:24:33.355014: | setup callback for interface eth1 192.1.2.23:4500 fd 19 on UDP Oct 31 15:24:33.355015: | libevent_malloc: newref ptr-libevent@0x55c9f9fadaf8 size 128 Oct 31 15:24:33.355017: | libevent_malloc: newref ptr-libevent@0x55c9f9fadba8 size 16 Oct 31 15:24:33.355019: | setup callback for interface eth1 192.1.2.23:500 fd 18 on UDP Oct 31 15:24:33.356714: | no stale xfrmi interface 'ipsec1' found Oct 31 15:24:33.356728: | certs and keys locked by 'free_preshared_secrets' Oct 31 15:24:33.356731: | certs and keys unlocked by 'free_preshared_secrets' Oct 31 15:24:33.356762: loading secrets from "/etc/ipsec.secrets" Oct 31 15:24:33.356801: no secrets filename matched "/etc/ipsec.d/*.secrets" Oct 31 15:24:33.356820: | old food groups: Oct 31 15:24:33.356823: | new food groups: Oct 31 15:24:33.356830: | delref fd@0x55c9f9fac508(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:33.356837: | freeref fd-fd@0x55c9f9fac508 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:33.356845: | spent 0.841 (2.49) milliseconds in whack Oct 31 15:24:33.357381: | processing signal PLUTO_SIGCHLD Oct 31 15:24:33.357406: | waitpid returned pid 2129336 (exited with status 0) Oct 31 15:24:33.357415: | reaped addconn helper child (status 0) Oct 31 15:24:33.357421: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:33.357427: | spent 0.0299 (0.0296) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:33.365864: | newref struct fd@0x55c9f9facb78(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:33.365879: | fd_accept: new fd-fd@0x55c9f9facb78 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:33.365892: | whack: options (impair|debug) Oct 31 15:24:33.365898: | old debugging base+cpu-usage + none Oct 31 15:24:33.365901: | new debugging = base+cpu-usage Oct 31 15:24:33.365907: | delref fd@0x55c9f9facb78(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:33.365915: | freeref fd-fd@0x55c9f9facb78 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:33.365923: | spent 0.0684 (0.0679) milliseconds in whack Oct 31 15:24:33.434129: | newref struct fd@0x55c9f9fac548(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:33.434144: | fd_accept: new fd-fd@0x55c9f9fac548 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:33.434154: | whack: delete 'northnet-eastnets/0x1' Oct 31 15:24:33.434157: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:33.434158: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:33.434160: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:33.434161: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:33.434163: | whack: connection 'northnet-eastnets/0x1' Oct 31 15:24:33.434166: | addref fd@0x55c9f9fac548(1->2) (in string_logger() at log.c:838) Oct 31 15:24:33.434171: | newref string logger@0x55c9f9f9fd88(0->1) (in add_connection() at connections.c:1998) Oct 31 15:24:33.434173: | Connection DB: adding connection "northnet-eastnets/0x1" $1 Oct 31 15:24:33.434178: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:33.434187: | added new connection northnet-eastnets/0x1 with policy RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:33.434278: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Oct 31 15:24:33.434286: | from whack: got --esp= Oct 31 15:24:33.434392: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Oct 31 15:24:33.435403: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Oct 31 15:24:33.435420: | loading left certificate 'north' pubkey Oct 31 15:24:33.435525: | newref struct pubkey@0x55c9f9fb4978(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.435552: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55c9f9fae838 Oct 31 15:24:33.435557: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55c9f9fb5368 Oct 31 15:24:33.435560: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55c9f9fb53b8 Oct 31 15:24:33.435614: | newref struct pubkey@0x55c9f9fb5508(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.435667: | newref struct pubkey@0x55c9f9fb5ac8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.435711: | newref struct pubkey@0x55c9f9fb0498(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.435717: | delref pkp@0x55c9f9fb4978(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:33.435723: | preload cert/secret for connection: north Oct 31 15:24:33.435782: | adding RSA secret for certificate: north Oct 31 15:24:33.435972: | spent 0.163 (0.239) milliseconds in preload_private_key_by_cert() loading private key north Oct 31 15:24:33.435978: | no private key matching left certificate north: NSS: cert private key not found Oct 31 15:24:33.435997: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Oct 31 15:24:33.436502: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Oct 31 15:24:33.436513: | loading right certificate 'east' pubkey Oct 31 15:24:33.436581: | newref struct pubkey@0x55c9f9fb5d68(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.436592: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55c9f9fb5368 Oct 31 15:24:33.436594: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55c9f9fae838 Oct 31 15:24:33.436596: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55c9f9fb0238 Oct 31 15:24:33.436598: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55c9f9fb0288 Oct 31 15:24:33.436601: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55c9f9fb5f68 Oct 31 15:24:33.436652: | newref struct pubkey@0x55c9f9fb6268(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.436704: | newref struct pubkey@0x55c9f9fbaad8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.436754: | newref struct pubkey@0x55c9f9fba378(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.436814: | newref struct pubkey@0x55c9f9fba808(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.436870: | newref struct pubkey@0x55c9f9fbaf68(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.436878: | delref pkp@0x55c9f9fb5d68(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:33.436883: | preload cert/secret for connection: east Oct 31 15:24:33.437022: | adding RSA secret for certificate: east Oct 31 15:24:33.437140: | copying key using reference slot Oct 31 15:24:33.439759: | certs and keys locked by 'lsw_add_rsa_secret' Oct 31 15:24:33.439773: | certs and keys unlocked by 'lsw_add_rsa_secret' Oct 31 15:24:33.439787: | spent 2.81 (2.89) milliseconds in preload_private_key_by_cert() loading private key east Oct 31 15:24:33.439792: connection "northnet-eastnets/0x1": loaded private key matching right certificate 'east' Oct 31 15:24:33.439803: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Oct 31 15:24:33.439810: | updating connection from left.host_addr Oct 31 15:24:33.439813: | left host_port 500 Oct 31 15:24:33.439815: | updating connection from right.host_addr Oct 31 15:24:33.439817: | right host_port 500 Oct 31 15:24:33.439824: | orienting northnet-eastnets/0x1 Oct 31 15:24:33.439830: | northnet-eastnets/0x1 doesn't match 127.0.0.1:4500 at all Oct 31 15:24:33.439833: | northnet-eastnets/0x1 doesn't match 127.0.0.1:500 at all Oct 31 15:24:33.439837: | northnet-eastnets/0x1 doesn't match 192.0.2.254:4500 at all Oct 31 15:24:33.439840: | northnet-eastnets/0x1 doesn't match 192.0.2.254:500 at all Oct 31 15:24:33.439843: | northnet-eastnets/0x1 doesn't match 192.0.22.254:4500 at all Oct 31 15:24:33.439846: | northnet-eastnets/0x1 doesn't match 192.0.22.254:500 at all Oct 31 15:24:33.439850: | northnet-eastnets/0x1 doesn't match 192.1.2.23:4500 at all Oct 31 15:24:33.439852: | oriented northnet-eastnets/0x1's that Oct 31 15:24:33.439854: | swapping ends so that that is this Oct 31 15:24:33.439860: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@(nil): none Oct 31 15:24:33.439867: | newref hp@0x55c9f9fbb248(0->1) (in connect_to_host_pair() at hostpair.c:290) Oct 31 15:24:33.439870: added IKEv2 connection "northnet-eastnets/0x1" Oct 31 15:24:33.439885: | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:33.439920: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]---192.1.2.254...192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Oct 31 15:24:33.439931: | delref logger@0x55c9f9f9fd88(1->0) (in add_connection() at connections.c:2026) Oct 31 15:24:33.439935: | delref fd@0x55c9f9fac548(2->1) (in free_logger() at log.c:853) Oct 31 15:24:33.439938: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:33.439946: | delref fd@0x55c9f9fac548(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:33.439954: | freeref fd-fd@0x55c9f9fac548 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:33.439959: | spent 5.42 (5.84) milliseconds in whack Oct 31 15:24:33.440120: | newref struct fd@0x55c9f9fb5368(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:33.440128: | fd_accept: new fd-fd@0x55c9f9fb5368 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:33.440141: | whack: delete 'northnet-eastnets/0x2' Oct 31 15:24:33.440144: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:33.440147: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:33.440149: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:33.440152: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:33.440154: | whack: connection 'northnet-eastnets/0x2' Oct 31 15:24:33.440157: | addref fd@0x55c9f9fb5368(1->2) (in string_logger() at log.c:838) Oct 31 15:24:33.440160: | newref string logger@0x55c9f9fac678(0->1) (in add_connection() at connections.c:1998) Oct 31 15:24:33.440165: | Connection DB: adding connection "northnet-eastnets/0x2" $2 Oct 31 15:24:33.440171: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:33.440178: | added new connection northnet-eastnets/0x2 with policy RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:33.440293: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Oct 31 15:24:33.440302: | from whack: got --esp= Oct 31 15:24:33.440351: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Oct 31 15:24:33.440527: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Oct 31 15:24:33.440535: | loading left certificate 'north' pubkey Oct 31 15:24:33.440600: | newref struct pubkey@0x55c9f9faff88(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.440609: | delref pkp@0x55c9f9fb0498(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:33.440626: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55c9f9fafc28 Oct 31 15:24:33.440631: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55c9f9fafc78 Oct 31 15:24:33.440634: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55c9f9fafcc8 Oct 31 15:24:33.440689: | newref struct pubkey@0x55c9f9fc03a8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.440696: | delref pkp@0x55c9f9fb5508(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:33.440752: | newref struct pubkey@0x55c9f9fbfdd8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.440758: | delref pkp@0x55c9f9fb5ac8(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:33.440812: | newref struct pubkey@0x55c9f9fbff98(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.440818: | delref pkp@0x55c9f9faff88(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:33.440823: | preload cert/secret for connection: north Oct 31 15:24:33.440875: | trying secret PKK_RSA:AwEAAeu8z Oct 31 15:24:33.440880: | adding RSA secret for certificate: north Oct 31 15:24:33.440972: | spent 0.138 (0.138) milliseconds in preload_private_key_by_cert() loading private key north Oct 31 15:24:33.440977: | no private key matching left certificate north: NSS: cert private key not found Oct 31 15:24:33.440990: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Oct 31 15:24:33.441102: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Oct 31 15:24:33.441108: | loading right certificate 'east' pubkey Oct 31 15:24:33.441172: | newref struct pubkey@0x55c9f9fc00a8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.441180: | delref pkp@0x55c9f9fbaf68(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:33.441194: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55c9f9fbff28 Oct 31 15:24:33.441203: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55c9f9fbaf68 Oct 31 15:24:33.441213: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55c9f9fbafb8 Oct 31 15:24:33.441217: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55c9f9fbb008 Oct 31 15:24:33.441219: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55c9f9fc0cc8 Oct 31 15:24:33.441280: | newref struct pubkey@0x55c9f9fc1628(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.441288: | delref pkp@0x55c9f9fb6268(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:33.441345: | newref struct pubkey@0x55c9f9fc1738(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.441352: | delref pkp@0x55c9f9fbaad8(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:33.441407: | newref struct pubkey@0x55c9f9fc1848(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.441414: | delref pkp@0x55c9f9fba378(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:33.441468: | newref struct pubkey@0x55c9f9fba378(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.441474: | delref pkp@0x55c9f9fba808(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:33.441523: | newref struct pubkey@0x55c9f9fba808(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.441529: | delref pkp@0x55c9f9fc00a8(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:33.441534: | preload cert/secret for connection: east Oct 31 15:24:33.441589: | trying secret PKK_RSA:AwEAAeu8z Oct 31 15:24:33.441594: | matched Oct 31 15:24:33.441597: | secrets entry for certificate already exists: east Oct 31 15:24:33.441604: | spent 0.0632 (0.0631) milliseconds in preload_private_key_by_cert() loading private key east Oct 31 15:24:33.441614: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Oct 31 15:24:33.441620: | updating connection from left.host_addr Oct 31 15:24:33.441623: | left host_port 500 Oct 31 15:24:33.441625: | updating connection from right.host_addr Oct 31 15:24:33.441628: | right host_port 500 Oct 31 15:24:33.441631: | orienting northnet-eastnets/0x2 Oct 31 15:24:33.441637: | northnet-eastnets/0x2 doesn't match 127.0.0.1:4500 at all Oct 31 15:24:33.441642: | northnet-eastnets/0x2 doesn't match 127.0.0.1:500 at all Oct 31 15:24:33.441646: | northnet-eastnets/0x2 doesn't match 192.0.2.254:4500 at all Oct 31 15:24:33.441650: | northnet-eastnets/0x2 doesn't match 192.0.2.254:500 at all Oct 31 15:24:33.441653: | northnet-eastnets/0x2 doesn't match 192.0.22.254:4500 at all Oct 31 15:24:33.441657: | northnet-eastnets/0x2 doesn't match 192.0.22.254:500 at all Oct 31 15:24:33.441661: | northnet-eastnets/0x2 doesn't match 192.1.2.23:4500 at all Oct 31 15:24:33.441664: | oriented northnet-eastnets/0x2's that Oct 31 15:24:33.441666: | swapping ends so that that is this Oct 31 15:24:33.441677: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Oct 31 15:24:33.441684: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@0x55c9f9fbb248: northnet-eastnets/0x1 Oct 31 15:24:33.441687: added IKEv2 connection "northnet-eastnets/0x2" Oct 31 15:24:33.441702: | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:33.441731: | 192.0.22.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]---192.1.2.254...192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Oct 31 15:24:33.441736: | delref logger@0x55c9f9fac678(1->0) (in add_connection() at connections.c:2026) Oct 31 15:24:33.441739: | delref fd@0x55c9f9fb5368(2->1) (in free_logger() at log.c:853) Oct 31 15:24:33.441742: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:33.441747: | delref fd@0x55c9f9fb5368(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:33.441756: | freeref fd-fd@0x55c9f9fb5368 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:33.441761: | spent 1.63 (1.65) milliseconds in whack Oct 31 15:24:33.513603: | newref struct fd@0x55c9f9fb6048(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:33.513618: | fd_accept: new fd-fd@0x55c9f9fb6048 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:33.513632: | whack: status Oct 31 15:24:33.513849: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:24:33.513855: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:24:33.514078: | FOR_EACH_STATE_... in show_states (sort_states) Oct 31 15:24:33.514092: | delref fd@0x55c9f9fb6048(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:33.514100: | freeref fd-fd@0x55c9f9fb6048 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:33.514108: | spent 0.516 (0.516) milliseconds in whack Oct 31 15:24:33.581849: | newref struct fd@0x55c9f9fb4d78(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:33.581868: | fd_accept: new fd-fd@0x55c9f9fb4d78 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:33.581881: | whack: options (impair|debug) Oct 31 15:24:33.581886: | old debugging base+cpu-usage + none Oct 31 15:24:33.581889: | new debugging = base+cpu-usage Oct 31 15:24:33.581892: | suppress-retransmits:yes Oct 31 15:24:33.581898: | delref fd@0x55c9f9fb4d78(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:33.581906: | freeref fd-fd@0x55c9f9fb4d78 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:33.581914: | spent 0.0739 (0.0735) milliseconds in whack Oct 31 15:24:35.634298: | spent 0.00319 (0.00284) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:35.634327: | newref struct msg_digest@0x55c9f9fc1958(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.634333: | newref alloc logger@0x55c9f9fbb9f8(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.634340: | *received 842 bytes from 192.1.3.33:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:24:35.634343: | 34 d5 c0 79 f1 ec a3 66 00 00 00 00 00 00 00 00 Oct 31 15:24:35.634346: | 21 20 22 08 00 00 00 00 00 00 03 4a 22 00 01 b4 Oct 31 15:24:35.634349: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Oct 31 15:24:35.634351: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Oct 31 15:24:35.634353: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Oct 31 15:24:35.634356: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Oct 31 15:24:35.634358: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Oct 31 15:24:35.634360: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Oct 31 15:24:35.634362: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Oct 31 15:24:35.634365: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Oct 31 15:24:35.634371: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Oct 31 15:24:35.634374: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Oct 31 15:24:35.634376: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Oct 31 15:24:35.634378: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Oct 31 15:24:35.634380: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Oct 31 15:24:35.634383: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Oct 31 15:24:35.634385: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:35.634387: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Oct 31 15:24:35.634390: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Oct 31 15:24:35.634392: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Oct 31 15:24:35.634394: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Oct 31 15:24:35.634396: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Oct 31 15:24:35.634398: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Oct 31 15:24:35.634401: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Oct 31 15:24:35.634403: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Oct 31 15:24:35.634405: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Oct 31 15:24:35.634407: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Oct 31 15:24:35.634409: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Oct 31 15:24:35.634411: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Oct 31 15:24:35.634414: | 28 00 01 08 00 0e 00 00 59 b6 df 64 a9 23 fe cb Oct 31 15:24:35.634416: | 39 5c 40 7c 13 e6 2c d3 bf 8a 6c a6 fa 0b 88 af Oct 31 15:24:35.634418: | e9 20 33 06 50 d4 16 34 a5 11 bb b0 c2 c8 d1 23 Oct 31 15:24:35.634420: | 62 fd af 6b aa e0 e7 f1 7a 79 f2 13 37 5c 3d fe Oct 31 15:24:35.634422: | a3 dc a5 21 47 d4 95 52 08 d1 a8 b3 46 15 cc 43 Oct 31 15:24:35.634424: | 0b 8e 2e 55 f3 ca 51 a1 a2 1d 8f a1 15 cc 43 8a Oct 31 15:24:35.634426: | d7 e9 91 11 e8 d5 41 3e b2 87 d8 e7 9a 4b 0e 4e Oct 31 15:24:35.634428: | d5 a0 e7 36 b5 94 0e 9c 43 ac 29 75 df 3c 95 87 Oct 31 15:24:35.634430: | 64 ae 0d 7c b3 6f c2 35 12 5f 00 a4 b2 06 1c 18 Oct 31 15:24:35.634433: | ba fa ad af cc 65 e5 cb c3 e0 6a 8a 69 a8 17 2a Oct 31 15:24:35.634435: | d7 78 01 12 4a 98 e3 ec 49 b2 99 b6 6a 29 ea d2 Oct 31 15:24:35.634437: | 86 ec fb b3 59 e6 70 14 5a 7a 4e 75 80 28 72 9b Oct 31 15:24:35.634439: | ad a9 08 d4 50 a3 81 65 d1 26 f9 7c 5f db 68 19 Oct 31 15:24:35.634441: | 09 c7 a3 ce 68 5d 12 c1 8d 30 53 3c 44 36 bc d1 Oct 31 15:24:35.634443: | 3a 29 a3 dc 7b 0d 12 21 e5 9f ed 5d cf b8 38 7e Oct 31 15:24:35.634445: | 5b 55 c3 57 11 70 9c da 5e 31 53 c7 35 2f 16 52 Oct 31 15:24:35.634448: | 8e df 95 d1 8a ff 23 24 29 00 00 24 0d 4e f3 27 Oct 31 15:24:35.634450: | a7 5f 36 3d 55 51 c4 7c 33 c0 7f be 11 9d ef 07 Oct 31 15:24:35.634452: | 22 eb 50 68 4e 77 34 92 02 55 ad 93 29 00 00 08 Oct 31 15:24:35.634454: | 00 00 40 2e 29 00 00 0e 00 00 40 2f 00 02 00 03 Oct 31 15:24:35.634456: | 00 04 29 00 00 1c 00 00 40 04 08 88 70 d1 87 9f Oct 31 15:24:35.634458: | f7 20 31 63 8a 38 a0 c5 ea a6 8c cb 3e 3f 00 00 Oct 31 15:24:35.634461: | 00 1c 00 00 40 05 97 3f 8d 3b ce 26 2b f4 a3 92 Oct 31 15:24:35.634463: | 1e ef 2d 8e b7 5e e5 ee d9 1f Oct 31 15:24:35.634470: | **parse ISAKMP Message: Oct 31 15:24:35.634475: | initiator SPI: 34 d5 c0 79 f1 ec a3 66 Oct 31 15:24:35.634480: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:24:35.634483: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:24:35.634486: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.634488: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:24:35.634492: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:35.634496: | Message ID: 0 (00 00 00 00) Oct 31 15:24:35.634499: | length: 842 (00 00 03 4a) Oct 31 15:24:35.634501: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Oct 31 15:24:35.634508: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Oct 31 15:24:35.634511: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Oct 31 15:24:35.634515: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:24:35.634519: | ***parse IKEv2 Security Association Payload: Oct 31 15:24:35.634521: | next payload type: ISAKMP_NEXT_v2KE (0x22) Oct 31 15:24:35.634523: | flags: none (0x0) Oct 31 15:24:35.634526: | length: 436 (01 b4) Oct 31 15:24:35.634528: | processing payload: ISAKMP_NEXT_v2SA (len=432) Oct 31 15:24:35.634531: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Oct 31 15:24:35.634533: | ***parse IKEv2 Key Exchange Payload: Oct 31 15:24:35.634536: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Oct 31 15:24:35.634538: | flags: none (0x0) Oct 31 15:24:35.634541: | length: 264 (01 08) Oct 31 15:24:35.634543: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.634546: | processing payload: ISAKMP_NEXT_v2KE (len=256) Oct 31 15:24:35.634548: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Oct 31 15:24:35.634551: | ***parse IKEv2 Nonce Payload: Oct 31 15:24:35.634553: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:35.634555: | flags: none (0x0) Oct 31 15:24:35.634558: | length: 36 (00 24) Oct 31 15:24:35.634560: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Oct 31 15:24:35.634562: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:35.634565: | ***parse IKEv2 Notify Payload: Oct 31 15:24:35.634567: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:35.634569: | flags: none (0x0) Oct 31 15:24:35.634571: | length: 8 (00 08) Oct 31 15:24:35.634574: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:35.634576: | SPI size: 0 (00) Oct 31 15:24:35.634579: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:24:35.634581: | processing payload: ISAKMP_NEXT_v2N (len=0) Oct 31 15:24:35.634584: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:35.634586: | ***parse IKEv2 Notify Payload: Oct 31 15:24:35.634588: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:35.634590: | flags: none (0x0) Oct 31 15:24:35.634593: | length: 14 (00 0e) Oct 31 15:24:35.634595: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:35.634598: | SPI size: 0 (00) Oct 31 15:24:35.634600: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f) Oct 31 15:24:35.634602: | processing payload: ISAKMP_NEXT_v2N (len=6) Oct 31 15:24:35.634604: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:35.634607: | ***parse IKEv2 Notify Payload: Oct 31 15:24:35.634609: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:35.634611: | flags: none (0x0) Oct 31 15:24:35.634614: | length: 28 (00 1c) Oct 31 15:24:35.634616: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:35.634619: | SPI size: 0 (00) Oct 31 15:24:35.634621: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:24:35.634624: | processing payload: ISAKMP_NEXT_v2N (len=20) Oct 31 15:24:35.634626: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:35.634629: | ***parse IKEv2 Notify Payload: Oct 31 15:24:35.634631: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.634633: | flags: none (0x0) Oct 31 15:24:35.634636: | length: 28 (00 1c) Oct 31 15:24:35.634638: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:35.634640: | SPI size: 0 (00) Oct 31 15:24:35.634642: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:24:35.634644: | processing payload: ISAKMP_NEXT_v2N (len=20) Oct 31 15:24:35.634647: | DDOS disabled and no cookie sent, continuing Oct 31 15:24:35.634650: | looking for message matching transition from STATE_PARENT_R0 Oct 31 15:24:35.634652: | trying Respond to IKE_SA_INIT Oct 31 15:24:35.634654: | matched unencrypted message Oct 31 15:24:35.634660: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Oct 31 15:24:35.634671: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Oct 31 15:24:35.634674: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Oct 31 15:24:35.634677: | found policy = RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 (northnet-eastnets/0x2) Oct 31 15:24:35.634680: | find_next_host_connection returns "northnet-eastnets/0x2" Oct 31 15:24:35.634682: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Oct 31 15:24:35.634685: | found policy = RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 (northnet-eastnets/0x1) Oct 31 15:24:35.634687: | find_next_host_connection returns "northnet-eastnets/0x1" Oct 31 15:24:35.634690: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Oct 31 15:24:35.634692: | find_next_host_connection returns Oct 31 15:24:35.634694: | found connection: "northnet-eastnets/0x2" with policy ECDSA+IKEV2_ALLOW Oct 31 15:24:35.634718: | newref alloc logger@0x55c9f9f9fa08(0->1) (in new_state() at state.c:576) Oct 31 15:24:35.634722: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:24:35.634725: | creating state object #1 at 0x55c9f9fc3168 Oct 31 15:24:35.634728: | State DB: adding IKEv2 state #1 in UNDEFINED Oct 31 15:24:35.634738: | pstats #1 ikev2.ike started Oct 31 15:24:35.634742: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Oct 31 15:24:35.634824: | #1.st_v2_transition NULL -> PARENT_R0->PARENT_R1 (in new_v2_ike_state() at state.c:620) Oct 31 15:24:35.634909: | Message ID: IKE #1 initializing (IKE SA): ike.initiator.sent=0->-1 ike.initiator.recv=0->-1 ike.initiator.last_contact=0->744550.067625 ike.responder.sent=0->-1 ike.responder.recv=0->-1 ike.responder.last_contact=0->744550.067625 ike.wip.initiator=0->-1 ike.wip.responder=0->-1 Oct 31 15:24:35.634917: | orienting northnet-eastnets/0x2 Oct 31 15:24:35.634922: | northnet-eastnets/0x2 doesn't match 127.0.0.1:4500 at all Oct 31 15:24:35.634926: | northnet-eastnets/0x2 doesn't match 127.0.0.1:500 at all Oct 31 15:24:35.634930: | northnet-eastnets/0x2 doesn't match 192.0.2.254:4500 at all Oct 31 15:24:35.634933: | northnet-eastnets/0x2 doesn't match 192.0.2.254:500 at all Oct 31 15:24:35.634936: | northnet-eastnets/0x2 doesn't match 192.0.22.254:4500 at all Oct 31 15:24:35.634940: | northnet-eastnets/0x2 doesn't match 192.0.22.254:500 at all Oct 31 15:24:35.634943: | northnet-eastnets/0x2 doesn't match 192.1.2.23:4500 at all Oct 31 15:24:35.634946: | oriented northnet-eastnets/0x2's this Oct 31 15:24:35.634954: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1758) Oct 31 15:24:35.634961: | Message ID: IKE #1 responder starting message request 0: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744550.067625 ike.wip.initiator=-1 ike.wip.responder=-1->0 Oct 31 15:24:35.634964: | calling processor Respond to IKE_SA_INIT Oct 31 15:24:35.634975: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2631) Oct 31 15:24:35.634979: | constructing local IKE proposals for northnet-eastnets/0x2 (IKE SA responder matching remote proposals) Oct 31 15:24:35.635061: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:35.635075: | ... ikev2_proposal: 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:35.635080: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:35.635086: | ... ikev2_proposal: 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:35.635090: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:35.635173: | ... ikev2_proposal: 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:35.635180: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:35.635187: | ... ikev2_proposal: 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:35.635191: "northnet-eastnets/0x2": local IKE proposals (IKE SA responder matching remote proposals): Oct 31 15:24:35.635197: "northnet-eastnets/0x2": 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:35.635212: "northnet-eastnets/0x2": 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:35.635218: "northnet-eastnets/0x2": 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:35.635223: "northnet-eastnets/0x2": 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:35.635226: | comparing remote proposals against IKE responder 4 local proposals Oct 31 15:24:35.635230: | local proposal 1 type ENCR has 1 transforms Oct 31 15:24:35.635233: | local proposal 1 type PRF has 2 transforms Oct 31 15:24:35.635235: | local proposal 1 type INTEG has 1 transforms Oct 31 15:24:35.635238: | local proposal 1 type DH has 8 transforms Oct 31 15:24:35.635240: | local proposal 1 type ESN has 0 transforms Oct 31 15:24:35.635243: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Oct 31 15:24:35.635246: | local proposal 2 type ENCR has 1 transforms Oct 31 15:24:35.635248: | local proposal 2 type PRF has 2 transforms Oct 31 15:24:35.635250: | local proposal 2 type INTEG has 1 transforms Oct 31 15:24:35.635252: | local proposal 2 type DH has 8 transforms Oct 31 15:24:35.635254: | local proposal 2 type ESN has 0 transforms Oct 31 15:24:35.635257: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Oct 31 15:24:35.635260: | local proposal 3 type ENCR has 1 transforms Oct 31 15:24:35.635262: | local proposal 3 type PRF has 2 transforms Oct 31 15:24:35.635264: | local proposal 3 type INTEG has 2 transforms Oct 31 15:24:35.635266: | local proposal 3 type DH has 8 transforms Oct 31 15:24:35.635268: | local proposal 3 type ESN has 0 transforms Oct 31 15:24:35.635271: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Oct 31 15:24:35.635273: | local proposal 4 type ENCR has 1 transforms Oct 31 15:24:35.635275: | local proposal 4 type PRF has 2 transforms Oct 31 15:24:35.635278: | local proposal 4 type INTEG has 2 transforms Oct 31 15:24:35.635280: | local proposal 4 type DH has 8 transforms Oct 31 15:24:35.635282: | local proposal 4 type ESN has 0 transforms Oct 31 15:24:35.635285: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Oct 31 15:24:35.635289: | ****parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.635292: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.635295: | length: 100 (00 64) Oct 31 15:24:35.635298: | prop #: 1 (01) Oct 31 15:24:35.635300: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:35.635305: | spi size: 0 (00) Oct 31 15:24:35.635309: | # transforms: 11 (0b) Oct 31 15:24:35.635312: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals Oct 31 15:24:35.635315: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635318: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635321: | length: 12 (00 0c) Oct 31 15:24:35.635325: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.635327: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:35.635330: | ******parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.635333: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.635336: | length/value: 256 (01 00) Oct 31 15:24:35.635340: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:24:35.635344: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635346: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635349: | length: 8 (00 08) Oct 31 15:24:35.635351: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:35.635354: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:35.635357: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Oct 31 15:24:35.635360: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0 Oct 31 15:24:35.635363: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0 Oct 31 15:24:35.635366: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0 Oct 31 15:24:35.635369: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635371: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635374: | length: 8 (00 08) Oct 31 15:24:35.635377: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:35.635379: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:35.635382: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635384: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635387: | length: 8 (00 08) Oct 31 15:24:35.635390: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.635392: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.635396: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Oct 31 15:24:35.635399: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Oct 31 15:24:35.635402: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Oct 31 15:24:35.635405: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Oct 31 15:24:35.635408: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635411: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635414: | length: 8 (00 08) Oct 31 15:24:35.635416: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.635419: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:35.635422: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635425: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635428: | length: 8 (00 08) Oct 31 15:24:35.635431: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.635433: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:35.635436: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635438: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635442: | length: 8 (00 08) Oct 31 15:24:35.635444: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.635447: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:35.635451: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635456: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635460: | length: 8 (00 08) Oct 31 15:24:35.635462: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.635465: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:35.635468: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635471: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635474: | length: 8 (00 08) Oct 31 15:24:35.635476: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.635481: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:35.635485: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635487: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635493: | length: 8 (00 08) Oct 31 15:24:35.635496: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.635499: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:35.635502: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635505: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.635508: | length: 8 (00 08) Oct 31 15:24:35.635510: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.635514: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:35.635520: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Oct 31 15:24:35.635525: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Oct 31 15:24:35.635528: | remote proposal 1 matches local proposal 1 Oct 31 15:24:35.635531: | ****parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.635534: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.635537: | length: 100 (00 64) Oct 31 15:24:35.635540: | prop #: 2 (02) Oct 31 15:24:35.635542: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:35.635544: | spi size: 0 (00) Oct 31 15:24:35.635547: | # transforms: 11 (0b) Oct 31 15:24:35.635550: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:35.635556: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635559: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635562: | length: 12 (00 0c) Oct 31 15:24:35.635564: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.635566: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:35.635572: | ******parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.635575: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.635578: | length/value: 128 (00 80) Oct 31 15:24:35.635581: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635584: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635587: | length: 8 (00 08) Oct 31 15:24:35.635590: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:35.635592: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:35.635595: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635598: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635601: | length: 8 (00 08) Oct 31 15:24:35.635604: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:35.635606: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:35.635609: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635612: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635615: | length: 8 (00 08) Oct 31 15:24:35.635618: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.635620: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.635623: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635625: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635628: | length: 8 (00 08) Oct 31 15:24:35.635631: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.635633: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:35.635636: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635639: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635642: | length: 8 (00 08) Oct 31 15:24:35.635645: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.635648: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:35.635651: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635654: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635660: | length: 8 (00 08) Oct 31 15:24:35.635665: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.635668: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:35.635672: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635674: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635677: | length: 8 (00 08) Oct 31 15:24:35.635683: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.635685: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:35.635689: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635691: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635694: | length: 8 (00 08) Oct 31 15:24:35.635697: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.635699: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:35.635703: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635706: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635709: | length: 8 (00 08) Oct 31 15:24:35.635712: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.635715: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:35.635718: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635724: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.635727: | length: 8 (00 08) Oct 31 15:24:35.635733: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.635735: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:35.635739: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH Oct 31 15:24:35.635743: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH Oct 31 15:24:35.635746: | ****parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.635749: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.635752: | length: 116 (00 74) Oct 31 15:24:35.635755: | prop #: 3 (03) Oct 31 15:24:35.635757: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:35.635760: | spi size: 0 (00) Oct 31 15:24:35.635763: | # transforms: 13 (0d) Oct 31 15:24:35.635767: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:35.635769: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635772: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635775: | length: 12 (00 0c) Oct 31 15:24:35.635777: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.635780: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:35.635783: | ******parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.635785: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.635853: | length/value: 256 (01 00) Oct 31 15:24:35.635862: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635865: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635869: | length: 8 (00 08) Oct 31 15:24:35.635872: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:35.635874: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:35.635884: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635886: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635889: | length: 8 (00 08) Oct 31 15:24:35.635891: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:35.635894: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:35.635897: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635899: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635903: | length: 8 (00 08) Oct 31 15:24:35.635906: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.635908: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:35.635911: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635914: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635917: | length: 8 (00 08) Oct 31 15:24:35.635920: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.635925: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:35.635928: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635931: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635934: | length: 8 (00 08) Oct 31 15:24:35.635937: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.635939: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.635942: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635945: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635948: | length: 8 (00 08) Oct 31 15:24:35.635951: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.635954: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:35.635957: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635960: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635963: | length: 8 (00 08) Oct 31 15:24:35.635966: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.635969: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:35.635973: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635975: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635978: | length: 8 (00 08) Oct 31 15:24:35.635981: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.635984: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:35.635987: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.635989: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.635993: | length: 8 (00 08) Oct 31 15:24:35.635995: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.635997: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:35.636000: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.636003: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.636006: | length: 8 (00 08) Oct 31 15:24:35.636009: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.636012: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:35.636015: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.636018: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.636021: | length: 8 (00 08) Oct 31 15:24:35.636024: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.636027: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:35.636097: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.636103: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.636107: | length: 8 (00 08) Oct 31 15:24:35.636110: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.636112: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:35.636117: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Oct 31 15:24:35.636121: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Oct 31 15:24:35.636124: | ****parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.636126: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:35.636130: | length: 116 (00 74) Oct 31 15:24:35.636133: | prop #: 4 (04) Oct 31 15:24:35.636135: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:35.636144: | spi size: 0 (00) Oct 31 15:24:35.636147: | # transforms: 13 (0d) Oct 31 15:24:35.636151: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:35.636154: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.636157: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.636160: | length: 12 (00 0c) Oct 31 15:24:35.636162: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.636165: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:35.636168: | ******parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.636170: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.636173: | length/value: 128 (00 80) Oct 31 15:24:35.636181: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.636184: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.636188: | length: 8 (00 08) Oct 31 15:24:35.636190: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:35.636193: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:35.636196: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.636227: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.636237: | length: 8 (00 08) Oct 31 15:24:35.636241: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:35.636244: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:35.636249: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.636251: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.636259: | length: 8 (00 08) Oct 31 15:24:35.636262: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.636264: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:35.636268: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.636270: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.636273: | length: 8 (00 08) Oct 31 15:24:35.636276: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.636278: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:35.636282: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.636288: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.636292: | length: 8 (00 08) Oct 31 15:24:35.636297: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.636300: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.636303: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.636305: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.636308: | length: 8 (00 08) Oct 31 15:24:35.636311: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.636313: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:35.636316: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.636319: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.636323: | length: 8 (00 08) Oct 31 15:24:35.636328: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.636331: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:35.636334: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.636337: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.636340: | length: 8 (00 08) Oct 31 15:24:35.636342: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.636344: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:35.636346: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.636349: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.636351: | length: 8 (00 08) Oct 31 15:24:35.636356: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.636358: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:35.636361: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.636367: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.636370: | length: 8 (00 08) Oct 31 15:24:35.636372: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.636374: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:35.636377: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.636379: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.636382: | length: 8 (00 08) Oct 31 15:24:35.636384: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.636386: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:35.636388: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.636390: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.636393: | length: 8 (00 08) Oct 31 15:24:35.636395: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.636397: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:35.636404: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Oct 31 15:24:35.636407: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Oct 31 15:24:35.636414: "northnet-eastnets/0x2" #1: proposal 1:IKE=AES_GCM_C_256-HMAC_SHA2_512-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 Oct 31 15:24:35.636419: | accepted IKE proposal ikev2_proposal: 1:IKE=AES_GCM_C_256-HMAC_SHA2_512-MODP2048 Oct 31 15:24:35.636421: | converting proposal to internal trans attrs Oct 31 15:24:35.636428: | nat: IKE.SPIr is zero Oct 31 15:24:35.636446: | natd_hash: hasher=0x55c9f9758f80(20) Oct 31 15:24:35.636449: | natd_hash: icookie= Oct 31 15:24:35.636451: | 34 d5 c0 79 f1 ec a3 66 Oct 31 15:24:35.636453: | natd_hash: rcookie= Oct 31 15:24:35.636455: | 00 00 00 00 00 00 00 00 Oct 31 15:24:35.636457: | natd_hash: ip= Oct 31 15:24:35.636459: | c0 01 02 17 Oct 31 15:24:35.636462: | natd_hash: port= Oct 31 15:24:35.636463: | 01 f4 Oct 31 15:24:35.636465: | natd_hash: hash= Oct 31 15:24:35.636468: | 97 3f 8d 3b ce 26 2b f4 a3 92 1e ef 2d 8e b7 5e Oct 31 15:24:35.636470: | e5 ee d9 1f Oct 31 15:24:35.636472: | nat: IKE.SPIr is zero Oct 31 15:24:35.636479: | natd_hash: hasher=0x55c9f9758f80(20) Oct 31 15:24:35.636482: | natd_hash: icookie= Oct 31 15:24:35.636484: | 34 d5 c0 79 f1 ec a3 66 Oct 31 15:24:35.636485: | natd_hash: rcookie= Oct 31 15:24:35.636487: | 00 00 00 00 00 00 00 00 Oct 31 15:24:35.636489: | natd_hash: ip= Oct 31 15:24:35.636491: | c0 01 03 21 Oct 31 15:24:35.636493: | natd_hash: port= Oct 31 15:24:35.636495: | 01 f4 Oct 31 15:24:35.636497: | natd_hash: hash= Oct 31 15:24:35.636500: | 08 88 70 d1 87 9f f7 20 31 63 8a 38 a0 c5 ea a6 Oct 31 15:24:35.636502: | 8c cb 3e 3f Oct 31 15:24:35.636505: | NAT_TRAVERSAL encaps using auto-detect Oct 31 15:24:35.636507: | NAT_TRAVERSAL this end is NOT behind NAT Oct 31 15:24:35.636509: | NAT_TRAVERSAL that end is NOT behind NAT Oct 31 15:24:35.636513: | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.33 Oct 31 15:24:35.636516: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:35.636518: | hash algorithm identifier (network ordered) Oct 31 15:24:35.636520: | 00 02 Oct 31 15:24:35.636523: | received HASH_ALGORITHM_SHA2_256 which is allowed by local policy Oct 31 15:24:35.636525: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:35.636527: | hash algorithm identifier (network ordered) Oct 31 15:24:35.636529: | 00 03 Oct 31 15:24:35.636531: | received HASH_ALGORITHM_SHA2_384 which is allowed by local policy Oct 31 15:24:35.636533: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:35.636535: | hash algorithm identifier (network ordered) Oct 31 15:24:35.636537: | 00 04 Oct 31 15:24:35.636539: | received HASH_ALGORITHM_SHA2_512 which is allowed by local policy Oct 31 15:24:35.636667: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:35.636672: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:35.636676: | newref clone logger@0x55c9f9f9fd18(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:35.636679: | job 1 for #1: ikev2_inI1outR1 KE (build KE and nonce): adding job to queue Oct 31 15:24:35.636684: | state #1 has no .st_event to delete Oct 31 15:24:35.636687: | #1 STATE_PARENT_R0: retransmits: cleared Oct 31 15:24:35.636690: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55c9f9fbff28 Oct 31 15:24:35.636693: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:35.636697: | libevent_malloc: newref ptr-libevent@0x55c9f9fb5738 size 128 Oct 31 15:24:35.636715: | #1 spent 1.35 (1.74) milliseconds in processing: Respond to IKE_SA_INIT in v2_dispatch() Oct 31 15:24:35.636722: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.636724: | job 1 for #1: ikev2_inI1outR1 KE (build KE and nonce): helper 1 starting job Oct 31 15:24:35.639006: | "northnet-eastnets/0x2" #1: spent 1.9 (2.28) milliseconds in helper 1 processing job 1 for state #1: ikev2_inI1outR1 KE (pcr) Oct 31 15:24:35.639024: | job 1 for #1: ikev2_inI1outR1 KE (build KE and nonce): helper thread 1 sending result back to state Oct 31 15:24:35.639029: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:35.639033: | libevent_malloc: newref ptr-libevent@0x7f97d0006108 size 128 Oct 31 15:24:35.639042: | helper thread 1 has nothing to do Oct 31 15:24:35.636726: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Oct 31 15:24:35.639056: | suspending state #1 and saving MD 0x55c9f9fc1958 Oct 31 15:24:35.639060: | addref md@0x55c9f9fc1958(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:35.639063: | #1 is busy; has suspended MD 0x55c9f9fc1958 Oct 31 15:24:35.639072: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1760) Oct 31 15:24:35.639079: | #1 spent 1.95 (4.8) milliseconds in ikev2_process_packet() Oct 31 15:24:35.639083: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:35.639086: | delref mdp@0x55c9f9fc1958(2->1) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.639090: | spent 1.96 (4.81) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:35.639103: | processing resume sending helper answer back to state for #1 Oct 31 15:24:35.639109: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:24:35.639114: | unsuspending #1 MD 0x55c9f9fc1958 Oct 31 15:24:35.639118: | job 1 for #1: ikev2_inI1outR1 KE (build KE and nonce): processing response from helper 1 Oct 31 15:24:35.639121: | job 1 for #1: ikev2_inI1outR1 KE (build KE and nonce): calling continuation function 0x55c9f9666fe7 Oct 31 15:24:35.639124: | ikev2_parent_inI1outR1_continue() for #1 STATE_PARENT_R0: calculated ke+nonce, sending R1 Oct 31 15:24:35.639237: | opening output PBS reply packet Oct 31 15:24:35.639248: | **emit ISAKMP Message: Oct 31 15:24:35.639254: | initiator SPI: 34 d5 c0 79 f1 ec a3 66 Oct 31 15:24:35.639258: | responder SPI: e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.639261: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:35.639264: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.639267: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:24:35.639271: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:35.639275: | Message ID: 0 (00 00 00 00) Oct 31 15:24:35.639278: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:35.639282: | emitting ikev2_proposal ... Oct 31 15:24:35.639285: | ***emit IKEv2 Security Association Payload: Oct 31 15:24:35.639287: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.639290: | flags: none (0x0) Oct 31 15:24:35.639293: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:35.639296: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.639377: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.639381: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:35.639384: | prop #: 1 (01) Oct 31 15:24:35.639387: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:35.639391: | spi size: 0 (00) Oct 31 15:24:35.639394: | # transforms: 3 (03) Oct 31 15:24:35.639397: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:35.639401: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.639403: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.639406: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.639411: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:35.639415: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.639419: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.639421: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.639425: | length/value: 256 (01 00) Oct 31 15:24:35.639428: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:35.639431: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.639434: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.639437: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:35.639440: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:35.639443: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.639446: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.639449: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.639452: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.639454: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.639457: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.639526: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.639532: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.639535: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.639539: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.639541: | emitting length of IKEv2 Proposal Substructure Payload: 36 Oct 31 15:24:35.639544: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:35.639547: | emitting length of IKEv2 Security Association Payload: 40 Oct 31 15:24:35.639549: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:35.639555: | DH secret MODP2048@0x7f97d0006ba8: transferring ownership from helper KE to state #1 Oct 31 15:24:35.639560: | ***emit IKEv2 Key Exchange Payload: Oct 31 15:24:35.639564: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.639567: | flags: none (0x0) Oct 31 15:24:35.639569: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.639572: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Oct 31 15:24:35.639575: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.639579: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Oct 31 15:24:35.639581: | ikev2 g^x: Oct 31 15:24:35.639584: | 53 9d 83 a1 f4 0d 1c d7 81 ca ee c8 0a 0a c9 9a Oct 31 15:24:35.639588: | 9f 17 59 52 f4 7d 19 48 b4 af 59 8c 55 bb ab 27 Oct 31 15:24:35.639591: | 7b c8 63 42 d3 12 15 56 b4 19 b9 73 b0 17 56 72 Oct 31 15:24:35.639593: | d0 ad 37 38 e4 07 ed aa 12 68 4b b7 48 e7 3a f8 Oct 31 15:24:35.639595: | d3 31 2e 67 84 ac 62 3e fe ca 2a 60 5e f1 5d e0 Oct 31 15:24:35.639597: | 40 20 2d 67 43 3e f1 5c 41 ff bf 24 0e 2d 72 11 Oct 31 15:24:35.639599: | 6d b2 d2 b9 8a 03 51 51 ba 7e 08 f1 33 8e 7e c5 Oct 31 15:24:35.639601: | ff 72 6e ae 27 1a 72 54 da 33 4e 62 75 82 73 38 Oct 31 15:24:35.639603: | 5b 05 d3 7a 67 5d 7d 72 f4 7a 06 03 2b b4 1b fb Oct 31 15:24:35.639605: | 58 fa ee 0c a4 8c ed 72 3f 95 85 eb e5 02 29 0e Oct 31 15:24:35.639608: | 20 36 65 34 24 25 98 9c 76 02 7c a0 06 73 32 56 Oct 31 15:24:35.639609: | ba 6a a7 43 7e 03 56 a2 dc fa a4 69 21 9f 9f ab Oct 31 15:24:35.639611: | 0b d8 1f 32 99 f9 4d f6 94 6c 7d b4 aa 6d a9 c7 Oct 31 15:24:35.639613: | b8 f1 77 03 72 f9 11 0b 8f 5c 19 d9 45 35 71 46 Oct 31 15:24:35.639615: | 29 06 b9 7d b5 fb 40 b9 43 f9 ae 25 3a 9a b4 92 Oct 31 15:24:35.639617: | e0 91 8e 36 4d bf d8 36 e6 4d a8 b5 55 50 4f 71 Oct 31 15:24:35.639620: | emitting length of IKEv2 Key Exchange Payload: 264 Oct 31 15:24:35.639623: | ***emit IKEv2 Nonce Payload: Oct 31 15:24:35.639625: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.639627: | flags: none (0x0) Oct 31 15:24:35.639630: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Oct 31 15:24:35.639632: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.639635: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Oct 31 15:24:35.639638: | IKEv2 nonce: Oct 31 15:24:35.639640: | bc b8 26 01 02 50 0a ed 0b 34 2b 38 7d 64 ed 90 Oct 31 15:24:35.639642: | fa 41 21 33 72 16 4e 33 03 6e 3f 9b 59 a7 57 65 Oct 31 15:24:35.639645: | emitting length of IKEv2 Nonce Payload: 36 Oct 31 15:24:35.639649: | adding a v2N Payload Oct 31 15:24:35.639652: | ***emit IKEv2 Notify Payload: Oct 31 15:24:35.639654: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.639657: | flags: none (0x0) Oct 31 15:24:35.639659: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:35.639662: | SPI size: 0 (00) Oct 31 15:24:35.639664: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:24:35.639667: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:35.639669: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.639672: | emitting length of IKEv2 Notify Payload: 8 Oct 31 15:24:35.639674: | adding a v2N Payload Oct 31 15:24:35.639676: | ***emit IKEv2 Notify Payload: Oct 31 15:24:35.639678: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.639681: | flags: none (0x0) Oct 31 15:24:35.639683: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:35.639685: | SPI size: 0 (00) Oct 31 15:24:35.639688: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f) Oct 31 15:24:35.639690: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:35.639693: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.639696: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256 into IKEv2 Notify Payload Oct 31 15:24:35.639699: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256: 00 02 Oct 31 15:24:35.639701: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384 into IKEv2 Notify Payload Oct 31 15:24:35.639704: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384: 00 03 Oct 31 15:24:35.639706: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512 into IKEv2 Notify Payload Oct 31 15:24:35.639710: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512: 00 04 Oct 31 15:24:35.639712: | emitting length of IKEv2 Notify Payload: 14 Oct 31 15:24:35.639715: | NAT-Traversal support [enabled] add v2N payloads. Oct 31 15:24:35.639733: | natd_hash: hasher=0x55c9f9758f80(20) Oct 31 15:24:35.639736: | natd_hash: icookie= Oct 31 15:24:35.639738: | 34 d5 c0 79 f1 ec a3 66 Oct 31 15:24:35.639740: | natd_hash: rcookie= Oct 31 15:24:35.639742: | e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.639744: | natd_hash: ip= Oct 31 15:24:35.639746: | c0 01 02 17 Oct 31 15:24:35.639748: | natd_hash: port= Oct 31 15:24:35.639751: | 01 f4 Oct 31 15:24:35.639753: | natd_hash: hash= Oct 31 15:24:35.639755: | dc ff ec 88 4d c1 77 04 df f6 26 a3 04 56 a7 d8 Oct 31 15:24:35.639757: | 9b 1f d8 4d Oct 31 15:24:35.639759: | adding a v2N Payload Oct 31 15:24:35.639761: | ***emit IKEv2 Notify Payload: Oct 31 15:24:35.639764: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.639766: | flags: none (0x0) Oct 31 15:24:35.639768: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:35.639771: | SPI size: 0 (00) Oct 31 15:24:35.639773: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:24:35.639777: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:35.639779: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.639782: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:35.639785: | Notify data: Oct 31 15:24:35.639787: | dc ff ec 88 4d c1 77 04 df f6 26 a3 04 56 a7 d8 Oct 31 15:24:35.639789: | 9b 1f d8 4d Oct 31 15:24:35.639791: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:35.639799: | natd_hash: hasher=0x55c9f9758f80(20) Oct 31 15:24:35.639801: | natd_hash: icookie= Oct 31 15:24:35.639803: | 34 d5 c0 79 f1 ec a3 66 Oct 31 15:24:35.639805: | natd_hash: rcookie= Oct 31 15:24:35.639807: | e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.639809: | natd_hash: ip= Oct 31 15:24:35.639811: | c0 01 03 21 Oct 31 15:24:35.639813: | natd_hash: port= Oct 31 15:24:35.639815: | 01 f4 Oct 31 15:24:35.639817: | natd_hash: hash= Oct 31 15:24:35.639819: | 6c c7 74 cc f9 c0 7c fc dc 15 c6 6a b3 b7 9b 8d Oct 31 15:24:35.639822: | ca 7f 24 83 Oct 31 15:24:35.639824: | adding a v2N Payload Oct 31 15:24:35.639827: | ***emit IKEv2 Notify Payload: Oct 31 15:24:35.639829: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.639832: | flags: none (0x0) Oct 31 15:24:35.639834: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:35.639837: | SPI size: 0 (00) Oct 31 15:24:35.639839: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:24:35.639842: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:35.639845: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.639848: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:35.639850: | Notify data: Oct 31 15:24:35.639852: | 6c c7 74 cc f9 c0 7c fc dc 15 c6 6a b3 b7 9b 8d Oct 31 15:24:35.639854: | ca 7f 24 83 Oct 31 15:24:35.639856: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:35.639858: | going to send a certreq Oct 31 15:24:35.639861: | connection->kind is CK_PERMANENT so send CERTREQ Oct 31 15:24:35.639863: | ***emit IKEv2 Certificate Request Payload: Oct 31 15:24:35.639866: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.639868: | flags: none (0x0) Oct 31 15:24:35.639871: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Oct 31 15:24:35.639873: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Certificate Request Payload (38:ISAKMP_NEXT_v2CERTREQ) Oct 31 15:24:35.639876: | next payload chain: saving location 'IKEv2 Certificate Request Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.640918: | located CA cert E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA for CERTREQ Oct 31 15:24:35.640940: | emitting 20 raw bytes of CA cert public key hash into IKEv2 Certificate Request Payload Oct 31 15:24:35.640944: | CA cert public key hash: Oct 31 15:24:35.640946: | de 91 76 61 50 ac 79 0d 0f 60 83 8c a3 c3 15 48 Oct 31 15:24:35.640949: | d1 1f d2 d2 Oct 31 15:24:35.640952: | emitting length of IKEv2 Certificate Request Payload: 25 Oct 31 15:24:35.640955: | emitting length of ISAKMP Message: 471 Oct 31 15:24:35.640965: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.640970: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Oct 31 15:24:35.640973: | transitioning from state STATE_PARENT_R0 to state STATE_PARENT_R1 Oct 31 15:24:35.640975: | Message ID: updating counters for #1 Oct 31 15:24:35.640984: | Message ID: IKE #1 updating responder received message request 0: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=-1 ike.responder.recv=-1->0 ike.responder.last_contact=744550.067625->744550.073774 ike.wip.initiator=-1 ike.wip.responder=0->-1 Oct 31 15:24:35.640991: | Message ID: IKE #1 updating responder sent message response 0: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=-1->0 ike.responder.recv=0 ike.responder.last_contact=744550.073774 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:35.640998: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744550.073774 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:35.641002: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Oct 31 15:24:35.641004: | announcing the state transition Oct 31 15:24:35.641011: "northnet-eastnets/0x2" #1: sent IKE_SA_INIT reply {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Oct 31 15:24:35.641023: | sending 471 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:35.641026: | 34 d5 c0 79 f1 ec a3 66 e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.641028: | 21 20 22 20 00 00 00 00 00 00 01 d7 22 00 00 28 Oct 31 15:24:35.641030: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Oct 31 15:24:35.641032: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Oct 31 15:24:35.641035: | 04 00 00 0e 28 00 01 08 00 0e 00 00 53 9d 83 a1 Oct 31 15:24:35.641037: | f4 0d 1c d7 81 ca ee c8 0a 0a c9 9a 9f 17 59 52 Oct 31 15:24:35.641039: | f4 7d 19 48 b4 af 59 8c 55 bb ab 27 7b c8 63 42 Oct 31 15:24:35.641041: | d3 12 15 56 b4 19 b9 73 b0 17 56 72 d0 ad 37 38 Oct 31 15:24:35.641043: | e4 07 ed aa 12 68 4b b7 48 e7 3a f8 d3 31 2e 67 Oct 31 15:24:35.641045: | 84 ac 62 3e fe ca 2a 60 5e f1 5d e0 40 20 2d 67 Oct 31 15:24:35.641047: | 43 3e f1 5c 41 ff bf 24 0e 2d 72 11 6d b2 d2 b9 Oct 31 15:24:35.641049: | 8a 03 51 51 ba 7e 08 f1 33 8e 7e c5 ff 72 6e ae Oct 31 15:24:35.641051: | 27 1a 72 54 da 33 4e 62 75 82 73 38 5b 05 d3 7a Oct 31 15:24:35.641053: | 67 5d 7d 72 f4 7a 06 03 2b b4 1b fb 58 fa ee 0c Oct 31 15:24:35.641056: | a4 8c ed 72 3f 95 85 eb e5 02 29 0e 20 36 65 34 Oct 31 15:24:35.641058: | 24 25 98 9c 76 02 7c a0 06 73 32 56 ba 6a a7 43 Oct 31 15:24:35.641060: | 7e 03 56 a2 dc fa a4 69 21 9f 9f ab 0b d8 1f 32 Oct 31 15:24:35.641062: | 99 f9 4d f6 94 6c 7d b4 aa 6d a9 c7 b8 f1 77 03 Oct 31 15:24:35.641064: | 72 f9 11 0b 8f 5c 19 d9 45 35 71 46 29 06 b9 7d Oct 31 15:24:35.641066: | b5 fb 40 b9 43 f9 ae 25 3a 9a b4 92 e0 91 8e 36 Oct 31 15:24:35.641068: | 4d bf d8 36 e6 4d a8 b5 55 50 4f 71 29 00 00 24 Oct 31 15:24:35.641072: | bc b8 26 01 02 50 0a ed 0b 34 2b 38 7d 64 ed 90 Oct 31 15:24:35.641075: | fa 41 21 33 72 16 4e 33 03 6e 3f 9b 59 a7 57 65 Oct 31 15:24:35.641077: | 29 00 00 08 00 00 40 2e 29 00 00 0e 00 00 40 2f Oct 31 15:24:35.641079: | 00 02 00 03 00 04 29 00 00 1c 00 00 40 04 dc ff Oct 31 15:24:35.641081: | ec 88 4d c1 77 04 df f6 26 a3 04 56 a7 d8 9b 1f Oct 31 15:24:35.641083: | d8 4d 26 00 00 1c 00 00 40 05 6c c7 74 cc f9 c0 Oct 31 15:24:35.641085: | 7c fc dc 15 c6 6a b3 b7 9b 8d ca 7f 24 83 00 00 Oct 31 15:24:35.641087: | 00 19 04 de 91 76 61 50 ac 79 0d 0f 60 83 8c a3 Oct 31 15:24:35.641089: | c3 15 48 d1 1f d2 d2 Oct 31 15:24:35.641148: | sent 1 messages Oct 31 15:24:35.641153: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:35.641159: | libevent_free: delref ptr-libevent@0x55c9f9fb5738 Oct 31 15:24:35.641162: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55c9f9fbff28 Oct 31 15:24:35.641166: | event_schedule: newref EVENT_SO_DISCARD-pe@0x55c9f9fb5738 Oct 31 15:24:35.641169: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Oct 31 15:24:35.641172: | libevent_malloc: newref ptr-libevent@0x55c9f9fc9588 size 128 Oct 31 15:24:35.641177: | delref logger@0x55c9f9f9fd18(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:35.641180: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.641182: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.641186: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition() Oct 31 15:24:35.641189: | delref mdp@0x55c9f9fc1958(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:35.641192: | delref logger@0x55c9f9fbb9f8(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:35.641194: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.641197: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.641212: | #1 spent 1.69 (2.1) milliseconds in resume sending helper answer back to state Oct 31 15:24:35.641217: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:24:35.641220: | libevent_free: delref ptr-libevent@0x7f97d0006108 Oct 31 15:24:35.666561: | spent 0.00258 (0.00254) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:35.666581: | newref struct msg_digest@0x55c9f9fc1958(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.666585: | newref alloc logger@0x55c9f9f9fd18(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.666593: | *received 539 bytes from 192.1.3.33:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:24:35.666596: | 34 d5 c0 79 f1 ec a3 66 e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.666599: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Oct 31 15:24:35.666601: | 00 01 00 06 62 ee 24 49 38 cd 0e 77 14 80 5d fa Oct 31 15:24:35.666604: | 04 8a d1 01 b3 44 88 eb c5 6e ce e9 33 5b 14 51 Oct 31 15:24:35.666606: | 46 a2 33 69 1a 39 ac 8d 04 61 fe 52 62 19 82 8a Oct 31 15:24:35.666608: | 1a 30 7a 0a 2f e8 98 32 c1 20 f2 cc 84 8c b7 96 Oct 31 15:24:35.666611: | 19 18 b4 38 25 7f 2a f7 71 f9 48 c7 5b 00 3e e1 Oct 31 15:24:35.666613: | 28 43 b6 da aa 70 14 27 62 5c e8 ab 7e 5f 4d a0 Oct 31 15:24:35.666615: | e9 57 ec e5 9a 7a 76 80 a5 2e ad 35 1c 14 cd a5 Oct 31 15:24:35.666617: | b4 38 7a 38 f0 92 9c 95 32 56 13 dd 62 8b e4 7a Oct 31 15:24:35.666619: | 82 50 84 03 dd 82 2c 94 56 5a 28 67 55 e5 41 4d Oct 31 15:24:35.666621: | a4 4a 34 b8 75 04 3f 6b c9 ef 82 0a 8c b1 0b 6a Oct 31 15:24:35.666623: | dc 7f b7 34 4f d5 9f 54 7f 22 ac 23 28 7d 8b 4a Oct 31 15:24:35.666625: | a8 5b f8 9a 9d 67 05 8a 30 dc e4 59 a7 58 f8 ec Oct 31 15:24:35.666627: | 59 d2 15 c2 1e c1 f7 30 33 fb 22 ca a5 b2 cb 7d Oct 31 15:24:35.666629: | e6 a5 b9 56 22 9d b3 24 24 0d 41 e8 0a 10 89 e7 Oct 31 15:24:35.666631: | 9d ae 10 de 5e 08 96 91 30 f0 1c 31 35 d4 09 e5 Oct 31 15:24:35.666635: | 3e d0 c9 4d 65 af 74 3a c2 3b 97 30 ad 34 e5 49 Oct 31 15:24:35.666637: | 73 09 57 6c 18 26 74 5d a6 f3 40 1c cf 7d 70 fe Oct 31 15:24:35.666639: | 69 ea 57 dc f8 34 39 13 f2 7a 5b 60 79 c1 86 51 Oct 31 15:24:35.666642: | 31 eb 40 17 77 29 0c bb 71 8c 95 d3 8c fd 08 aa Oct 31 15:24:35.666644: | cd d9 44 ce 23 6d 3e 86 b8 5d 40 d6 de 20 ee 1f Oct 31 15:24:35.666646: | a0 8a 0d 94 d8 f7 fe cb ce 90 70 ac 34 83 e3 7a Oct 31 15:24:35.666649: | c8 f5 7c bb ba 4a ae a0 e0 47 3c d2 20 d1 ad 91 Oct 31 15:24:35.666651: | cb 92 77 ce 0c 6d fd eb f4 eb f7 ec 51 74 8f 04 Oct 31 15:24:35.666653: | c2 c3 9a ff 0c 11 f4 e0 9e 18 70 9e c0 0e 7e ae Oct 31 15:24:35.666656: | c3 d8 10 c7 1c 79 e9 2a d7 5d 0a 9e c4 31 cb c7 Oct 31 15:24:35.666658: | 4d a5 2f 6f 85 1c b7 2e 9e 39 16 8d 44 ec 3e 49 Oct 31 15:24:35.666661: | 9f d5 58 a8 66 a9 5b b1 9a a6 7c 22 ed 6d ad 61 Oct 31 15:24:35.666663: | 0e cc 14 81 d5 3b 17 51 4c b3 90 8d cb c2 2a 01 Oct 31 15:24:35.666666: | 11 43 c8 d3 86 eb 2f 57 23 21 35 62 1d 8e ad 6c Oct 31 15:24:35.666668: | df 60 08 de 26 ea 47 f6 0a 4e 3b fd 67 f5 97 bf Oct 31 15:24:35.666670: | 85 24 5c e1 15 0d e9 e2 27 b8 f1 61 84 67 6e 9f Oct 31 15:24:35.666673: | 8b 10 84 e5 bc ca 87 49 40 e1 2a Oct 31 15:24:35.666679: | **parse ISAKMP Message: Oct 31 15:24:35.666684: | initiator SPI: 34 d5 c0 79 f1 ec a3 66 Oct 31 15:24:35.666689: | responder SPI: e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.666692: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:24:35.666695: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.666698: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.666701: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:35.666705: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.666709: | length: 539 (00 00 02 1b) Oct 31 15:24:35.666712: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:35.666716: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Oct 31 15:24:35.666721: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Oct 31 15:24:35.666729: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:35.666732: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:24:35.666736: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:35.666739: | #1 is idle Oct 31 15:24:35.666746: | Message ID: IKE #1 not a duplicate - message request 1 is new: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744550.073774 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:35.666751: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:35.666754: | unpacking clear payload Oct 31 15:24:35.666757: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.666761: | ***parse IKEv2 Encrypted Fragment: Oct 31 15:24:35.666764: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Oct 31 15:24:35.666766: | flags: none (0x0) Oct 31 15:24:35.666770: | length: 511 (01 ff) Oct 31 15:24:35.666773: | fragment number: 1 (00 01) Oct 31 15:24:35.666776: | total fragments: 6 (00 06) Oct 31 15:24:35.666778: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Oct 31 15:24:35.666782: | #1 in state PARENT_R1: sent IKE_SA_INIT reply Oct 31 15:24:35.666786: | received IKE encrypted fragment number '1', total number '6', next payload '35' Oct 31 15:24:35.666793: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:35.666799: | #1 spent 0.248 (0.248) milliseconds in ikev2_process_packet() Oct 31 15:24:35.666802: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:35.666805: | delref mdp@0x55c9f9fc1958(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.666810: | delref logger@0x55c9f9f9fd18(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.666813: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.666815: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.666820: | spent 0.271 (0.27) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:35.666833: | spent 0.00335 (0.00342) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:35.666840: | newref struct msg_digest@0x55c9f9fc1958(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.666843: | newref alloc logger@0x55c9f9f9fd18(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.666849: | *received 539 bytes from 192.1.3.33:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:24:35.666852: | 34 d5 c0 79 f1 ec a3 66 e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.666854: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Oct 31 15:24:35.666857: | 00 02 00 06 da dc 6e bd ed 2d f5 f0 21 32 8e ec Oct 31 15:24:35.666859: | 09 96 dc d1 66 2a 80 a2 9e 8c 06 5f f5 1a ec bb Oct 31 15:24:35.666861: | c7 b0 b0 f1 68 67 1e 9b 8d 10 a0 59 34 40 a3 d6 Oct 31 15:24:35.666864: | 9b ca c3 6d be be 42 2b d3 1b 98 2a 2a db 63 e4 Oct 31 15:24:35.666866: | db 9e 22 00 c2 8c 36 2a 07 ea a9 65 98 f5 f1 2c Oct 31 15:24:35.666868: | 5e 5c a7 b9 c0 dd 71 7f a2 38 17 6f d0 d7 fd 7d Oct 31 15:24:35.666871: | b3 31 82 5d 11 50 0f c0 b8 e6 38 b5 53 06 ff 35 Oct 31 15:24:35.666873: | 7e e9 dd 51 5c d0 b4 88 a9 9a 27 d8 b5 b4 b0 20 Oct 31 15:24:35.666875: | 5b 7b 92 81 d6 98 a0 3c f6 e3 4c d5 52 4b f6 63 Oct 31 15:24:35.666878: | 12 65 45 52 ea 29 2d 89 15 bf 10 05 fe a7 56 6e Oct 31 15:24:35.666880: | e6 ad 53 4c de 98 92 86 75 48 17 04 e1 fe 4a 23 Oct 31 15:24:35.666883: | 1e df ca 6a fc 1c 64 3c 18 81 4a f9 36 ec e0 ec Oct 31 15:24:35.666885: | 85 f7 88 3a 4a e8 69 7d 86 59 0a 01 ea 2c 8d 20 Oct 31 15:24:35.666887: | 5e 35 8b fd f2 53 55 0b dd f1 dd 84 80 4b c5 b1 Oct 31 15:24:35.666890: | 5c da a7 e1 2a 37 42 b3 be 42 86 b7 06 df b5 ca Oct 31 15:24:35.666892: | 9c 46 a4 6e ea e7 f4 da 9b 75 8d bf 5f e1 91 c6 Oct 31 15:24:35.666895: | 17 06 63 9e d6 a5 44 94 5b 84 66 88 7b 14 e1 ab Oct 31 15:24:35.666897: | 8f 92 de a5 f6 9f 52 e1 c1 89 7c 41 b4 07 a6 35 Oct 31 15:24:35.666899: | 0e 65 00 22 fc 75 d0 d4 71 75 02 e9 aa 9f 02 77 Oct 31 15:24:35.666902: | fc 5e 28 a3 ea 07 4f 5e dd f0 6f 22 29 35 8a 24 Oct 31 15:24:35.666904: | 18 5f 40 1c a5 cd f4 0c f6 7f 3e f7 44 b2 0d 31 Oct 31 15:24:35.666906: | 82 a5 a1 ff 26 40 d0 9e 8c 4e 1f fb dc e4 c8 af Oct 31 15:24:35.666908: | 64 e8 94 0b 42 8f 9b ac 33 30 69 ed f0 d6 64 09 Oct 31 15:24:35.666911: | 40 2f 7d e1 90 53 60 a5 4f 4f ad 09 c3 a2 bc 80 Oct 31 15:24:35.666913: | 5f 3f 81 62 74 be 5b 6c c5 ba a3 10 69 9c 58 61 Oct 31 15:24:35.666915: | c0 7f cc 9e e1 80 b4 93 19 56 32 fd d5 21 a6 c3 Oct 31 15:24:35.666917: | d0 3e e7 6f ec 42 00 2c 86 ff b2 69 ba 2e 25 0a Oct 31 15:24:35.666919: | ef 22 09 07 cb c1 ee 48 ed b0 94 09 a5 aa c4 84 Oct 31 15:24:35.666921: | c0 e6 af 8a 28 3b a5 07 97 84 09 f9 15 f9 34 1f Oct 31 15:24:35.666923: | 0b 5a 12 32 fd 73 64 d9 9f 59 5b fd f1 d4 1e 4a Oct 31 15:24:35.666925: | 4a 84 ca 0b 5d 1b 28 62 d1 b4 51 f6 f3 91 65 32 Oct 31 15:24:35.666928: | 22 dd 44 3a 54 31 5c 40 98 f4 38 Oct 31 15:24:35.666931: | **parse ISAKMP Message: Oct 31 15:24:35.666936: | initiator SPI: 34 d5 c0 79 f1 ec a3 66 Oct 31 15:24:35.666940: | responder SPI: e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.666943: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:24:35.666946: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.666948: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.666951: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:35.666955: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.666958: | length: 539 (00 00 02 1b) Oct 31 15:24:35.666963: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:35.666966: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Oct 31 15:24:35.666969: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Oct 31 15:24:35.666975: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:35.666978: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:24:35.666981: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:35.666983: | #1 is idle Oct 31 15:24:35.666989: | Message ID: IKE #1 not a duplicate - responder is accumulating fragments for message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744550.073774 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:35.666994: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:35.666996: | unpacking clear payload Oct 31 15:24:35.666998: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.667001: | ***parse IKEv2 Encrypted Fragment: Oct 31 15:24:35.667003: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.667006: | flags: none (0x0) Oct 31 15:24:35.667008: | length: 511 (01 ff) Oct 31 15:24:35.667010: | fragment number: 2 (00 02) Oct 31 15:24:35.667013: | total fragments: 6 (00 06) Oct 31 15:24:35.667171: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Oct 31 15:24:35.667177: | #1 in state PARENT_R1: sent IKE_SA_INIT reply Oct 31 15:24:35.667180: | received IKE encrypted fragment number '2', total number '6', next payload '0' Oct 31 15:24:35.667187: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:35.667192: | #1 spent 0.211 (0.363) milliseconds in ikev2_process_packet() Oct 31 15:24:35.667195: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:35.667204: | delref mdp@0x55c9f9fc1958(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.667210: | delref logger@0x55c9f9f9fd18(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.667212: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.667214: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.667219: | spent 0.234 (0.39) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:35.667232: | spent 0.0018 (0.0018) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:35.667239: | newref struct msg_digest@0x55c9f9fc1958(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.667242: | newref alloc logger@0x55c9f9f9fd18(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.667248: | *received 539 bytes from 192.1.3.33:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:24:35.667251: | 34 d5 c0 79 f1 ec a3 66 e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.667253: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Oct 31 15:24:35.667255: | 00 03 00 06 ae 33 d6 05 be 27 ef d3 07 d3 8a f6 Oct 31 15:24:35.667257: | 47 55 11 ac fd 6a 82 eb 3e bc e5 de 3e b8 23 fb Oct 31 15:24:35.667259: | e8 70 a9 a8 2f 21 94 6d 20 f2 9e ec ad d4 20 ff Oct 31 15:24:35.667263: | 3a 41 d4 dc 11 c3 97 1e b7 d6 6d 15 aa f4 c2 e6 Oct 31 15:24:35.667265: | 3e 35 1a b5 91 d0 18 44 68 ab 63 bf fc aa 67 c1 Oct 31 15:24:35.667267: | 94 02 5e 84 d2 21 23 66 5d 75 9b a6 5a cf 56 c7 Oct 31 15:24:35.667269: | ba c1 15 71 29 75 e2 4e 71 c8 bf c1 e1 c0 c9 2a Oct 31 15:24:35.667271: | 86 b3 e3 d0 4e 14 c8 db 7a 1d 40 e6 88 5a 08 0f Oct 31 15:24:35.667273: | a4 fd a9 cf 03 05 64 44 a6 3b 22 36 53 0c 7b b1 Oct 31 15:24:35.667276: | 73 60 6e 1a 99 72 54 82 cf f9 0d 89 f1 f4 8d 83 Oct 31 15:24:35.667278: | 2e 31 8b 61 e7 8a 2a 95 92 d1 22 7d 18 3e 94 53 Oct 31 15:24:35.667282: | 05 77 56 37 d5 e6 c1 50 62 9b d2 03 e4 7b 28 17 Oct 31 15:24:35.667285: | ce 32 bb 90 92 36 30 d5 b9 2e 0a c6 f0 17 8b 93 Oct 31 15:24:35.667287: | 1e 7b fe 3b de d6 29 a3 f9 a3 a6 f1 92 7a 5a b3 Oct 31 15:24:35.667289: | fa a6 44 fe d3 f3 6c 4b 51 60 6e de b5 95 9d 33 Oct 31 15:24:35.667291: | ff 30 7a aa ef 34 eb c3 66 01 32 14 78 b4 2d e8 Oct 31 15:24:35.667346: | c2 f7 76 f3 f2 d6 35 1f bc b8 f0 07 e4 88 7d 90 Oct 31 15:24:35.667350: | 87 fe 4c eb cc 37 be 37 1e 1e e0 fe fc c2 ae 36 Oct 31 15:24:35.667352: | 81 af da 56 0a c2 4d 02 ce 88 9f 1a b1 00 1d 28 Oct 31 15:24:35.667355: | 71 9e b5 2f f1 9b 7c 9a 9e d0 25 fc 26 0c 46 cd Oct 31 15:24:35.667357: | 70 5b 45 e6 17 99 95 eb 0e 00 be 01 80 8c 17 73 Oct 31 15:24:35.667359: | ab 01 cf 06 e6 b3 38 46 35 68 b1 f1 0f bb 97 35 Oct 31 15:24:35.667361: | 92 93 8b 7e af 08 29 e6 84 73 9e e0 9c 03 da 58 Oct 31 15:24:35.667364: | 5d 06 85 5e ec 10 69 b7 06 ca b3 41 8f 0b b3 b5 Oct 31 15:24:35.667366: | 07 1c 66 44 9e e5 ce 3c 54 44 65 05 df a1 fc 9d Oct 31 15:24:35.667368: | 10 69 09 25 47 8e e3 64 fe 0a 71 93 83 85 3a 07 Oct 31 15:24:35.667370: | 09 de 16 6f 2d 02 2f 9a 7a a0 91 57 22 be 68 c0 Oct 31 15:24:35.667372: | 4e fd 36 5b 35 27 0d 47 2b 93 a4 70 73 45 cf 4e Oct 31 15:24:35.667374: | f3 4b 72 d1 67 e2 bc 9b 9a 8f 87 d4 6c 79 c3 b9 Oct 31 15:24:35.667377: | 19 77 3b 36 9d c9 68 a0 0a 2c 90 50 cf 1a d4 0c Oct 31 15:24:35.667379: | 8f a9 57 0e b1 07 16 13 c5 b0 b3 ad 3f be 75 d2 Oct 31 15:24:35.667381: | 5f ae c4 50 9d 81 a2 32 6c de 81 Oct 31 15:24:35.667385: | **parse ISAKMP Message: Oct 31 15:24:35.667389: | initiator SPI: 34 d5 c0 79 f1 ec a3 66 Oct 31 15:24:35.667398: | responder SPI: e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.667401: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:24:35.667404: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.667406: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.667409: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:35.667413: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.667416: | length: 539 (00 00 02 1b) Oct 31 15:24:35.667420: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:35.667423: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Oct 31 15:24:35.667426: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Oct 31 15:24:35.667431: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:35.667434: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:24:35.667436: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:35.667439: | #1 is idle Oct 31 15:24:35.667444: | Message ID: IKE #1 not a duplicate - responder is accumulating fragments for message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744550.073774 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:35.667448: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:35.667450: | unpacking clear payload Oct 31 15:24:35.667452: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.667456: | ***parse IKEv2 Encrypted Fragment: Oct 31 15:24:35.667459: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.667461: | flags: none (0x0) Oct 31 15:24:35.667464: | length: 511 (01 ff) Oct 31 15:24:35.667467: | fragment number: 3 (00 03) Oct 31 15:24:35.667470: | total fragments: 6 (00 06) Oct 31 15:24:35.667473: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Oct 31 15:24:35.667475: | #1 in state PARENT_R1: sent IKE_SA_INIT reply Oct 31 15:24:35.667478: | received IKE encrypted fragment number '3', total number '6', next payload '0' Oct 31 15:24:35.667486: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:35.667493: | #1 spent 0.212 (0.263) milliseconds in ikev2_process_packet() Oct 31 15:24:35.667495: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:35.667499: | delref mdp@0x55c9f9fc1958(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.667502: | delref logger@0x55c9f9f9fd18(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.667506: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.667508: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.667886: | spent 0.233 (0.284) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:35.667905: | spent 0.00178 (0.00177) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:35.667913: | newref struct msg_digest@0x55c9f9fc1958(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.667917: | newref alloc logger@0x55c9f9f9fd18(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.667923: | *received 539 bytes from 192.1.3.33:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:24:35.667925: | 34 d5 c0 79 f1 ec a3 66 e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.667928: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Oct 31 15:24:35.667930: | 00 04 00 06 86 4f fe b6 d2 cf 44 8a af 41 4c d0 Oct 31 15:24:35.667932: | 8b 16 40 3d 10 73 a0 0b 29 9f d0 76 a7 5a 8a de Oct 31 15:24:35.667934: | c6 96 97 ca b1 fc 5e 52 0c bd 24 b1 38 80 4e 99 Oct 31 15:24:35.667936: | eb 26 59 6b e5 d1 25 b6 d7 2e 25 a2 d5 70 b6 ac Oct 31 15:24:35.667939: | ad 9f 50 9c 20 bf 45 f8 b1 b0 d2 37 0f 8d 3a 97 Oct 31 15:24:35.667941: | c6 f7 f8 35 9d 13 6d 8a ce d6 0f 71 ac d1 f7 db Oct 31 15:24:35.667943: | 4d 5b f6 39 65 9d 5d 6d 08 85 04 d0 0e d9 bc a9 Oct 31 15:24:35.667945: | b7 2b 3e df 18 63 a4 1c 5c 4a ce f3 2b 19 f8 a6 Oct 31 15:24:35.667947: | 17 c1 d6 09 9c 25 2c 03 f9 dd be a0 85 9a d3 bc Oct 31 15:24:35.667950: | 08 e5 c1 0a 35 5c 7a a2 af 2b 46 fa 8f 0e d7 78 Oct 31 15:24:35.667952: | ad 86 97 4e 77 b6 b2 f6 83 c9 d6 cc 54 74 2a e2 Oct 31 15:24:35.667954: | 22 a6 e0 9e c9 cb 32 fc 0c 10 dd 26 50 ea 3e 16 Oct 31 15:24:35.667956: | 94 48 00 b5 43 41 8b 3a 2b c4 bb 4c 96 b2 70 ef Oct 31 15:24:35.667958: | 71 8a 2d 88 46 dd 06 7d 3f 94 58 16 99 55 e3 42 Oct 31 15:24:35.667960: | c3 4b 5f 21 b8 bb 65 f0 d4 d6 05 3e c4 41 f8 e6 Oct 31 15:24:35.667962: | bd 93 37 4d 67 b2 fc 8f 46 29 d0 6e 0b ce af c9 Oct 31 15:24:35.667964: | 63 6e 87 7f 0c e6 b0 f6 a9 33 32 9d d9 f6 07 d8 Oct 31 15:24:35.667966: | 72 ec c5 c8 f0 fd 56 95 6c de e1 e9 84 e5 8a 27 Oct 31 15:24:35.667968: | 9c 25 40 e1 cd e5 c5 3d 3f 2b 21 10 ef e8 93 87 Oct 31 15:24:35.667970: | c5 82 1b ec 97 55 f5 34 7a 2d 4f dc 7d e2 b0 fd Oct 31 15:24:35.667972: | 01 eb d8 ea 4c 04 e9 c1 78 1e cc 29 4d ae 63 13 Oct 31 15:24:35.667974: | cc 5a c4 be 72 1f af ee a1 ce c1 cc 36 e9 4c 27 Oct 31 15:24:35.667977: | 77 a1 f7 b5 c8 51 ee 8d 21 83 eb d1 1e 0e 23 4f Oct 31 15:24:35.667979: | ec fd 41 4c d2 0d 95 a0 a9 18 9a 1c 34 cc 84 48 Oct 31 15:24:35.667981: | a5 27 57 42 df 21 ac ba 1c 60 a3 9c 46 64 b2 4c Oct 31 15:24:35.667983: | 52 a5 5a 9a d5 6e 29 3f f5 ee a8 3c e4 5b 00 c8 Oct 31 15:24:35.667985: | 74 44 6f d8 7a fb b8 de 85 65 5d 3d 0b 72 a8 6a Oct 31 15:24:35.667987: | a2 59 a2 c0 4e aa 44 c2 22 70 b0 c2 31 ca 22 73 Oct 31 15:24:35.667989: | 9d 3d b9 ab 42 8a 15 36 3e c9 4c be 02 a9 c1 92 Oct 31 15:24:35.667991: | 6c 13 0d d8 6a 2e f4 a6 72 8e 55 ce ff dd 2b e7 Oct 31 15:24:35.667993: | 13 9e 29 c5 50 17 6a 26 6b f5 ac 53 86 72 bb 53 Oct 31 15:24:35.667995: | 20 75 f5 46 9a e8 8f d3 69 c0 4e Oct 31 15:24:35.667999: | **parse ISAKMP Message: Oct 31 15:24:35.668004: | initiator SPI: 34 d5 c0 79 f1 ec a3 66 Oct 31 15:24:35.668008: | responder SPI: e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.668010: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:24:35.668015: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.668017: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.668020: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:35.668023: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.668026: | length: 539 (00 00 02 1b) Oct 31 15:24:35.668029: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:35.668032: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Oct 31 15:24:35.668036: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Oct 31 15:24:35.668042: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:35.668045: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:24:35.668048: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:35.668050: | #1 is idle Oct 31 15:24:35.668057: | Message ID: IKE #1 not a duplicate - responder is accumulating fragments for message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744550.073774 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:35.668063: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:35.668065: | unpacking clear payload Oct 31 15:24:35.668067: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.668071: | ***parse IKEv2 Encrypted Fragment: Oct 31 15:24:35.668074: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.668076: | flags: none (0x0) Oct 31 15:24:35.668080: | length: 511 (01 ff) Oct 31 15:24:35.668082: | fragment number: 4 (00 04) Oct 31 15:24:35.668085: | total fragments: 6 (00 06) Oct 31 15:24:35.668088: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Oct 31 15:24:35.668091: | #1 in state PARENT_R1: sent IKE_SA_INIT reply Oct 31 15:24:35.668095: | received IKE encrypted fragment number '4', total number '6', next payload '0' Oct 31 15:24:35.668100: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:35.668106: | #1 spent 0.204 (0.204) milliseconds in ikev2_process_packet() Oct 31 15:24:35.668108: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:35.668111: | delref mdp@0x55c9f9fc1958(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.668114: | delref logger@0x55c9f9f9fd18(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.668117: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.668119: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.668124: | spent 0.223 (0.223) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:35.668134: | spent 0.00194 (0.00194) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:35.668141: | newref struct msg_digest@0x55c9f9fc1958(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.668145: | newref alloc logger@0x55c9f9f9fd18(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.668150: | *received 539 bytes from 192.1.3.33:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:24:35.668153: | 34 d5 c0 79 f1 ec a3 66 e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.668155: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Oct 31 15:24:35.668157: | 00 05 00 06 91 3b 96 f3 ad 74 4a 80 43 30 c6 99 Oct 31 15:24:35.668159: | a4 46 cc cc 8c 49 01 3f f3 3a a3 0f c7 fe a0 43 Oct 31 15:24:35.668161: | d3 03 44 5d 14 97 8f 9a aa 24 8c e3 cf f1 69 b6 Oct 31 15:24:35.668163: | 12 d5 b2 92 f0 df 2d 4b 0f e1 75 bb cf af 28 ff Oct 31 15:24:35.668165: | ef 1c 9d 26 d9 32 2e 17 20 f4 dc cb ba aa 58 e3 Oct 31 15:24:35.668167: | c9 38 34 d7 c5 18 df 1d 56 08 a8 f7 1e dc 39 e8 Oct 31 15:24:35.668169: | 12 77 fd 04 89 53 95 20 a6 a2 62 ed 7c ac 14 97 Oct 31 15:24:35.668174: | d4 f8 c0 ba 6c c6 19 5c 01 be be 84 63 da f9 94 Oct 31 15:24:35.668176: | 8d dc 96 f0 71 0f b6 d3 35 ba 9c 9c a4 e6 5c 56 Oct 31 15:24:35.668178: | f6 91 bd f3 97 fc 8c 5b b5 33 da 5b d7 36 1f 6f Oct 31 15:24:35.668180: | e3 f8 de 44 d4 92 7c cb 42 c5 98 a7 16 8f f6 c9 Oct 31 15:24:35.668182: | 13 eb 6b f8 48 94 51 3d 60 a1 3a 7b 8b 85 26 1c Oct 31 15:24:35.668184: | 9e f1 70 90 07 01 a1 0d 81 38 63 6c 49 f2 15 20 Oct 31 15:24:35.668186: | ac d1 69 2b ce 92 98 e2 d3 be 0f ac 1f 2f c2 6e Oct 31 15:24:35.668188: | 08 ef 0e c4 48 d8 df 3e c6 2e 67 23 77 82 42 4d Oct 31 15:24:35.668190: | d5 6f 4c 1c e2 30 d5 f2 71 40 b4 51 92 ea 27 60 Oct 31 15:24:35.668192: | 2b d8 02 3e 98 e1 21 ff a5 db 1c 26 44 69 c8 45 Oct 31 15:24:35.668195: | 41 82 78 ad bb 9e 61 2c 0c dc a4 7e 3f e0 d3 14 Oct 31 15:24:35.668197: | 0f 89 80 bd c2 5f 00 62 4c 7e b7 43 d0 43 52 bd Oct 31 15:24:35.668203: | 22 ca 1f 67 3f 98 d5 69 d2 36 32 bc 7f 8a 5d 92 Oct 31 15:24:35.668209: | 79 2a 3d 9b cb cd 8b 1d 55 b7 d2 b0 1a c2 31 2e Oct 31 15:24:35.668211: | e8 0f 12 5b c7 fd 06 a1 7a d9 7e 42 ec 42 bc 7e Oct 31 15:24:35.668213: | e7 4c 1a db ba 83 c0 27 7c 18 27 e0 52 fb 72 dd Oct 31 15:24:35.668215: | 6c 84 81 1d d0 95 27 fe 4c 35 93 29 84 66 4e ed Oct 31 15:24:35.668217: | 7b 3e 66 89 40 7d 64 dd e8 ad d3 cb d8 59 29 37 Oct 31 15:24:35.668220: | c0 57 8e 45 e0 95 dd 86 ce 60 db 60 b6 f6 fb 0e Oct 31 15:24:35.668222: | 81 54 0e f0 99 33 f0 56 25 2a 76 de 96 61 5c 4f Oct 31 15:24:35.668224: | 02 34 e5 12 1f 46 2b 96 cf 89 c4 fa c2 ff b0 16 Oct 31 15:24:35.668226: | c7 5b 15 af 95 0f 8a ca 50 6c 34 3d 13 57 8d b6 Oct 31 15:24:35.668228: | 90 90 41 49 30 23 42 ab cb e8 d4 75 f6 74 d5 fe Oct 31 15:24:35.668230: | c2 ec e4 a2 57 6f 2d f5 d2 fa 43 65 52 d0 46 d1 Oct 31 15:24:35.668232: | 19 eb 13 1a 23 6b e7 07 51 de 20 Oct 31 15:24:35.668235: | **parse ISAKMP Message: Oct 31 15:24:35.668239: | initiator SPI: 34 d5 c0 79 f1 ec a3 66 Oct 31 15:24:35.668242: | responder SPI: e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.668245: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:24:35.668247: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.668249: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.668251: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:35.668254: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.668257: | length: 539 (00 00 02 1b) Oct 31 15:24:35.668259: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:35.668261: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Oct 31 15:24:35.668264: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Oct 31 15:24:35.668270: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:35.668272: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:24:35.668274: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:35.668276: | #1 is idle Oct 31 15:24:35.668281: | Message ID: IKE #1 not a duplicate - responder is accumulating fragments for message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744550.073774 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:35.668286: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:35.668288: | unpacking clear payload Oct 31 15:24:35.668290: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.668293: | ***parse IKEv2 Encrypted Fragment: Oct 31 15:24:35.668296: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.668298: | flags: none (0x0) Oct 31 15:24:35.668301: | length: 511 (01 ff) Oct 31 15:24:35.668305: | fragment number: 5 (00 05) Oct 31 15:24:35.668308: | total fragments: 6 (00 06) Oct 31 15:24:35.668310: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Oct 31 15:24:35.668312: | #1 in state PARENT_R1: sent IKE_SA_INIT reply Oct 31 15:24:35.668315: | received IKE encrypted fragment number '5', total number '6', next payload '0' Oct 31 15:24:35.668320: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:35.668326: | #1 spent 0.19 (0.194) milliseconds in ikev2_process_packet() Oct 31 15:24:35.668329: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:35.668332: | delref mdp@0x55c9f9fc1958(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.668335: | delref logger@0x55c9f9f9fd18(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.668337: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.668340: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.668345: | spent 0.21 (0.214) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:35.668355: | spent 0.00152 (0.00152) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:35.668362: | newref struct msg_digest@0x55c9f9fc1958(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.668365: | newref alloc logger@0x55c9f9f9fd18(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.668371: | *received 113 bytes from 192.1.3.33:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:24:35.668374: | 34 d5 c0 79 f1 ec a3 66 e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.668376: | 35 20 23 08 00 00 00 01 00 00 00 71 00 00 00 55 Oct 31 15:24:35.668378: | 00 06 00 06 03 1a f3 b5 5b 1e 90 d7 f4 64 fd 75 Oct 31 15:24:35.668380: | c7 df a1 5f fe f0 ee 37 a4 7a d7 81 c6 91 3f 0b Oct 31 15:24:35.668382: | 05 c7 aa 5a 32 71 e2 ca 50 ad a9 31 03 a7 bf 4a Oct 31 15:24:35.668385: | ea 1b d6 06 ac 62 bb c8 bb 21 30 e2 1d 33 55 6a Oct 31 15:24:35.668387: | 01 60 fb 4d b9 59 64 25 c1 f7 d3 6f ba e9 47 3e Oct 31 15:24:35.668390: | bf Oct 31 15:24:35.668393: | **parse ISAKMP Message: Oct 31 15:24:35.668398: | initiator SPI: 34 d5 c0 79 f1 ec a3 66 Oct 31 15:24:35.668401: | responder SPI: e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.668404: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:24:35.668407: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.668409: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.668412: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:35.668415: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.668419: | length: 113 (00 00 00 71) Oct 31 15:24:35.668421: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:35.668424: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Oct 31 15:24:35.668427: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Oct 31 15:24:35.668433: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:35.668436: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:24:35.668439: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:35.668441: | #1 is idle Oct 31 15:24:35.668448: | Message ID: IKE #1 not a duplicate - responder is accumulating fragments for message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744550.073774 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:35.668452: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:35.668455: | unpacking clear payload Oct 31 15:24:35.668457: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.668460: | ***parse IKEv2 Encrypted Fragment: Oct 31 15:24:35.668462: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.668467: | flags: none (0x0) Oct 31 15:24:35.668470: | length: 85 (00 55) Oct 31 15:24:35.668473: | fragment number: 6 (00 06) Oct 31 15:24:35.668476: | total fragments: 6 (00 06) Oct 31 15:24:35.668478: | processing payload: ISAKMP_NEXT_v2SKF (len=77) Oct 31 15:24:35.668481: | #1 in state PARENT_R1: sent IKE_SA_INIT reply Oct 31 15:24:35.668484: | received IKE encrypted fragment number '6', total number '6', next payload '0' Oct 31 15:24:35.668487: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Oct 31 15:24:35.668489: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Oct 31 15:24:35.668493: | ikev2 parent ikev2_ike_sa_process_auth_request_no_skeyid(): calculating g^{xy} in order to decrypt I2 Oct 31 15:24:35.668500: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Oct 31 15:24:35.668505: | DH secret MODP2048@0x7f97d0006ba8: transferring ownership from state #1 to helper IKEv2 DH Oct 31 15:24:35.668510: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:35.668512: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:35.668515: | newref clone logger@0x55c9f9fbff28(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:35.668519: | job 2 for #1: ikev2_inI2outR2 KE (compute dh (V2)): adding job to queue Oct 31 15:24:35.668522: | state #1 deleting .st_event EVENT_SO_DISCARD Oct 31 15:24:35.668526: | libevent_free: delref ptr-libevent@0x55c9f9fc9588 Oct 31 15:24:35.668529: | free_event_entry: delref EVENT_SO_DISCARD-pe@0x55c9f9fb5738 Oct 31 15:24:35.668533: | #1 STATE_PARENT_R1: retransmits: cleared Oct 31 15:24:35.668536: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55c9f9fb6048 Oct 31 15:24:35.668539: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:35.668542: | libevent_malloc: newref ptr-libevent@0x55c9f9fc9588 size 128 Oct 31 15:24:35.668555: | #1 spent 0.0601 (0.0601) milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in v2_dispatch() Oct 31 15:24:35.668560: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.668565: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND; .st_v2_transition=PARENT_R0->PARENT_R1 Oct 31 15:24:35.668568: | suspending state #1 and saving MD 0x55c9f9fc1958 Oct 31 15:24:35.668568: | job 2 for #1: ikev2_inI2outR2 KE (compute dh (V2)): helper 2 starting job Oct 31 15:24:35.669747: | calculating skeyseed using prf=HMAC_SHA2_512 integ=NONE cipherkey-size=32 salt-size=4 Oct 31 15:24:35.669936: | "northnet-eastnets/0x2" #1: spent 0.944 (1.36) milliseconds in helper 2 processing job 2 for state #1: ikev2_inI2outR2 KE (pcr) Oct 31 15:24:35.669945: | job 2 for #1: ikev2_inI2outR2 KE (compute dh (V2)): helper thread 2 sending result back to state Oct 31 15:24:35.669948: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:35.669952: | libevent_malloc: newref ptr-libevent@0x7f97c800cc18 size 128 Oct 31 15:24:35.669960: | helper thread 2 has nothing to do Oct 31 15:24:35.668571: | addref md@0x55c9f9fc1958(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:35.669973: | #1 is busy; has suspended MD 0x55c9f9fc1958 Oct 31 15:24:35.669982: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:35.669990: | #1 spent 0.244 (1.64) milliseconds in ikev2_process_packet() Oct 31 15:24:35.669993: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:35.669996: | delref mdp@0x55c9f9fc1958(2->1) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.670001: | spent 0.257 (1.65) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:35.670011: | processing resume sending helper answer back to state for #1 Oct 31 15:24:35.670017: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:24:35.670027: | unsuspending #1 MD 0x55c9f9fc1958 Oct 31 15:24:35.670031: | job 2 for #1: ikev2_inI2outR2 KE (compute dh (V2)): processing response from helper 2 Oct 31 15:24:35.670034: | job 2 for #1: ikev2_inI2outR2 KE (compute dh (V2)): calling continuation function 0x55c9f9666fe7 Oct 31 15:24:35.670037: | ikev2_ike_sa_process_auth_request_no_skeyid_continue() for #1 STATE_PARENT_R1: calculating g^{xy}, sending R2 Oct 31 15:24:35.670041: | DH secret MODP2048@0x7f97d0006ba8: transferring ownership from helper IKEv2 DH to state #1 Oct 31 15:24:35.670044: | #1 in state PARENT_R1: sent IKE_SA_INIT reply Oct 31 15:24:35.670047: | already have all fragments, skipping fragment collection Oct 31 15:24:35.670049: | already have all fragments, skipping fragment collection Oct 31 15:24:35.670080: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Oct 31 15:24:35.670084: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Oct 31 15:24:35.670088: | **parse IKEv2 Identification - Initiator - Payload: Oct 31 15:24:35.670091: | next payload type: ISAKMP_NEXT_v2CERT (0x25) Oct 31 15:24:35.670094: | flags: none (0x0) Oct 31 15:24:35.670098: | length: 193 (00 c1) Oct 31 15:24:35.670101: | ID type: ID_DER_ASN1_DN (0x9) Oct 31 15:24:35.670104: | reserved: 00 00 00 Oct 31 15:24:35.670107: | processing payload: ISAKMP_NEXT_v2IDi (len=185) Oct 31 15:24:35.670109: | Now let's proceed with payload (ISAKMP_NEXT_v2CERT) Oct 31 15:24:35.670112: | **parse IKEv2 Certificate Payload: Oct 31 15:24:35.670115: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) Oct 31 15:24:35.670117: | flags: none (0x0) Oct 31 15:24:35.670121: | length: 1361 (05 51) Oct 31 15:24:35.670123: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Oct 31 15:24:35.670125: | processing payload: ISAKMP_NEXT_v2CERT (len=1356) Oct 31 15:24:35.670127: | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) Oct 31 15:24:35.670130: | **parse IKEv2 Certificate Request Payload: Oct 31 15:24:35.670132: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Oct 31 15:24:35.670135: | flags: none (0x0) Oct 31 15:24:35.670138: | length: 25 (00 19) Oct 31 15:24:35.670140: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Oct 31 15:24:35.670142: | processing payload: ISAKMP_NEXT_v2CERTREQ (len=20) Oct 31 15:24:35.670144: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Oct 31 15:24:35.670223: | **parse IKEv2 Identification - Responder - Payload: Oct 31 15:24:35.670234: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Oct 31 15:24:35.670378: | flags: none (0x0) Oct 31 15:24:35.670384: | length: 191 (00 bf) Oct 31 15:24:35.670387: | ID type: ID_DER_ASN1_DN (0x9) Oct 31 15:24:35.670390: | reserved: 00 00 00 Oct 31 15:24:35.670393: | processing payload: ISAKMP_NEXT_v2IDr (len=183) Oct 31 15:24:35.670395: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Oct 31 15:24:35.670399: | **parse IKEv2 Authentication Payload: Oct 31 15:24:35.670401: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:24:35.670404: | flags: none (0x0) Oct 31 15:24:35.670408: | length: 460 (01 cc) Oct 31 15:24:35.670411: | auth method: IKEv2_AUTH_DIGSIG (0xe) Oct 31 15:24:35.670414: | processing payload: ISAKMP_NEXT_v2AUTH (len=452) Oct 31 15:24:35.670417: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:24:35.670420: | **parse IKEv2 Security Association Payload: Oct 31 15:24:35.670422: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Oct 31 15:24:35.670428: | flags: none (0x0) Oct 31 15:24:35.670432: | length: 164 (00 a4) Oct 31 15:24:35.670435: | processing payload: ISAKMP_NEXT_v2SA (len=160) Oct 31 15:24:35.670437: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Oct 31 15:24:35.670440: | **parse IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:35.670443: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Oct 31 15:24:35.670445: | flags: none (0x0) Oct 31 15:24:35.670448: | length: 24 (00 18) Oct 31 15:24:35.670451: | number of TS: 1 (01) Oct 31 15:24:35.670453: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Oct 31 15:24:35.670457: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Oct 31 15:24:35.670460: | **parse IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:35.670462: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.670464: | flags: none (0x0) Oct 31 15:24:35.670591: | length: 24 (00 18) Oct 31 15:24:35.670597: | number of TS: 1 (01) Oct 31 15:24:35.670600: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Oct 31 15:24:35.670607: | selected state microcode Responder: process IKE_AUTH request Oct 31 15:24:35.670615: | Message ID: IKE #1 responder starting message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744550.073774 ike.wip.initiator=-1 ike.wip.responder=-1->1 Oct 31 15:24:35.670620: | calling processor Responder: process IKE_AUTH request Oct 31 15:24:35.670629: "northnet-eastnets/0x2" #1: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,IDr,AUTH,SA,TSi,TSr} Oct 31 15:24:35.670633: | addref md@0x55c9f9fc1958(1->2) (in submit_cert_decode() at cert_decode_helper.c:81) Oct 31 15:24:35.670638: | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds Oct 31 15:24:35.670644: loading root certificate cache Oct 31 15:24:35.670648: | newref struct root_certs@0x55c9f9fbfbb8(0->1) (in submit_cert_decode() at cert_decode_helper.c:80) Oct 31 15:24:35.670651: | addref root_certs@0x55c9f9fbfbb8(1->2) (in submit_cert_decode() at cert_decode_helper.c:80) Oct 31 15:24:35.675505: | spent 3.94 (4.84) milliseconds in root_certs_addref() calling PK11_ListCertsInSlot() Oct 31 15:24:35.675526: | adding the CA+root cert E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.675531: | discarding non-CA cert E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.675535: | discarding non-CA cert E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.675539: | discarding non-CA cert E=user-west@testing.libreswan.org,CN=west.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.675542: | discarding non-CA cert E=user-road@testing.libreswan.org,CN=road.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.675545: | discarding non-CA cert E=user-hashsha1@testing.libreswan.org,CN=hashsha1.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.675554: | discarding non-CA cert E=testing@libreswan.org,CN=west-ec.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.675557: | discarding non-CA cert E=user-nic@testing.libreswan.org,CN=nic.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.675590: | spent 0.0645 (0.0644) milliseconds in root_certs_addref() filtering CAs Oct 31 15:24:35.675603: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:35.675606: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:35.675610: | newref clone logger@0x55c9f9fbb9f8(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:35.675614: | job 3 for #1: responder decoding certificates (decode certificate payload): adding job to queue Oct 31 15:24:35.675618: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:35.675623: | libevent_free: delref ptr-libevent@0x55c9f9fc9588 Oct 31 15:24:35.675627: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55c9f9fb6048 Oct 31 15:24:35.675698: | #1 STATE_PARENT_R1: retransmits: cleared Oct 31 15:24:35.675703: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55c9f9f93c88 Oct 31 15:24:35.675707: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:35.675778: | libevent_malloc: newref ptr-libevent@0x55c9f9fc9588 size 128 Oct 31 15:24:35.675794: | ikev2_parent_inI2outR2_continue_tail returned STF_SUSPEND Oct 31 15:24:35.675802: | #1 spent 4.16 (5.18) milliseconds in processing: Responder: process IKE_AUTH request in v2_dispatch() Oct 31 15:24:35.675808: | job 3 for #1: responder decoding certificates (decode certificate payload): helper 3 starting job Oct 31 15:24:35.675818: | checking for known CERT payloads Oct 31 15:24:35.675812: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.675829: | #1 complete_v2_state_transition() PARENT_R1->ESTABLISHED_CHILD_SA with status STF_SUSPEND; .st_v2_transition=PARENT_R0->PARENT_R1 Oct 31 15:24:35.675833: | suspending state #1 and saving MD 0x55c9f9fc1958 Oct 31 15:24:35.675836: | addref md@0x55c9f9fc1958(2->3) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:35.675839: | #1 is busy; has suspended MD 0x55c9f9fc1958 Oct 31 15:24:35.675846: | delref logger@0x55c9f9fbff28(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:35.675852: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.675855: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.675859: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition() Oct 31 15:24:35.675863: | delref mdp@0x55c9f9fc1958(3->2) (in resume_handler() at server.c:743) Oct 31 15:24:35.675868: | #1 spent 4.52 (5.84) milliseconds in resume sending helper answer back to state Oct 31 15:24:35.675874: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:24:35.675878: | libevent_free: delref ptr-libevent@0x7f97c800cc18 Oct 31 15:24:35.675822: | saving certificate of type 'X509_SIGNATURE' Oct 31 15:24:35.675956: | decoded cert: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.675967: | "northnet-eastnets/0x2" #1: spent 0.0874 (0.147) milliseconds in find_and_verify_certs() calling decode_cert_payloads() Oct 31 15:24:35.675975: | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.676052: | "northnet-eastnets/0x2" #1: spent 0.0749 (0.0751) milliseconds in find_and_verify_certs() calling crl_update_check() Oct 31 15:24:35.676057: | missing or expired CRL Oct 31 15:24:35.676062: | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 Oct 31 15:24:35.676064: | verify_end_cert verifying E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA using: Oct 31 15:24:35.676067: | trusted CA: E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.676069: | verify_end_cert trying profile IPsec Oct 31 15:24:35.676186: | certificate is valid (profile IPsec) Oct 31 15:24:35.676195: | "northnet-eastnets/0x2" #1: spent 0.132 (0.132) milliseconds in find_and_verify_certs() calling verify_end_cert() Oct 31 15:24:35.676260: | newref struct pubkey@0x7f97cc0034d8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.676274: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x7f97cc002268 Oct 31 15:24:35.676276: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x7f97cc002588 Oct 31 15:24:35.676277: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x7f97cc001088 Oct 31 15:24:35.676312: | newref struct pubkey@0x7f97cc000c88(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.676347: | newref struct pubkey@0x7f97cc002628(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.676380: | newref struct pubkey@0x7f97cc005a78(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.676386: | delref pkp@0x7f97cc0034d8(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:35.676395: | "northnet-eastnets/0x2" #1: spent 0.19 (0.19) milliseconds in find_and_verify_certs() calling add_pubkey_from_nss_cert() Oct 31 15:24:35.676404: | "northnet-eastnets/0x2" #1: spent 0.537 (0.598) milliseconds in helper 3 processing job 3 for state #1: responder decoding certificates (decode certificate payload) Oct 31 15:24:35.676408: | job 3 for #1: responder decoding certificates (decode certificate payload): helper thread 3 sending result back to state Oct 31 15:24:35.676411: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:35.676414: | libevent_malloc: newref ptr-libevent@0x7f97cc001868 size 128 Oct 31 15:24:35.676423: | helper thread 3 has nothing to do Oct 31 15:24:35.676434: | processing resume sending helper answer back to state for #1 Oct 31 15:24:35.676441: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:24:35.676445: | unsuspending #1 MD 0x55c9f9fc1958 Oct 31 15:24:35.676448: | job 3 for #1: responder decoding certificates (decode certificate payload): processing response from helper 3 Oct 31 15:24:35.676453: | job 3 for #1: responder decoding certificates (decode certificate payload): calling continuation function 0x55c9f96510d4 Oct 31 15:24:35.676458: | delref mdp@0x55c9f9fc1958(2->1) (in cert_decode_cancelled() at cert_decode_helper.c:215) Oct 31 15:24:35.676461: | delref root_certs@0x55c9f9fbfbb8(2->1) (in cert_decode_cancelled() at cert_decode_helper.c:216) Oct 31 15:24:35.676466: "northnet-eastnets/0x2" #1: certificate verified OK: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.676473: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2631) Oct 31 15:24:35.676476: | DER ASN1 DN: Oct 31 15:24:35.676479: | 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Oct 31 15:24:35.676481: | 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Oct 31 15:24:35.676484: | 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Oct 31 15:24:35.676487: | 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Oct 31 15:24:35.676489: | 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Oct 31 15:24:35.676492: | 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Oct 31 15:24:35.676494: | 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Oct 31 15:24:35.676497: | 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Oct 31 15:24:35.676499: | 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Oct 31 15:24:35.676501: | 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Oct 31 15:24:35.676504: | 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Oct 31 15:24:35.676508: | 65 73 77 61 6e 2e 6f 72 67 Oct 31 15:24:35.676512: | received IDr payload - extracting our alleged ID Oct 31 15:24:35.676514: | DER ASN1 DN: Oct 31 15:24:35.676517: | 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Oct 31 15:24:35.676519: | 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Oct 31 15:24:35.676521: | 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Oct 31 15:24:35.676523: | 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Oct 31 15:24:35.676525: | 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Oct 31 15:24:35.676527: | 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Oct 31 15:24:35.676529: | 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Oct 31 15:24:35.676531: | 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Oct 31 15:24:35.676532: | 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Oct 31 15:24:35.676534: | 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Oct 31 15:24:35.676536: | 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Oct 31 15:24:35.676538: | 77 61 6e 2e 6f 72 67 Oct 31 15:24:35.676564: | comparing ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' to certificate derSubject='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' (subjectName='E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA') Oct 31 15:24:35.676580: | ID_DER_ASN1_DN 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' matched our ID 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Oct 31 15:24:35.676583: | X509: CERT and ID matches current connection Oct 31 15:24:35.676586: | CERT_X509_SIGNATURE CR: Oct 31 15:24:35.676589: | de 91 76 61 50 ac 79 0d 0f 60 83 8c a3 c3 15 48 Oct 31 15:24:35.676591: | d1 1f d2 d2 Oct 31 15:24:35.676594: | cert blob content is not binary ASN.1 Oct 31 15:24:35.676597: | refine_host_connection for IKEv2: starting with "northnet-eastnets/0x2" Oct 31 15:24:35.676613: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.676628: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.676632: | refine_host_connection: happy with starting point: "northnet-eastnets/0x2" Oct 31 15:24:35.676655: "northnet-eastnets/0x2" #1: certificate subjectAltName extension does not match ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Oct 31 15:24:35.676664: | the remote specified our ID in its IDr payload Oct 31 15:24:35.676680: | offered CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.676689: "northnet-eastnets/0x2" #1: IKEv2 mode peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Oct 31 15:24:35.676728: | received CERTREQ payload; going to decode it Oct 31 15:24:35.676734: | CERT_X509_SIGNATURE CR: Oct 31 15:24:35.676737: | de 91 76 61 50 ac 79 0d 0f 60 83 8c a3 c3 15 48 Oct 31 15:24:35.676739: | d1 1f d2 d2 Oct 31 15:24:35.676741: | cert blob content is not binary ASN.1 Oct 31 15:24:35.676804: | verifying AUTH payload Oct 31 15:24:35.676811: | looking for ASN.1 blob for method rsasig for hash_algo SHA2_512 Oct 31 15:24:35.676815: | parsing 68 raw bytes of IKEv2 Authentication Payload into ASN.1 blob for hash algo Oct 31 15:24:35.676817: | ASN.1 blob for hash algo Oct 31 15:24:35.676820: | 43 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 34 Oct 31 15:24:35.676822: | a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 Oct 31 15:24:35.676824: | 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 08 Oct 31 15:24:35.676826: | 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 a2 Oct 31 15:24:35.676828: | 03 02 01 40 Oct 31 15:24:35.676855: | required RSA CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.676864: | trying all remote certificates public keys for RSA key that matches ID: C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Oct 31 15:24:35.676876: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.676891: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.676911: | trying 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' issued by CA 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.676921: | NSS RSA: verifying that decrypted signature matches hash: Oct 31 15:24:35.676924: | 8f 73 df 95 43 5b ae 33 29 b6 42 06 5c da 40 d4 Oct 31 15:24:35.676927: | a3 32 7f 0c e8 7c 76 9e 44 b3 72 12 64 f8 54 29 Oct 31 15:24:35.676929: | 30 1e e8 69 35 c8 03 2b a9 33 f6 f0 84 8d 2e 1b Oct 31 15:24:35.676931: | 70 5d d8 1d 6d 41 31 42 b0 db ce 67 43 a3 be 6d Oct 31 15:24:35.677109: | delref pkp@NULL (in try_RSA_signature_v2() at ikev2_rsa.c:170) Oct 31 15:24:35.677116: | addref pk@0x7f97cc005a78(1->2) (in try_RSA_signature_v2() at ikev2_rsa.c:171) Oct 31 15:24:35.677119: | an RSA Sig check passed with *AwEAAcIgy [remote certificates] Oct 31 15:24:35.677126: | #1 spent 0.204 (0.204) milliseconds in try_all_keys() trying a pubkey Oct 31 15:24:35.677133: "northnet-eastnets/0x2" #1: authenticated using RSA with SHA2_512 Oct 31 15:24:35.677141: | #1 spent 0.307 (0.307) milliseconds in ikev2_verify_rsa_hash() Oct 31 15:24:35.677165: | emit hash algo NEGOTIATE_AUTH_HASH_SHA2_512 Oct 31 15:24:35.677191: | get_connection_private_key() using certificate east to find private key for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind RSA Oct 31 15:24:35.677266: | trying secret PKK_RSA:AwEAAeu8z Oct 31 15:24:35.677275: | matched Oct 31 15:24:35.677278: | secrets entry for certificate already exists: east Oct 31 15:24:35.677282: | connection northnet-eastnets/0x2's RSA private key found in NSS DB using cert Oct 31 15:24:35.677289: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:35.677291: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:35.677295: | newref clone logger@0x55c9f9fb6048(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:35.677297: | job 4 for #1: computing responder signature (signature): adding job to queue Oct 31 15:24:35.677300: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:35.677305: | libevent_free: delref ptr-libevent@0x55c9f9fc9588 Oct 31 15:24:35.677308: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55c9f9f93c88 Oct 31 15:24:35.677311: | #1 STATE_PARENT_R1: retransmits: cleared Oct 31 15:24:35.677314: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55c9f9fbff28 Oct 31 15:24:35.677317: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:35.677320: | libevent_malloc: newref ptr-libevent@0x7f97c800cc18 size 128 Oct 31 15:24:35.677331: | delref logger@0x55c9f9fbb9f8(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:35.677335: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.677337: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.677342: | job 4 for #1: computing responder signature (signature): helper 4 starting job Oct 31 15:24:35.677351: | hash to sign Oct 31 15:24:35.677358: | 44 29 7c 95 f6 dc 21 f2 ab 41 7d 2a 22 66 e2 3d Oct 31 15:24:35.677361: | 48 ae 8d 8c 98 ee 9c 79 a4 50 7f 2b 0b a4 47 17 Oct 31 15:24:35.677363: | be a6 c0 b8 20 32 3d f4 b7 96 f7 9a a9 30 48 dc Oct 31 15:24:35.677365: | cb e1 af d5 74 7a 65 c9 ec d2 6c 48 7a 63 2c 69 Oct 31 15:24:35.677368: | RSA_sign_hash: Started using NSS Oct 31 15:24:35.677345: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.686225: | #1 complete_v2_state_transition() PARENT_R1->ESTABLISHED_CHILD_SA with status STF_SUSPEND; .st_v2_transition=PARENT_R0->PARENT_R1 Oct 31 15:24:35.686232: | suspending state #1 and saving MD 0x55c9f9fc1958 Oct 31 15:24:35.686236: | addref md@0x55c9f9fc1958(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:35.686239: | #1 is busy; has suspended MD 0x55c9f9fc1958 Oct 31 15:24:35.686243: | delref mdp@0x55c9f9fc1958(2->1) (in resume_handler() at server.c:743) Oct 31 15:24:35.686252: | #1 spent 0.895 (9.8) milliseconds in resume sending helper answer back to state Oct 31 15:24:35.686264: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:24:35.686269: | libevent_free: delref ptr-libevent@0x7f97cc001868 Oct 31 15:24:35.692149: | RSA_sign_hash: Ended using NSS Oct 31 15:24:35.692177: | "northnet-eastnets/0x2" #1: spent 14.7 (14.8) milliseconds in v2_auth_signature() calling sign_hash() Oct 31 15:24:35.692183: | "northnet-eastnets/0x2" #1: spent 14.7 (14.8) milliseconds in v2_auth_signature() Oct 31 15:24:35.692189: | "northnet-eastnets/0x2" #1: spent 14.7 (14.8) milliseconds in helper 4 processing job 4 for state #1: computing responder signature (signature) Oct 31 15:24:35.692192: | job 4 for #1: computing responder signature (signature): helper thread 4 sending result back to state Oct 31 15:24:35.692196: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:35.692442: | libevent_malloc: newref ptr-libevent@0x7f97c0000da8 size 128 Oct 31 15:24:35.692469: | processing resume sending helper answer back to state for #1 Oct 31 15:24:35.692480: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:24:35.692485: | unsuspending #1 MD 0x55c9f9fc1958 Oct 31 15:24:35.692488: | job 4 for #1: computing responder signature (signature): processing response from helper 4 Oct 31 15:24:35.692491: | job 4 for #1: computing responder signature (signature): calling continuation function 0x55c9f959577f Oct 31 15:24:35.692495: | parent state #1: PARENT_R1(half-open IKE SA) => ESTABLISHED_IKE_SA(established IKE SA) Oct 31 15:24:35.692500: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Oct 31 15:24:35.692503: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:35.692506: | libevent_free: delref ptr-libevent@0x7f97c800cc18 Oct 31 15:24:35.692509: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55c9f9fbff28 Oct 31 15:24:35.692514: | event_schedule: newref EVENT_SA_REKEY-pe@0x55c9f9fbff28 Oct 31 15:24:35.692517: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 Oct 31 15:24:35.692520: | libevent_malloc: newref ptr-libevent@0x7f97cc001868 size 128 Oct 31 15:24:35.692795: | pstats #1 ikev2.ike established Oct 31 15:24:35.692804: | opening output PBS reply packet Oct 31 15:24:35.692808: | **emit ISAKMP Message: Oct 31 15:24:35.692813: | initiator SPI: 34 d5 c0 79 f1 ec a3 66 Oct 31 15:24:35.692817: | responder SPI: e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.692820: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:35.692823: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.692826: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.692829: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:35.692833: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.692837: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:35.692840: | IKEv2 CERT: send a certificate? Oct 31 15:24:35.692843: | IKEv2 CERT: OK to send a certificate (always) Oct 31 15:24:35.692845: | ***emit IKEv2 Encryption Payload: Oct 31 15:24:35.692848: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.692850: | flags: none (0x0) Oct 31 15:24:35.692853: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:24:35.692856: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.692859: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:24:35.692873: | initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Oct 31 15:24:35.692876: | ****emit IKEv2 Identification - Responder - Payload: Oct 31 15:24:35.692879: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.692881: | flags: none (0x0) Oct 31 15:24:35.692884: | ID type: ID_DER_ASN1_DN (0x9) Oct 31 15:24:35.692891: | reserved: 00 00 00 Oct 31 15:24:35.692894: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Oct 31 15:24:35.692896: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.692900: | emitting 183 raw bytes of my identity into IKEv2 Identification - Responder - Payload Oct 31 15:24:35.692902: | my identity: Oct 31 15:24:35.692905: | 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Oct 31 15:24:35.692907: | 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Oct 31 15:24:35.692909: | 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Oct 31 15:24:35.692911: | 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Oct 31 15:24:35.692913: | 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Oct 31 15:24:35.692915: | 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Oct 31 15:24:35.692917: | 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Oct 31 15:24:35.692919: | 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Oct 31 15:24:35.692921: | 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Oct 31 15:24:35.692923: | 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Oct 31 15:24:35.692925: | 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Oct 31 15:24:35.692927: | 77 61 6e 2e 6f 72 67 Oct 31 15:24:35.692929: | emitting length of IKEv2 Identification - Responder - Payload: 191 Oct 31 15:24:35.692932: | added IDr payload to packet Oct 31 15:24:35.692935: | sending [CERT] of certificate: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.692937: | ****emit IKEv2 Certificate Payload: Oct 31 15:24:35.692940: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.692942: | flags: none (0x0) Oct 31 15:24:35.692944: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Oct 31 15:24:35.692947: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) Oct 31 15:24:35.692950: | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.692953: | emitting 1389 raw bytes of CERT into IKEv2 Certificate Payload Oct 31 15:24:35.692956: | CERT: Oct 31 15:24:35.692958: | 30 82 05 69 30 82 04 51 a0 03 02 01 02 02 01 03 Oct 31 15:24:35.692960: | 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 Oct 31 15:24:35.692962: | 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 Oct 31 15:24:35.692964: | 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 Oct 31 15:24:35.692967: | 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f Oct 31 15:24:35.692969: | 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 Oct 31 15:24:35.692971: | 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b Oct 31 15:24:35.692973: | 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e Oct 31 15:24:35.692975: | 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 Oct 31 15:24:35.692977: | 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f Oct 31 15:24:35.692980: | 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 Oct 31 15:24:35.692982: | 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 Oct 31 15:24:35.692984: | 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 Oct 31 15:24:35.692986: | 18 0f 32 30 32 30 31 30 32 32 31 37 33 37 30 38 Oct 31 15:24:35.692989: | 5a 18 0f 32 30 32 33 31 30 32 32 31 37 33 37 30 Oct 31 15:24:35.692991: | 38 5a 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 Oct 31 15:24:35.692993: | 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 Oct 31 15:24:35.692995: | 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 Oct 31 15:24:35.692997: | 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c Oct 31 15:24:35.692999: | 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 Oct 31 15:24:35.693003: | 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 Oct 31 15:24:35.693005: | 6d 65 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 Oct 31 15:24:35.693007: | 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 Oct 31 15:24:35.693009: | 65 73 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a Oct 31 15:24:35.693011: | 86 48 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 Oct 31 15:24:35.693013: | 61 73 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Oct 31 15:24:35.693016: | 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 0d 06 Oct 31 15:24:35.693018: | 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 8f Oct 31 15:24:35.693020: | 00 30 82 01 8a 02 82 01 81 00 eb bc ce ff 0a 47 Oct 31 15:24:35.693022: | 60 9e bc 18 46 34 c6 58 c1 df 93 27 35 c9 86 c1 Oct 31 15:24:35.693024: | 72 52 01 36 2b 3b 20 98 ac 04 0e cf da 16 a2 99 Oct 31 15:24:35.693026: | eb c1 15 ca 19 56 08 90 b3 60 24 c6 e6 cd 4c 3b Oct 31 15:24:35.693029: | 88 d2 36 0c 38 95 de bc da 2c 95 d7 4b 37 eb f8 Oct 31 15:24:35.693031: | 80 6f a0 54 62 31 b5 3c 7d 7b e5 25 1d 59 76 2c Oct 31 15:24:35.693033: | 62 40 76 48 74 44 d0 d8 35 4d 22 9b 54 d7 fb 4e Oct 31 15:24:35.693035: | a3 5a 0c 8e 1b f6 6d 70 5d 34 33 f1 22 38 38 21 Oct 31 15:24:35.693037: | 21 9f 82 0e 7f 6d 3f 86 b0 0c ad 9f c0 a9 0f 54 Oct 31 15:24:35.693039: | e7 53 95 80 b7 ae 48 f8 1a 23 7f de e4 e2 60 4a Oct 31 15:24:35.693042: | b1 d9 0b 02 11 a5 06 6c 9b ac b3 f1 88 c3 52 33 Oct 31 15:24:35.693044: | 76 d6 4a dc 64 81 ec 2c 37 d6 f2 04 db e4 75 3e Oct 31 15:24:35.693046: | 04 2c 95 a7 d2 0b 83 82 38 5a f4 95 39 14 a4 92 Oct 31 15:24:35.693048: | de f8 ac 93 07 e0 37 14 97 16 c6 76 ac f1 7f dd Oct 31 15:24:35.693050: | c0 b4 d4 f5 7d 50 59 78 78 fa 1c 7c 1d 43 ed 2c Oct 31 15:24:35.693053: | 32 27 62 b9 77 51 73 7b e8 cf d8 6b 4e 1e 8c 37 Oct 31 15:24:35.693055: | 85 98 30 24 bc 5d 85 7b 10 fe 7a f1 e0 b8 56 a7 Oct 31 15:24:35.693057: | fb 4a 9c 02 ca 9c 80 1b e9 bf 71 1b c8 c3 2c a1 Oct 31 15:24:35.693059: | 80 ec a9 72 4f b9 b0 af 2b c6 66 26 8a 85 ce 67 Oct 31 15:24:35.693061: | df a1 38 66 de a1 54 14 0e ef 2e fe f9 b8 6c 18 Oct 31 15:24:35.693063: | cb fe f8 15 c8 10 36 bf bf 86 a3 f8 2b 6a 03 3f Oct 31 15:24:35.693066: | f8 2d fa f4 e9 eb 09 5b 84 e3 76 7c c9 9c ec 30 Oct 31 15:24:35.693068: | 05 34 de 55 3e fd 59 4e 77 0d d9 ad 01 2f e3 b5 Oct 31 15:24:35.693070: | 63 6f b7 5d e6 99 d8 af 7c 3b ea 53 8b eb 19 4f Oct 31 15:24:35.693072: | b9 7f 23 ce a1 6c 7b 6f 34 8f 02 03 01 00 01 a3 Oct 31 15:24:35.693075: | 82 01 06 30 82 01 02 30 09 06 03 55 1d 13 04 02 Oct 31 15:24:35.693077: | 30 00 30 47 06 03 55 1d 11 04 40 30 3e 82 1a 65 Oct 31 15:24:35.693079: | 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 Oct 31 15:24:35.693081: | 65 73 77 61 6e 2e 6f 72 67 81 1a 65 61 73 74 40 Oct 31 15:24:35.693083: | 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Oct 31 15:24:35.693085: | 6e 2e 6f 72 67 87 04 c0 01 02 17 30 0b 06 03 55 Oct 31 15:24:35.693088: | 1d 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 Oct 31 15:24:35.693090: | 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b Oct 31 15:24:35.693092: | 06 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 Oct 31 15:24:35.693094: | 07 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 Oct 31 15:24:35.693096: | 07 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e Oct 31 15:24:35.693099: | 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Oct 31 15:24:35.693101: | 6e 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d Oct 31 15:24:35.693103: | 1f 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 Oct 31 15:24:35.693105: | 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e Oct 31 15:24:35.693107: | 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 Oct 31 15:24:35.693109: | 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 Oct 31 15:24:35.693112: | 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 ad 23 06 Oct 31 15:24:35.693114: | cc a8 df 90 99 31 6c 1d 00 8c e5 bd cb 27 96 e3 Oct 31 15:24:35.693120: | 4d 46 ba 35 6a b2 cc e4 70 06 97 a6 fb b9 40 08 Oct 31 15:24:35.693122: | 7a e0 c6 52 ff a2 59 b6 10 ef b0 79 71 9b ed e2 Oct 31 15:24:35.693124: | 65 ec 33 4d cb 79 bd de ec 5e a8 e0 d6 b7 93 e5 Oct 31 15:24:35.693125: | 06 27 5b 8a bd bb 77 03 af 06 93 bc 58 d5 02 43 Oct 31 15:24:35.693127: | 60 ed b8 3f 53 06 63 17 0b 89 a1 58 b7 97 07 53 Oct 31 15:24:35.693129: | a4 ba f5 ca ca 77 26 b2 64 f8 b6 08 cb fd 80 7a Oct 31 15:24:35.693131: | 3d 40 15 ea 71 87 b6 ad 57 7a 3f ee 77 22 65 ca Oct 31 15:24:35.693133: | 42 6a 3a 4f 7f 09 d1 6a 3a f4 96 ff 60 54 99 34 Oct 31 15:24:35.693135: | 80 98 82 bb c6 ad c4 6d fd a4 ba c6 ee eb 77 74 Oct 31 15:24:35.693137: | e0 71 4d 7f 87 7b d1 97 9f 66 af e6 96 82 dc e8 Oct 31 15:24:35.693140: | d5 19 f2 1b e8 84 ee ff 5b 0c c6 bb 09 cd 7d a4 Oct 31 15:24:35.693142: | 68 9c 14 80 1d 81 2c d1 f7 ba 90 03 a8 c0 9e c4 Oct 31 15:24:35.693144: | 4c 5b d8 c4 4e db 8e 42 00 20 87 6b 6e 8a 2f 7f Oct 31 15:24:35.693146: | 4e 33 07 96 48 c5 32 0d b3 8a 16 3f ce c1 18 09 Oct 31 15:24:35.693148: | 33 28 10 27 1f b9 4a 93 0c 33 f4 e9 74 Oct 31 15:24:35.693151: | emitting length of IKEv2 Certificate Payload: 1394 Oct 31 15:24:35.693154: | CHILD SA proposals received Oct 31 15:24:35.693156: | going to assemble AUTH payload Oct 31 15:24:35.693159: | ****emit IKEv2 Authentication Payload: Oct 31 15:24:35.693162: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.693164: | flags: none (0x0) Oct 31 15:24:35.693167: | auth method: IKEv2_AUTH_DIGSIG (0xe) Oct 31 15:24:35.693170: | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Oct 31 15:24:35.693173: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.693175: | emit hash algo NEGOTIATE_AUTH_HASH_SHA2_512 Oct 31 15:24:35.693179: | emitting 68 raw bytes of OID of ASN.1 Algorithm Identifier into IKEv2 Authentication Payload Oct 31 15:24:35.693181: | OID of ASN.1 Algorithm Identifier: Oct 31 15:24:35.693183: | 43 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 34 Oct 31 15:24:35.693186: | a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 Oct 31 15:24:35.693188: | 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 08 Oct 31 15:24:35.693190: | 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 a2 Oct 31 15:24:35.693192: | 03 02 01 40 Oct 31 15:24:35.693195: | emitting 384 raw bytes of signature into IKEv2 Authentication Payload Oct 31 15:24:35.693197: | signature: Oct 31 15:24:35.693208: | 7a 5f 54 d2 20 fa 03 d5 41 30 e9 37 6c 60 8b 6d Oct 31 15:24:35.693210: | c7 1b 6e 3e 2c 9f 46 d0 f4 f7 b0 cd 48 12 a8 12 Oct 31 15:24:35.693213: | ce 59 ad d8 e2 0f ee 81 c8 d2 eb 08 6b f3 26 2d Oct 31 15:24:35.693215: | 37 8f 9e 78 15 8a 9e 88 f9 01 8b bb 70 14 18 bf Oct 31 15:24:35.693217: | e0 c4 68 88 8b e2 7b 9c 6f fa 5a 51 c7 e7 1e 14 Oct 31 15:24:35.693219: | f4 68 4e 4c 13 45 77 ca e4 2a 61 81 a5 6b 7c ed Oct 31 15:24:35.693221: | 63 5e 92 63 f9 81 e0 95 48 67 af 61 d6 0e 97 48 Oct 31 15:24:35.693224: | 00 49 a7 27 10 87 2a 40 68 a8 81 e4 b8 6f 66 19 Oct 31 15:24:35.693226: | eb 73 0a 6b 40 80 d4 4e 4f 9b 41 5f 2b 8c aa ea Oct 31 15:24:35.693228: | 23 e8 0b c7 f8 99 f2 ce a1 13 fb 75 0e a7 55 8e Oct 31 15:24:35.693230: | aa e1 3f dd f9 99 d5 f8 a9 8c db c9 23 7f f8 0e Oct 31 15:24:35.693232: | 5f 09 ae 46 eb 8c f1 c6 18 00 9c c7 ff ea 13 84 Oct 31 15:24:35.693234: | 12 d3 44 5a cd 0e e6 51 e0 a6 d0 fe ac a9 52 cd Oct 31 15:24:35.693236: | 77 15 4d 1e 27 45 c1 8c 35 32 3b fb a6 1c 13 bf Oct 31 15:24:35.693238: | da dd db d6 19 7d 69 7d 65 e6 e0 c4 e8 1b 60 69 Oct 31 15:24:35.693240: | f3 97 c9 4f 57 75 a0 90 e6 c5 f4 91 f4 d6 47 31 Oct 31 15:24:35.693243: | cb ce 91 02 33 98 09 5b 66 64 9b bd 9a f9 5b 8a Oct 31 15:24:35.693245: | 75 97 90 b3 98 9c 72 dd 23 53 a1 93 e5 74 3e e4 Oct 31 15:24:35.693248: | b0 b3 ab 79 1b 39 41 95 c0 c0 33 2a 1a 3b 51 ed Oct 31 15:24:35.693251: | 78 30 29 c8 3c 9a 7d 8d d5 bc f4 e7 f8 4f f0 ff Oct 31 15:24:35.693253: | 25 71 2d 87 ab b7 bb 46 ec 52 46 55 c5 39 e2 27 Oct 31 15:24:35.693255: | 25 69 37 0b 30 8d c5 a6 04 c8 cf 7a 64 b9 30 77 Oct 31 15:24:35.693257: | c7 44 7b 39 a7 c5 7e 95 64 0a f7 56 aa d0 13 b8 Oct 31 15:24:35.693259: | da ae 0e 9a 07 f6 8f b9 03 fb 5d cb c0 55 b5 fc Oct 31 15:24:35.693262: | emitting length of IKEv2 Authentication Payload: 460 Oct 31 15:24:35.693268: | newref alloc logger@0x55c9f9fbb9f8(0->1) (in new_state() at state.c:576) Oct 31 15:24:35.693271: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:24:35.693274: | creating state object #2 at 0x55c9f9fd9948 Oct 31 15:24:35.693277: | State DB: adding IKEv2 state #2 in UNDEFINED Oct 31 15:24:35.693286: | pstats #2 ikev2.child started Oct 31 15:24:35.693289: | duplicating state object #1 "northnet-eastnets/0x2" as #2 for IPSEC SA Oct 31 15:24:35.693296: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1581) Oct 31 15:24:35.693307: | Message ID: CHILD #1.#2 initializing (CHILD SA): ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744550.073774 child.wip.initiator=0->-1 child.wip.responder=0->-1 Oct 31 15:24:35.693311: | child state #2: UNDEFINED(ignore) => V2_IKE_AUTH_CHILD_R0(ignore) Oct 31 15:24:35.693315: | #2.st_v2_transition NULL -> NULL (in new_v2_child_state() at state.c:1666) Oct 31 15:24:35.693322: | Message ID: IKE #1 switching from IKE SA responder message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744550.073774 ike.wip.initiator=-1 ike.wip.responder=1->-1 Oct 31 15:24:35.693329: | Message ID: CHILD #1.#2 switching to CHILD SA responder message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744550.073774 child.wip.initiator=-1 child.wip.responder=-1->1 Oct 31 15:24:35.693333: | switching IKEv2 MD.ST from IKE #1 ESTABLISHED_IKE_SA to CHILD #2 V2_IKE_AUTH_CHILD_R0 (in ike_auth_child_responder() at ikev2_parent.c:3282) Oct 31 15:24:35.693336: | Child SA TS Request has child->sa == md->st; so using child connection Oct 31 15:24:35.693339: | TSi: parsing 1 traffic selectors Oct 31 15:24:35.693343: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:35.693346: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:35.693349: | IP Protocol ID: ALL (0x0) Oct 31 15:24:35.693353: | length: 16 (00 10) Oct 31 15:24:35.693356: | start port: 0 (00 00) Oct 31 15:24:35.693359: | end port: 65535 (ff ff) Oct 31 15:24:35.693362: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:35.693364: | TS low Oct 31 15:24:35.693366: | c0 00 03 00 Oct 31 15:24:35.693369: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:35.693371: | TS high Oct 31 15:24:35.693373: | c0 00 03 ff Oct 31 15:24:35.693375: | TSi: parsed 1 traffic selectors Oct 31 15:24:35.693378: | TSr: parsing 1 traffic selectors Oct 31 15:24:35.693380: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:35.693383: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:35.693385: | IP Protocol ID: ALL (0x0) Oct 31 15:24:35.693388: | length: 16 (00 10) Oct 31 15:24:35.693391: | start port: 0 (00 00) Oct 31 15:24:35.693394: | end port: 65535 (ff ff) Oct 31 15:24:35.693397: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:35.693398: | TS low Oct 31 15:24:35.693401: | c0 00 02 00 Oct 31 15:24:35.693403: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:35.693405: | TS high Oct 31 15:24:35.693407: | c0 00 02 ff Oct 31 15:24:35.693410: | TSr: parsed 1 traffic selectors Oct 31 15:24:35.693412: | looking for best SPD in current connection Oct 31 15:24:35.693420: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0:0/0 R=192.0.22.0/24:0:0/0 to their: Oct 31 15:24:35.693426: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:35.693434: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Oct 31 15:24:35.693438: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:24:35.693440: | TSi[0] port match: YES fitness 65536 Oct 31 15:24:35.693443: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:24:35.693447: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:35.693451: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:35.693458: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: NO Oct 31 15:24:35.693460: | looking for better host pair Oct 31 15:24:35.693466: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Oct 31 15:24:35.693472: | checking hostpair 192.0.22.0/24:0 -> 192.0.3.0/24:0 is found Oct 31 15:24:35.693474: | investigating connection "northnet-eastnets/0x2" as a better match Oct 31 15:24:35.693487: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Oct 31 15:24:35.693495: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Oct 31 15:24:35.693497: | results matched Oct 31 15:24:35.693510: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.693522: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.693528: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0:0/0 R=192.0.22.0/24:0:0/0 to their: Oct 31 15:24:35.693533: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:35.693540: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Oct 31 15:24:35.693543: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:24:35.693545: | TSi[0] port match: YES fitness 65536 Oct 31 15:24:35.693548: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:24:35.693551: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:35.693556: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:35.693562: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: NO Oct 31 15:24:35.693565: | investigating connection "northnet-eastnets/0x1" as a better match Oct 31 15:24:35.693574: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Oct 31 15:24:35.693582: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Oct 31 15:24:35.693584: | results matched Oct 31 15:24:35.693596: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.693608: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.693614: | evaluating our conn="northnet-eastnets/0x1" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Oct 31 15:24:35.693618: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:35.693625: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Oct 31 15:24:35.693628: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:24:35.693631: | TSi[0] port match: YES fitness 65536 Oct 31 15:24:35.693634: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:24:35.693637: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:35.693642: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:35.693648: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Oct 31 15:24:35.693650: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Oct 31 15:24:35.693652: | TSr[0] port match: YES fitness 65536 Oct 31 15:24:35.693654: | narrow protocol end=*0 == TSr[0]=*0: 0 Oct 31 15:24:35.693657: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:35.693659: | best fit so far: TSi[0] TSr[0] Oct 31 15:24:35.693662: | protocol fitness found better match d northnet-eastnets/0x1, TSi[0],TSr[0] Oct 31 15:24:35.693667: | in connection_discard for connection northnet-eastnets/0x2 Oct 31 15:24:35.693670: | printing contents struct traffic_selector Oct 31 15:24:35.693673: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:35.693675: | ipprotoid: 0 Oct 31 15:24:35.693677: | port range: 0-65535 Oct 31 15:24:35.693681: | ip range: 192.0.2.0-192.0.2.255 Oct 31 15:24:35.693684: | printing contents struct traffic_selector Oct 31 15:24:35.693686: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:35.693688: | ipprotoid: 0 Oct 31 15:24:35.693691: | port range: 0-65535 Oct 31 15:24:35.693695: | ip range: 192.0.3.0-192.0.3.255 Oct 31 15:24:35.693699: | constructing ESP/AH proposals with all DH removed for northnet-eastnets/0x1 (IKE_AUTH responder matching remote ESP/AH proposals) Oct 31 15:24:35.693706: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Oct 31 15:24:35.693713: | ... ikev2_proposal: 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED Oct 31 15:24:35.693716: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Oct 31 15:24:35.693720: | ... ikev2_proposal: 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED Oct 31 15:24:35.693724: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:24:35.693728: | ... ikev2_proposal: 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:35.693731: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:24:35.693735: | ... ikev2_proposal: 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:35.693739: "northnet-eastnets/0x1": local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): Oct 31 15:24:35.693744: "northnet-eastnets/0x1": 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED Oct 31 15:24:35.693748: "northnet-eastnets/0x1": 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED Oct 31 15:24:35.693752: "northnet-eastnets/0x1": 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:35.693756: "northnet-eastnets/0x1": 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:35.693759: | comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals Oct 31 15:24:35.693763: | local proposal 1 type ENCR has 1 transforms Oct 31 15:24:35.693766: | local proposal 1 type PRF has 0 transforms Oct 31 15:24:35.693768: | local proposal 1 type INTEG has 1 transforms Oct 31 15:24:35.693771: | local proposal 1 type DH has 1 transforms Oct 31 15:24:35.693773: | local proposal 1 type ESN has 1 transforms Oct 31 15:24:35.693777: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Oct 31 15:24:35.693779: | local proposal 2 type ENCR has 1 transforms Oct 31 15:24:35.693782: | local proposal 2 type PRF has 0 transforms Oct 31 15:24:35.693784: | local proposal 2 type INTEG has 1 transforms Oct 31 15:24:35.693786: | local proposal 2 type DH has 1 transforms Oct 31 15:24:35.693789: | local proposal 2 type ESN has 1 transforms Oct 31 15:24:35.693792: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Oct 31 15:24:35.693796: | local proposal 3 type ENCR has 1 transforms Oct 31 15:24:35.693799: | local proposal 3 type PRF has 0 transforms Oct 31 15:24:35.693801: | local proposal 3 type INTEG has 2 transforms Oct 31 15:24:35.693803: | local proposal 3 type DH has 1 transforms Oct 31 15:24:35.693806: | local proposal 3 type ESN has 1 transforms Oct 31 15:24:35.693809: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Oct 31 15:24:35.693811: | local proposal 4 type ENCR has 1 transforms Oct 31 15:24:35.693814: | local proposal 4 type PRF has 0 transforms Oct 31 15:24:35.693816: | local proposal 4 type INTEG has 2 transforms Oct 31 15:24:35.693819: | local proposal 4 type DH has 1 transforms Oct 31 15:24:35.693821: | local proposal 4 type ESN has 1 transforms Oct 31 15:24:35.693824: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Oct 31 15:24:35.693828: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.693831: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.693834: | length: 32 (00 20) Oct 31 15:24:35.693837: | prop #: 1 (01) Oct 31 15:24:35.693840: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.693842: | spi size: 4 (04) Oct 31 15:24:35.693845: | # transforms: 2 (02) Oct 31 15:24:35.693849: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:35.693851: | remote SPI Oct 31 15:24:35.693853: | b0 82 2f 84 Oct 31 15:24:35.693856: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals Oct 31 15:24:35.693860: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.693863: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.693866: | length: 12 (00 0c) Oct 31 15:24:35.693868: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.693871: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:35.693874: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.693877: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.693880: | length/value: 256 (01 00) Oct 31 15:24:35.693885: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:24:35.693888: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.693890: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.693893: | length: 8 (00 08) Oct 31 15:24:35.693896: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.693898: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.693902: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Oct 31 15:24:35.693905: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Oct 31 15:24:35.693908: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Oct 31 15:24:35.693911: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Oct 31 15:24:35.693914: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Oct 31 15:24:35.693919: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Oct 31 15:24:35.693922: | remote proposal 1 matches local proposal 1 Oct 31 15:24:35.693925: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.693928: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.693931: | length: 32 (00 20) Oct 31 15:24:35.693933: | prop #: 2 (02) Oct 31 15:24:35.693936: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.693939: | spi size: 4 (04) Oct 31 15:24:35.693941: | # transforms: 2 (02) Oct 31 15:24:35.693944: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:35.693947: | remote SPI Oct 31 15:24:35.693949: | b0 82 2f 84 Oct 31 15:24:35.693952: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:35.693956: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.693958: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.693961: | length: 12 (00 0c) Oct 31 15:24:35.693964: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.693966: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:35.693969: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.693971: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.693974: | length/value: 128 (00 80) Oct 31 15:24:35.693978: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.693980: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.693983: | length: 8 (00 08) Oct 31 15:24:35.693985: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.693988: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.693991: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN Oct 31 15:24:35.693994: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN Oct 31 15:24:35.693997: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.694000: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.694002: | length: 48 (00 30) Oct 31 15:24:35.694005: | prop #: 3 (03) Oct 31 15:24:35.694007: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.694010: | spi size: 4 (04) Oct 31 15:24:35.694013: | # transforms: 4 (04) Oct 31 15:24:35.694016: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:35.694019: | remote SPI Oct 31 15:24:35.694021: | b0 82 2f 84 Oct 31 15:24:35.694023: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:35.694026: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.694028: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.694032: | length: 12 (00 0c) Oct 31 15:24:35.694034: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.694036: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:35.694039: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.694042: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.694045: | length/value: 256 (01 00) Oct 31 15:24:35.694048: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.694050: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.694053: | length: 8 (00 08) Oct 31 15:24:35.694056: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.694058: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:35.694061: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.694063: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.694066: | length: 8 (00 08) Oct 31 15:24:35.694069: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.694071: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:35.694074: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.694076: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.694080: | length: 8 (00 08) Oct 31 15:24:35.694082: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.694084: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.694089: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Oct 31 15:24:35.694091: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN Oct 31 15:24:35.694094: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.694097: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:35.694100: | length: 48 (00 30) Oct 31 15:24:35.694103: | prop #: 4 (04) Oct 31 15:24:35.694105: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.694108: | spi size: 4 (04) Oct 31 15:24:35.694110: | # transforms: 4 (04) Oct 31 15:24:35.694113: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:35.694117: | remote SPI Oct 31 15:24:35.694119: | b0 82 2f 84 Oct 31 15:24:35.694121: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:35.694124: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.694126: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.694129: | length: 12 (00 0c) Oct 31 15:24:35.694132: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.694135: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:35.694137: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.694140: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.694143: | length/value: 128 (00 80) Oct 31 15:24:35.694146: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.694148: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.694152: | length: 8 (00 08) Oct 31 15:24:35.694154: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.694157: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:35.694160: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.694162: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.694165: | length: 8 (00 08) Oct 31 15:24:35.694167: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.694170: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:35.694173: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.694175: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.694178: | length: 8 (00 08) Oct 31 15:24:35.694180: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.694183: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.694187: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Oct 31 15:24:35.694190: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN Oct 31 15:24:35.694196: "northnet-eastnets/0x1" #2: proposal 1:ESP=AES_GCM_C_256-DISABLED SPI=b0822f84 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Oct 31 15:24:35.694211: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP=AES_GCM_C_256-DISABLED SPI=b0822f84 Oct 31 15:24:35.694214: | converting proposal to internal trans attrs Oct 31 15:24:35.694242: | netlink_get_spi: allocated 0xc3177887 for esp.0@192.1.2.23 Oct 31 15:24:35.694246: | emitting ikev2_proposal ... Oct 31 15:24:35.694249: | ****emit IKEv2 Security Association Payload: Oct 31 15:24:35.694251: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.694254: | flags: none (0x0) Oct 31 15:24:35.694257: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:35.694259: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.694264: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.694266: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:35.694269: | prop #: 1 (01) Oct 31 15:24:35.694272: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.694274: | spi size: 4 (04) Oct 31 15:24:35.694277: | # transforms: 2 (02) Oct 31 15:24:35.694280: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:35.694284: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:35.694287: | our spi: c3 17 78 87 Oct 31 15:24:35.694290: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.694293: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.694295: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.694298: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:35.694302: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.694305: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.694307: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.694311: | length/value: 256 (01 00) Oct 31 15:24:35.694314: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:35.694317: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.694319: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.694322: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.694324: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.694327: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.694329: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.694332: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.694335: | emitting length of IKEv2 Proposal Substructure Payload: 32 Oct 31 15:24:35.694337: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:35.694339: | emitting length of IKEv2 Security Association Payload: 36 Oct 31 15:24:35.694342: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:35.694345: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:35.694348: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.694350: | flags: none (0x0) Oct 31 15:24:35.694353: | number of TS: 1 (01) Oct 31 15:24:35.694356: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Oct 31 15:24:35.694358: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.694361: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:35.694364: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:35.694366: | IP Protocol ID: ALL (0x0) Oct 31 15:24:35.694369: | start port: 0 (00 00) Oct 31 15:24:35.694372: | end port: 65535 (ff ff) Oct 31 15:24:35.694376: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:35.694379: | IP start: c0 00 03 00 Oct 31 15:24:35.694382: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:35.694385: | IP end: c0 00 03 ff Oct 31 15:24:35.694387: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:35.694390: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Oct 31 15:24:35.694392: | ****emit IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:35.694395: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.694397: | flags: none (0x0) Oct 31 15:24:35.694400: | number of TS: 1 (01) Oct 31 15:24:35.694403: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Oct 31 15:24:35.694406: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.694408: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:35.694410: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:35.694413: | IP Protocol ID: ALL (0x0) Oct 31 15:24:35.694416: | start port: 0 (00 00) Oct 31 15:24:35.694419: | end port: 65535 (ff ff) Oct 31 15:24:35.694422: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:35.694425: | IP start: c0 00 02 00 Oct 31 15:24:35.694428: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:35.694433: | IP end: c0 00 02 ff Oct 31 15:24:35.694435: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:35.694437: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Oct 31 15:24:35.694440: | initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Oct 31 15:24:35.694444: | integ=NONE: .key_size=0 encrypt=AES_GCM_16: .key_size=32 .salt_size=4 keymat_len=36 Oct 31 15:24:35.694529: | FOR_EACH_CONNECTION_... in IKE_SA_established Oct 31 15:24:35.694534: | install_ipsec_sa() for #2: inbound and outbound Oct 31 15:24:35.694538: | could_route called for northnet-eastnets/0x1; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500 Oct 31 15:24:35.694540: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:35.694544: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:24:35.694546: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:24:35.694549: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:24:35.694551: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:35.694555: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Oct 31 15:24:35.694559: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Oct 31 15:24:35.694562: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Oct 31 15:24:35.694565: | AES_GCM_16 requires 4 salt bytes Oct 31 15:24:35.694567: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Oct 31 15:24:35.694571: | setting IPsec SA replay-window to 32 Oct 31 15:24:35.694575: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Oct 31 15:24:35.694578: | netlink: enabling tunnel mode Oct 31 15:24:35.694580: | XFRM: adding IPsec SA with reqid 16389 Oct 31 15:24:35.694583: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:35.694586: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:35.694823: | netlink response for Add SA esp.b0822f84@192.1.3.33 included non-error error Oct 31 15:24:35.694831: | setup_half_ipsec_sa() is installing inbound eroute? inbound=0 owner=#0 mode=1 Oct 31 15:24:35.694834: | set up outgoing SA, ref=0/0 Oct 31 15:24:35.694837: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Oct 31 15:24:35.694841: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Oct 31 15:24:35.694843: | AES_GCM_16 requires 4 salt bytes Oct 31 15:24:35.694846: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Oct 31 15:24:35.694850: | setting IPsec SA replay-window to 32 Oct 31 15:24:35.694853: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Oct 31 15:24:35.694857: | netlink: enabling tunnel mode Oct 31 15:24:35.694859: | XFRM: adding IPsec SA with reqid 16389 Oct 31 15:24:35.694862: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:35.694864: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:35.695004: | netlink response for Add SA esp.c3177887@192.1.2.23 included non-error error Oct 31 15:24:35.695011: | setup_half_ipsec_sa() is installing inbound eroute? inbound=1 owner=#0 mode=1 Oct 31 15:24:35.695013: | setup_half_ipsec_sa() is installing inbound eroute Oct 31 15:24:35.695016: | setup_half_ipsec_sa() before proto 50 Oct 31 15:24:35.695018: | setup_half_ipsec_sa() after proto 50 Oct 31 15:24:35.695021: | setup_half_ipsec_sa() calling raw_eroute backwards (i.e., inbound) Oct 31 15:24:35.695024: | priority calculation of connection "northnet-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:24:35.695033: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 using reqid 16389 (raw_eroute) proto=50 Oct 31 15:24:35.695037: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:35.695066: | raw_eroute result=success Oct 31 15:24:35.695070: | set up incoming SA, ref=0/0 Oct 31 15:24:35.695073: | sr for #2: unrouted Oct 31 15:24:35.695078: | route_and_eroute() for proto 0, and source port 0 dest port 0 Oct 31 15:24:35.695080: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:35.695084: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:24:35.695087: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:24:35.695089: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:24:35.695092: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:35.695096: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Oct 31 15:24:35.695099: | route_and_eroute with c: northnet-eastnets/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Oct 31 15:24:35.695102: | priority calculation of connection "northnet-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:24:35.695111: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33 using reqid 16389 (raw_eroute) proto=50 Oct 31 15:24:35.695114: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:35.695138: | raw_eroute result=success Oct 31 15:24:35.695142: | running updown command "ipsec _updown" for verb up Oct 31 15:24:35.695145: | command executing up-client Oct 31 15:24:35.695150: | get_sa_info esp.b0822f84@192.1.3.33 Oct 31 15:24:35.695160: | get_sa_info esp.c3177887@192.1.2.23 Oct 31 15:24:35.695220: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.695236: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.695261: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='... Oct 31 15:24:35.695265: | popen cmd is 1502 chars long Oct 31 15:24:35.695268: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Oct 31 15:24:35.695270: | cmd( 80):x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUT: Oct 31 15:24:35.695273: | cmd( 160):O_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=: Oct 31 15:24:35.695275: | cmd( 240):Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-: Oct 31 15:24:35.695277: | cmd( 320):east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET=': Oct 31 15:24:35.695279: | cmd( 400):192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTO: Oct 31 15:24:35.695282: | cmd( 480):COL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO: Oct 31 15:24:35.695284: | cmd( 560):_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north: Oct 31 15:24:35.695286: | cmd( 640):.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='1: Oct 31 15:24:35.695288: | cmd( 720):92.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.2: Oct 31 15:24:35.695290: | cmd( 800):55.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontari: Oct 31 15:24:35.695296: | cmd( 880):o, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, : Oct 31 15:24:35.695299: | cmd( 960):E=testing@libreswan.org' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157875' PLUTO_CON: Oct 31 15:24:35.695301: | cmd(1040):N_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSAS: Oct 31 15:24:35.695303: | cmd(1120):IG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILE: Oct 31 15:24:35.695305: | cmd(1200):D=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLU: Oct 31 15:24:35.695308: | cmd(1280):TO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED=: Oct 31 15:24:35.695310: | cmd(1360):'0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARE: Oct 31 15:24:35.695312: | cmd(1440):D='no' SPI_IN=0xb0822f84 SPI_OUT=0xc3177887 ipsec _updown 2>&1: Oct 31 15:24:35.695355: | helper thread 4 has nothing to do Oct 31 15:24:35.706498: | route_and_eroute: firewall_notified: true Oct 31 15:24:35.706527: | running updown command "ipsec _updown" for verb prepare Oct 31 15:24:35.706531: | command executing prepare-client Oct 31 15:24:35.706538: | get_sa_info esp.b0822f84@192.1.3.33 Oct 31 15:24:35.706561: | get_sa_info esp.c3177887@192.1.2.23 Oct 31 15:24:35.706620: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.706634: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.706662: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLU... Oct 31 15:24:35.706666: | popen cmd is 1507 chars long Oct 31 15:24:35.706669: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Oct 31 15:24:35.706672: | cmd( 80):ets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='': Oct 31 15:24:35.706674: | cmd( 160): PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontari: Oct 31 15:24:35.706677: | cmd( 240):o, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=: Oct 31 15:24:35.707550: | cmd( 320):user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_: Oct 31 15:24:35.707565: | cmd( 400):NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_: Oct 31 15:24:35.707568: | cmd( 480):PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' : Oct 31 15:24:35.707570: | cmd( 560):PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=: Oct 31 15:24:35.707572: | cmd( 640):north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIE: Oct 31 15:24:35.707574: | cmd( 720):NT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.: Oct 31 15:24:35.707577: | cmd( 800):255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=O: Oct 31 15:24:35.707583: | cmd( 880):ntario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mai: Oct 31 15:24:35.707585: | cmd( 960):nca, E=testing@libreswan.org' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157875' PLUT: Oct 31 15:24:35.707588: | cmd(1040):O_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO: Oct 31 15:24:35.707590: | cmd(1120):+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_: Oct 31 15:24:35.707592: | cmd(1200):FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO=': Oct 31 15:24:35.707594: | cmd(1280):' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIG: Oct 31 15:24:35.707596: | cmd(1360):URED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IFACE='' VTI_ROUTING='no' VTI_: Oct 31 15:24:35.707599: | cmd(1440):SHARED='no' SPI_IN=0xb0822f84 SPI_OUT=0xc3177887 ipsec _updown 2>&1: Oct 31 15:24:35.722217: | running updown command "ipsec _updown" for verb route Oct 31 15:24:35.722237: | command executing route-client Oct 31 15:24:35.722245: | get_sa_info esp.b0822f84@192.1.3.33 Oct 31 15:24:35.722266: | get_sa_info esp.c3177887@192.1.2.23 Oct 31 15:24:35.722327: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.722341: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.722422: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_S... Oct 31 15:24:35.722429: | popen cmd is 1505 chars long Oct 31 15:24:35.722432: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Oct 31 15:24:35.722435: | cmd( 80):s/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' P: Oct 31 15:24:35.722438: | cmd( 160):LUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario,: Oct 31 15:24:35.722451: | cmd( 240): L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=us: Oct 31 15:24:35.722453: | cmd( 320):er-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NE: Oct 31 15:24:35.722456: | cmd( 400):T='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Oct 31 15:24:35.722458: | cmd( 480):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PL: Oct 31 15:24:35.722461: | cmd( 560):UTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=no: Oct 31 15:24:35.722463: | cmd( 640):rth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT: Oct 31 15:24:35.722466: | cmd( 720):='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.25: Oct 31 15:24:35.722468: | cmd( 800):5.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ont: Oct 31 15:24:35.722471: | cmd( 880):ario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainc: Oct 31 15:24:35.722474: | cmd( 960):a, E=testing@libreswan.org' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157875' PLUTO_: Oct 31 15:24:35.722484: | cmd(1040):CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+R: Oct 31 15:24:35.722487: | cmd(1120):SASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FA: Oct 31 15:24:35.722489: | cmd(1200):ILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' : Oct 31 15:24:35.722492: | cmd(1280):PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGUR: Oct 31 15:24:35.722494: | cmd(1360):ED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH: Oct 31 15:24:35.722497: | cmd(1440):ARED='no' SPI_IN=0xb0822f84 SPI_OUT=0xc3177887 ipsec _updown 2>&1: Oct 31 15:24:35.766893: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.766939: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.766949: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.766965: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.766980: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.766994: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.767008: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.767082: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.767088: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.767092: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.767094: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.767097: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.767101: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.767103: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.767107: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.767121: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.767135: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.767147: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.767160: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.773271: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.773288: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.773293: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.773307: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.773318: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.773804: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.773841: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.773874: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.773903: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.773931: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.773960: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.773992: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.774081: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.774120: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.774150: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.790431: | route_and_eroute: instance "northnet-eastnets/0x1", setting eroute_owner {spd=0x55c9f9fae218,sr=0x55c9f9fae218} to #2 (was #0) (newest_ipsec_sa=#0) Oct 31 15:24:35.790694: | ISAKMP_v2_IKE_AUTH: instance northnet-eastnets/0x1[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Oct 31 15:24:35.790702: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:35.790707: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:35.790710: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:24:35.790713: | emitting length of IKEv2 Encryption Payload: 2158 Oct 31 15:24:35.790716: | emitting length of ISAKMP Message: 2186 Oct 31 15:24:35.790724: | **parse ISAKMP Message: Oct 31 15:24:35.790730: | initiator SPI: 34 d5 c0 79 f1 ec a3 66 Oct 31 15:24:35.790734: | responder SPI: e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.790738: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:24:35.790741: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.790744: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.790748: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:35.790752: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.790756: | length: 2186 (00 00 08 8a) Oct 31 15:24:35.790760: | **parse IKEv2 Encryption Payload: Oct 31 15:24:35.790763: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Oct 31 15:24:35.790766: | flags: none (0x0) Oct 31 15:24:35.790769: | length: 2158 (08 6e) Oct 31 15:24:35.790772: | opening output PBS reply frag packet Oct 31 15:24:35.790775: | **emit ISAKMP Message: Oct 31 15:24:35.790781: | initiator SPI: 34 d5 c0 79 f1 ec a3 66 Oct 31 15:24:35.790787: | responder SPI: e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.790790: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:35.790793: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.790795: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.790798: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:35.790802: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.790806: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:35.790809: | ***emit IKEv2 Encrypted Fragment: Oct 31 15:24:35.790812: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Oct 31 15:24:35.790815: | flags: none (0x0) Oct 31 15:24:35.790820: | fragment number: 1 (00 01) Oct 31 15:24:35.790823: | total fragments: 5 (00 05) Oct 31 15:24:35.790827: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 36:ISAKMP_NEXT_v2IDr Oct 31 15:24:35.790830: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.790836: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Oct 31 15:24:35.790841: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Oct 31 15:24:35.790851: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Oct 31 15:24:35.790854: | cleartext fragment: Oct 31 15:24:35.790857: | 25 00 00 bf 09 00 00 00 30 81 b4 31 0b 30 09 06 Oct 31 15:24:35.790859: | 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Oct 31 15:24:35.790861: | 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Oct 31 15:24:35.790863: | 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Oct 31 15:24:35.790868: | 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Oct 31 15:24:35.790869: | 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Oct 31 15:24:35.790871: | 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 03 Oct 31 15:24:35.790873: | 55 04 03 0c 1a 65 61 73 74 2e 74 65 73 74 69 6e Oct 31 15:24:35.790875: | 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 Oct 31 15:24:35.790877: | 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f Oct 31 15:24:35.790878: | 75 73 65 72 2d 65 61 73 74 40 74 65 73 74 69 6e Oct 31 15:24:35.790881: | 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 27 Oct 31 15:24:35.790883: | 00 05 72 04 30 82 05 69 30 82 04 51 a0 03 02 01 Oct 31 15:24:35.790884: | 02 02 01 03 30 0d 06 09 2a 86 48 86 f7 0d 01 01 Oct 31 15:24:35.790886: | 0b 05 00 30 81 ac 31 0b 30 09 06 03 55 04 06 13 Oct 31 15:24:35.790888: | 02 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e Oct 31 15:24:35.790890: | 74 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 Oct 31 15:24:35.790892: | 54 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a Oct 31 15:24:35.790894: | 0c 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 Oct 31 15:24:35.790896: | 03 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 Oct 31 15:24:35.790897: | 74 6d 65 6e 74 31 25 30 23 06 03 55 04 03 0c 1c Oct 31 15:24:35.790899: | 4c 69 62 72 65 73 77 61 6e 20 74 65 73 74 20 43 Oct 31 15:24:35.790901: | 41 20 66 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 Oct 31 15:24:35.790902: | 06 09 2a 86 48 86 f7 0d 01 09 01 16 15 74 65 73 Oct 31 15:24:35.790904: | 74 69 6e 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f Oct 31 15:24:35.790906: | 72 67 30 22 18 0f 32 30 32 30 31 30 32 32 31 37 Oct 31 15:24:35.790908: | 33 37 30 38 5a 18 0f 32 30 32 33 31 30 32 32 31 Oct 31 15:24:35.790909: | 37 33 37 30 38 5a 30 81 b4 31 0b 30 09 06 03 55 Oct 31 15:24:35.790911: | 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 08 0c Oct 31 15:24:35.790913: | 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Oct 31 15:24:35.790915: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:35.790918: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:35.790920: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Oct 31 15:24:35.790922: | emitting length of IKEv2 Encrypted Fragment: 511 Oct 31 15:24:35.790924: | emitting length of ISAKMP Message: 539 Oct 31 15:24:35.790943: | recording fragment 1 Oct 31 15:24:35.790949: | opening output PBS reply frag packet Oct 31 15:24:35.790952: | **emit ISAKMP Message: Oct 31 15:24:35.790957: | initiator SPI: 34 d5 c0 79 f1 ec a3 66 Oct 31 15:24:35.790961: | responder SPI: e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.790964: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:35.790967: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.790970: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.790973: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:35.790977: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.790980: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:35.790984: | ***emit IKEv2 Encrypted Fragment: Oct 31 15:24:35.790988: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.790993: | flags: none (0x0) Oct 31 15:24:35.790997: | fragment number: 2 (00 02) Oct 31 15:24:35.791003: | total fragments: 5 (00 05) Oct 31 15:24:35.791006: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Oct 31 15:24:35.791009: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.791012: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Oct 31 15:24:35.791015: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Oct 31 15:24:35.791021: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Oct 31 15:24:35.791026: | cleartext fragment: Oct 31 15:24:35.791029: | 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Oct 31 15:24:35.791031: | 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Oct 31 15:24:35.791034: | 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Oct 31 15:24:35.791037: | 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 03 Oct 31 15:24:35.791040: | 55 04 03 0c 1a 65 61 73 74 2e 74 65 73 74 69 6e Oct 31 15:24:35.791042: | 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 Oct 31 15:24:35.791045: | 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f Oct 31 15:24:35.791049: | 75 73 65 72 2d 65 61 73 74 40 74 65 73 74 69 6e Oct 31 15:24:35.791053: | 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 Oct 31 15:24:35.791055: | 82 01 a2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 Oct 31 15:24:35.791057: | 05 00 03 82 01 8f 00 30 82 01 8a 02 82 01 81 00 Oct 31 15:24:35.791059: | eb bc ce ff 0a 47 60 9e bc 18 46 34 c6 58 c1 df Oct 31 15:24:35.791061: | 93 27 35 c9 86 c1 72 52 01 36 2b 3b 20 98 ac 04 Oct 31 15:24:35.791063: | 0e cf da 16 a2 99 eb c1 15 ca 19 56 08 90 b3 60 Oct 31 15:24:35.791065: | 24 c6 e6 cd 4c 3b 88 d2 36 0c 38 95 de bc da 2c Oct 31 15:24:35.791067: | 95 d7 4b 37 eb f8 80 6f a0 54 62 31 b5 3c 7d 7b Oct 31 15:24:35.791070: | e5 25 1d 59 76 2c 62 40 76 48 74 44 d0 d8 35 4d Oct 31 15:24:35.791072: | 22 9b 54 d7 fb 4e a3 5a 0c 8e 1b f6 6d 70 5d 34 Oct 31 15:24:35.791077: | 33 f1 22 38 38 21 21 9f 82 0e 7f 6d 3f 86 b0 0c Oct 31 15:24:35.791080: | ad 9f c0 a9 0f 54 e7 53 95 80 b7 ae 48 f8 1a 23 Oct 31 15:24:35.791083: | 7f de e4 e2 60 4a b1 d9 0b 02 11 a5 06 6c 9b ac Oct 31 15:24:35.791085: | b3 f1 88 c3 52 33 76 d6 4a dc 64 81 ec 2c 37 d6 Oct 31 15:24:35.791088: | f2 04 db e4 75 3e 04 2c 95 a7 d2 0b 83 82 38 5a Oct 31 15:24:35.791090: | f4 95 39 14 a4 92 de f8 ac 93 07 e0 37 14 97 16 Oct 31 15:24:35.791093: | c6 76 ac f1 7f dd c0 b4 d4 f5 7d 50 59 78 78 fa Oct 31 15:24:35.791095: | 1c 7c 1d 43 ed 2c 32 27 62 b9 77 51 73 7b e8 cf Oct 31 15:24:35.791098: | d8 6b 4e 1e 8c 37 85 98 30 24 bc 5d 85 7b 10 fe Oct 31 15:24:35.791100: | 7a f1 e0 b8 56 a7 fb 4a 9c 02 ca 9c 80 1b e9 bf Oct 31 15:24:35.791103: | 71 1b c8 c3 2c a1 80 ec a9 72 4f b9 b0 af 2b c6 Oct 31 15:24:35.791105: | 66 26 8a 85 ce 67 df a1 38 66 de a1 54 14 Oct 31 15:24:35.791108: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:35.791112: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:35.791115: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Oct 31 15:24:35.791118: | emitting length of IKEv2 Encrypted Fragment: 511 Oct 31 15:24:35.791121: | emitting length of ISAKMP Message: 539 Oct 31 15:24:35.791133: | recording fragment 2 Oct 31 15:24:35.791138: | opening output PBS reply frag packet Oct 31 15:24:35.791140: | **emit ISAKMP Message: Oct 31 15:24:35.791145: | initiator SPI: 34 d5 c0 79 f1 ec a3 66 Oct 31 15:24:35.791149: | responder SPI: e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.791154: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:35.791158: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.791160: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.791163: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:35.791167: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.791170: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:35.791173: | ***emit IKEv2 Encrypted Fragment: Oct 31 15:24:35.791176: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.791179: | flags: none (0x0) Oct 31 15:24:35.791182: | fragment number: 3 (00 03) Oct 31 15:24:35.791186: | total fragments: 5 (00 05) Oct 31 15:24:35.791189: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Oct 31 15:24:35.791196: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.791203: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Oct 31 15:24:35.791209: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Oct 31 15:24:35.791219: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Oct 31 15:24:35.791223: | cleartext fragment: Oct 31 15:24:35.791226: | 0e ef 2e fe f9 b8 6c 18 cb fe f8 15 c8 10 36 bf Oct 31 15:24:35.791229: | bf 86 a3 f8 2b 6a 03 3f f8 2d fa f4 e9 eb 09 5b Oct 31 15:24:35.791231: | 84 e3 76 7c c9 9c ec 30 05 34 de 55 3e fd 59 4e Oct 31 15:24:35.791233: | 77 0d d9 ad 01 2f e3 b5 63 6f b7 5d e6 99 d8 af Oct 31 15:24:35.791236: | 7c 3b ea 53 8b eb 19 4f b9 7f 23 ce a1 6c 7b 6f Oct 31 15:24:35.791239: | 34 8f 02 03 01 00 01 a3 82 01 06 30 82 01 02 30 Oct 31 15:24:35.791241: | 09 06 03 55 1d 13 04 02 30 00 30 47 06 03 55 1d Oct 31 15:24:35.791243: | 11 04 40 30 3e 82 1a 65 61 73 74 2e 74 65 73 74 Oct 31 15:24:35.791246: | 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 Oct 31 15:24:35.791249: | 67 81 1a 65 61 73 74 40 74 65 73 74 69 6e 67 2e Oct 31 15:24:35.791251: | 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 87 04 c0 Oct 31 15:24:35.791254: | 01 02 17 30 0b 06 03 55 1d 0f 04 04 03 02 07 80 Oct 31 15:24:35.791257: | 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 Oct 31 15:24:35.791259: | 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 30 Oct 31 15:24:35.791262: | 41 06 08 2b 06 01 05 05 07 01 01 04 35 30 33 30 Oct 31 15:24:35.791264: | 31 06 08 2b 06 01 05 05 07 30 01 86 25 68 74 74 Oct 31 15:24:35.791270: | 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e Oct 31 15:24:35.791273: | 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 3a 32 35 Oct 31 15:24:35.791275: | 36 30 30 3d 06 03 55 1d 1f 04 36 30 34 30 32 a0 Oct 31 15:24:35.791277: | 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f 6e 69 63 2e Oct 31 15:24:35.791279: | 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Oct 31 15:24:35.791335: | 6e 2e 6f 72 67 2f 72 65 76 6f 6b 65 64 2e 63 72 Oct 31 15:24:35.791340: | 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 Oct 31 15:24:35.791342: | 03 82 01 01 00 ad 23 06 cc a8 df 90 99 31 6c 1d Oct 31 15:24:35.791344: | 00 8c e5 bd cb 27 96 e3 4d 46 ba 35 6a b2 cc e4 Oct 31 15:24:35.791347: | 70 06 97 a6 fb b9 40 08 7a e0 c6 52 ff a2 59 b6 Oct 31 15:24:35.791349: | 10 ef b0 79 71 9b ed e2 65 ec 33 4d cb 79 bd de Oct 31 15:24:35.791351: | ec 5e a8 e0 d6 b7 93 e5 06 27 5b 8a bd bb 77 03 Oct 31 15:24:35.791353: | af 06 93 bc 58 d5 02 43 60 ed b8 3f 53 06 63 17 Oct 31 15:24:35.791355: | 0b 89 a1 58 b7 97 07 53 a4 ba f5 ca ca 77 Oct 31 15:24:35.791358: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:35.791362: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:35.791365: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Oct 31 15:24:35.791367: | emitting length of IKEv2 Encrypted Fragment: 511 Oct 31 15:24:35.791370: | emitting length of ISAKMP Message: 539 Oct 31 15:24:35.791378: | recording fragment 3 Oct 31 15:24:35.791382: | opening output PBS reply frag packet Oct 31 15:24:35.791384: | **emit ISAKMP Message: Oct 31 15:24:35.791388: | initiator SPI: 34 d5 c0 79 f1 ec a3 66 Oct 31 15:24:35.791392: | responder SPI: e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.791395: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:35.791397: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.791399: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.791403: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:35.791409: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.791412: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:35.791418: | ***emit IKEv2 Encrypted Fragment: Oct 31 15:24:35.791421: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.791423: | flags: none (0x0) Oct 31 15:24:35.791427: | fragment number: 4 (00 04) Oct 31 15:24:35.791430: | total fragments: 5 (00 05) Oct 31 15:24:35.791433: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Oct 31 15:24:35.791437: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.791439: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Oct 31 15:24:35.791443: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Oct 31 15:24:35.791453: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Oct 31 15:24:35.791458: | cleartext fragment: Oct 31 15:24:35.791461: | 26 b2 64 f8 b6 08 cb fd 80 7a 3d 40 15 ea 71 87 Oct 31 15:24:35.791463: | b6 ad 57 7a 3f ee 77 22 65 ca 42 6a 3a 4f 7f 09 Oct 31 15:24:35.791465: | d1 6a 3a f4 96 ff 60 54 99 34 80 98 82 bb c6 ad Oct 31 15:24:35.791468: | c4 6d fd a4 ba c6 ee eb 77 74 e0 71 4d 7f 87 7b Oct 31 15:24:35.791470: | d1 97 9f 66 af e6 96 82 dc e8 d5 19 f2 1b e8 84 Oct 31 15:24:35.791472: | ee ff 5b 0c c6 bb 09 cd 7d a4 68 9c 14 80 1d 81 Oct 31 15:24:35.791474: | 2c d1 f7 ba 90 03 a8 c0 9e c4 4c 5b d8 c4 4e db Oct 31 15:24:35.791477: | 8e 42 00 20 87 6b 6e 8a 2f 7f 4e 33 07 96 48 c5 Oct 31 15:24:35.791480: | 32 0d b3 8a 16 3f ce c1 18 09 33 28 10 27 1f b9 Oct 31 15:24:35.791482: | 4a 93 0c 33 f4 e9 74 21 00 01 cc 0e 00 00 00 43 Oct 31 15:24:35.791484: | 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 34 a0 Oct 31 15:24:35.791487: | 0f 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 Oct 31 15:24:35.791489: | a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 08 30 Oct 31 15:24:35.791491: | 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 a2 03 Oct 31 15:24:35.791493: | 02 01 40 7a 5f 54 d2 20 fa 03 d5 41 30 e9 37 6c Oct 31 15:24:35.791495: | 60 8b 6d c7 1b 6e 3e 2c 9f 46 d0 f4 f7 b0 cd 48 Oct 31 15:24:35.791498: | 12 a8 12 ce 59 ad d8 e2 0f ee 81 c8 d2 eb 08 6b Oct 31 15:24:35.791500: | f3 26 2d 37 8f 9e 78 15 8a 9e 88 f9 01 8b bb 70 Oct 31 15:24:35.791502: | 14 18 bf e0 c4 68 88 8b e2 7b 9c 6f fa 5a 51 c7 Oct 31 15:24:35.791504: | e7 1e 14 f4 68 4e 4c 13 45 77 ca e4 2a 61 81 a5 Oct 31 15:24:35.791506: | 6b 7c ed 63 5e 92 63 f9 81 e0 95 48 67 af 61 d6 Oct 31 15:24:35.791509: | 0e 97 48 00 49 a7 27 10 87 2a 40 68 a8 81 e4 b8 Oct 31 15:24:35.791511: | 6f 66 19 eb 73 0a 6b 40 80 d4 4e 4f 9b 41 5f 2b Oct 31 15:24:35.791513: | 8c aa ea 23 e8 0b c7 f8 99 f2 ce a1 13 fb 75 0e Oct 31 15:24:35.791515: | a7 55 8e aa e1 3f dd f9 99 d5 f8 a9 8c db c9 23 Oct 31 15:24:35.791517: | 7f f8 0e 5f 09 ae 46 eb 8c f1 c6 18 00 9c c7 ff Oct 31 15:24:35.791520: | ea 13 84 12 d3 44 5a cd 0e e6 51 e0 a6 d0 fe ac Oct 31 15:24:35.791522: | a9 52 cd 77 15 4d 1e 27 45 c1 8c 35 32 3b fb a6 Oct 31 15:24:35.791524: | 1c 13 bf da dd db d6 19 7d 69 7d 65 e6 e0 c4 e8 Oct 31 15:24:35.791526: | 1b 60 69 f3 97 c9 4f 57 75 a0 90 e6 c5 f4 Oct 31 15:24:35.791529: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:35.791532: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:35.791535: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Oct 31 15:24:35.791538: | emitting length of IKEv2 Encrypted Fragment: 511 Oct 31 15:24:35.791540: | emitting length of ISAKMP Message: 539 Oct 31 15:24:35.791549: | recording fragment 4 Oct 31 15:24:35.791553: | opening output PBS reply frag packet Oct 31 15:24:35.791556: | **emit ISAKMP Message: Oct 31 15:24:35.791561: | initiator SPI: 34 d5 c0 79 f1 ec a3 66 Oct 31 15:24:35.791565: | responder SPI: e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.791570: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:35.791573: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.791575: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.791578: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:35.791582: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.791585: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:35.791588: | ***emit IKEv2 Encrypted Fragment: Oct 31 15:24:35.791590: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.791593: | flags: none (0x0) Oct 31 15:24:35.791596: | fragment number: 5 (00 05) Oct 31 15:24:35.791599: | total fragments: 5 (00 05) Oct 31 15:24:35.791601: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Oct 31 15:24:35.791604: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.791607: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Oct 31 15:24:35.791610: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Oct 31 15:24:35.791614: | emitting 217 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Oct 31 15:24:35.791618: | cleartext fragment: Oct 31 15:24:35.791622: | 91 f4 d6 47 31 cb ce 91 02 33 98 09 5b 66 64 9b Oct 31 15:24:35.791625: | bd 9a f9 5b 8a 75 97 90 b3 98 9c 72 dd 23 53 a1 Oct 31 15:24:35.791627: | 93 e5 74 3e e4 b0 b3 ab 79 1b 39 41 95 c0 c0 33 Oct 31 15:24:35.791630: | 2a 1a 3b 51 ed 78 30 29 c8 3c 9a 7d 8d d5 bc f4 Oct 31 15:24:35.791632: | e7 f8 4f f0 ff 25 71 2d 87 ab b7 bb 46 ec 52 46 Oct 31 15:24:35.791634: | 55 c5 39 e2 27 25 69 37 0b 30 8d c5 a6 04 c8 cf Oct 31 15:24:35.791636: | 7a 64 b9 30 77 c7 44 7b 39 a7 c5 7e 95 64 0a f7 Oct 31 15:24:35.791638: | 56 aa d0 13 b8 da ae 0e 9a 07 f6 8f b9 03 fb 5d Oct 31 15:24:35.791641: | cb c0 55 b5 fc 2c 00 00 24 00 00 00 20 01 03 04 Oct 31 15:24:35.791643: | 02 c3 17 78 87 03 00 00 0c 01 00 00 14 80 0e 01 Oct 31 15:24:35.791646: | 00 00 00 00 08 05 00 00 00 2d 00 00 18 01 00 00 Oct 31 15:24:35.791648: | 00 07 00 00 10 00 00 ff ff c0 00 03 00 c0 00 03 Oct 31 15:24:35.791651: | ff 00 00 00 18 01 00 00 00 07 00 00 10 00 00 ff Oct 31 15:24:35.791653: | ff c0 00 02 00 c0 00 02 ff Oct 31 15:24:35.791656: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:35.791659: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:35.791662: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Oct 31 15:24:35.791668: | emitting length of IKEv2 Encrypted Fragment: 250 Oct 31 15:24:35.791671: | emitting length of ISAKMP Message: 278 Oct 31 15:24:35.791683: | recording fragment 5 Oct 31 15:24:35.791690: | delref logger@0x55c9f9fb6048(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:35.791693: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.791696: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.791700: | XXX: resume sending helper answer back to state for #1 switched MD.ST to #2 Oct 31 15:24:35.791709: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.791714: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.791719: | #2 complete_v2_state_transition() in state V2_IKE_AUTH_CHILD_R0 PARENT_R1->ESTABLISHED_CHILD_SA with status STF_OK; .st_v2_transition=NULL Oct 31 15:24:35.791723: | transitioning from state STATE_PARENT_R1 to state STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:24:35.791725: | Message ID: updating counters for #2 Oct 31 15:24:35.791735: | Message ID: CHILD #1.#2 updating responder received message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=0 ike.responder.recv=0->1 ike.responder.last_contact=744550.073774->744550.224525 child.wip.initiator=-1 child.wip.responder=1->-1 Oct 31 15:24:35.791745: | Message ID: CHILD #1.#2 updating responder sent message response 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=0->1 ike.responder.recv=1 ike.responder.last_contact=744550.224525 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:35.791751: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744550.224525 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:35.791756: | child state #2: V2_IKE_AUTH_CHILD_R0(ignore) => ESTABLISHED_CHILD_SA(established CHILD SA) Oct 31 15:24:35.791759: | pstats #2 ikev2.child established Oct 31 15:24:35.791761: | announcing the state transition Oct 31 15:24:35.791767: "northnet-eastnets/0x1" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Oct 31 15:24:35.791770: | NAT-T: encaps is 'auto' Oct 31 15:24:35.791774: "northnet-eastnets/0x1" #2: IPsec SA established tunnel mode {ESP=>0xb0822f84 <0xc3177887 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Oct 31 15:24:35.791779: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:35.791781: | 34 d5 c0 79 f1 ec a3 66 e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.791782: | 35 20 23 20 00 00 00 01 00 00 02 1b 24 00 01 ff Oct 31 15:24:35.791784: | 00 01 00 05 ad ab e0 86 8f 95 71 86 22 58 8e 6f Oct 31 15:24:35.791785: | f0 11 98 d2 d2 e4 22 d1 ce 78 4a 61 8e ec 0a 48 Oct 31 15:24:35.791786: | cc 77 1c 93 c4 cc 67 f5 83 56 3f a5 25 df 99 dd Oct 31 15:24:35.791788: | b1 30 3e 9b 98 54 ff 57 33 db 61 96 ae 10 b0 b4 Oct 31 15:24:35.791789: | 5e 6a 49 17 85 28 c5 f9 49 73 ec 94 f8 e7 e2 57 Oct 31 15:24:35.791791: | a7 40 6f 8e 02 13 62 49 fa 6f 20 93 c4 af 81 31 Oct 31 15:24:35.791793: | b9 f2 9d 29 40 b8 71 80 44 8f 44 13 f3 8c bd 27 Oct 31 15:24:35.791795: | 5e 5b 88 88 74 14 66 d3 ae 59 6c 6a 50 75 9d 64 Oct 31 15:24:35.791797: | 14 05 20 0b f1 01 ea 99 d9 a8 cc 68 96 d4 af 2e Oct 31 15:24:35.791799: | ef 57 cb 43 d3 87 4f ce 2e f8 ea df f2 e4 74 7b Oct 31 15:24:35.791801: | 98 91 5d 13 a0 70 a4 13 b6 fa dd 97 54 d6 d9 78 Oct 31 15:24:35.791803: | e5 b8 4a c1 2d 69 4b a1 2a 68 90 01 a4 f5 df 61 Oct 31 15:24:35.791805: | 48 f7 d6 66 b0 ca 96 36 ed 32 63 d7 4b b9 4a e1 Oct 31 15:24:35.791807: | c9 cc 72 52 0c cc 3e 04 0b 21 25 ae ba 7f 1b c2 Oct 31 15:24:35.791809: | 33 32 d7 7a fa b4 0a b1 d2 e4 7a a7 dd 9e ef df Oct 31 15:24:35.791811: | 51 7f b1 15 90 4b 61 71 ff 3d a2 20 5e 42 20 18 Oct 31 15:24:35.791814: | 58 8c 72 99 16 0b f0 1c 09 2c 79 f4 8b 98 5a 39 Oct 31 15:24:35.791819: | 25 01 fd bd f5 ae c8 dc dd d9 52 0d 6c df e2 76 Oct 31 15:24:35.791821: | d1 fd 55 12 98 5d 47 df 31 e8 c7 0d 26 b5 f7 58 Oct 31 15:24:35.791823: | 27 0a a1 c4 58 56 00 a0 a1 82 f2 e8 15 16 44 54 Oct 31 15:24:35.791825: | 57 6d 53 2a 63 9e 4d 20 bf 7d 40 06 69 92 cc c3 Oct 31 15:24:35.791828: | 6b 5c ee 47 fc 58 0c 57 02 1e 30 09 43 8b 85 c2 Oct 31 15:24:35.791830: | d9 6f 16 12 42 98 72 8a 87 7e 7e f1 03 a8 34 84 Oct 31 15:24:35.791832: | 72 55 ac 26 b0 f1 eb 5a ee 6a 2e dd 54 14 a3 51 Oct 31 15:24:35.791834: | 11 13 d3 de b6 a6 0b f2 b0 e6 d9 0d dc fa 18 b4 Oct 31 15:24:35.791837: | 9d c5 a1 e1 3b 26 7e 20 c3 4c 13 40 fe f4 11 ab Oct 31 15:24:35.791839: | b4 a6 8b 76 ba 89 25 3a 3c a0 e1 50 e2 cb da a0 Oct 31 15:24:35.791841: | e6 a9 a4 5e ba 31 4e 27 ab 94 06 1e be 56 53 55 Oct 31 15:24:35.791843: | fd cf 4d b0 a1 49 4b 11 a7 06 3d bc 7d b9 97 34 Oct 31 15:24:35.791846: | 7d e4 63 a9 3c fc 0c 4a 41 a6 e5 e8 ae 33 2a 53 Oct 31 15:24:35.791851: | ce 3d c3 ff 89 09 3b 7f eb 95 70 78 18 b0 69 2c Oct 31 15:24:35.791853: | c1 59 b6 6f 1b 0f 24 ee 6e a2 c1 Oct 31 15:24:35.791913: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:35.791919: | 34 d5 c0 79 f1 ec a3 66 e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.791922: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Oct 31 15:24:35.791924: | 00 02 00 05 d1 1a 06 f9 ca b7 2c 82 eb aa 53 a0 Oct 31 15:24:35.791926: | 87 24 92 72 35 f4 dd f1 ec 5c bf 0d d8 2a 20 01 Oct 31 15:24:35.791928: | e3 0d fc 23 da e9 0f ec 32 38 16 29 03 9a 8e 3f Oct 31 15:24:35.791931: | 79 24 62 af 12 74 45 9a 76 9b ae 1e 79 d0 7d 8e Oct 31 15:24:35.791933: | ea 88 b2 dd b7 29 4d 84 f4 83 b8 89 6e 42 f8 a0 Oct 31 15:24:35.791935: | 2b aa 24 75 76 15 0d 26 57 d5 13 d0 3e 02 4f 48 Oct 31 15:24:35.791937: | 13 fa a5 78 90 96 21 44 b9 7a 49 2e 9a 81 8b d3 Oct 31 15:24:35.791939: | 2d 69 9f ce 91 58 80 50 dc 47 e8 5b 54 b8 6c 87 Oct 31 15:24:35.791942: | 80 aa f4 4b dd a3 f4 8f 2a d0 0c cc eb 84 60 24 Oct 31 15:24:35.791944: | 68 9d 5c 5c 83 88 6e f9 4f b9 23 3b 13 a4 b7 7a Oct 31 15:24:35.791946: | 8b 31 86 d1 61 d1 e0 7d 94 5a a4 c6 2d 1d e2 e5 Oct 31 15:24:35.791948: | e3 ab f9 bc 65 b7 c3 04 5b b1 07 1b 70 cf 19 99 Oct 31 15:24:35.791950: | 38 9d 71 88 d9 35 e8 e5 bf b1 86 d9 89 f1 28 fb Oct 31 15:24:35.791952: | 6e 7d bb c8 65 d0 05 26 0a 25 5b a9 58 d5 ee 63 Oct 31 15:24:35.791954: | c7 3e eb 96 36 70 79 a5 7d 15 ae f8 f3 a9 2d 23 Oct 31 15:24:35.791957: | f1 9e 72 9b 2b 77 04 66 40 ce 8b de 2e d5 68 40 Oct 31 15:24:35.791959: | 5f 84 b2 db 36 1f 5c 1a 79 dd 7e 17 9f 28 a2 78 Oct 31 15:24:35.791961: | f1 b3 b1 a4 0f fe 47 3a 1a 01 97 5b df ad f4 3d Oct 31 15:24:35.791963: | da 1d ec 7d 62 81 1a cf 2e cf 37 0e 10 15 cb e9 Oct 31 15:24:35.791966: | 27 1b cc e5 60 38 d3 a7 90 24 c4 2a 14 45 67 c6 Oct 31 15:24:35.791968: | b5 36 8f 7d 4c a5 30 c6 12 f7 dd 9a 03 bd 0b eb Oct 31 15:24:35.791973: | 4a 19 e2 55 61 9b 99 b8 44 73 53 42 46 a1 88 d9 Oct 31 15:24:35.791976: | d5 14 1a 9d 54 ff d1 7b f1 31 fb d3 6e b7 0f 57 Oct 31 15:24:35.791978: | 50 0e 07 9b 84 d4 33 cc 5c 7f 8b ca ea b6 44 c0 Oct 31 15:24:35.791980: | dd 46 68 e7 a2 5e 31 a6 c8 93 64 f5 c2 9e fb 12 Oct 31 15:24:35.791982: | 6c 45 c1 fc cc 35 c4 d8 05 18 03 b0 88 a9 50 a6 Oct 31 15:24:35.791985: | 6c e4 50 12 d2 f5 af 57 53 4d c7 29 c1 81 4b 6f Oct 31 15:24:35.791987: | d7 04 42 49 56 9b fa 65 4c c6 25 bd 28 64 2e ec Oct 31 15:24:35.791990: | 4c d4 29 52 84 e7 be a5 34 3b 46 0e 12 4e 2b 50 Oct 31 15:24:35.791992: | fe a0 77 67 b8 f7 2b 6d 86 46 84 71 0d 41 89 d0 Oct 31 15:24:35.791994: | 68 30 48 52 4c 5d 9d 29 e0 22 01 66 aa 51 70 68 Oct 31 15:24:35.791996: | 01 fd 09 62 64 97 56 aa ba 4a 66 Oct 31 15:24:35.792021: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:35.792026: | 34 d5 c0 79 f1 ec a3 66 e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.792029: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Oct 31 15:24:35.792034: | 00 03 00 05 ca bb 0d a9 3f 7a b3 4c 3f ca e4 fd Oct 31 15:24:35.792036: | 60 59 66 26 0c 76 d1 18 a5 3c 94 54 5f f1 a5 e3 Oct 31 15:24:35.792039: | d9 5c 30 96 f8 2a df 59 31 ea 22 af d0 f3 2f 8d Oct 31 15:24:35.792041: | 62 1a fd 36 b5 fc b1 f5 d5 68 9c 7f 5d 78 b3 3b Oct 31 15:24:35.792043: | ac 8e 9c fe 8c e5 88 13 47 5e c7 32 80 2f 80 7e Oct 31 15:24:35.792045: | 92 bd 48 cd c0 6b 40 26 49 b1 47 3b 40 08 49 f5 Oct 31 15:24:35.792048: | 04 77 f2 54 e5 1c 01 5e 01 43 2b e8 bf 98 10 48 Oct 31 15:24:35.792050: | 85 1a ba 8b 8d e6 7e c0 21 7c 62 7f 4e bf 8c a8 Oct 31 15:24:35.792052: | 41 de 08 58 d9 85 c1 40 82 90 cf 4a a0 df 10 75 Oct 31 15:24:35.792054: | ac 25 43 9a 05 44 0a 7e a0 55 04 f8 8c de fb 09 Oct 31 15:24:35.792057: | 82 c4 82 6b f7 f0 f8 11 72 63 84 60 34 1f ed ac Oct 31 15:24:35.792061: | a9 aa cd 65 c1 1a 86 4c ff 39 66 a0 ce 67 12 b6 Oct 31 15:24:35.792064: | 0f 97 6c 84 25 c1 20 dd 38 d4 b7 ee 42 68 9e f7 Oct 31 15:24:35.792066: | c5 2d 0c 15 18 0c 73 f5 2c a9 a9 d1 6f 8e 1a 50 Oct 31 15:24:35.792069: | 02 ea 9a b7 bf 2d 2c 12 7c 20 0c 61 28 b7 1a c1 Oct 31 15:24:35.792071: | e2 f6 d6 72 28 92 23 23 f1 ab ae 50 96 f6 df f6 Oct 31 15:24:35.792074: | d0 6f c5 ed bb 20 2b 42 b7 09 0b fe c5 f9 e5 3d Oct 31 15:24:35.792079: | 43 43 ce ae 9f 3d cf 2c 90 2c f6 0a fb 62 69 06 Oct 31 15:24:35.792082: | 1f 9d 16 23 67 9b c6 98 45 c3 71 02 e6 83 8f 49 Oct 31 15:24:35.792084: | 73 ed 9f 92 92 5e 94 4f 25 e4 ca 31 34 d5 fb 16 Oct 31 15:24:35.792086: | 0b 87 5c 2b 85 0a df e0 ca 53 bf b7 8d 14 87 d2 Oct 31 15:24:35.792088: | 3d c4 a7 fe d6 19 7b 69 e1 60 05 90 7f ec 5a 44 Oct 31 15:24:35.792090: | 27 69 5b 3d 69 8a 99 a6 32 1c 7a 12 32 b7 72 00 Oct 31 15:24:35.792093: | 6b 84 ad 75 b8 03 c8 86 89 62 b1 21 fa 99 12 61 Oct 31 15:24:35.792095: | a7 49 f6 ee 7e 63 a8 97 14 02 c6 fd 31 48 cf 2d Oct 31 15:24:35.792097: | a3 ae 43 b2 4d 21 33 0e 76 50 b3 da 5f 53 7a d5 Oct 31 15:24:35.792099: | e7 01 66 b7 cb 58 6a 46 cc 71 9a 1a 11 1b 19 4c Oct 31 15:24:35.792101: | f8 1a 6d 6c 35 52 6b 1a cd 93 cb e9 42 ab e7 62 Oct 31 15:24:35.792103: | 23 fd fc 11 bc 88 b6 14 fb db c5 c4 1d e7 8d 17 Oct 31 15:24:35.792107: | 5c 73 ca 02 02 b8 cc 17 a2 18 a7 f0 11 33 05 7a Oct 31 15:24:35.792111: | ab 2f d6 ce 8b 37 52 4d 83 59 3f c9 53 50 16 eb Oct 31 15:24:35.792113: | f6 4e be 0e 78 b2 cc aa 4e f6 b8 Oct 31 15:24:35.792133: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:35.792137: | 34 d5 c0 79 f1 ec a3 66 e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.792140: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Oct 31 15:24:35.792142: | 00 04 00 05 db f4 66 15 54 57 09 af 37 d3 73 45 Oct 31 15:24:35.792145: | af ad 24 ae f3 7d de 69 76 23 ec 71 26 6e 6e f0 Oct 31 15:24:35.792147: | 65 06 db 76 29 9e 84 35 c2 45 52 cc 44 77 4c 03 Oct 31 15:24:35.792150: | 61 f1 66 a1 86 b7 94 12 b4 b5 39 6b b6 7c 00 9a Oct 31 15:24:35.792152: | 21 12 cb b8 27 78 d1 23 0d ed 19 d2 ff 36 99 14 Oct 31 15:24:35.792157: | 14 44 ba ee 1e 6f 38 8f 70 61 1c 7b e7 26 f2 2c Oct 31 15:24:35.792160: | 72 36 8d 71 32 8b 6d d0 b4 bd 5d 05 ce 7c f7 f1 Oct 31 15:24:35.792162: | 2c 38 82 d6 4a 9c 9f 37 2c 2a ca 5c 2f 24 15 cd Oct 31 15:24:35.792164: | b4 f1 b8 90 02 c9 b2 57 8a 9d 99 de d6 a9 82 91 Oct 31 15:24:35.792165: | 7b fd 09 a5 0c e9 e3 a9 ab 5f 6b 59 86 c0 b7 94 Oct 31 15:24:35.792167: | ab 59 61 0d f1 7a d3 3c 34 e1 f2 33 3b 93 57 e0 Oct 31 15:24:35.792169: | 52 28 54 b2 13 45 53 d7 d8 d7 2f a2 f1 33 51 da Oct 31 15:24:35.792171: | 28 da 85 c8 2c 7a 36 82 3e e9 60 7f 0f b3 be f5 Oct 31 15:24:35.792173: | 35 02 06 17 e0 fd 49 2f 79 d9 47 af 5b 0a 56 bc Oct 31 15:24:35.792175: | 81 d7 0a 3d 5d 1d 30 fc 0e a2 d3 05 cd 36 00 e2 Oct 31 15:24:35.792177: | a7 f2 78 e4 34 76 d2 16 e3 89 fa 94 fb 04 65 11 Oct 31 15:24:35.792179: | ac e6 2d 82 25 42 87 bc c0 66 44 bb b0 77 4d 01 Oct 31 15:24:35.792181: | 0c 77 5f 67 28 d1 1e 7b a0 82 bf 93 e3 9d ac 5c Oct 31 15:24:35.792183: | ad 44 14 0b 1d 9a 85 2a f6 53 3e a5 58 41 f2 1e Oct 31 15:24:35.792185: | 7b 38 f5 d5 a7 f6 31 93 db c7 7f a9 88 e6 9a d9 Oct 31 15:24:35.792190: | 42 8b d1 6c 91 3f fc fc 94 ce 47 69 2c 29 dc d3 Oct 31 15:24:35.792193: | 3c 9d 06 4f a8 f5 c1 9a 5b fa 99 2b 65 dd d7 3e Oct 31 15:24:35.792195: | 4d 17 05 8b c0 51 44 02 64 6c eb 14 3e 9b 6f db Oct 31 15:24:35.792197: | ab 1f 2b 14 62 6d 7d a4 ad 98 00 48 4e a7 d2 d8 Oct 31 15:24:35.792218: | 5d 12 36 2f 5e 38 c6 2e e4 66 f9 eb e1 1d 56 18 Oct 31 15:24:35.792221: | 48 a5 d3 bc 9a a2 99 8a 17 b2 84 06 9b d9 4c 87 Oct 31 15:24:35.792223: | 11 48 a7 d5 a1 f0 46 bc 57 e3 71 bf 6b 03 f3 d2 Oct 31 15:24:35.792227: | 80 50 25 e2 28 6b 7d 4c e4 c0 f2 34 5d 9a 3e c2 Oct 31 15:24:35.792230: | 76 f9 e3 bd c4 f5 f5 a6 1c c7 56 c5 f4 5a e4 09 Oct 31 15:24:35.792232: | 28 1c 44 2c f4 76 e6 f5 ac cb 3a a8 1e 58 4a 5d Oct 31 15:24:35.792235: | ac 64 c5 20 4a 0e c3 2e ab 72 aa 5a 44 e2 22 eb Oct 31 15:24:35.792237: | 05 a0 c6 8c b9 f9 43 ac 6d a9 94 Oct 31 15:24:35.792259: | sending 278 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:35.792265: | 34 d5 c0 79 f1 ec a3 66 e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.792267: | 35 20 23 20 00 00 00 01 00 00 01 16 00 00 00 fa Oct 31 15:24:35.792269: | 00 05 00 05 d7 cd 5c 42 8e e2 80 a2 15 8d 7f 88 Oct 31 15:24:35.792272: | b1 38 af fb 43 29 8d 7b 79 e7 e2 37 d9 31 41 05 Oct 31 15:24:35.792274: | b1 e7 e8 bf 0b d7 be 60 12 93 2e ea e8 6a 3c 20 Oct 31 15:24:35.792276: | 78 5b 53 d4 9d bb fe 8d 2f 85 49 5c e4 a4 7b 9d Oct 31 15:24:35.792279: | 0c 1f f4 a9 68 c9 6c 3b 5b 51 bf 37 11 ef c4 c8 Oct 31 15:24:35.792281: | 73 f4 60 d8 f8 f0 e5 dc 39 26 7f 9c 50 bd 1f 6d Oct 31 15:24:35.792283: | 28 a5 bb 8c fd b8 28 2f 71 97 ed 3a 1d 23 4b fc Oct 31 15:24:35.792286: | 9d ed 37 e7 ab 17 53 49 5c 5a 42 fd 29 bf 31 52 Oct 31 15:24:35.792288: | 59 45 fd 7d db b9 0b 78 bb ab e0 a4 a5 e6 76 e9 Oct 31 15:24:35.792291: | 61 2d 99 78 c8 12 1c d8 0d f5 81 c2 ff 99 37 6e Oct 31 15:24:35.792293: | 28 a1 6a 30 34 07 21 04 b1 ed 0d 54 4f 3e a4 c3 Oct 31 15:24:35.792296: | 7c 54 34 09 8f a0 d0 0a 28 0e fc de 9b 43 7e 89 Oct 31 15:24:35.792298: | a5 d7 b4 7d 34 a4 75 fc 5d 48 d2 96 cf 90 7e 41 Oct 31 15:24:35.792300: | 02 4b d6 a7 7b 9f 33 ac 2a 46 7e dc 90 48 56 6d Oct 31 15:24:35.792302: | 40 5d 3f 8d 4b 18 50 68 f4 a9 c5 08 9e d1 72 35 Oct 31 15:24:35.792304: | 27 ee a4 b2 d0 56 Oct 31 15:24:35.792376: | sent 5 messages Oct 31 15:24:35.792382: | releasing #2's fd-fd@(nil) because IKEv2 transitions finished Oct 31 15:24:35.792385: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:35.792387: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:35.792390: | unpending #2's IKE SA #1 Oct 31 15:24:35.792393: | unpending state #1 connection "northnet-eastnets/0x1" Oct 31 15:24:35.792395: | releasing #1's fd-fd@(nil) because IKEv2 transitions finished so releaseing IKE SA Oct 31 15:24:35.792398: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:35.792400: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:35.792403: | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Oct 31 15:24:35.792405: | state #2 has no .st_event to delete Oct 31 15:24:35.792409: | event_schedule: newref EVENT_SA_REKEY-pe@0x55c9f9fb6048 Oct 31 15:24:35.792412: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 Oct 31 15:24:35.792415: | libevent_malloc: newref ptr-libevent@0x55c9f9fc9588 size 128 Oct 31 15:24:35.792421: | delref mdp@0x55c9f9fc1958(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:35.792424: | delref logger@0x55c9f9f9fd18(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:35.792427: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.792429: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.792439: | #1 spent 5.05 (100) milliseconds in resume sending helper answer back to state Oct 31 15:24:35.792447: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:24:35.792451: | libevent_free: delref ptr-libevent@0x7f97c0000da8 Oct 31 15:24:35.792463: | processing signal PLUTO_SIGCHLD Oct 31 15:24:35.792469: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:35.792475: | spent 0.00571 (0.00556) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:35.792478: | processing signal PLUTO_SIGCHLD Oct 31 15:24:35.792481: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:35.792491: | spent 0.00805 (0.00811) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:35.792495: | processing signal PLUTO_SIGCHLD Oct 31 15:24:35.792499: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:35.792502: | spent 0.00349 (0.00342) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:35.919436: | spent 0.00251 (0.0025) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:35.919454: | newref struct msg_digest@0x55c9f9fc1958(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.919458: | newref alloc logger@0x55c9f9fd45f8(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.919465: | *received 601 bytes from 192.1.3.33:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:24:35.919467: | 34 d5 c0 79 f1 ec a3 66 e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.919469: | 2e 20 24 08 00 00 00 02 00 00 02 59 21 00 02 3d Oct 31 15:24:35.919472: | 27 6c 0b 31 11 3d f5 e0 f8 ad 6c 3d 02 cd ce 8d Oct 31 15:24:35.919474: | 4d 32 39 57 8f b0 35 99 5f da 86 6f 8d 0c 3f c9 Oct 31 15:24:35.919476: | 19 16 61 7d 92 bb e9 d8 96 a6 6f 31 99 94 8a bf Oct 31 15:24:35.919478: | d9 a9 b6 37 e5 ce 2a 32 62 7e 7a fd 1a 76 96 08 Oct 31 15:24:35.919480: | 9f 60 1f 37 41 1f e1 02 7c 3f c7 74 0d e9 3a e0 Oct 31 15:24:35.919482: | e7 ca 94 d8 a7 7f 3e 64 a3 10 1d ee 66 bc 3b ff Oct 31 15:24:35.919485: | 57 82 03 29 72 b7 8f 24 49 9a 75 87 39 57 5f 9a Oct 31 15:24:35.919487: | 3b 51 12 4f b0 b7 d0 01 49 81 43 4b db a2 30 f0 Oct 31 15:24:35.919489: | 51 94 f6 d6 fc 8e 05 50 da f8 51 8d 6b 20 c2 c9 Oct 31 15:24:35.919491: | ec 71 39 d0 49 71 76 c0 e4 7f cd 9f ea 45 f5 f5 Oct 31 15:24:35.919493: | 43 8f ba 7a 47 7b 50 6d 41 71 fa 11 b0 b2 07 3f Oct 31 15:24:35.919495: | a8 38 53 a6 4d e0 b9 72 e7 a8 02 63 03 74 55 aa Oct 31 15:24:35.919497: | ee 46 b7 a6 ff 9e ba c0 03 5c 6a 73 f2 17 eb 46 Oct 31 15:24:35.919500: | bb cf d5 f5 6c c7 41 07 c0 14 14 e8 9d 71 fc 89 Oct 31 15:24:35.919502: | 23 da 2c ee da ba 70 20 93 32 2b 7b 6c 7b 11 5c Oct 31 15:24:35.919504: | 25 2e c1 8e df 20 49 6a f0 d6 fb 9e 98 97 18 19 Oct 31 15:24:35.919506: | 3d 62 4c c7 61 d9 dd 47 5e a4 b3 c1 1f 2b 31 56 Oct 31 15:24:35.919508: | 1c f8 0f e7 6b a0 33 1e 24 41 23 de 96 80 52 ef Oct 31 15:24:35.919509: | 37 32 d3 b7 3a e4 a7 84 7c 42 ce 53 a8 ce 88 7c Oct 31 15:24:35.919511: | 33 66 c8 ba 2b da 2c 83 10 8e 3f 0c 73 61 fb 5a Oct 31 15:24:35.919513: | 7a 6f 20 26 91 b5 a6 32 44 58 58 70 3f 40 1d 88 Oct 31 15:24:35.919515: | 6d c8 7f b5 12 54 50 65 b6 ad 97 97 bf 7f 9d 3e Oct 31 15:24:35.919517: | 09 34 43 06 c8 88 bb e6 25 61 55 a8 8a 7b e6 c7 Oct 31 15:24:35.919519: | 6e 79 3b 25 fc 70 24 92 97 bf 73 db e5 b2 21 b4 Oct 31 15:24:35.919520: | 02 1a 09 95 20 59 80 ee 29 ee 2c cf 7e f1 2e 4e Oct 31 15:24:35.919522: | f6 16 7b 49 aa a5 b2 1c 0b b4 4a eb bc c5 7b ed Oct 31 15:24:35.919524: | 51 63 bf d1 78 6b 24 52 ce b1 fd 7c 86 8b a0 7f Oct 31 15:24:35.919525: | 9e dd a4 d3 4e 6a 8c 1d 5a d8 f7 c9 0b 66 25 e6 Oct 31 15:24:35.919527: | 61 b9 ba ca 39 4c e0 e4 7a 59 f9 a5 12 36 a0 e7 Oct 31 15:24:35.919529: | 5f 7b a8 ad a7 97 70 bd 32 ff 04 0a 86 ec 0c ff Oct 31 15:24:35.919531: | bc 8d bd 7c 0b 9e 4b 5b fb f2 5a 68 7c f4 a3 01 Oct 31 15:24:35.919533: | f8 5d 55 07 40 48 5c 0a cd a8 97 44 5a 92 17 8e Oct 31 15:24:35.919535: | ea 12 da ee 8e 8f 6f 02 86 4c d3 97 de ea 16 dd Oct 31 15:24:35.919537: | 94 ee c5 d6 12 61 34 a6 86 86 fe ed 11 1f c4 a5 Oct 31 15:24:35.919538: | 96 c7 05 6a 0c 51 5c 8e 3e bb 31 de d9 07 67 6a Oct 31 15:24:35.919540: | d6 a1 54 32 ad b7 30 30 1d Oct 31 15:24:35.919545: | **parse ISAKMP Message: Oct 31 15:24:35.919550: | initiator SPI: 34 d5 c0 79 f1 ec a3 66 Oct 31 15:24:35.919554: | responder SPI: e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.919557: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:24:35.919559: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.919564: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Oct 31 15:24:35.919566: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:35.919571: | Message ID: 2 (00 00 00 02) Oct 31 15:24:35.919574: | length: 601 (00 00 02 59) Oct 31 15:24:35.919577: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Oct 31 15:24:35.919581: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request Oct 31 15:24:35.919586: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:24:35.919593: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:35.919596: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Oct 31 15:24:35.919599: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:35.919601: | #1 is idle Oct 31 15:24:35.919608: | Message ID: IKE #1 not a duplicate - message request 2 is new: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744550.224525 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:35.919613: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:35.919615: | unpacking clear payload Oct 31 15:24:35.919618: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:24:35.919621: | ***parse IKEv2 Encryption Payload: Oct 31 15:24:35.919624: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:24:35.919627: | flags: none (0x0) Oct 31 15:24:35.919630: | length: 573 (02 3d) Oct 31 15:24:35.919632: | processing payload: ISAKMP_NEXT_v2SK (len=569) Oct 31 15:24:35.919635: | #1 in state ESTABLISHED_IKE_SA: established IKE SA Oct 31 15:24:35.919650: | #1 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Oct 31 15:24:35.919653: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:24:35.919656: | **parse IKEv2 Security Association Payload: Oct 31 15:24:35.919658: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Oct 31 15:24:35.919660: | flags: none (0x0) Oct 31 15:24:35.919663: | length: 196 (00 c4) Oct 31 15:24:35.919666: | processing payload: ISAKMP_NEXT_v2SA (len=192) Oct 31 15:24:35.919668: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Oct 31 15:24:35.919670: | **parse IKEv2 Nonce Payload: Oct 31 15:24:35.919672: | next payload type: ISAKMP_NEXT_v2KE (0x22) Oct 31 15:24:35.919674: | flags: none (0x0) Oct 31 15:24:35.919677: | length: 36 (00 24) Oct 31 15:24:35.919679: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Oct 31 15:24:35.919681: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Oct 31 15:24:35.919684: | **parse IKEv2 Key Exchange Payload: Oct 31 15:24:35.919686: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Oct 31 15:24:35.919688: | flags: none (0x0) Oct 31 15:24:35.919691: | length: 264 (01 08) Oct 31 15:24:35.919693: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.919695: | processing payload: ISAKMP_NEXT_v2KE (len=256) Oct 31 15:24:35.919698: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Oct 31 15:24:35.919700: | **parse IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:35.919702: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Oct 31 15:24:35.919704: | flags: none (0x0) Oct 31 15:24:35.919707: | length: 24 (00 18) Oct 31 15:24:35.919710: | number of TS: 1 (01) Oct 31 15:24:35.919712: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Oct 31 15:24:35.919714: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Oct 31 15:24:35.919716: | **parse IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:35.919718: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.919721: | flags: none (0x0) Oct 31 15:24:35.919723: | length: 24 (00 18) Oct 31 15:24:35.919726: | number of TS: 1 (01) Oct 31 15:24:35.919728: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Oct 31 15:24:35.919731: | state #1 forced to match CREATE_CHILD_SA from STATE_V2_NEW_CHILD_R0->STATE_V2_ESTABLISHED_CHILD_SA by ignoring from state Oct 31 15:24:35.919735: | selected state microcode Respond to CREATE_CHILD_SA IPsec SA Request Oct 31 15:24:35.919740: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2631) Oct 31 15:24:35.919745: | newref alloc logger@0x55c9f9fb5738(0->1) (in new_state() at state.c:576) Oct 31 15:24:35.919747: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:24:35.919750: | creating state object #3 at 0x55c9f9fda858 Oct 31 15:24:35.919752: | State DB: adding IKEv2 state #3 in UNDEFINED Oct 31 15:24:35.919757: | pstats #3 ikev2.child started Oct 31 15:24:35.919760: | duplicating state object #1 "northnet-eastnets/0x2" as #3 for IPSEC SA Oct 31 15:24:35.919765: | #3 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1581) Oct 31 15:24:35.919773: | Message ID: CHILD #1.#3 initializing (CHILD SA): ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744550.224525 child.wip.initiator=0->-1 child.wip.responder=0->-1 Oct 31 15:24:35.919776: | child state #3: UNDEFINED(ignore) => V2_NEW_CHILD_R0(established IKE SA) Oct 31 15:24:35.919780: | #3.st_v2_transition NULL -> V2_NEW_CHILD_R0->ESTABLISHED_CHILD_SA (in new_v2_child_state() at state.c:1666) Oct 31 15:24:35.919783: | "northnet-eastnets/0x2" #1 received Respond to CREATE_CHILD_SA IPsec SA Request CREATE_CHILD_SA Child "northnet-eastnets/0x2" #3 in STATE_V2_NEW_CHILD_R0 will process it further Oct 31 15:24:35.919785: | forcing ST #1 to CHILD #1.#3 in FSM processor Oct 31 15:24:35.919791: | Message ID: CHILD #1.#3 responder starting message request 2: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744550.224525 child.wip.initiator=-1 child.wip.responder=-1->2 Oct 31 15:24:35.919794: | calling processor Respond to CREATE_CHILD_SA IPsec SA Request Oct 31 15:24:35.919798: | create child proposal's DH changed from no-PFS to MODP2048, flushing Oct 31 15:24:35.919801: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnets/0x2 (CREATE_CHILD_SA responder matching remote ESP/AH proposals) Oct 31 15:24:35.919806: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Oct 31 15:24:35.919812: | ... ikev2_proposal: 1:ESP=AES_GCM_C_256-NONE-MODP2048-DISABLED Oct 31 15:24:35.919815: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Oct 31 15:24:35.919818: | ... ikev2_proposal: 2:ESP=AES_GCM_C_128-NONE-MODP2048-DISABLED Oct 31 15:24:35.919821: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:24:35.919825: | ... ikev2_proposal: 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:24:35.919828: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:24:35.919832: | ... ikev2_proposal: 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:24:35.919835: "northnet-eastnets/0x2": local ESP/AH proposals (CREATE_CHILD_SA responder matching remote ESP/AH proposals): Oct 31 15:24:35.919839: "northnet-eastnets/0x2": 1:ESP=AES_GCM_C_256-NONE-MODP2048-DISABLED Oct 31 15:24:35.919843: "northnet-eastnets/0x2": 2:ESP=AES_GCM_C_128-NONE-MODP2048-DISABLED Oct 31 15:24:35.919846: "northnet-eastnets/0x2": 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:24:35.919850: "northnet-eastnets/0x2": 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:24:35.919853: | comparing remote proposals against CREATE_CHILD_SA responder matching remote ESP/AH proposals 4 local proposals Oct 31 15:24:35.919856: | local proposal 1 type ENCR has 1 transforms Oct 31 15:24:35.919858: | local proposal 1 type PRF has 0 transforms Oct 31 15:24:35.919861: | local proposal 1 type INTEG has 1 transforms Oct 31 15:24:35.919864: | local proposal 1 type DH has 1 transforms Oct 31 15:24:35.919866: | local proposal 1 type ESN has 1 transforms Oct 31 15:24:35.919870: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG Oct 31 15:24:35.919872: | local proposal 2 type ENCR has 1 transforms Oct 31 15:24:35.919874: | local proposal 2 type PRF has 0 transforms Oct 31 15:24:35.919876: | local proposal 2 type INTEG has 1 transforms Oct 31 15:24:35.919878: | local proposal 2 type DH has 1 transforms Oct 31 15:24:35.919881: | local proposal 2 type ESN has 1 transforms Oct 31 15:24:35.919883: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG Oct 31 15:24:35.919886: | local proposal 3 type ENCR has 1 transforms Oct 31 15:24:35.919888: | local proposal 3 type PRF has 0 transforms Oct 31 15:24:35.919890: | local proposal 3 type INTEG has 2 transforms Oct 31 15:24:35.919892: | local proposal 3 type DH has 1 transforms Oct 31 15:24:35.919894: | local proposal 3 type ESN has 1 transforms Oct 31 15:24:35.919897: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none Oct 31 15:24:35.919899: | local proposal 4 type ENCR has 1 transforms Oct 31 15:24:35.919901: | local proposal 4 type PRF has 0 transforms Oct 31 15:24:35.919903: | local proposal 4 type INTEG has 2 transforms Oct 31 15:24:35.919906: | local proposal 4 type DH has 1 transforms Oct 31 15:24:35.919908: | local proposal 4 type ESN has 1 transforms Oct 31 15:24:35.919910: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none Oct 31 15:24:35.919913: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.919916: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.919919: | length: 40 (00 28) Oct 31 15:24:35.919921: | prop #: 1 (01) Oct 31 15:24:35.919923: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.919926: | spi size: 4 (04) Oct 31 15:24:35.919928: | # transforms: 3 (03) Oct 31 15:24:35.919932: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:35.919934: | remote SPI Oct 31 15:24:35.919936: | df 16 7b 2b Oct 31 15:24:35.919938: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..4] of 4 local proposals Oct 31 15:24:35.919941: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.919944: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.919946: | length: 12 (00 0c) Oct 31 15:24:35.919949: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.919951: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:35.919953: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.919956: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.919959: | length/value: 256 (01 00) Oct 31 15:24:35.919963: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:24:35.919966: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.919968: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.919971: | length: 8 (00 08) Oct 31 15:24:35.919973: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.919975: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.919978: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Oct 31 15:24:35.919981: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Oct 31 15:24:35.919983: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Oct 31 15:24:35.919986: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Oct 31 15:24:35.919988: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.919991: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.919993: | length: 8 (00 08) Oct 31 15:24:35.919996: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.919998: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.920002: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Oct 31 15:24:35.920005: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Oct 31 15:24:35.920007: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Oct 31 15:24:35.920010: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Oct 31 15:24:35.920013: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none Oct 31 15:24:35.920018: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN Oct 31 15:24:35.920020: | remote proposal 1 matches local proposal 1 Oct 31 15:24:35.920023: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.920025: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.920028: | length: 40 (00 28) Oct 31 15:24:35.920031: | prop #: 2 (02) Oct 31 15:24:35.920033: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.920035: | spi size: 4 (04) Oct 31 15:24:35.920038: | # transforms: 3 (03) Oct 31 15:24:35.920041: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:35.920043: | remote SPI Oct 31 15:24:35.920045: | df 16 7b 2b Oct 31 15:24:35.920047: | Comparing remote proposal 2 containing 3 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:35.920050: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.920052: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.920055: | length: 12 (00 0c) Oct 31 15:24:35.920057: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.920059: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:35.920061: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.920063: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.920066: | length/value: 128 (00 80) Oct 31 15:24:35.920069: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.920072: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.920075: | length: 8 (00 08) Oct 31 15:24:35.920077: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.920079: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.920082: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.920084: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.920086: | length: 8 (00 08) Oct 31 15:24:35.920088: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.920091: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.920094: | remote proposal 2 proposed transforms: ENCR+DH+ESN; matched: none; unmatched: ENCR+DH+ESN Oct 31 15:24:35.920097: | remote proposal 2 does not match; unmatched remote transforms: ENCR+DH+ESN Oct 31 15:24:35.920099: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.920102: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.920104: | length: 56 (00 38) Oct 31 15:24:35.920107: | prop #: 3 (03) Oct 31 15:24:35.920109: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.920111: | spi size: 4 (04) Oct 31 15:24:35.920114: | # transforms: 5 (05) Oct 31 15:24:35.920117: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:35.920119: | remote SPI Oct 31 15:24:35.920121: | df 16 7b 2b Oct 31 15:24:35.920123: | Comparing remote proposal 3 containing 5 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:35.920125: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.920127: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.920130: | length: 12 (00 0c) Oct 31 15:24:35.920132: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.920134: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:35.920137: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.920139: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.920143: | length/value: 256 (01 00) Oct 31 15:24:35.920146: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.920148: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.920151: | length: 8 (00 08) Oct 31 15:24:35.920153: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.920155: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:35.920158: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.920160: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.920163: | length: 8 (00 08) Oct 31 15:24:35.920165: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.920167: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:35.920170: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.920172: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.920175: | length: 8 (00 08) Oct 31 15:24:35.920177: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.920179: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.920182: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.920184: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.920187: | length: 8 (00 08) Oct 31 15:24:35.920189: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.920191: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.920195: | remote proposal 3 proposed transforms: ENCR+INTEG+DH+ESN; matched: none; unmatched: ENCR+INTEG+DH+ESN Oct 31 15:24:35.920202: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+DH+ESN Oct 31 15:24:35.920208: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.920211: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:35.920213: | length: 56 (00 38) Oct 31 15:24:35.920215: | prop #: 4 (04) Oct 31 15:24:35.920218: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.920220: | spi size: 4 (04) Oct 31 15:24:35.920223: | # transforms: 5 (05) Oct 31 15:24:35.920225: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:35.920227: | remote SPI Oct 31 15:24:35.920229: | df 16 7b 2b Oct 31 15:24:35.920231: | Comparing remote proposal 4 containing 5 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:35.920233: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.920235: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.920237: | length: 12 (00 0c) Oct 31 15:24:35.920239: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.920241: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:35.920243: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.920245: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.920248: | length/value: 128 (00 80) Oct 31 15:24:35.920251: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.920253: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.920255: | length: 8 (00 08) Oct 31 15:24:35.920257: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.920259: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:35.920262: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.920263: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.920266: | length: 8 (00 08) Oct 31 15:24:35.920268: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.920270: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:35.920273: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.920275: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.920278: | length: 8 (00 08) Oct 31 15:24:35.920280: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.920282: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.920284: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.920286: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.920290: | length: 8 (00 08) Oct 31 15:24:35.920292: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.920294: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.920298: | remote proposal 4 proposed transforms: ENCR+INTEG+DH+ESN; matched: none; unmatched: ENCR+INTEG+DH+ESN Oct 31 15:24:35.920301: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+DH+ESN Oct 31 15:24:35.920307: "northnet-eastnets/0x2" #3: proposal 1:ESP=AES_GCM_C_256-MODP2048-DISABLED SPI=df167b2b chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Oct 31 15:24:35.920313: | CREATE_CHILD_SA responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP=AES_GCM_C_256-MODP2048-DISABLED SPI=df167b2b Oct 31 15:24:35.920315: | converting proposal to internal trans attrs Oct 31 15:24:35.920320: | updating #3's .st_oakley with preserved PRF, but why update? Oct 31 15:24:35.920324: | Child SA TS Request has child->sa == md->st; so using child connection Oct 31 15:24:35.920326: | TSi: parsing 1 traffic selectors Oct 31 15:24:35.920329: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:35.920332: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:35.920334: | IP Protocol ID: ALL (0x0) Oct 31 15:24:35.920337: | length: 16 (00 10) Oct 31 15:24:35.920340: | start port: 0 (00 00) Oct 31 15:24:35.920343: | end port: 65535 (ff ff) Oct 31 15:24:35.920346: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:35.920348: | TS low Oct 31 15:24:35.920351: | c0 00 03 00 Oct 31 15:24:35.920353: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:35.920355: | TS high Oct 31 15:24:35.920357: | c0 00 03 ff Oct 31 15:24:35.920360: | TSi: parsed 1 traffic selectors Oct 31 15:24:35.920362: | TSr: parsing 1 traffic selectors Oct 31 15:24:35.920365: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:35.920367: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:35.920370: | IP Protocol ID: ALL (0x0) Oct 31 15:24:35.920372: | length: 16 (00 10) Oct 31 15:24:35.920375: | start port: 0 (00 00) Oct 31 15:24:35.920378: | end port: 65535 (ff ff) Oct 31 15:24:35.920380: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:35.920382: | TS low Oct 31 15:24:35.920384: | c0 00 16 00 Oct 31 15:24:35.920386: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:35.920389: | TS high Oct 31 15:24:35.920391: | c0 00 16 ff Oct 31 15:24:35.920393: | TSr: parsed 1 traffic selectors Oct 31 15:24:35.920395: | looking for best SPD in current connection Oct 31 15:24:35.920402: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0:0/0 R=192.0.22.0/24:0:0/0 to their: Oct 31 15:24:35.920407: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:35.920415: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Oct 31 15:24:35.920419: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:24:35.920424: | TSi[0] port match: YES fitness 65536 Oct 31 15:24:35.920427: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:24:35.920432: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:35.920439: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:35.920446: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Oct 31 15:24:35.920449: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Oct 31 15:24:35.920451: | TSr[0] port match: YES fitness 65536 Oct 31 15:24:35.920454: | narrow protocol end=*0 == TSr[0]=*0: 0 Oct 31 15:24:35.920457: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:35.920461: | best fit so far: TSi[0] TSr[0] Oct 31 15:24:35.920463: | found better spd route for TSi[0],TSr[0] Oct 31 15:24:35.920465: | looking for better host pair Oct 31 15:24:35.920471: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Oct 31 15:24:35.920477: | checking hostpair 192.0.22.0/24:0 -> 192.0.3.0/24:0 is found Oct 31 15:24:35.920479: | investigating connection "northnet-eastnets/0x2" as a better match Oct 31 15:24:35.920492: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Oct 31 15:24:35.920500: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Oct 31 15:24:35.920502: | results matched Oct 31 15:24:35.920515: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.920525: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.920531: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0:0/0 R=192.0.22.0/24:0:0/0 to their: Oct 31 15:24:35.920536: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:35.920542: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Oct 31 15:24:35.920545: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:24:35.920547: | TSi[0] port match: YES fitness 65536 Oct 31 15:24:35.920550: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:24:35.920552: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:35.920557: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:35.920563: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Oct 31 15:24:35.920566: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Oct 31 15:24:35.920568: | TSr[0] port match: YES fitness 65536 Oct 31 15:24:35.920571: | narrow protocol end=*0 == TSr[0]=*0: 0 Oct 31 15:24:35.920574: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:35.920576: | best fit so far: TSi[0] TSr[0] Oct 31 15:24:35.920578: | investigating connection "northnet-eastnets/0x1" as a better match Oct 31 15:24:35.920588: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Oct 31 15:24:35.920595: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Oct 31 15:24:35.920598: | results matched Oct 31 15:24:35.920609: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.920619: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.920625: | evaluating our conn="northnet-eastnets/0x1" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Oct 31 15:24:35.920629: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:35.920636: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Oct 31 15:24:35.920638: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:24:35.920641: | TSi[0] port match: YES fitness 65536 Oct 31 15:24:35.920643: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:24:35.920646: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:35.920650: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:35.920659: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: NO Oct 31 15:24:35.920662: | did not find a better connection using host pair Oct 31 15:24:35.920666: | printing contents struct traffic_selector Oct 31 15:24:35.920668: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:35.920670: | ipprotoid: 0 Oct 31 15:24:35.920672: | port range: 0-65535 Oct 31 15:24:35.920676: | ip range: 192.0.22.0-192.0.22.255 Oct 31 15:24:35.920678: | printing contents struct traffic_selector Oct 31 15:24:35.920680: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:35.920683: | ipprotoid: 0 Oct 31 15:24:35.920685: | port range: 0-65535 Oct 31 15:24:35.920688: | ip range: 192.0.3.0-192.0.3.255 Oct 31 15:24:35.920695: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:35.920697: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:35.920700: | newref clone logger@0x55c9f9fac678(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:35.920703: | job 5 for #3: Child Responder KE and nonce nr (build KE and nonce): adding job to queue Oct 31 15:24:35.920706: | state #3 has no .st_event to delete Oct 31 15:24:35.920709: | #3 STATE_V2_NEW_CHILD_R0: retransmits: cleared Oct 31 15:24:35.920712: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55c9f9f9fd18 Oct 31 15:24:35.920714: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Oct 31 15:24:35.920718: | libevent_malloc: newref ptr-libevent@0x7f97d0006108 size 128 Oct 31 15:24:35.920722: | libevent_realloc: delref ptr-libevent@0x55c9f9f6e488 Oct 31 15:24:35.920724: | libevent_realloc: newref ptr-libevent@0x55c9f9fc52c8 size 128 Oct 31 15:24:35.920738: | #3 spent 0.935 (0.938) milliseconds in processing: Respond to CREATE_CHILD_SA IPsec SA Request in v2_dispatch() Oct 31 15:24:35.920744: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.920749: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.920754: | #3 complete_v2_state_transition() V2_NEW_CHILD_R0->ESTABLISHED_CHILD_SA with status STF_SUSPEND Oct 31 15:24:35.920756: | suspending state #3 and saving MD 0x55c9f9fc1958 Oct 31 15:24:35.920759: | addref md@0x55c9f9fc1958(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:35.920762: | #3 is busy; has suspended MD 0x55c9f9fc1958 Oct 31 15:24:35.920766: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:35.920771: | #1 spent 1.34 (1.34) milliseconds in ikev2_process_packet() Oct 31 15:24:35.920773: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:35.920776: | delref mdp@0x55c9f9fc1958(2->1) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.920780: | spent 1.35 (1.35) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:35.920800: | job 5 for #3: Child Responder KE and nonce nr (build KE and nonce): helper 5 starting job Oct 31 15:24:35.922628: | "northnet-eastnets/0x2" #3: spent 1.8 (1.82) milliseconds in helper 5 processing job 5 for state #3: Child Responder KE and nonce nr (pcr) Oct 31 15:24:35.922642: | job 5 for #3: Child Responder KE and nonce nr (build KE and nonce): helper thread 5 sending result back to state Oct 31 15:24:35.922646: | scheduling resume sending helper answer back to state for #3 Oct 31 15:24:35.922649: | libevent_malloc: newref ptr-libevent@0x7f97c4006108 size 128 Oct 31 15:24:35.922660: | helper thread 5 has nothing to do Oct 31 15:24:35.922696: | processing resume sending helper answer back to state for #3 Oct 31 15:24:35.922704: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:24:35.922707: | unsuspending #3 MD 0x55c9f9fc1958 Oct 31 15:24:35.922709: | job 5 for #3: Child Responder KE and nonce nr (build KE and nonce): processing response from helper 5 Oct 31 15:24:35.922713: | job 5 for #3: Child Responder KE and nonce nr (build KE and nonce): calling continuation function 0x55c9f9666fe7 Oct 31 15:24:35.922715: | ikev2_child_inIoutR_continue() for #3 STATE_V2_NEW_CHILD_R0 Oct 31 15:24:35.922719: | DH secret MODP2048@0x7f97c4006ba8: transferring ownership from helper KE to state #3 Oct 31 15:24:35.922722: | DH secret MODP2048@0x7f97c4006ba8: transferring ownership from state #3 to helper DH Oct 31 15:24:35.922725: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:35.922727: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:35.922731: | newref clone logger@0x55c9f9f6e488(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:35.922733: | job 6 for #3: DHv2 for child sa (dh): adding job to queue Oct 31 15:24:35.922735: | state #3 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:35.922739: | libevent_free: delref ptr-libevent@0x7f97d0006108 Oct 31 15:24:35.922741: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55c9f9f9fd18 Oct 31 15:24:35.922744: | #3 STATE_V2_NEW_CHILD_R0: retransmits: cleared Oct 31 15:24:35.922747: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55c9f9f93e98 Oct 31 15:24:35.922749: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Oct 31 15:24:35.922751: | libevent_malloc: newref ptr-libevent@0x7f97d0006108 size 128 Oct 31 15:24:35.922762: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.922767: | #3 complete_v2_state_transition() V2_NEW_CHILD_R0->ESTABLISHED_CHILD_SA with status STF_SUSPEND Oct 31 15:24:35.922769: | suspending state #3 and saving MD 0x55c9f9fc1958 Oct 31 15:24:35.922772: | addref md@0x55c9f9fc1958(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:35.922774: | #3 is busy; has suspended MD 0x55c9f9fc1958 Oct 31 15:24:35.922777: | delref logger@0x55c9f9fac678(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:35.922780: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.922782: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.922784: | resume sending helper answer back to state for #3 suppresed complete_v2_state_transition() Oct 31 15:24:35.922787: | delref mdp@0x55c9f9fc1958(2->1) (in resume_handler() at server.c:743) Oct 31 15:24:35.922793: | #3 spent 0.0838 (0.0839) milliseconds in resume sending helper answer back to state Oct 31 15:24:35.922797: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:24:35.922800: | libevent_free: delref ptr-libevent@0x7f97c4006108 Oct 31 15:24:35.922817: | job 6 for #3: DHv2 for child sa (dh): helper 6 starting job Oct 31 15:24:35.923464: | "northnet-eastnets/0x2" #3: spent 0.64 (0.645) milliseconds in helper 6 processing job 6 for state #3: DHv2 for child sa (dh) Oct 31 15:24:35.923473: | job 6 for #3: DHv2 for child sa (dh): helper thread 6 sending result back to state Oct 31 15:24:35.923476: | scheduling resume sending helper answer back to state for #3 Oct 31 15:24:35.923483: | libevent_malloc: newref ptr-libevent@0x7f97b8001fb8 size 128 Oct 31 15:24:35.923492: | helper thread 6 has nothing to do Oct 31 15:24:35.923504: | processing resume sending helper answer back to state for #3 Oct 31 15:24:35.923517: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:24:35.923522: | unsuspending #3 MD 0x55c9f9fc1958 Oct 31 15:24:35.923526: | job 6 for #3: DHv2 for child sa (dh): processing response from helper 6 Oct 31 15:24:35.923529: | job 6 for #3: DHv2 for child sa (dh): calling continuation function 0x55c9f96687cb Oct 31 15:24:35.923532: | DH secret MODP2048@0x7f97c4006ba8: transferring ownership from helper IKEv2 DH to state #3 Oct 31 15:24:35.923536: | ikev2_child_inIoutR_continue_continue() for #3 STATE_V2_NEW_CHILD_R0 Oct 31 15:24:35.923542: | opening output PBS reply packet Oct 31 15:24:35.923549: | **emit ISAKMP Message: Oct 31 15:24:35.923554: | initiator SPI: 34 d5 c0 79 f1 ec a3 66 Oct 31 15:24:35.923558: | responder SPI: e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.923562: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:35.923564: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.923567: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Oct 31 15:24:35.923570: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:35.923574: | Message ID: 2 (00 00 00 02) Oct 31 15:24:35.923578: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:35.923581: | ***emit IKEv2 Encryption Payload: Oct 31 15:24:35.923584: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.923587: | flags: none (0x0) Oct 31 15:24:35.923590: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:24:35.923592: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.923596: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:24:35.923633: | netlink_get_spi: allocated 0x3e9a0d8e for esp.0@192.1.2.23 Oct 31 15:24:35.923637: | emitting ikev2_proposal ... Oct 31 15:24:35.923640: | ****emit IKEv2 Security Association Payload: Oct 31 15:24:35.923642: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.923645: | flags: none (0x0) Oct 31 15:24:35.923648: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:35.923651: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.923656: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.923658: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:35.923661: | prop #: 1 (01) Oct 31 15:24:35.923664: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.923667: | spi size: 4 (04) Oct 31 15:24:35.923669: | # transforms: 3 (03) Oct 31 15:24:35.923672: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:35.923676: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:35.923679: | our spi: 3e 9a 0d 8e Oct 31 15:24:35.923682: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.923684: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.923686: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.923689: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:35.923691: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.923695: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.923697: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.923701: | length/value: 256 (01 00) Oct 31 15:24:35.923704: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:35.923707: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.923709: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.923712: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.923714: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.923718: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.923721: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.923724: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.923726: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.923729: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.923734: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.923736: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.923739: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.923742: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.923744: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.923747: | emitting length of IKEv2 Proposal Substructure Payload: 40 Oct 31 15:24:35.923749: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:35.923752: | emitting length of IKEv2 Security Association Payload: 44 Oct 31 15:24:35.923754: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:35.923757: | ****emit IKEv2 Nonce Payload: Oct 31 15:24:35.923760: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.923762: | flags: none (0x0) Oct 31 15:24:35.923765: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Oct 31 15:24:35.923768: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.923771: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Oct 31 15:24:35.923774: | IKEv2 nonce: Oct 31 15:24:35.923777: | 96 98 f8 87 23 98 7e c1 24 75 45 64 f0 3a 68 92 Oct 31 15:24:35.923779: | d9 57 81 07 e9 a1 04 9d 77 06 3e 36 32 44 dd 97 Oct 31 15:24:35.923781: | emitting length of IKEv2 Nonce Payload: 36 Oct 31 15:24:35.923784: | ****emit IKEv2 Key Exchange Payload: Oct 31 15:24:35.923787: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.923789: | flags: none (0x0) Oct 31 15:24:35.923792: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.923795: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Oct 31 15:24:35.923797: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.923801: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Oct 31 15:24:35.923803: | ikev2 g^x: Oct 31 15:24:35.923806: | 5f 4c fc d1 65 a8 68 92 e0 64 a5 6d 0f 27 e2 4f Oct 31 15:24:35.923808: | d3 5e 71 90 f4 32 46 ae f0 07 21 67 3e b9 3b 2d Oct 31 15:24:35.923811: | 59 ab 4e e6 cf d8 fd cc 85 3e 52 a5 33 ee 4a 44 Oct 31 15:24:35.923813: | 24 37 04 3a 9e 67 55 9a 6a 7d f2 0e 62 5a 41 6d Oct 31 15:24:35.923815: | 8e c0 a2 66 e9 45 50 b3 cc 95 fa e9 cb 80 45 3c Oct 31 15:24:35.923817: | 46 41 c4 a7 07 bf 65 3a 8e be 88 dd ce af a8 1f Oct 31 15:24:35.923820: | 1b 42 88 81 e6 41 19 4f 27 ad 46 04 e5 4d 17 07 Oct 31 15:24:35.923822: | 57 26 5a 64 e5 92 86 68 bf 22 5e 1d e6 5a f0 5d Oct 31 15:24:35.923824: | 35 17 53 63 c7 3c 85 a4 c6 bc be 21 09 5c b3 39 Oct 31 15:24:35.923826: | 63 2e de 4d 69 bf 76 4d db 93 2d 18 1c 1b ba e7 Oct 31 15:24:35.923829: | a6 70 29 7d 7d f9 a3 41 38 fe 48 ea fe 70 10 55 Oct 31 15:24:35.923831: | f5 f5 26 e4 5c 17 96 a0 54 7b 93 24 bf 33 df 9b Oct 31 15:24:35.923833: | 0f 8d cf 62 97 1f b7 db 78 41 3c 60 9a 11 f1 43 Oct 31 15:24:35.923835: | 86 57 4b f2 9f 1d 97 30 1f 4b 9f b6 1b 0e d5 f8 Oct 31 15:24:35.923837: | 9a 58 dd d0 4f b4 0d 6b a0 d1 e2 fd 88 af ae 12 Oct 31 15:24:35.923839: | 60 ef 32 df 64 44 fc d1 66 2a e0 74 3a b2 41 22 Oct 31 15:24:35.923842: | emitting length of IKEv2 Key Exchange Payload: 264 Oct 31 15:24:35.923845: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:35.923848: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.923852: | flags: none (0x0) Oct 31 15:24:35.923855: | number of TS: 1 (01) Oct 31 15:24:35.923858: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Oct 31 15:24:35.923860: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.923863: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:35.923866: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:35.923868: | IP Protocol ID: ALL (0x0) Oct 31 15:24:35.923871: | start port: 0 (00 00) Oct 31 15:24:35.923874: | end port: 65535 (ff ff) Oct 31 15:24:35.923878: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:35.923948: | IP start: c0 00 03 00 Oct 31 15:24:35.923952: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:35.923956: | IP end: c0 00 03 ff Oct 31 15:24:35.923958: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:35.923961: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Oct 31 15:24:35.923963: | ****emit IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:35.923965: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.923968: | flags: none (0x0) Oct 31 15:24:35.923971: | number of TS: 1 (01) Oct 31 15:24:35.923974: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Oct 31 15:24:35.923976: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.923979: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:35.923982: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:35.923984: | IP Protocol ID: ALL (0x0) Oct 31 15:24:35.923987: | start port: 0 (00 00) Oct 31 15:24:35.923990: | end port: 65535 (ff ff) Oct 31 15:24:35.923993: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:35.923997: | IP start: c0 00 16 00 Oct 31 15:24:35.923999: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:35.924002: | IP end: c0 00 16 ff Oct 31 15:24:35.924005: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:35.924007: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Oct 31 15:24:35.924010: | initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Oct 31 15:24:35.924014: | integ=NONE: .key_size=0 encrypt=AES_GCM_16: .key_size=32 .salt_size=4 keymat_len=36 Oct 31 15:24:35.924096: | install_ipsec_sa() for #3: inbound and outbound Oct 31 15:24:35.924101: | could_route called for northnet-eastnets/0x2; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500 Oct 31 15:24:35.924104: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:35.924108: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:35.924110: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:24:35.924113: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:35.924115: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:35.924120: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" erouted; eroute owner: NULL Oct 31 15:24:35.924123: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Oct 31 15:24:35.924127: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Oct 31 15:24:35.924129: | AES_GCM_16 requires 4 salt bytes Oct 31 15:24:35.924132: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Oct 31 15:24:35.924136: | setting IPsec SA replay-window to 32 Oct 31 15:24:35.924139: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Oct 31 15:24:35.924142: | netlink: enabling tunnel mode Oct 31 15:24:35.924144: | XFRM: adding IPsec SA with reqid 16393 Oct 31 15:24:35.924147: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:35.924152: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:35.924464: | netlink response for Add SA esp.df167b2b@192.1.3.33 included non-error error Oct 31 15:24:35.924474: | setup_half_ipsec_sa() is installing inbound eroute? inbound=0 owner=#0 mode=1 Oct 31 15:24:35.924478: | set up outgoing SA, ref=0/0 Oct 31 15:24:35.924481: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Oct 31 15:24:35.924484: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Oct 31 15:24:35.924487: | AES_GCM_16 requires 4 salt bytes Oct 31 15:24:35.924490: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Oct 31 15:24:35.924494: | setting IPsec SA replay-window to 32 Oct 31 15:24:35.924497: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Oct 31 15:24:35.924500: | netlink: enabling tunnel mode Oct 31 15:24:35.924503: | XFRM: adding IPsec SA with reqid 16393 Oct 31 15:24:35.924505: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:35.924508: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:35.924649: | netlink response for Add SA esp.3e9a0d8e@192.1.2.23 included non-error error Oct 31 15:24:35.924655: | setup_half_ipsec_sa() is installing inbound eroute? inbound=1 owner=#0 mode=1 Oct 31 15:24:35.924658: | setup_half_ipsec_sa() is installing inbound eroute Oct 31 15:24:35.924661: | setup_half_ipsec_sa() before proto 50 Oct 31 15:24:35.924663: | setup_half_ipsec_sa() after proto 50 Oct 31 15:24:35.924665: | setup_half_ipsec_sa() calling raw_eroute backwards (i.e., inbound) Oct 31 15:24:35.924668: | priority calculation of connection "northnet-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:24:35.924677: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.10000@192.1.2.23 using reqid 16393 (raw_eroute) proto=50 Oct 31 15:24:35.924681: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:35.924877: | raw_eroute result=success Oct 31 15:24:35.924883: | set up incoming SA, ref=0/0 Oct 31 15:24:35.924886: | sr for #3: unrouted Oct 31 15:24:35.924889: | route_and_eroute() for proto 0, and source port 0 dest port 0 Oct 31 15:24:35.924891: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:35.924894: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:35.924897: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:24:35.924900: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:35.924902: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:35.924907: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" erouted; eroute owner: NULL Oct 31 15:24:35.924910: | route_and_eroute with c: northnet-eastnets/0x2 (next: none) ero:null esr:{(nil)} ro:northnet-eastnets/0x1 rosr:{0x55c9f9fae218} and state: #3 Oct 31 15:24:35.924914: | priority calculation of connection "northnet-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:24:35.924989: | eroute_connection add eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33 using reqid 16393 (raw_eroute) proto=50 Oct 31 15:24:35.924995: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:35.925096: | raw_eroute result=success Oct 31 15:24:35.925102: | running updown command "ipsec _updown" for verb up Oct 31 15:24:35.925105: | command executing up-client Oct 31 15:24:35.925111: | get_sa_info esp.df167b2b@192.1.3.33 Oct 31 15:24:35.925121: | get_sa_info esp.3e9a0d8e@192.1.2.23 Oct 31 15:24:35.925180: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.925195: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.925223: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK... Oct 31 15:24:35.925233: | popen cmd is 1504 chars long Oct 31 15:24:35.925236: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Oct 31 15:24:35.925239: | cmd( 80):x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUT: Oct 31 15:24:35.925241: | cmd( 160):O_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=: Oct 31 15:24:35.925243: | cmd( 240):Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-: Oct 31 15:24:35.925245: | cmd( 320):east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET=: Oct 31 15:24:35.925247: | cmd( 400):'192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PRO: Oct 31 15:24:35.925250: | cmd( 480):TOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLU: Oct 31 15:24:35.925252: | cmd( 560):TO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=nor: Oct 31 15:24:35.925254: | cmd( 640):th.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT=: Oct 31 15:24:35.925256: | cmd( 720):'192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255: Oct 31 15:24:35.925258: | cmd( 800):.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Onta: Oct 31 15:24:35.925261: | cmd( 880):rio, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca: Oct 31 15:24:35.925263: | cmd( 960):, E=testing@libreswan.org' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157875' PLUTO_C: Oct 31 15:24:35.925265: | cmd(1040):ONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RS: Oct 31 15:24:35.925268: | cmd(1120):ASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAI: Oct 31 15:24:35.925270: | cmd(1200):LED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' P: Oct 31 15:24:35.925272: | cmd(1280):LUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURE: Oct 31 15:24:35.925274: | cmd(1360):D='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHA: Oct 31 15:24:35.925277: | cmd(1440):RED='no' SPI_IN=0xdf167b2b SPI_OUT=0x3e9a0d8e ipsec _updown 2>&1: Oct 31 15:24:35.953073: | route_and_eroute: firewall_notified: true Oct 31 15:24:35.953089: | route_and_eroute: instance "northnet-eastnets/0x2", setting eroute_owner {spd=0x55c9f9fb9a78,sr=0x55c9f9fb9a78} to #3 (was #0) (newest_ipsec_sa=#0) Oct 31 15:24:35.953150: | ISAKMP_v2_CREATE_CHILD_SA: instance northnet-eastnets/0x2[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Oct 31 15:24:35.953155: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:35.953158: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:35.953160: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:24:35.953162: | emitting length of IKEv2 Encryption Payload: 421 Oct 31 15:24:35.953163: | emitting length of ISAKMP Message: 449 Oct 31 15:24:35.953185: "northnet-eastnets/0x2" #3: negotiated new IPsec SA [192.0.22.0-192.0.22.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Oct 31 15:24:35.953194: | delref logger@0x55c9f9f6e488(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:35.953197: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.953207: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.953216: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.953221: | #3 complete_v2_state_transition() V2_NEW_CHILD_R0->ESTABLISHED_CHILD_SA with status STF_OK Oct 31 15:24:35.953224: | transitioning from state STATE_V2_NEW_CHILD_R0 to state STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:24:35.953226: | Message ID: updating counters for #3 Oct 31 15:24:35.953236: | Message ID: CHILD #1.#3 updating responder received message request 2: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=1 ike.responder.recv=1->2 ike.responder.last_contact=744550.224525->744550.386025 child.wip.initiator=-1 child.wip.responder=2->-1 Oct 31 15:24:35.953243: | Message ID: CHILD #1.#3 updating responder sent message response 2: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=1->2 ike.responder.recv=2 ike.responder.last_contact=744550.386025 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:35.953252: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744550.386025 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:35.953258: | child state #3: V2_NEW_CHILD_R0(established IKE SA) => ESTABLISHED_CHILD_SA(established CHILD SA) Oct 31 15:24:35.953261: | pstats #3 ikev2.child established Oct 31 15:24:35.953264: | announcing the state transition Oct 31 15:24:35.953272: "northnet-eastnets/0x2" #3: negotiated connection [192.0.22.0-192.0.22.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Oct 31 15:24:35.953277: | NAT-T: encaps is 'auto' Oct 31 15:24:35.953283: "northnet-eastnets/0x2" #3: IPsec SA established tunnel mode {ESP=>0xdf167b2b <0x3e9a0d8e xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive} Oct 31 15:24:35.953291: | sending 449 bytes for STATE_V2_NEW_CHILD_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:35.953293: | 34 d5 c0 79 f1 ec a3 66 e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:35.953296: | 2e 20 24 20 00 00 00 02 00 00 01 c1 21 00 01 a5 Oct 31 15:24:35.953298: | 38 46 2b 9b ae b1 dc 26 55 b3 aa c1 3e 67 83 f3 Oct 31 15:24:35.953301: | 43 b8 52 61 ea e7 2b cb 25 5f 8b d4 4e 94 68 b6 Oct 31 15:24:35.953303: | 97 2a 37 81 2b 97 f0 79 f0 3a 1b c1 1e 6c 97 fc Oct 31 15:24:35.953305: | 71 50 32 39 7b a9 17 4c 4c 0d aa c5 36 b5 94 ac Oct 31 15:24:35.953307: | 0d 42 75 58 ad 37 f1 2d 23 1a ae 7c 98 b7 83 21 Oct 31 15:24:35.953309: | b5 71 e1 c6 57 64 ab 56 8c ef 87 77 af e6 97 a3 Oct 31 15:24:35.953311: | 7b 44 97 c0 ef 5d 39 ba 99 9b 96 0f 17 4d 0e 17 Oct 31 15:24:35.953313: | 8e d5 1a 60 8a c7 f0 17 34 cf 20 eb 14 30 69 43 Oct 31 15:24:35.953315: | ae 6d 49 73 d4 3e 4c cb 8d 27 c2 c2 3d ba bc 3f Oct 31 15:24:35.953318: | 18 e9 45 02 33 9f 21 99 7c e4 2c e9 20 4e 6f af Oct 31 15:24:35.953320: | 57 f6 1e 09 62 53 ca 4c 17 4f d5 c7 1a c3 eb 89 Oct 31 15:24:35.953322: | c4 74 ba 30 ba a0 8d 9b b2 e3 14 d1 74 e3 cb 42 Oct 31 15:24:35.953324: | d3 6c 47 91 1f 43 b2 3f 88 4a 39 2c 57 c9 c9 c3 Oct 31 15:24:35.953327: | ce af 54 e6 e7 04 52 95 47 16 a9 3b d7 a6 e4 b0 Oct 31 15:24:35.953329: | 11 0f a6 95 be ed 0a ec 31 de e8 65 14 5c ed 69 Oct 31 15:24:35.953331: | c6 12 45 d5 7d 3d 0c 0a a0 cd 96 88 50 1c e6 3d Oct 31 15:24:35.953334: | d7 83 ed 77 84 34 2f 71 9a 0f 55 d8 4e 59 cf ff Oct 31 15:24:35.953336: | f9 07 3d 3a 64 57 a1 89 3f c8 85 71 82 77 69 65 Oct 31 15:24:35.953341: | 85 0c 38 f6 08 0e 28 34 50 07 9b a8 f6 dd 83 a0 Oct 31 15:24:35.953346: | 27 c9 81 b1 1c 2d 83 4d a0 27 26 01 24 b3 04 60 Oct 31 15:24:35.953348: | 7f d1 53 0d d4 f2 1a 18 fc 9f 1a 5b 4c c8 03 fa Oct 31 15:24:35.953349: | 16 37 d6 f1 40 5f 72 cf 6c 44 28 53 b2 ac ac b4 Oct 31 15:24:35.953351: | 40 b0 6e 9c 60 63 e3 3a d3 46 13 00 27 2b 8b 7f Oct 31 15:24:35.953352: | 41 69 f0 25 bd 32 8a a5 e7 dd 05 70 1c ef ed be Oct 31 15:24:35.953353: | 40 ec 64 5c 20 5a 4d 53 d0 3d a1 66 d9 01 93 d8 Oct 31 15:24:35.953355: | 93 3c ce a1 04 89 f5 02 2a 60 da 84 07 1b 08 d2 Oct 31 15:24:35.953356: | ed Oct 31 15:24:35.953410: | sent 1 messages Oct 31 15:24:35.953415: | releasing #3's fd-fd@(nil) because IKEv2 transitions finished Oct 31 15:24:35.953418: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:35.953420: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:35.953422: | unpending #3's IKE SA #1 Oct 31 15:24:35.953425: | unpending state #1 connection "northnet-eastnets/0x2" Oct 31 15:24:35.953427: | releasing #1's fd-fd@(nil) because IKEv2 transitions finished so releaseing IKE SA Oct 31 15:24:35.953429: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:35.953432: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:35.953435: | #3 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Oct 31 15:24:35.953438: | state #3 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:35.953443: | libevent_free: delref ptr-libevent@0x7f97d0006108 Oct 31 15:24:35.953447: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55c9f9f93e98 Oct 31 15:24:35.953450: | event_schedule: newref EVENT_SA_REKEY-pe@0x55c9f9f93e98 Oct 31 15:24:35.953453: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #3 Oct 31 15:24:35.953456: | libevent_malloc: newref ptr-libevent@0x7f97c4006108 size 128 Oct 31 15:24:35.953461: | delref mdp@0x55c9f9fc1958(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:35.953464: | delref logger@0x55c9f9fd45f8(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:35.953467: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.953470: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.953479: | #3 spent 1.51 (30) milliseconds in resume sending helper answer back to state Oct 31 15:24:35.953484: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:24:35.953488: | libevent_free: delref ptr-libevent@0x7f97b8001fb8 Oct 31 15:24:35.953499: | processing signal PLUTO_SIGCHLD Oct 31 15:24:35.953505: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:35.953510: | spent 0.00582 (0.00557) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:38.580474: | newref struct fd@0x55c9f9fcac48(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:38.580491: | fd_accept: new fd-fd@0x55c9f9fcac48 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:38.580519: | whack: status Oct 31 15:24:38.580705: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:24:38.580712: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:24:38.580869: | FOR_EACH_STATE_... in show_states (sort_states) Oct 31 15:24:38.580874: | FOR_EACH_STATE_... in sort_states Oct 31 15:24:38.580885: | get_sa_info esp.c3177887@192.1.2.23 Oct 31 15:24:38.580905: | get_sa_info esp.b0822f84@192.1.3.33 Oct 31 15:24:38.580933: | get_sa_info esp.3e9a0d8e@192.1.2.23 Oct 31 15:24:38.580945: | get_sa_info esp.df167b2b@192.1.3.33 Oct 31 15:24:38.580967: | delref fd@0x55c9f9fcac48(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:38.580974: | freeref fd-fd@0x55c9f9fcac48 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:38.580982: | spent 0.534 (0.536) milliseconds in whack Oct 31 15:24:39.525229: | newref struct fd@0x55c9f9fcac48(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:39.525244: | fd_accept: new fd-fd@0x55c9f9fcac48 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:39.525258: shutting down Oct 31 15:24:39.525265: | leaking fd-fd@0x55c9f9fcac48's FD; will be closed when pluto exits (in whack_handle_cb() at rcv_whack.c:889) Oct 31 15:24:39.525269: | delref fd@0x55c9f9fcac48(1->0) (in whack_handle_cb() at rcv_whack.c:895) Oct 31 15:24:39.525271: | freeref fd-fd@0x55c9f9fcac48 (in whack_handle_cb() at rcv_whack.c:895) Oct 31 15:24:39.525290: | shutting down helper thread 7 Oct 31 15:24:39.525305: | helper thread 7 exited Oct 31 15:24:39.525430: | shutting down helper thread 1 Oct 31 15:24:39.525447: | helper thread 1 exited Oct 31 15:24:39.525466: | shutting down helper thread 2 Oct 31 15:24:39.525479: | helper thread 2 exited Oct 31 15:24:39.525493: | shutting down helper thread 3 Oct 31 15:24:39.525502: | helper thread 3 exited Oct 31 15:24:39.525514: | shutting down helper thread 4 Oct 31 15:24:39.525526: | helper thread 4 exited Oct 31 15:24:39.525536: | shutting down helper thread 5 Oct 31 15:24:39.525544: | helper thread 5 exited Oct 31 15:24:39.525555: | shutting down helper thread 6 Oct 31 15:24:39.525563: | helper thread 6 exited Oct 31 15:24:39.525566: 7 helper threads shutdown Oct 31 15:24:39.525569: | delref root_certs@0x55c9f9fbfbb8(1->0) (in free_root_certs() at root_certs.c:127) Oct 31 15:24:39.525571: destroying root certificate cache Oct 31 15:24:39.525578: | certs and keys locked by 'free_preshared_secrets' Oct 31 15:24:39.525580: forgetting secrets Oct 31 15:24:39.525590: | certs and keys unlocked by 'free_preshared_secrets' Oct 31 15:24:39.525592: | delref pkp@0x55c9f9fba808(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.525595: | delref pkp@0x55c9f9fba378(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.525597: | delref pkp@0x55c9f9fc1848(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.525602: | delref pkp@0x55c9f9fc1738(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.525608: | delref pkp@0x55c9f9fc1628(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.525612: | delref pkp@0x55c9f9fbff98(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.525616: | delref pkp@0x55c9f9fbfdd8(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.525618: | delref pkp@0x55c9f9fc03a8(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.525622: | deleting states for connection - including all other IPsec SA's of this IKE SA Oct 31 15:24:39.525623: | pass 0 Oct 31 15:24:39.525625: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:24:39.525627: | state #3 Oct 31 15:24:39.525633: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1406) Oct 31 15:24:39.525636: | delref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1408) Oct 31 15:24:39.525637: | addref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1409) Oct 31 15:24:39.525639: | pstats #3 ikev2.child deleted completed Oct 31 15:24:39.525645: | #3 main thread spent 2.53 (31) milliseconds helper thread spent 2.44 (2.47) milliseconds in total Oct 31 15:24:39.525648: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:935) Oct 31 15:24:39.525650: | should_send_delete: yes Oct 31 15:24:39.525654: "northnet-eastnets/0x2" #3: deleting state (STATE_V2_ESTABLISHED_CHILD_SA) aged 3.605909s and sending notification Oct 31 15:24:39.525656: | child state #3: ESTABLISHED_CHILD_SA(established CHILD SA) => delete Oct 31 15:24:39.525661: | get_sa_info esp.df167b2b@192.1.3.33 Oct 31 15:24:39.525676: | get_sa_info esp.3e9a0d8e@192.1.2.23 Oct 31 15:24:39.525685: "northnet-eastnets/0x2" #3: ESP traffic information: in=168B out=168B Oct 31 15:24:39.525690: | unsuspending #3 MD (nil) Oct 31 15:24:39.525693: | should_send_delete: yes Oct 31 15:24:39.525695: | #3 send IKEv2 delete notification for STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:24:39.525698: | opening output PBS informational exchange delete request Oct 31 15:24:39.525704: | **emit ISAKMP Message: Oct 31 15:24:39.525709: | initiator SPI: 34 d5 c0 79 f1 ec a3 66 Oct 31 15:24:39.525714: | responder SPI: e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:39.525716: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:39.526178: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:39.526182: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:24:39.526185: | flags: none (0x0) Oct 31 15:24:39.526189: | Message ID: 0 (00 00 00 00) Oct 31 15:24:39.526193: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:39.526196: | ***emit IKEv2 Encryption Payload: Oct 31 15:24:39.526204: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:39.526211: | flags: none (0x0) Oct 31 15:24:39.526214: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:24:39.526217: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:24:39.526221: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:24:39.526230: | ****emit IKEv2 Delete Payload: Oct 31 15:24:39.526232: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:39.526234: | flags: none (0x0) Oct 31 15:24:39.526237: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:39.526240: | SPI size: 4 (04) Oct 31 15:24:39.526244: | number of SPIs: 1 (00 01) Oct 31 15:24:39.526247: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Oct 31 15:24:39.526249: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:24:39.526252: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Oct 31 15:24:39.526256: | local spis: 3e 9a 0d 8e Oct 31 15:24:39.526258: | emitting length of IKEv2 Delete Payload: 12 Oct 31 15:24:39.526261: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:39.526263: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:39.526271: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:24:39.526273: | emitting length of IKEv2 Encryption Payload: 41 Oct 31 15:24:39.526276: | emitting length of ISAKMP Message: 69 Oct 31 15:24:39.526298: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:39.526301: | 34 d5 c0 79 f1 ec a3 66 e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:39.526304: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Oct 31 15:24:39.526306: | 16 f6 57 96 ca db 04 94 dc e7 ff 5f 40 8f d7 29 Oct 31 15:24:39.526308: | 8b c7 f7 ea b3 45 8f db 6e 11 85 b1 c4 f8 c7 29 Oct 31 15:24:39.526310: | be 36 8b 1f f3 Oct 31 15:24:39.526362: | sent 1 messages Oct 31 15:24:39.526366: | Message ID: IKE #1 sender #3 in send_delete hacking around record 'n' send Oct 31 15:24:39.526374: | Message ID: IKE #1 scheduling EVENT_RETRANSMIT: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744550.386025 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:24:39.526379: "northnet-eastnets/0x2" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Oct 31 15:24:39.526383: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55c9f9fbc008 Oct 31 15:24:39.526386: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Oct 31 15:24:39.526390: | libevent_malloc: newref ptr-libevent@0x7f97b8001fb8 size 128 Oct 31 15:24:39.526397: | #1 STATE_V2_ESTABLISHED_IKE_SA: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744553.959178 Oct 31 15:24:39.526406: | Message ID: IKE #1 updating initiator sent message request 0: ike.initiator.sent=-1->0 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744550.386025 ike.wip.initiator=-1->0 ike.wip.responder=-1 Oct 31 15:24:39.526412: | state #3 deleting .st_event EVENT_SA_REKEY Oct 31 15:24:39.526416: | libevent_free: delref ptr-libevent@0x7f97c4006108 Oct 31 15:24:39.526419: | free_event_entry: delref EVENT_SA_REKEY-pe@0x55c9f9f93e98 Oct 31 15:24:39.526422: | #3 STATE_V2_ESTABLISHED_CHILD_SA: retransmits: cleared Oct 31 15:24:39.526685: | running updown command "ipsec _updown" for verb down Oct 31 15:24:39.526691: | command executing down-client Oct 31 15:24:39.526696: | get_sa_info esp.df167b2b@192.1.3.33 Oct 31 15:24:39.526709: | get_sa_info esp.3e9a0d8e@192.1.2.23 Oct 31 15:24:39.526761: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157875' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+E... Oct 31 15:24:39.526765: | popen cmd is 1392 chars long Oct 31 15:24:39.526767: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Oct 31 15:24:39.526770: | cmd( 80):/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PL: Oct 31 15:24:39.526772: | cmd( 160):UTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, : Oct 31 15:24:39.526774: | cmd( 240):L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=use: Oct 31 15:24:39.526776: | cmd( 320):r-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NE: Oct 31 15:24:39.526778: | cmd( 400):T='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_P: Oct 31 15:24:39.526780: | cmd( 480):ROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' P: Oct 31 15:24:39.526782: | cmd( 560):LUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=n: Oct 31 15:24:39.526784: | cmd( 640):orth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIEN: Oct 31 15:24:39.526786: | cmd( 720):T='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.2: Oct 31 15:24:39.526788: | cmd( 800):55.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STA: Oct 31 15:24:39.526790: | cmd( 880):CK='xfrm' PLUTO_ADDTIME='1604157875' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUN: Oct 31 15:24:39.526792: | cmd( 960):NEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMA: Oct 31 15:24:39.526794: | cmd(1040):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: Oct 31 15:24:39.526796: | cmd(1120):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: Oct 31 15:24:39.526798: | cmd(1200):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='168' PLUTO_OUTB: Oct 31 15:24:39.526799: | cmd(1280):YTES='168' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xdf167b2b SPI_O: Oct 31 15:24:39.526801: | cmd(1360):UT=0x3e9a0d8e ipsec _updown 2>&1: Oct 31 15:24:39.538248: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.22.0/24:0 --0->- 192.0.3.0/24:0 Oct 31 15:24:39.538300: | netlink_shunt_eroute for proto 0, and source 192.0.22.0/24:0 dest 192.0.3.0/24:0 Oct 31 15:24:39.538305: | priority calculation of connection "northnet-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:24:39.538310: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:39.538353: | delete esp.df167b2b@192.1.3.33 Oct 31 15:24:39.538410: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:24:39.538442: | netlink response for Del SA esp.df167b2b@192.1.3.33 included non-error error Oct 31 15:24:39.538503: | priority calculation of connection "northnet-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:24:39.538514: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => unk.10000@192.1.2.23 using reqid 0 (raw_eroute) proto=50 Oct 31 15:24:39.538555: | raw_eroute result=success Oct 31 15:24:39.538560: | delete esp.3e9a0d8e@192.1.2.23 Oct 31 15:24:39.538563: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:24:39.538643: | netlink response for Del SA esp.3e9a0d8e@192.1.2.23 included non-error error Oct 31 15:24:39.538658: | in connection_discard for connection northnet-eastnets/0x2 Oct 31 15:24:39.538663: | State DB: deleting IKEv2 state #3 in ESTABLISHED_CHILD_SA Oct 31 15:24:39.538668: | child state #3: ESTABLISHED_CHILD_SA(established CHILD SA) => UNDEFINED(ignore) Oct 31 15:24:39.538672: | releasing #3's fd-fd@(nil) because deleting state Oct 31 15:24:39.538675: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:39.538677: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:39.538681: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:24:39.538702: | stop processing: state #3 from 192.1.3.33:500 (in delete_state() at state.c:1239) Oct 31 15:24:39.538711: | delref logger@0x55c9f9fb5738(1->0) (in delete_state() at state.c:1306) Oct 31 15:24:39.538713: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:39.538714: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:39.538716: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1411) Oct 31 15:24:39.538718: | state #2 Oct 31 15:24:39.538722: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1406) Oct 31 15:24:39.538723: | delref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1408) Oct 31 15:24:39.538725: | addref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1409) Oct 31 15:24:39.538727: | pstats #2 ikev2.child deleted completed Oct 31 15:24:39.538731: | #2 main thread spent 0 (0) milliseconds helper thread spent 0 (0) milliseconds in total Oct 31 15:24:39.538733: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in delete_state() at state.c:935) Oct 31 15:24:39.538735: | should_send_delete: yes Oct 31 15:24:39.538739: "northnet-eastnets/0x1" #2: deleting state (STATE_V2_ESTABLISHED_CHILD_SA) aged 3.845471s and sending notification Oct 31 15:24:39.538741: | child state #2: ESTABLISHED_CHILD_SA(established CHILD SA) => delete Oct 31 15:24:39.538744: | get_sa_info esp.b0822f84@192.1.3.33 Oct 31 15:24:39.538753: | get_sa_info esp.c3177887@192.1.2.23 Oct 31 15:24:39.538758: "northnet-eastnets/0x1" #2: ESP traffic information: in=168B out=168B Oct 31 15:24:39.538761: | unsuspending #2 MD (nil) Oct 31 15:24:39.538762: | should_send_delete: yes Oct 31 15:24:39.538764: | #2 send IKEv2 delete notification for STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:24:39.538766: | opening output PBS informational exchange delete request Oct 31 15:24:39.538768: | **emit ISAKMP Message: Oct 31 15:24:39.538771: | initiator SPI: 34 d5 c0 79 f1 ec a3 66 Oct 31 15:24:39.538773: | responder SPI: e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:39.538776: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:39.538777: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:39.538779: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:24:39.538783: | flags: none (0x0) Oct 31 15:24:39.538786: | Message ID: 1 (00 00 00 01) Oct 31 15:24:39.538788: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:39.538790: | ***emit IKEv2 Encryption Payload: Oct 31 15:24:39.538792: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:39.538793: | flags: none (0x0) Oct 31 15:24:39.538795: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:24:39.538797: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:24:39.538801: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:24:39.538811: | ****emit IKEv2 Delete Payload: Oct 31 15:24:39.538815: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:39.538822: | flags: none (0x0) Oct 31 15:24:39.538825: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:39.538828: | SPI size: 4 (04) Oct 31 15:24:39.538831: | number of SPIs: 1 (00 01) Oct 31 15:24:39.538834: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Oct 31 15:24:39.538836: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:24:39.538840: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Oct 31 15:24:39.538843: | local spis: c3 17 78 87 Oct 31 15:24:39.538846: | emitting length of IKEv2 Delete Payload: 12 Oct 31 15:24:39.538849: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:39.538852: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:39.538855: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:24:39.538858: | emitting length of IKEv2 Encryption Payload: 41 Oct 31 15:24:39.538860: | emitting length of ISAKMP Message: 69 Oct 31 15:24:39.538880: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:39.538883: | 34 d5 c0 79 f1 ec a3 66 e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:39.538886: | 2e 20 25 00 00 00 00 01 00 00 00 45 2a 00 00 29 Oct 31 15:24:39.538888: | f9 3e 9b 38 5e 2f e5 92 5b 10 0f 66 bd 7f 5c ef Oct 31 15:24:39.538890: | 05 6a 25 91 f4 78 c1 33 76 32 37 10 54 2c 15 18 Oct 31 15:24:39.538892: | 3b ca 96 2e 4e Oct 31 15:24:39.538945: | sent 1 messages Oct 31 15:24:39.538949: | Message ID: IKE #1 sender #2 in send_delete hacking around record 'n' send Oct 31 15:24:39.538957: | Message ID: IKE #1 XXX: expecting sender.wip.initiator 0 == -1 - suspect record'n'send out-of-order?): ike.initiator.sent=1 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744550.386025 ike.wip.initiator=1 ike.wip.responder=-1 Oct 31 15:24:39.538964: | Message ID: IKE #1 XXX: EVENT_RETRANSMIT already scheduled -- suspect record'n'send: ike.initiator.sent=1 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744550.386025 ike.wip.initiator=1 ike.wip.responder=-1 Oct 31 15:24:39.538971: | Message ID: IKE #1 updating initiator sent message request 1: ike.initiator.sent=0->1 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744550.386025 ike.wip.initiator=0->1 ike.wip.responder=-1 Oct 31 15:24:39.538975: | state #2 deleting .st_event EVENT_SA_REKEY Oct 31 15:24:39.538980: | libevent_free: delref ptr-libevent@0x55c9f9fc9588 Oct 31 15:24:39.538983: | free_event_entry: delref EVENT_SA_REKEY-pe@0x55c9f9fb6048 Oct 31 15:24:39.538986: | #2 STATE_V2_ESTABLISHED_CHILD_SA: retransmits: cleared Oct 31 15:24:39.539037: | running updown command "ipsec _updown" for verb down Oct 31 15:24:39.539043: | command executing down-client Oct 31 15:24:39.539048: | get_sa_info esp.b0822f84@192.1.3.33 Oct 31 15:24:39.539058: | get_sa_info esp.c3177887@192.1.2.23 Oct 31 15:24:39.539116: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157875' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN... Oct 31 15:24:39.539120: | popen cmd is 1390 chars long Oct 31 15:24:39.539122: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Oct 31 15:24:39.539125: | cmd( 80):/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PL: Oct 31 15:24:39.539128: | cmd( 160):UTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, : Oct 31 15:24:39.539130: | cmd( 240):L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=use: Oct 31 15:24:39.539133: | cmd( 320):r-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET: Oct 31 15:24:39.539135: | cmd( 400):='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PRO: Oct 31 15:24:39.539137: | cmd( 480):TOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLU: Oct 31 15:24:39.539140: | cmd( 560):TO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=nor: Oct 31 15:24:39.539142: | cmd( 640):th.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT=: Oct 31 15:24:39.539145: | cmd( 720):'192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255: Oct 31 15:24:39.539147: | cmd( 800):.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK: Oct 31 15:24:39.539150: | cmd( 880):='xfrm' PLUTO_ADDTIME='1604157875' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNE: Oct 31 15:24:39.539152: | cmd( 960):L+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANE: Oct 31 15:24:39.539154: | cmd(1040):NT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PE: Oct 31 15:24:39.539157: | cmd(1120):ER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER=': Oct 31 15:24:39.539159: | cmd(1200):0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='168' PLUTO_OUTBYT: Oct 31 15:24:39.539162: | cmd(1280):ES='168' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xb0822f84 SPI_OUT: Oct 31 15:24:39.539164: | cmd(1360):=0xc3177887 ipsec _updown 2>&1: Oct 31 15:24:39.549133: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.3.0/24:0 Oct 31 15:24:39.549147: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.3.0/24:0 Oct 31 15:24:39.549151: | priority calculation of connection "northnet-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:24:39.549154: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:39.549217: | delete esp.b0822f84@192.1.3.33 Oct 31 15:24:39.549225: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:24:39.549254: | netlink response for Del SA esp.b0822f84@192.1.3.33 included non-error error Oct 31 15:24:39.549259: | priority calculation of connection "northnet-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:24:39.549270: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => unk.10000@192.1.2.23 using reqid 0 (raw_eroute) proto=50 Oct 31 15:24:39.549309: | raw_eroute result=success Oct 31 15:24:39.549315: | delete esp.c3177887@192.1.2.23 Oct 31 15:24:39.549318: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:24:39.549336: | netlink response for Del SA esp.c3177887@192.1.2.23 included non-error error Oct 31 15:24:39.549342: | in connection_discard for connection northnet-eastnets/0x1 Oct 31 15:24:39.549346: | State DB: deleting IKEv2 state #2 in ESTABLISHED_CHILD_SA Oct 31 15:24:39.549351: | child state #2: ESTABLISHED_CHILD_SA(established CHILD SA) => UNDEFINED(ignore) Oct 31 15:24:39.549355: | releasing #2's fd-fd@(nil) because deleting state Oct 31 15:24:39.549358: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:39.549361: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:39.549363: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:24:39.549371: | stop processing: state #2 from 192.1.3.33:500 (in delete_state() at state.c:1239) Oct 31 15:24:39.549378: | delref logger@0x55c9f9fbb9f8(1->0) (in delete_state() at state.c:1306) Oct 31 15:24:39.549381: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:39.549384: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:39.549387: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1411) Oct 31 15:24:39.549390: | state #1 Oct 31 15:24:39.549393: | pass 1 Oct 31 15:24:39.549395: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:24:39.549397: | state #1 Oct 31 15:24:39.549402: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1406) Oct 31 15:24:39.549405: | delref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1408) Oct 31 15:24:39.549408: | addref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1409) Oct 31 15:24:39.549412: | pstats #1 ikev2.ike deleted completed Oct 31 15:24:39.549419: | #1 main thread spent 16.7 (127) milliseconds helper thread spent 18.1 (19.1) milliseconds in total Oct 31 15:24:39.549424: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:935) Oct 31 15:24:39.549427: | should_send_delete: yes Oct 31 15:24:39.549432: "northnet-eastnets/0x2" #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 3.914712s and sending notification Oct 31 15:24:39.549435: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => delete Oct 31 15:24:39.549484: | unsuspending #1 MD (nil) Oct 31 15:24:39.549489: | should_send_delete: yes Oct 31 15:24:39.549492: | #1 send IKEv2 delete notification for STATE_V2_ESTABLISHED_IKE_SA Oct 31 15:24:39.549495: | opening output PBS informational exchange delete request Oct 31 15:24:39.549499: | **emit ISAKMP Message: Oct 31 15:24:39.549504: | initiator SPI: 34 d5 c0 79 f1 ec a3 66 Oct 31 15:24:39.549508: | responder SPI: e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:39.549511: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:39.549514: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:39.549517: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:24:39.549519: | flags: none (0x0) Oct 31 15:24:39.549524: | Message ID: 2 (00 00 00 02) Oct 31 15:24:39.549527: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:39.549531: | ***emit IKEv2 Encryption Payload: Oct 31 15:24:39.549534: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:39.549537: | flags: none (0x0) Oct 31 15:24:39.549540: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:24:39.549542: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:24:39.549549: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:24:39.549559: | ****emit IKEv2 Delete Payload: Oct 31 15:24:39.549562: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:39.549565: | flags: none (0x0) Oct 31 15:24:39.549568: | protocol ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:39.549571: | SPI size: 0 (00) Oct 31 15:24:39.549574: | number of SPIs: 0 (00 00) Oct 31 15:24:39.549577: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Oct 31 15:24:39.549579: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:24:39.549582: | emitting length of IKEv2 Delete Payload: 8 Oct 31 15:24:39.549585: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:39.549588: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:39.549591: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:24:39.549593: | emitting length of IKEv2 Encryption Payload: 37 Oct 31 15:24:39.549596: | emitting length of ISAKMP Message: 65 Oct 31 15:24:39.549618: | sending 65 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:39.549621: | 34 d5 c0 79 f1 ec a3 66 e1 72 c0 b4 b2 8f d6 b3 Oct 31 15:24:39.549624: | 2e 20 25 00 00 00 00 02 00 00 00 41 2a 00 00 25 Oct 31 15:24:39.549626: | 1a 4d e5 db 64 57 19 28 67 7a fe 16 b7 22 23 4b Oct 31 15:24:39.549628: | f6 54 17 7e 44 20 11 a5 c1 49 ec b8 00 61 c5 ce Oct 31 15:24:39.549630: | 64 Oct 31 15:24:39.549685: | sent 1 messages Oct 31 15:24:39.549691: | Message ID: IKE #1 sender #1 in send_delete hacking around record 'n' send Oct 31 15:24:39.549699: | Message ID: IKE #1 XXX: expecting sender.wip.initiator 1 == -1 - suspect record'n'send out-of-order?): ike.initiator.sent=2 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744550.386025 ike.wip.initiator=2 ike.wip.responder=-1 Oct 31 15:24:39.549706: | Message ID: IKE #1 XXX: EVENT_RETRANSMIT already scheduled -- suspect record'n'send: ike.initiator.sent=2 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744550.386025 ike.wip.initiator=2 ike.wip.responder=-1 Oct 31 15:24:39.549715: | Message ID: IKE #1 updating initiator sent message request 2: ike.initiator.sent=1->2 ike.initiator.recv=-1 ike.initiator.last_contact=744550.067625 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744550.386025 ike.wip.initiator=1->2 ike.wip.responder=-1 Oct 31 15:24:39.549720: | state #1 deleting .st_event EVENT_SA_REKEY Oct 31 15:24:39.549726: | libevent_free: delref ptr-libevent@0x7f97cc001868 Oct 31 15:24:39.549729: | free_event_entry: delref EVENT_SA_REKEY-pe@0x55c9f9fbff28 Oct 31 15:24:39.549732: | #1 requesting EVENT_RETRANSMIT-pe@0x55c9f9fbc008 be deleted Oct 31 15:24:39.549735: | libevent_free: delref ptr-libevent@0x7f97b8001fb8 Oct 31 15:24:39.549738: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55c9f9fbc008 Oct 31 15:24:39.549740: | #1 STATE_V2_ESTABLISHED_IKE_SA: retransmits: cleared Oct 31 15:24:39.549744: | State DB: IKEv2 state not found (flush_incomplete_children) Oct 31 15:24:39.549747: | in connection_discard for connection northnet-eastnets/0x2 Oct 31 15:24:39.549749: | State DB: deleting IKEv2 state #1 in ESTABLISHED_IKE_SA Oct 31 15:24:39.549753: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => UNDEFINED(ignore) Oct 31 15:24:39.549755: | releasing #1's fd-fd@(nil) because deleting state Oct 31 15:24:39.549758: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:39.549760: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:39.549763: | delref pkp@0x7f97cc005a78(2->1) (in delete_state() at state.c:1202) Oct 31 15:24:39.549783: | stop processing: state #1 from 192.1.3.33:500 (in delete_state() at state.c:1239) Oct 31 15:24:39.549789: | delref pkp@0x7f97cc005a78(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.549794: | delref pkp@0x7f97cc002628(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.549798: | delref pkp@0x7f97cc000c88(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.549815: | delref logger@0x55c9f9f9fa08(1->0) (in delete_state() at state.c:1306) Oct 31 15:24:39.549818: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:39.549821: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:39.549824: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1411) Oct 31 15:24:39.549831: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.22.0/24:0 --0->- 192.0.3.0/24:0 Oct 31 15:24:39.549837: | netlink_shunt_eroute for proto 0, and source 192.0.22.0/24:0 dest 192.0.3.0/24:0 Oct 31 15:24:39.549840: | priority calculation of connection "northnet-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:24:39.549866: | priority calculation of connection "northnet-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:24:39.549880: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:39.549883: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:39.549886: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:24:39.549889: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:39.549891: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:39.549895: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" prospective erouted Oct 31 15:24:39.549899: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:39.549902: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:39.549906: | newref clone logger@0x55c9f9fd3e68(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:39.549908: | flush revival: connection 'northnet-eastnets/0x2' wasn't on the list Oct 31 15:24:39.549912: | delref vip@NULL (in discard_connection() at connections.c:262) Oct 31 15:24:39.549915: | delref vip@NULL (in discard_connection() at connections.c:263) Oct 31 15:24:39.549928: | Connection DB: deleting connection $2 Oct 31 15:24:39.549932: | delref logger@0x55c9f9fd3e68(1->0) (in delete_connection() at connections.c:214) Oct 31 15:24:39.549934: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:39.549937: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:39.549939: | deleting states for connection - including all other IPsec SA's of this IKE SA Oct 31 15:24:39.549942: | pass 0 Oct 31 15:24:39.549944: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:24:39.549946: | pass 1 Oct 31 15:24:39.549948: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:24:39.549954: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'delete' for rt_kind 'unrouted' using protoports 192.0.2.0/24:0 --0->- 192.0.3.0/24:0 Oct 31 15:24:39.549960: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.3.0/24:0 Oct 31 15:24:39.549963: | priority calculation of connection "northnet-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:24:39.549980: | priority calculation of connection "northnet-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:24:39.549990: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:39.549993: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:24:39.549995: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:39.549998: | route owner of "northnet-eastnets/0x1" unrouted: NULL Oct 31 15:24:39.550000: | running updown command "ipsec _updown" for verb unroute Oct 31 15:24:39.550003: | command executing unroute-client Oct 31 15:24:39.550112: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_N... Oct 31 15:24:39.550120: | popen cmd is 1330 chars long Oct 31 15:24:39.550123: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Oct 31 15:24:39.550125: | cmd( 80):ets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='': Oct 31 15:24:39.550127: | cmd( 160): PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontari: Oct 31 15:24:39.550128: | cmd( 240):o, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=: Oct 31 15:24:39.550129: | cmd( 320):user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_: Oct 31 15:24:39.550131: | cmd( 400):NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_: Oct 31 15:24:39.550132: | cmd( 480):PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33': Oct 31 15:24:39.550133: | cmd( 560): PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Oct 31 15:24:39.550134: | cmd( 640):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLI: Oct 31 15:24:39.550136: | cmd( 720):ENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255: Oct 31 15:24:39.550137: | cmd( 800):.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_S: Oct 31 15:24:39.550138: | cmd( 880):TACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS: Oct 31 15:24:39.550140: | cmd( 960):+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' P: Oct 31 15:24:39.550141: | cmd(1040):LUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DN: Oct 31 15:24:39.550142: | cmd(1120):S_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PL: Oct 31 15:24:39.550144: | cmd(1200):UTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHA: Oct 31 15:24:39.550145: | cmd(1280):RED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Oct 31 15:24:39.561920: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.561948: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.561953: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.561958: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.561973: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.561987: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562003: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562018: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562099: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562107: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562110: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562113: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562117: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562120: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562128: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562141: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562156: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562165: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562175: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562186: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562209: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562228: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562243: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562305: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562310: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562312: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562314: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562318: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562556: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562566: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562581: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562597: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562612: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562626: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562639: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562653: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562668: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.562683: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.566453: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:39.566468: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:39.566474: | newref clone logger@0x55c9f9f9fd88(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:39.566480: | delref hp@0x55c9f9fbb248(1->0) (in delete_oriented_hp() at hostpair.c:360) Oct 31 15:24:39.566484: | flush revival: connection 'northnet-eastnets/0x1' wasn't on the list Oct 31 15:24:39.566487: | delref vip@NULL (in discard_connection() at connections.c:262) Oct 31 15:24:39.566490: | delref vip@NULL (in discard_connection() at connections.c:263) Oct 31 15:24:39.566515: | Connection DB: deleting connection $1 Oct 31 15:24:39.566519: | delref logger@0x55c9f9f9fd88(1->0) (in delete_connection() at connections.c:214) Oct 31 15:24:39.566521: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:39.566522: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:39.566525: | crl fetch request list locked by 'free_crl_fetch' Oct 31 15:24:39.566526: | crl fetch request list unlocked by 'free_crl_fetch' Oct 31 15:24:39.566529: | iface: marking eth1 dead Oct 31 15:24:39.566531: | iface: marking eth0 dead Oct 31 15:24:39.566532: | iface: marking eth0 dead Oct 31 15:24:39.566533: | iface: marking lo dead Oct 31 15:24:39.566535: | updating interfaces - listing interfaces that are going down Oct 31 15:24:39.566540: shutting down interface lo 127.0.0.1:4500 Oct 31 15:24:39.566542: shutting down interface lo 127.0.0.1:500 Oct 31 15:24:39.566545: shutting down interface eth0 192.0.2.254:4500 Oct 31 15:24:39.566547: shutting down interface eth0 192.0.2.254:500 Oct 31 15:24:39.566549: shutting down interface eth0 192.0.22.254:4500 Oct 31 15:24:39.566551: shutting down interface eth0 192.0.22.254:500 Oct 31 15:24:39.566553: shutting down interface eth1 192.1.2.23:4500 Oct 31 15:24:39.566555: shutting down interface eth1 192.1.2.23:500 Oct 31 15:24:39.566556: | updating interfaces - deleting the dead Oct 31 15:24:39.566563: | FOR_EACH_STATE_... in delete_states_dead_interfaces Oct 31 15:24:39.566570: | libevent_free: delref ptr-libevent@0x55c9f9fa8a58 Oct 31 15:24:39.566573: | delref id@0x55c9f9facd78(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:24:39.566581: | libevent_free: delref ptr-libevent@0x55c9f9f6c388 Oct 31 15:24:39.566583: | delref id@0x55c9f9facd78(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:24:39.566588: | libevent_free: delref ptr-libevent@0x55c9f9f6c588 Oct 31 15:24:39.566590: | delref id@0x55c9f9facca8(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:24:39.566594: | libevent_free: delref ptr-libevent@0x55c9f9f6c488 Oct 31 15:24:39.566597: | delref id@0x55c9f9facca8(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:24:39.566607: | libevent_free: delref ptr-libevent@0x55c9f9f68e38 Oct 31 15:24:39.566612: | delref id@0x55c9f9facbd8(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:24:39.566619: | libevent_free: delref ptr-libevent@0x55c9f9f68d38 Oct 31 15:24:39.566622: | delref id@0x55c9f9facbd8(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:24:39.566628: | libevent_free: delref ptr-libevent@0x55c9f9fada08 Oct 31 15:24:39.566631: | delref id@0x55c9f9facaa8(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:24:39.566638: | libevent_free: delref ptr-libevent@0x55c9f9fadaf8 Oct 31 15:24:39.566642: | delref id@0x55c9f9facaa8(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:24:39.566648: | delref id@0x55c9f9facaa8(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:24:39.566652: | delref id@0x55c9f9facbd8(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:24:39.566656: | delref id@0x55c9f9facca8(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:24:39.566659: | delref id@0x55c9f9facd78(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:24:39.566660: | updating interfaces - checking orientation Oct 31 15:24:39.566662: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Oct 31 15:24:39.568369: | libevent_free: delref ptr-libevent@0x55c9f9fa8b08 Oct 31 15:24:39.568380: | free_event_entry: delref EVENT_NULL-pe@0x55c9f9fabf48 Oct 31 15:24:39.568391: | libevent_free: delref ptr-libevent@0x55c9f9f6c288 Oct 31 15:24:39.568396: | free_event_entry: delref EVENT_NULL-pe@0x55c9f9fa89e8 Oct 31 15:24:39.568399: | libevent_free: delref ptr-libevent@0x55c9f9f6c188 Oct 31 15:24:39.568401: | free_event_entry: delref EVENT_NULL-pe@0x55c9f9fa4fd8 Oct 31 15:24:39.568405: | global timer EVENT_REINIT_SECRET uninitialized Oct 31 15:24:39.568408: | global timer EVENT_SHUNT_SCAN uninitialized Oct 31 15:24:39.568410: | global timer EVENT_PENDING_DDNS uninitialized Oct 31 15:24:39.568412: | global timer EVENT_PENDING_PHASE2 uninitialized Oct 31 15:24:39.568414: | global timer EVENT_CHECK_CRLS uninitialized Oct 31 15:24:39.568416: | global timer EVENT_REVIVE_CONNS uninitialized Oct 31 15:24:39.568417: | global timer EVENT_FREE_ROOT_CERTS uninitialized Oct 31 15:24:39.568419: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Oct 31 15:24:39.568421: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Oct 31 15:24:39.568425: | libevent_free: delref ptr-libevent@0x55c9f9f00b68 Oct 31 15:24:39.568428: | signal event handler PLUTO_SIGCHLD uninstalled Oct 31 15:24:39.568430: | libevent_free: delref ptr-libevent@0x55c9f9eed278 Oct 31 15:24:39.568432: | signal event handler PLUTO_SIGTERM uninstalled Oct 31 15:24:39.568435: | libevent_free: delref ptr-libevent@0x55c9f9fac168 Oct 31 15:24:39.568437: | signal event handler PLUTO_SIGHUP uninstalled Oct 31 15:24:39.568439: | libevent_free: delref ptr-libevent@0x55c9f9fac3a8 Oct 31 15:24:39.568441: | signal event handler PLUTO_SIGSYS uninstalled Oct 31 15:24:39.568443: | releasing event base Oct 31 15:24:39.568457: | libevent_free: delref ptr-libevent@0x55c9f9fac278 Oct 31 15:24:39.568459: | libevent_free: delref ptr-libevent@0x55c9f9f62528 Oct 31 15:24:39.568462: | libevent_free: delref ptr-libevent@0x55c9f9f9b7f8 Oct 31 15:24:39.568464: | libevent_free: delref ptr-libevent@0x55c9f9fc52c8 Oct 31 15:24:39.568470: | libevent_free: delref ptr-libevent@0x55c9f9f9b848 Oct 31 15:24:39.568472: | libevent_free: delref ptr-libevent@0x55c9f9f9f9c8 Oct 31 15:24:39.568474: | libevent_free: delref ptr-libevent@0x55c9f9f9f7d8 Oct 31 15:24:39.568476: | libevent_free: delref ptr-libevent@0x55c9f9f9b888 Oct 31 15:24:39.568478: | libevent_free: delref ptr-libevent@0x55c9f9f9f5e8 Oct 31 15:24:39.568480: | libevent_free: delref ptr-libevent@0x55c9f9f9efa8 Oct 31 15:24:39.568482: | libevent_free: delref ptr-libevent@0x55c9f9fadba8 Oct 31 15:24:39.568485: | libevent_free: delref ptr-libevent@0x55c9f9fadab8 Oct 31 15:24:39.568488: | libevent_free: delref ptr-libevent@0x55c9f9fad9c8 Oct 31 15:24:39.568490: | libevent_free: delref ptr-libevent@0x55c9f9fad988 Oct 31 15:24:39.568491: | libevent_free: delref ptr-libevent@0x55c9f9fad948 Oct 31 15:24:39.568493: | libevent_free: delref ptr-libevent@0x55c9f9facec8 Oct 31 15:24:39.568496: | libevent_free: delref ptr-libevent@0x55c9f9face88 Oct 31 15:24:39.568498: | libevent_free: delref ptr-libevent@0x55c9f9face48 Oct 31 15:24:39.568500: | libevent_free: delref ptr-libevent@0x55c9f9f91fc8 Oct 31 15:24:39.568502: | libevent_free: delref ptr-libevent@0x55c9f9fac128 Oct 31 15:24:39.568504: | libevent_free: delref ptr-libevent@0x55c9f9fac0e8 Oct 31 15:24:39.568506: | libevent_free: delref ptr-libevent@0x55c9f9f9f628 Oct 31 15:24:39.568508: | libevent_free: delref ptr-libevent@0x55c9f9fac238 Oct 31 15:24:39.568510: | libevent_free: delref ptr-libevent@0x55c9f9fabfb8 Oct 31 15:24:39.568513: | libevent_free: delref ptr-libevent@0x55c9f9f6e7c8 Oct 31 15:24:39.568516: | libevent_free: delref ptr-libevent@0x55c9f9f6e748 Oct 31 15:24:39.568518: | libevent_free: delref ptr-libevent@0x55c9f9f64e58 Oct 31 15:24:39.568520: | releasing global libevent data Oct 31 15:24:39.568523: | libevent_free: delref ptr-libevent@0x55c9f9efd998 Oct 31 15:24:39.568526: | libevent_free: delref ptr-libevent@0x55c9f9f622d8 Oct 31 15:24:39.568529: | libevent_free: delref ptr-libevent@0x55c9f9f6e848 Oct 31 15:24:39.568567: leak detective found no leaks